At a recent private D.C. dinner, Homeland Security Secretary Kirstjen Nielsen gathered with academics and cyber experts from the private sector to talk candidly about urgent cyber threats and actions that DHS is taking to address them. It was an intimate event, hosted by Atlantic Council President Fred Kempe and ...

BOOK REVIEW: Dawn of The Code War: Americas Battle Against Russia, China, and the Rising Global Cyber Threat By: John P. Carlin with Garrett M. Graff, Public Affairs, New York, 2018 Reviewed by Peter M. Tran In 1789, Benjamin Franklin wrote in a letter that “Our new Constitution is now established, and ...

This brief is part of The Cipher Brief’s 2018 Annual Threat Report.   Bottom Line: There are three prominent technological security concerns for the United States with a growing Chinese strategic competitor to the east: Beijing’s push toward cyber and electronic warfare, its development of counter-space capabilities that threaten U.S. space ...

In a recent interview, The Cipher Brief sat down with former NSA and CIA director Michael Hayden to talk about global threats, and in particular, cyber threats and efforts to address them, specifically within the private sector.  Hayden has famously said before that when it comes to cyber, ‘the cavalry ...

Election security, the migration of people toward the U.S.’ southern border and the public-private critical intersection of cyber security are just a few of the pressing issues facing the Department of Homeland Security.   DHS Secretary Kirsten Nielsen expressed confidence going into the mid-term election, calling it “the most secure election ...

Cipher Brief Editorial Note: On the heels of Cybersecurity Awareness Month in October, President Donald Trump has proclaimed November as National Critical Infrastructure Security and Resilience Month. It’s a mouthful, but the declaration highlights the important need to focus on securing critical infrastructure.  Secretary of State Kirstjen Nielsen released a ...

Twitter is releasing a trove of known accounts and posts that it says were used to meddle in U.S. elections dating back to 2016.  According to the company, the data includes more than 4,600 accounts and more than 10 million tweets, photos, GIFs and broadcasts linked to Russia and Iran.  ...

‘The Homeland’ is bringing you a series of candid, intimate interviews with former Secretaries of the Department of Homeland Security throughout the month of October.  DHS was born out of 9/11, when 23 different agencies were pulled into one department in an effort to provide greater organization and communication in ...

The recent release of the Department of Defense (DoD) cyber strategy essentially announced the department’s ambitions to resume the role of the 800-pound gorilla in cyber. The offensively focused plan is a sharp redirect from the strategies of late and unreturned crush on Silicon Valley, both of which made it ...

While much of the focus on North Korea has been on efforts by the U.S. to negotiate a denuclearization deal, the cyber threat posed by Pyongyang remains a real threat, just out of view of the headlines. Bottom Line: The Democratic People's Republic of Korea's (DPRK) foreign doctrine in cyberspace is ...

Facebook announced on Friday that as many as 50 million of the platform’s social media accounts had been hacked giving attackers access to user’s personal information.  As some call for greater oversight and regulation, the company is already facing potentially stiff fines in Europe.    Cipher Brief Expert and former ...

Rob Joyce is the Senior Advisor for Cybersecurity Strategy at the National Security Agency.  He was also a key speaker at DEF CON 26, the premiere hacker's convention held every year in Las Vegas.  Following in the footsteps of previous NSA leaders, Joyce's mission at DEF CON this year was ...

The Cipher Brief is bringing subscribers different expert perspectives on cyber threats this week.  Today's perspective comes from Rick Ledgett, former Deputy Director of the National Security Agency.  We spoke with Rick about the same issues that we spoke with former NCTC Director Nick Rasmussen about to get his take on ...

The U.S. Administration released its new National Cyber Strategy on Thursday, covering a broad number of security-related issues that fall into four main categories, it refers to as ‘pillars’. The first pillar includes securing federal networks and information, securing critical infrastructure, fighting cybercrime and seeking improved incident reporting.  The second ...

The Cipher Brief is taking a look at different expert perspectives on cyber threats this week.  As one of those perspectives, we spoke with Nick Rasmussen, the former Director of the National Counterterrorism Center (NCTC) about the current cyber threat environment ranging from terrorism to nation state threats, to deterring attacks ...

CEOs, CISOs’ CTO’s and other c-suites are meeting at SINET’s Global Cybersecurity Innovation Summit in London this week. Cipher Brief CEO & Publisher Suzanne Kelly, who is moderating a session on the global cyber influence of Russia, China, Iran and North Korea, also had the private sector in mind when ...

A recent article titled, The Untold Story of NotPetya, The Most Devastating Cyberattack in History came out a few weeks ago and I’ve been ruminating on it ever since.  It bothered me because while the NotPetya ransomware attack is old news if you are in the cybersecurity business, there is a lot of ...

The world’s malicious cyber actors -- Russia, China, Iran, and North Korea – have spoiled cyber’s original, idealistic vision and instead use cyberspace to advance competitive interests to undermine Western laws and norms and pursue a clandestine means (cyber theft) to catch up with the West in technology, political influence, ...

As part of The Cipher Brief’s 'Academic Innovator' initiative to bring rising, innovative voices into the national security dialogue, we are reaching out to universities and inviting students to contribute their thoughts on pressing national and global security issues. Below is a different twist on a current proposal put forth ...

Ten years ago this month, war erupted between Russia and Georgia after Georgian troops attacked South Ossetia and shelled the town of Tskhinvali, in response to alleged Russian provocations. Russia justified its military action based on countering Georgia's aggression- President Medvedev's called the attack an attempted "genocide" against innocent civilians.  ...

The U.S. re-imposed sanctions on Iran on Monday after pulling out of the JCPOA Agreement in May.  European allies responded by issuing a statement saying the nuclear agreement with Iran "is working."   The reimposition of sanctions followed Iranian military exercises in the Gulf last week that U.S. officials largely interpreted ...

Up Front:  The U.S. government is taking on a more aggressive role in its mission to protect software supply chains from being infiltrated, as the government’s public-private cyber lead agency announces new initiatives to share information and improve response to cyber threats. The Department of Homeland Security announced the launch ...

The 2018 NATO summit and the months leading up to it were a spectacle of diplomacy at its finest and at its worse. The media drama surrounding the summit overshadowed the big strides the Alliance has made in its cyber defense mandate. With the announcement that Allies agreed on how to integrate ...

Like the parable of the six blind men trying to learn what an elephant is by only touching one piece of the creature, regulators are assessing the nation’s cybersecurity efforts by looking at initiatives individually rather than holistically. As with the elephant, selecting one piece of the broader cyber information ...

Bottom Line: In the past decade, Iran’s cyber capabilities have evolved from a tool used to lash out against domestic opponents of the Islamic Republic to a central pillar of its national strategy of holding adversaries at risk and gleaning crucial foreign intelligence. Despite a fall in disruptive Iranian cyberattacks ...

Few would argue that in a world of consistent, emerging cyber threats, the role of the Chief Information Security Officer is one that requires a special kind of calm as well as a steady stream of credible, timely information.  Some of the information that is used to build a strong ...

On the heels of the Helsinki summit between U.S. President Donald Trump and Russian President Vladimir Putin, it bears revisiting some of the important, outstanding questions that remain about how President Trump might approach the financial sanctions imposed on Russia since its 2014 seizure of Crimea. Measures such as freezing ...

Protecting the technology networks connecting more than two million employees working in over 400 government agencies serving about 325 million Americans is a herculean feat. In May, the Office of Management and Budget (OMB) released a report stating 74 percent of these federal agencies are at “high risk or risk” ...

I remember doing the Time Warp Drinking those moments when The blackness would hit me And the void would be calling Let's do the Time Warp again Let's do the Time Warp again Rocky Horror Picture Show, 1975 Cyberspace is akin to the haunted mansion of a gothic horror movie.  ...

In part two of The Cipher Brief’s two-part series on how Russia is building its virtual battlefield, we look at the U.S response to the tools and tactics that the Kremlin is employing and ask whether it’s enough.  Response: The U.S. has responded to Russian activity in cyberspace through diplomatic ...

Russia knows how to spread chaos and outrage in American politics, but Russia may pose a far greater threat to the U.S. economy and the infrastructure it depends on. The president’s Council of Economic Advisers estimates that hostile cyber actions against American private industry cost the U.S. economy as much ...

The Trump Administration is likely deliberating now the U.S. Department of Defense’s role in defending US interests via cyberspace – specifically, whether to continue President Obama’s Presidential Policy Directive 20. U.S. military cyber operations will likely be determined by this internal debate. The previous administration emphasized caution in the application ...

  The Trump administration has a dozen top cybersecurity priorities ranging from a new national cyber strategy to dealing with increasingly bold nation-state adversaries. One priority – that should be near the top of the stack – may not be obvious, but it is critical: a determined study of the ...

As the world focuses on the Singapore summit between President Donald Trump and North Korean leader Kim Jong Un, the President’s Treasury Secretary announced sanctions against five Russian entities and three individuals for their ties to Russian cyber activities, prompting some to question the Administration’s mixed signals on Russia over ...

The massive data breach that occurred at the U.S. Office of Personnel Management (OPM) in 2015 was attributed, in part, to aging technology systems. In fact, legacy technology pervades federal government systems. It is estimated that nearly 80 percent of federal information technology dollars are spent maintaining outdated systems.  Meanwhile, ...

U.S. companies got a disturbing preview of just how Russia might be able to steal their secrets, with news that Kaspersky Lab anti-virus software was allegedly used to hack an unsuspecting NSA contractor. Russian state-sponsored hackers reportedly stole critical details on how the U.S. conducts cyber espionage and defends against ...

Russian state-sponsored hackers were able to steal National Security Agency material on methods they use to conduct cyber espionage as well as how they help defend critical U.S. government networks, according to The Wall Street Journal. An NSA contractor placed the material on his or her private computer – a ...

Following a U.S. government-wide ban last month and recent news reports alleging that Kaspersky Lab enabled Russian intelligence to swipe highly classified NSA material from an employee’s private computer, questions have begun to swirl regarding the Moscow-based company’s relationship with the Kremlin. The Cipher Brief’s Levi Maxey spoke with Chris ...

After reports that highly classified intelligence material was taken from a NSA contractor’s private computer through the individual’s use of Kaspersky Lab’s antivirus software, all eyes turned to the Moscow-based company’s relationship with Russian intelligence and the Kremlin. As private companies using the antivirus software scramble to assess their exposure, ...

The United States has no peer competitors in conventional military power. But its adversaries are increasingly turning to asymmetric methods for engaging in conflict. Cyber-enabled information warfare (CEIW) is a form of conflict to which the United States – and liberal democracies more generally – are particularly vulnerable. Information warfare involves the ...

Much of the discussion surrounding Russian cyber-enabled information operations against Western societies focuses on technology, such as bots amplifying messages on social media and the hacking of institutions of power to then leak emails with potentially salacious material. But in order to meet the level of success that Russian intelligence ...

On Friday, Ben Wallace, the Minister of State for Security for the United Kingdom, said in a BBC radio interview the UK government believes a North Korean hacking group was responsible for the “WannaCry” malware attack, which shut down Britain’s National Health Service data system in May. “I obviously can’t ...

Dan Coats, Director of National Intelligence, told the Aspen Security Forum today that he believes the U.S. national security community lacks the capability to prevent a “cyber-9/11”—meaning a collapse of critical infrastructure caused by malware unleashed by a state or transnational organized crime group. “Imagine a shutdown of the electric ...

Amidst a busy week in national security, The Cipher Brief’s CEO and Publisher, Suzanne Kelly, spoke with Admiral James Stavridis, former Supreme Allied Commander of NATO, author of the new book The Leader’s Bookshelf, and member of the Cipher Brief Network, to discuss the military budget, cyber security, the use ...

Whenever people think about cybersecurity, technology, and innovation, they tend to think about Silicon Valley, but The Cipher Brief asked Bob Stratton, a General Partner at MACH37™, what other regions he is seeing a lot of innovation, or perhaps even the most innovation. Bob Stratton: Interestingly, one of the founding ...

The FBI on Monday said it is investigating the hack involving the Democratic National Committee (DNC) after a cache of emails was leaked in advance of Hillary Clinton’s nomination as the Democratic Party’s nominee for President this week, an incident that has been linked by some to the Russian government.  ...

The Islamic State (also known as ISIS or ISIL) must be defeated on the ground in Iraq and Syria, before it creates not only a physical, but also a cyber caliphate, said French Minister of Defense Jean-Yves Le Drian at a Brookings Institution event on Wednesday. Le Drian – along ...

With fifty percent of U.S. imports travelling by sea, ensuring that ships have a secure place to dock poses a challenge to American law enforcement. With such a heavy economic importance placed on U.S. ports, they have become a target for those wishing to inflict harm on the United States. ...

In 2006, Congress passed the Safe Port Act to help ensure that maritime transportation infrastructure was effectively secured from the threat of terrorism. Today, 10 years since the enactment of the law, are U.S. ports safe? This is a complex issue with an equally complex answer. The established security measures ...

In the nineteenth century, American strategist Alfred Thayer Mahan helped define a new understanding of maritime security and the role of the U.S. Navy in ensuring American global influence. Mahan believed that a strong Navy and robust maritime trade were both integral to national and economic security. He also recognized ...