The top counterintelligence priorities of the United States government are insider threats, protecting critical infrastructure, and supply chain security, according to National Counterintelligence Executive Bill Evanina, and tackling those requires a “team approach” of the government and private sector. “The threats are real and our adversaries are more brazen than ...

Estonia, both a European Union and NATO member, shares an entire eastern border with Russia but remains firmly embedded in the Western defense alliance. Mariin Ratnik, the head of security policy and transatlantic relations in Estonia’s Foreign Ministry, was recently in Washington for meetings with the Trump administration. The Cipher ...

China continues to deploy military equipment to contested islands in the South China Sea, raising concerns among regional players and U.S. forces stationed in the Pacific.    A Chinese government strategy document published last month by China’s state-owned news agency Xinhua signals that Beijing is building up its military cyber ...

In September 2015, Chinese President Xi Jinping and President Barack Obama reached an agreement that neither nation would “conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.” Many astute observers ...

China is a burgeoning great power. It is continually figuring out the various dimensions of power – not least of which is power in cyberspace – and putting them to use. Like other great powers dealing in an unknown medium, it is, to quote Deng Xiaoping, crossing the river by ...

My late mother served as a sergeant in the Women’s Army Corps during World War II. She was nearly killed in 1944 by a “buzz bomb” – think German UAV (unmanned aerial vehicle) – that destroyed the London building in which she worked and literally vaporized two of her office ...

Connectivity continues to enmesh businesses, governments, societies and people – a trend that will only accelerate with the growth of public cloud services and devices linked together in the Internet of Things. But some of the most sensitive sectors are attempting to cordon off their networks from the outside. Highly ...

In the world of network security, the term air gap refers to a situation in which the computer network is physically separated from other networks, particularly, less secure and public networks such as the internet. Today, air-gapped networks are widely used in military defense systems, critical infrastructure, the financial sector, ...

As the House Intelligence Committee gathers on Monday to hold its first public hearing into Russian interference in the 2016 election, experts say this marks an important opportunity to begin explaining the complexities of the Kremlin’s actions to the American people — as long as it doesn’t devolve into partisan ...

The controversy surrounding alleged Russian interference in the 2016 Presidential election shows no sign of waning, dominating the conversation during The Cipher Brief’s Georgetown Salon Series event with former CIA Acting Director Michael Morell on Wednesday night. “I think that the Russian interference in the election is a much bigger ...

The drumbeat of cyber incidents continues unabated, with breaches at email providers, insurance companies, defense contactors, telecoms, adult websites, government databases, and so much more. These breaches typically have at least one thing in common: someone calls them “sophisticated.” But if everything is sophisticated, nothing is. This has relevance to ...

WikiLeaks on Tuesday published what it claims to be the CIA’s hacking techniques to exploit devices such as smart phones, computers, and Internet-connected televisions for the collection of intelligence around the world. If proven to be authentic, it “will be a huge benefit to our adversaries,” says Michael Morell, the ...

Cyberspace is often portrayed as a new domain of international relations – a Wild West where there are no rules or guiding principles to govern the behavior of states. Such perceptions of anarchism have bred uncertainty over what is or is not acceptable activity among governments. This often leads to ...

NATO’s Cooperative Cyber Defence Centre of Excellence last month published the Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, a follow-on project to the first, 2013, edition of the manual, which focused on cyber operations in peacetime. The work of a distinguished and geographically diverse group of ...

A group of international law experts met in Tallinn, Estonia, after the 2007 onslaught of cyber attacks against sites in the country, to create the Tallinn Manual in order to clarify what constitutes an act of war in cyberspace and how countries could lawfully respond. The vast majority of everyday ...

Cyber operations remain at the forefront of confrontations between the West and Moscow as relations continue to deteriorate. Russia asserted itself in 2007 with “patriotic hackers” launching a volley of distributed denial of service (DDoS) attacks on Estonian systems. Then in 2008, cyber attacks preceded the Russo-Georgian war, and again ...

Understanding the Russian criminal underground is essential when discussing Russian proxies in cyberspace. How do cybercriminal entities interact with each other and what is their relationship with the Russian government? The Cipher Brief spoke with Ed Cabrera, the Chief Cybersecurity Officer at Trend Micro and the former Chief Information Security ...

What if network defenders knew that a cyber operation occurred during Moscow business hours, that it involved a Russian IP address, and that the cyber actors used a Cyrillic keyboard? Would those indicators by themselves be enough for attribution?  Given the Russian cyber environment, the answer is clearly “no.” Those ...

For many, cybersecurity is a technical problem and therefore requires technical solutions. But for policymakers and the national security community, a key takeaway from this year’s RSA Conference is that cybersecurity is simply a digital extension of many of the threats that have been around for a long time: organized ...

This week I am attending the RSA Conference, a global convention bringing together government and business approaches to secure the digital channels people depend on every day. To catch up on what has been buzzing in the public presentations and private corridors of this year’s RSA Conference, check out my ...

The cybersecurity industry, much like other sectors, is dealing with an influx of data. In response, security experts hope to harness the power of artificial intelligence and machine learning to effectively and efficiently augment their ability to detect, predict, and contain threats to their networks. The Cipher Brief spoke with ...

This week I am attending the RSA Conference, a global convention bringing together government and business approaches to secure the digital channels people depend on every day. To catch up on what has been buzzing in the public presentations and private corridors of this year’s RSA Conference, check out my ...

If you missed our previous dispatch, I am attending the annual RSA Conference in San Francisco, a global event where private and public sectors come together to hash out the most pressing concerns in cybersecurity today. Prior discussions hit on technical approaches to privacy, the role of government in laying ...

This week I’m attending the annual RSA Conference in San Francisco, where government and industry leaders have come together to discuss the looming challenges and newest tools in cybersecurity. Throughout the week, I’ll be speaking with experts, bringing you insights on the threats emanating from cyberspace, ranging from ransomware and ...

The impact that the Snowden revelations had on private businesses is one of the most overlooked stories in the Snowden saga, particularly the impact on technology and Internet communications companies such as Apple, Google, Verizon, and Cisco.  In my opinion, the Snowden revelations impacted businesses’ willingness to work with the ...

Among the least understood and considered elements of the Edward Snowden saga are the details around what his job was and what data he could actually access.  Did Snowden ever access or use Prism data?  Did he understand it and its protections?  Did he have long-term access to the signals ...

The cybersecurity industry is currently enamored with concepts of autonomous defense, including elements of machine learning, behavioral analytics, and artificial intelligence—and rightly so. Programed to be able to study all vulnerabilities in the public domain, autonomous bots (autbots)—not to be confused with bots simply conducting repetitive tasks like guessing default ...

Steven Bay was a contractor with Booz Allen Hamilton for nine years.  He was working on an NSA contract in Hawaii when he hired Edward Snowden.  You can read more about Bay’s experience with Snowden here. He is currently the Founder and CEO of S.S. Bay Group. The latest allegations against former ...

Many view cybersecurity as passively blocking attempts to breach networks, but security experts have long advocated more active measures in defense of sensitive networks. Advances in artificial intelligence and machine learning could make such efforts scalable to the vast connectivity of the modern age. The Cipher Brief spoke with David ...

We live in an age where what used to be the figment of science fiction is now a reality, changing the way people go about their daily lives. Advances in artificial intelligence and machine learning are the new frontier, and their inception creates just as many risks as opportunities. In ...

With cybercrime expected to reach costs nearing $2 trillion by 2019, firms are urgently seeking ways to better defend their networks from the harmful impacts of embarrassing leaks and disruptive extortion. The Cipher Brief spoke with Justin Harvey, the Managing Director and Global Lead at Accenture Security’s Incident Response Practice, ...

The Internet of Things (IoT), a phenomenon of everyday Internet-connected devices ranging from smart appliances to webcams and routers, is making the lives of companies, governments, and households more efficient and data-driven. However, these devices also present a new vulnerability into the networks they are a part of, creating novel ...

Steven Bay has held his secrets and his struggles close for nearly four years now. Bay was Edward Snowden’s boss in June of 2013 when Snowden, who joined Bay’s team just two months earlier at a National Security Agency outpost in Hawaii, downloaded and stole terabytes of classified data.  Snowden ...

Cybersecurity is often discussed in relation to the major global powers: China’s economic espionage, Russian influence operations, and U.S. dragnet global surveillance to thwart terrorism. However, as other countries move to digitize their economies, cybercriminals are zeroing in on these new and lucrative targets while regional players are quickly incorporating ...

Recent years have witnessed a series of increasingly audacious and unprecedented cyber attacks, leading up to the recent accusations of Russian hacking throughout last year’s U.S. presidential election season. In the Middle East, the Gulf region has also experienced its fair share of the threat from cyberspace. In fact, proportional ...

Cyber is emerging as Iran’s weapon of choice for dealing with both domestic and foreign opponents. For more than a decade, the Islamic Republic has waged a relentless cyber­spying campaign against Iranian dissidents. Following its discovery of the Stuxnet cyberattacks on its nuclear program in 2010 and the imposition of ...

The cultural shift stemming from a “need-to-know” to a “need-to-share” atmosphere in the intelligence community in the wake of 9/11 has been necessary to operate in today’s complex environment, experts and former national security officials say, but elements of the system may need an overhaul to tackle the increased insider ...

Even before the release of the unclassified version of the U.S. intelligence community’s conclusions regarding Russian hacking and involvement in the U.S. presidential elections, before President-elect Donald Trump got his classified briefing on the report from the heads of the U.S. Intelligence Community, before all the reactions to the report, ...

For years, the easiest avenue to conduct a cyber attack against a business or an organization was social engineering attacks via emails. While still a primary concern, criminals and nation-states have begun adapting their methods by targeting the largest and most public surface of any business: their presence on social ...

Distinguishing between whistleblowers who want to point out and fix problems within the intelligence community and employees who want to damage national security will demand increased attention as the insider threat problem grows, experts say. On November 30, contractors who hold facility clearances were required to have a written insider ...

In the wake of the arrest of Central Intelligence Agency (CIA) officer Aldrich Ames as a spy, then-CIA Chief of Counterintelligence Paul Redmond commented, “There is an actuarial certainty that there are other spies in U.S. national security agencies, and there always will be.”  I recalled that statement when considering ...

President Donald J. Trump’s Administration has suggested massive overhauls in a number of policy areas, but few have remained as shrouded in uncertainty as Trump’s vision for the future of cybersecurity. All that is known is through Trump’s statements that attribution is hard, China spies for economic purposes, the private ...

U.S. failure to fully develop and implement a comprehensive cyber security strategy created the perfect opportunity for Russia to attack the Democratic National Committee computer network, and enabled them to meddle and interfere with the U.S. presidential election.   Years of bickering by federal agencies – over which agency was in ...

In the fall of 2008, a bipartisan group of cybersecurity experts delivered some sage advice to Barack Obama, set to become president in January: “Don’t start over.” That group, organized by the Center for Strategic and International Studies, made a strong and persuasive case that the Obama Administration needed to ...

Presidential inaugurations not only mark the beginning of a new administration, but also the end of one too. As many remain uncertain about the policies of the new Trump Administration, it is important to also take a look back at the progress made by the Obama Administration. Coinciding with the ...

With news of nation-states allegedly attacking companies, political institutions, and world governments, it is important to know how attribution works in cybersecurity. For the unfamiliar, attribution is the process investigators and intelligence workers use to tie responsibility of an event or action to a person, group, or country. Unless there ...

President Barack Obama’s decision to impose a range of sanctions against Russia for its successful network strike and information operation against the U.S. electoral process was an excellent first step towards an improved cyber deterrent capacity. However, we must do much more at home to harden our networks and critical ...

Will the U.S. government see a large-scale breach in 2017? Common sense would say yes, whether by size, like the Office of Personnel Management, suspicion, like the Democratic National Committee, or by prestige, like CIA director John Brennan’s email. After all, our government is monumental in size and scope; has ...

Surveillance law is absolutely necessary because it compels the government to write down, for all to clearly see, the rules that they must abide by as they undertake intrusive powers, often in secret, to investigate criminal activity and protect a country. To do so is to protect the rule of ...

On November 29, Royal Assent was given to the UK Investigatory Powers Act, after eight months of intensive Parliamentary scrutiny, with hundreds of amendments made, following lengthy pre-legislative debate in three Parliamentary Committees.  The Act draws on the input from three separate, independent inquiries that were set up after a ...