The U.S. Administration released its new National Cyber Strategy on Thursday, covering a broad number of security-related issues that fall into four main categories, it refers to as ‘pillars’. The first pillar includes securing federal networks and information, securing critical infrastructure, fighting cybercrime and seeking improved incident reporting.  The second ...

The Cipher Brief is taking a look at different expert perspectives on cyber threats this week.  As one of those perspectives, we spoke with Nick Rasmussen, the former Director of the National Counterterrorism Center (NCTC) about the current cyber threat environment ranging from terrorism to nation state threats, to deterring attacks ...

CEOs, CISOs’ CTO’s and other c-suites are meeting at SINET’s Global Cybersecurity Innovation Summit in London this week. Cipher Brief CEO & Publisher Suzanne Kelly, who is moderating a session on the global cyber influence of Russia, China, Iran and North Korea, also had the private sector in mind when ...

A recent article titled, The Untold Story of NotPetya, The Most Devastating Cyberattack in History came out a few weeks ago and I’ve been ruminating on it ever since.  It bothered me because while the NotPetya ransomware attack is old news if you are in the cybersecurity business, there is a lot of ...

The world’s malicious cyber actors -- Russia, China, Iran, and North Korea – have spoiled cyber’s original, idealistic vision and instead use cyberspace to advance competitive interests to undermine Western laws and norms and pursue a clandestine means (cyber theft) to catch up with the West in technology, political influence, ...

As part of The Cipher Brief’s 'Academic Innovator' initiative to bring rising, innovative voices into the national security dialogue, we are reaching out to universities and inviting students to contribute their thoughts on pressing national and global security issues. Below is a different twist on a current proposal put forth ...

Ten years ago this month, war erupted between Russia and Georgia after Georgian troops attacked South Ossetia and shelled the town of Tskhinvali, in response to alleged Russian provocations. Russia justified its military action based on countering Georgia's aggression- President Medvedev's called the attack an attempted "genocide" against innocent civilians.  ...

The U.S. re-imposed sanctions on Iran on Monday after pulling out of the JCPOA Agreement in May.  European allies responded by issuing a statement saying the nuclear agreement with Iran "is working."   The reimposition of sanctions followed Iranian military exercises in the Gulf last week that U.S. officials largely interpreted ...

Up Front:  The U.S. government is taking on a more aggressive role in its mission to protect software supply chains from being infiltrated, as the government’s public-private cyber lead agency announces new initiatives to share information and improve response to cyber threats. The Department of Homeland Security announced the launch ...

The 2018 NATO summit and the months leading up to it were a spectacle of diplomacy at its finest and at its worse. The media drama surrounding the summit overshadowed the big strides the Alliance has made in its cyber defense mandate. With the announcement that Allies agreed on how to integrate ...

Like the parable of the six blind men trying to learn what an elephant is by only touching one piece of the creature, regulators are assessing the nation’s cybersecurity efforts by looking at initiatives individually rather than holistically. As with the elephant, selecting one piece of the broader cyber information ...

Bottom Line: In the past decade, Iran’s cyber capabilities have evolved from a tool used to lash out against domestic opponents of the Islamic Republic to a central pillar of its national strategy of holding adversaries at risk and gleaning crucial foreign intelligence. Despite a fall in disruptive Iranian cyberattacks ...

Few would argue that in a world of consistent, emerging cyber threats, the role of the Chief Information Security Officer is one that requires a special kind of calm as well as a steady stream of credible, timely information.  Some of the information that is used to build a strong ...

On the heels of the Helsinki summit between U.S. President Donald Trump and Russian President Vladimir Putin, it bears revisiting some of the important, outstanding questions that remain about how President Trump might approach the financial sanctions imposed on Russia since its 2014 seizure of Crimea. Measures such as freezing ...

Protecting the technology networks connecting more than two million employees working in over 400 government agencies serving about 325 million Americans is a herculean feat. In May, the Office of Management and Budget (OMB) released a report stating 74 percent of these federal agencies are at “high risk or risk” ...

I remember doing the Time Warp Drinking those moments when The blackness would hit me And the void would be calling Let's do the Time Warp again Let's do the Time Warp again Rocky Horror Picture Show, 1975 Cyberspace is akin to the haunted mansion of a gothic horror movie.  ...

In part two of The Cipher Brief’s two-part series on how Russia is building its virtual battlefield, we look at the U.S response to the tools and tactics that the Kremlin is employing and ask whether it’s enough.  Response: The U.S. has responded to Russian activity in cyberspace through diplomatic ...

National security experts agree that the long-term threat China poses to U.S. national security is significant.  It may be hard to see that often as the world focuses on North Korea and Iran and the immigration issue in the U.S., but last week on Capitol Hill, Senator Marco Rubio addressed ...

Russia knows how to spread chaos and outrage in American politics, but Russia may pose a far greater threat to the U.S. economy and the infrastructure it depends on. The president’s Council of Economic Advisers estimates that hostile cyber actions against American private industry cost the U.S. economy as much ...

The Trump Administration is likely deliberating now the U.S. Department of Defense’s role in defending US interests via cyberspace – specifically, whether to continue President Obama’s Presidential Policy Directive 20. U.S. military cyber operations will likely be determined by this internal debate. The previous administration emphasized caution in the application ...

  The Trump administration has a dozen top cybersecurity priorities ranging from a new national cyber strategy to dealing with increasingly bold nation-state adversaries. One priority – that should be near the top of the stack – may not be obvious, but it is critical: a determined study of the ...

As the world focuses on the Singapore summit between President Donald Trump and North Korean leader Kim Jong Un, the President’s Treasury Secretary announced sanctions against five Russian entities and three individuals for their ties to Russian cyber activities, prompting some to question the Administration’s mixed signals on Russia over ...

The massive data breach that occurred at the U.S. Office of Personnel Management (OPM) in 2015 was attributed, in part, to aging technology systems. In fact, legacy technology pervades federal government systems. It is estimated that nearly 80 percent of federal information technology dollars are spent maintaining outdated systems.  Meanwhile, ...

U.S. companies got a disturbing preview of just how Russia might be able to steal their secrets, with news that Kaspersky Lab anti-virus software was allegedly used to hack an unsuspecting NSA contractor. Russian state-sponsored hackers reportedly stole critical details on how the U.S. conducts cyber espionage and defends against ...

Russian state-sponsored hackers were able to steal National Security Agency material on methods they use to conduct cyber espionage as well as how they help defend critical U.S. government networks, according to The Wall Street Journal. An NSA contractor placed the material on his or her private computer – a ...

Following a U.S. government-wide ban last month and recent news reports alleging that Kaspersky Lab enabled Russian intelligence to swipe highly classified NSA material from an employee’s private computer, questions have begun to swirl regarding the Moscow-based company’s relationship with the Kremlin. The Cipher Brief’s Levi Maxey spoke with Chris ...

After reports that highly classified intelligence material was taken from a NSA contractor’s private computer through the individual’s use of Kaspersky Lab’s antivirus software, all eyes turned to the Moscow-based company’s relationship with Russian intelligence and the Kremlin. As private companies using the antivirus software scramble to assess their exposure, ...

The United States has no peer competitors in conventional military power. But its adversaries are increasingly turning to asymmetric methods for engaging in conflict. Cyber-enabled information warfare (CEIW) is a form of conflict to which the United States – and liberal democracies more generally – are particularly vulnerable. Information warfare involves the ...

Much of the discussion surrounding Russian cyber-enabled information operations against Western societies focuses on technology, such as bots amplifying messages on social media and the hacking of institutions of power to then leak emails with potentially salacious material. But in order to meet the level of success that Russian intelligence ...

On Friday, Ben Wallace, the Minister of State for Security for the United Kingdom, said in a BBC radio interview the UK government believes a North Korean hacking group was responsible for the “WannaCry” malware attack, which shut down Britain’s National Health Service data system in May. “I obviously can’t ...

Dan Coats, Director of National Intelligence, told the Aspen Security Forum today that he believes the U.S. national security community lacks the capability to prevent a “cyber-9/11”—meaning a collapse of critical infrastructure caused by malware unleashed by a state or transnational organized crime group. “Imagine a shutdown of the electric ...

Amidst a busy week in national security, The Cipher Brief’s CEO and Publisher, Suzanne Kelly, spoke with Admiral James Stavridis, former Supreme Allied Commander of NATO, author of the new book The Leader’s Bookshelf, and member of the Cipher Brief Network, to discuss the military budget, cyber security, the use ...

Whenever people think about cybersecurity, technology, and innovation, they tend to think about Silicon Valley, but The Cipher Brief asked Bob Stratton, a General Partner at MACH37™, what other regions he is seeing a lot of innovation, or perhaps even the most innovation. Bob Stratton: Interestingly, one of the founding ...

The FBI on Monday said it is investigating the hack involving the Democratic National Committee (DNC) after a cache of emails was leaked in advance of Hillary Clinton’s nomination as the Democratic Party’s nominee for President this week, an incident that has been linked by some to the Russian government.  ...

The Islamic State (also known as ISIS or ISIL) must be defeated on the ground in Iraq and Syria, before it creates not only a physical, but also a cyber caliphate, said French Minister of Defense Jean-Yves Le Drian at a Brookings Institution event on Wednesday. Le Drian – along ...

With fifty percent of U.S. imports travelling by sea, ensuring that ships have a secure place to dock poses a challenge to American law enforcement. With such a heavy economic importance placed on U.S. ports, they have become a target for those wishing to inflict harm on the United States. ...

In 2006, Congress passed the Safe Port Act to help ensure that maritime transportation infrastructure was effectively secured from the threat of terrorism. Today, 10 years since the enactment of the law, are U.S. ports safe? This is a complex issue with an equally complex answer. The established security measures ...

In the nineteenth century, American strategist Alfred Thayer Mahan helped define a new understanding of maritime security and the role of the U.S. Navy in ensuring American global influence. Mahan believed that a strong Navy and robust maritime trade were both integral to national and economic security. He also recognized ...

Do you bring your own laptop to the office, or does your phone connect to your company’s Wi-Fi network? If so, then you need to be concerned about endpoint security. The rise of bring-your-own-device (BYOD) culture in many organizations has created a multitude of new entry points for cyber-attackers, but ...

Every day we read another report lamenting the limited workforce that possesses the technical skills so badly needed in cybersecurity.  This is a significant challenge for our educational system to address.  We need computer scientists, coders, and engineers, and we need to attract young people to those professions. But there ...

Deterrence theory formed the foundation of the narratives and the strategies that shaped the Cold War, and many now seek to apply classical deterrence to the cyber sphere. In essence, deterrence theory holds that maintaining a credible retaliatory capacity can prevent opponents from attacking, since they know that if they ...

The Islamic State (ISIS) is the “preeminent global” threat and remains determined to execute direct attacks against the U.S. homeland, the top U.S. intelligence official told Senators at the annual Worldwide Threats hearings on Tuesday. Director of National Intelligence James Clapper said ISIS “leaders are determined to strike the U.S. ...

It seems that wherever opportunities for innovation and technological developments arise, cyber attacks are not far behind.  Latin American countries are certainly seeing this trend emerge in their markets.  Latin America may not be the first region that comes to mind when one thinks of technology and innovation.  Indeed, Latin ...

With the growing threat of cyber attacks in Latin America and the Caribbean (LAC), the Organization of American States (OAS) has been a crucial component in analyzing the threats’ origins and methods for defending against them.  Belisario Contreras, the Cyber Security Program Manager at the OAS, spoke with The Cipher ...

Aligned with the global trend, Latin America has experienced colossal growth in access to information, facilitated through the Internet and information communication technology (ICT). Because ICT enables efficiencies across all disciplines, gains realized through advancements in ICT have a compounding effect on many aspects of life—sometimes for good and sometimes ...

Understanding China and its future ambitions is a fundamental first step in assessing the U.S.’ options on how to best engage China as an important strategic and economic partner.  We asked former Acting Director and Deputy Director of the CIA John McLaughlin to lay out the framework for understanding the challenges of China, which provides the context for the differing perspectives ...

The U.S. rebalance policy in the Asia-Pacific has led to a deterioration of China’s security environment, with increasing tensions in the East China Sea, including the dispute between China and Japan over the Diaoyu/Senkakus Islands, and the South China Sea, where China has territorial disputes with Vietnam, Philippines, Malaysia, and ...

The rocky relationship between the U.S. and China was in full view last year, highlighted by President Xi Jinping’s visit to Washington, D.C. and the U.S. Navy challenging China’s claims in the South China Sea. Known for his frank comments on current U.S. policy towards China, Senator John McCain (R-AZ) ...

The United States rebalance to Asia has drawn mixed reviews from members of Congress. Rep. Madeleine Bordallo (D-Guam) discussed with The Cipher Brief the strengths and weaknesses of current U.S. policy towards China. Rep. Bordallo emphasized the need for a strong U.S. response to aggressive actions taken by China, while ...

Discussion and debate about international privacy-related standards have been around since the 1940s, when the recognition of privacy as a basic right was ratified by the United Nations (U.N.) Declaration of Human Rights of 1948.  Since then, the number of data privacy requirements has grown dramatically, as nations seek to ...