Despite the concerns of privacy advocates, the Senate has passed cybersecurity legislation, creating a process for the government and private industry to share information on cyber attacks.    The Cybersecurity Information Sharing Act (CISA) was overwhelmingly approved by a 74-21 vote on Tuesday.   It must now be reconciled with two similar ...

The emerging world of ever-growing connectivity, cybersecurity, and cyber-threats has initiated an uncontrolled transformation in the balance of global superpowers. The old notion of power relying on the number of aircraft and missiles a country owns has expanded to include new terms—terms such as the magnitude of a denial of ...

Rhea Siers is the Scholar In Residence at the George Washington University Center for Cyber and Homeland Security and the Director of the GW Cybersecurity Initiative. She has worked in the Intelligence Community for 30 years, and served as the Deputy Associate Director for Policy at the National Security Agency. ...

Bear in mind, when considering the relationship between Silicon Valley and Israel, this is not Detroit versus Tokyo. It’s not that sort of nationalistic, zero-sum rivalry. It’s an additive relationship – one that is emerging as an instructive, vitally important transnational model for developing and selling new, transformative technologies. This ...

Ronen Nir is a General Partner at Carmel Ventures, a venture capital firm based in Israel. Prior to joining Carmel Ventures, he worked for several Israeli tech companies and served in the Israeli Defense Force’s Intelligence Unit for 13 years. We spoke with Nir about the state of the Israeli ...

People are the weakest link in any cybersecurity system.  Conversations about the cyber issue typically focus on systems, the primary targets of hackers and cyber criminals, as opposed to the people using them. Hackers can always count on the “human factor”— whether it’s an innocent mistake or calculated malfeasance—to help ...

Mitch Silber is the Senior Managing Director at FTI Consulting, a global business advisory firm.  He spoke with the Cipher Brief about the threat posed by malicious insiders – people within an organization who abuse their network access to harm their employers. The Cipher Brief: How would you characterize the ...

Lillian Ablon is a cybersecurity researcher at the RAND Corporation. She spoke with The Cipher Brief about the threat posed by social engineering, and the critical vulnerability posed by unwary individuals within an organization. The Cipher Brief: Some of our readers may not be familiar with the concept of social ...

Information security has a problem; an awkward border that we have consistently failed to understand and protect. This constantly changing, infinitely variable border is known as our people. Globally, we are spending millions of dollars addressing human centric information security, from training videos and e-learning to audit and accountability software. ...

The government is in a bind – it wants to stop criminals and terrorists, but it also wants to support strong encryption. Navigating this quandary has been a problem for a while, and it is entering a new phase. Specifically, the government appears to be shifting its focus from compulsion ...

The private sector perspective on encryption technology is critical to understanding the crux of the debate.  Amid news that Dell had agreed to buy RSA’s parent company, EMC, in the largest deal in the IT industry's history, RSA President Amit Yoran sat down with The Cipher Brief to talk about ...

Michael Chertoff, the former Secretary of the Department of Homeland Security, sat down with The Cipher Brief to explain why he believes a secure communications infrastructure protected by strong encryption is for the greater public good. The Cipher Brief: U.S. law enforcement has publicly expressed its concern that bad actors ...

When the Clinton Administration decontrolled encryption in the late 1990s after a long and acrimonious debate, it did so because it had decided that the benefits of making strong encryption available to internet users, and the benefits to U.S. companies operating in a global market, outweighed the cost to law ...

The Cipher Brief spoke with Nate Cardozo, a lawyer for the Electronic Frontier Foundation (EFF), about the debate over security and privacy as it relates to end-to-end encryption. Cardozo said the FBI’s concerns about “going dark” are overblown. The Cipher Brief: The FBI has made the case that strong encryption ...

“Are we so mistrustful of government—and of law enforcement—that we are willing to let bad guys walk away...willing to leave victims in search of justice?”  – FBI Director James Comey, Brookings, October 16, 2014 Strong encryption appears to be safe – for now. In Congressional testimony on Thursday, FBI Director James ...

According to press reports, the White House has considered and rejected four options to address the so-called “going dark” problem where the growing ubiquity of encryption is making it harder for law enforcement agencies to collect evidence and investigate crimes. Options considered include adding an encrypted port to devices, using ...

Mike Rogers is a former Congressman who served as the chairman of the House Permanent Select Committee on Intelligence. In a discussion with The Cipher Brief, Rogers said it is critical for the government and private sector to find a solution to the encryption dilemma that satisfies the needs of ...

Heroes in war movies rally the troops by pronouncing: failure is not an option. Heroes at the forefront of cybersecurity know better: failure is practically unavoidable.   To protect businesses, the new name of the game is visibility. Monitor your computing environment, recover from attacks quickly, and learn from breaches so ...

Josh Lefkowitz is the CEO of Flashpoint, a cyber threat intelligence firm that specializes in providing insights from the Deep and Dark Webs. Josh spoke with The Cipher Brief to discuss how the cyber threat environment is changing, and how companies can leverage threat intelligence to improve their overall security. ...

Heroes in war movies rally the troops by pronouncing: failure is not an option. Heroes at the forefront of cybersecurity know better: failure is practically unavoidable.   To protect businesses, the new name of the game is visibility. Monitor your computing environment, recover from attacks quickly, and learn from breaches so ...

Our government should not want a backdoor to encrypted messages. The government says it wants to have a special set of keys to decrypt any encrypted data transmitted across the Internet. The computer industry says it isn’t possible.  The government says it is a matter of national security. The industry ...

The Cipher Brief spoke with Raj De to discuss the Cybersecurity Information Sharing Act (CISA). Mr. De recently served as the General Counsel at the National Security Agency, after holding senior appointments in the White House and the Department of Justice.  He is currently a partner at Mayer Brown, where ...

Large-scale cyber attacks like those experienced by OPM, Sony, Anthem, and Target have intensified the ongoing criticism that the US government lacks a coherent cybersecurity policy. The Cybersecurity Information Sharing Act (CISA), which is currently awaiting a vote in the Senate, is the latest effort to develop a strategy.  While ...

The Senate is expected to consider the Cybersecurity Information Sharing Act (CISA) (S. 754) soon. Information sharing legislation that would fill gaps in existing law to make it easier for companies to share cyber threat indicators (CTIs) is probably necessary. Unfortunately, CISA is not the answer for many reasons. First, ...

It’s impossible to overstate the threat of cyber attacks to our economy and our national security. McAfee and the Center for Strategic and International Studies last year estimated cyber crime costs our economy more than $400 billion and 200,000 lost jobs. The cybersecurity company Symantec reported that just last year, ...

It helps in thinking about the future of cyber war if we break it into two parts: the future of cyber and the future of war.  Cyber means the collection of computers, software and connections that link people, economies and countries ever more closely together.  In cyber space, Beijing is ...

The Cipher Brief spoke with Dr. Paulo Shakarian, the author of Introduction to Cyber-Warfare, about the future of cyber war. Dr. Shakarain runs Arizona State University’s Cyber-Socio Intelligent Systems lab, which specializes in cyber security and social media. The Cipher Brief: What are your thoughts on the role of cyber ...

The Cipher Brief spoke with Rob Knake, the former Director for Cyber Security Policy at the National Security Council (2011-2015), about the future of cyber weapons and cyber warfare. The Cipher Brief: What are your thoughts on the role of cyber weapons in war, and what would a cyber war ...

The Cipher spoke with Frank Cilluffo, who runs George Washington University’s Center for Cyber and Homeland Security, to discuss the U.S. government’s cyber security posture. Prior to joining GW, Cilluffo served as Special Assistant to the President for Homeland Security. The Cipher Brief: What’s the role of cyber weapons in ...

A quick lesson for business leaders (and the millions of others who communicate by e-mail): The digital world as we now know it is forever.  Maybe even after forever if there is such a time dimension.   If you think that double-deleting those snarky comments you made about your competitor, boss, ...

The Office of Personnel Management (OPM) hack shocked the U.S., exposing the vulnerability of the U.S. government to cyber attack.  After thieves took the personal data of more than 20 million federal employees, what did we learn? 1. IT isn’t a priority until something goes wrong. OPM received several warnings from ...

Jimmie Breslin borrowed a line from manager Casey Stengel to title his chronicle of the worst team in baseball history, the 1962 Mets. Stengel plaintively asked, "Can't Anybody Here Play This Game?"  Given recent events, Americans could be asking the same question about their government's cyber performance. In June, the ...

Imagine this:  a private company discovers that detailed personal identifying information—including Social Security numbers, dates of birth, passport data, foreign travel histories, and other sensitive personal and private data—for more than 25 million people has been compromised in successive security breaches.  How swiftly do you think government officials, regulators, and ...

By now you’ve probably heard about the two cybersecurity professionals who hacked a Jeep while it was in motion.  Earlier this month, hackers at Def Con, a major cybersecurity convention, tried the same on a Tesla Model S.  Meanwhile, Chrysler faces a lawsuit for failing to address the vulnerabilities in its Jeeps.    Cars, along ...

The Cipher Brief sat down with Michael Chertoff at the Aspen Security Conference to discuss emerging issues in cybersecurity. He feels that businesses and the government need to more proactively engage with cybersecurity problems and work closer together to minimize their vulnerability to hackers. TCB: What would you say for ...

It’s Day 3 of Black Hat 2015, a major conference for cybersecurity professionals.  With over 9,000 attendees expected, the conference addresses major issues facing top information security officers at businesses around the world. What are the key briefings for businesses to catch? The Cipher Brief gives you the skinny on the must-see presentations of the week. Briefings ...

Cybercriminals are now using more advanced methods, once the exclusive domain of the state, to steal and profit from personal and proprietary information, blurring the line between cybercrime and cyberespionage. Companies who fail to adapt their cyber defenses to match this upgraded threat will be bringing a knife to a ...