Even before the release of the unclassified version of the U.S. intelligence community’s conclusions regarding Russian hacking and involvement in the U.S. presidential elections, before President-elect Donald Trump got his classified briefing on the report from the heads of the U.S. Intelligence Community, before all the reactions to the report, ...

For years, the easiest avenue to conduct a cyber attack against a business or an organization was social engineering attacks via emails. While still a primary concern, criminals and nation-states have begun adapting their methods by targeting the largest and most public surface of any business: their presence on social ...

Distinguishing between whistleblowers who want to point out and fix problems within the intelligence community and employees who want to damage national security will demand increased attention as the insider threat problem grows, experts say. On November 30, contractors who hold facility clearances were required to have a written insider ...

President Donald J. Trump’s Administration has suggested massive overhauls in a number of policy areas, but few have remained as shrouded in uncertainty as Trump’s vision for the future of cybersecurity. All that is known is through Trump’s statements that attribution is hard, China spies for economic purposes, the private ...

U.S. failure to fully develop and implement a comprehensive cyber security strategy created the perfect opportunity for Russia to attack the Democratic National Committee computer network, and enabled them to meddle and interfere with the U.S. presidential election.   Years of bickering by federal agencies – over which agency was in ...

In the fall of 2008, a bipartisan group of cybersecurity experts delivered some sage advice to Barack Obama, set to become president in January: “Don’t start over.” That group, organized by the Center for Strategic and International Studies, made a strong and persuasive case that the Obama Administration needed to ...

In the wake of the arrest of Central Intelligence Agency (CIA) officer Aldrich Ames as a spy, then-CIA Chief of Counterintelligence Paul Redmond commented, “There is an actuarial certainty that there are other spies in U.S. national security agencies, and there always will be.”  I recalled that statement when considering ...

Presidential inaugurations not only mark the beginning of a new administration, but also the end of one too. As many remain uncertain about the policies of the new Trump Administration, it is important to also take a look back at the progress made by the Obama Administration. Coinciding with the ...

With news of nation-states allegedly attacking companies, political institutions, and world governments, it is important to know how attribution works in cybersecurity. For the unfamiliar, attribution is the process investigators and intelligence workers use to tie responsibility of an event or action to a person, group, or country. Unless there ...

President Barack Obama’s decision to impose a range of sanctions against Russia for its successful network strike and information operation against the U.S. electoral process was an excellent first step towards an improved cyber deterrent capacity. However, we must do much more at home to harden our networks and critical ...

Will the U.S. government see a large-scale breach in 2017? Common sense would say yes, whether by size, like the Office of Personnel Management, suspicion, like the Democratic National Committee, or by prestige, like CIA director John Brennan’s email. After all, our government is monumental in size and scope; has ...

Surveillance law is absolutely necessary because it compels the government to write down, for all to clearly see, the rules that they must abide by as they undertake intrusive powers, often in secret, to investigate criminal activity and protect a country. To do so is to protect the rule of ...

On November 29, Royal Assent was given to the UK Investigatory Powers Act, after eight months of intensive Parliamentary scrutiny, with hundreds of amendments made, following lengthy pre-legislative debate in three Parliamentary Committees.  The Act draws on the input from three separate, independent inquiries that were set up after a ...

On January 1st, the United Kingdom began the implementation of the Investigatory Powers Act, widely considered the most comprehensive—and intrusive—surveillance law in the Western world. The Act authorizes government access to bulk datasets such as travel logs, financial transactions, biometrics, the interception of digital communications data, the hacking of devices, ...

Russian President Vladimir Putin ordered a cyber and influence campaign aimed at interfering in the United States election and boosting President-elect Donald Trump’s chances, according to a declassified U.S. intelligence agencies’ report on Russian hacking and efforts to meddle in the 2016 election. “Russia’s goals were to undermine public faith ...

President-elect Donald Trump was briefed Friday on the findings of the intelligence community that Russia was behind hacks of the Democratic National Committee and Hillary Clinton’s staff during the election campaign. Trump has repeatedly cast doubt on the intelligence community’s conclusion that Russia meddled in the election process. It comes ...

Much like with traditional crimes, cybercrimes leave a trail of breadcrumbs that, if assembled correctly, can create a reliable understanding of what occurred and can even lead investigators to the perpetrators. With cybercrime expected to cost society some $2 trillion by 2019, the field of digital forensic investigations will be ...

Top United States intelligence officials on Thursday defended the intelligence agencies’ findings on Russian hacking and interference in the election, pushing back at the public criticism leveled by President-elect Donald Trump against the Intelligence Community (IC) and noting the rhetoric has raised concerns among allies. At Thursday’s Senate Armed Services ...

Pundits will pick over the lessons of 2016 for a long time, and as they do, cyber experts are looking at the past year and finding lessons as well, with far-reaching implications for our nation’s security. For most Americans, the 2016 election was the year cybersecurity moved from being an ...

It’s safe to say 2016 was a banner year for cyber attacks and data breaches. Whether talking about an organization, or even a nation-state, the volume and sophistication of attacks has greatly increased. From Internet of Things-powered botnets capable of taking down even the most hardened infrastructure, to nation-states targeting ...

Threat intelligence sharing among vendor and industry peers has come a long way, and in 2017 there will be more opportunities than ever to demonstrate its value; especially as conversations around sharing intelligence between the public and private sectors continues. Crossing the Last Mile With Threat Intelligence Security vendors and ...

Editor’s Note: Over the coming days, The Cipher Brief presents some of our most incisive coverage on key issues of 2016 and a look ahead at what is yet to come in 2017. From disruptive distributed denial of service (DDoS) attacks rendering entire swathes of the Internet including Netflix, Twitter, ...

Hacktivism has been a fact of life even before the rise of Anonymous. In 2016, we saw a tidal wave of global hacktivism and cyber spying, and this trend will continue in 2017. The social unrest around the world is ripe for escalating hacktivism, and it is increasingly fueled by ...

The cybersecurity environment is constantly changing. The Cipher Brief spoke with Tammy Moskites,  Chief Information Officer at the cybersecurity firm Venafi, who says cybersecurity professionals must refocus on the basics and build secure systems from the bottom up with security in mind while being quick and agile to address new ...

With the growth of cybercrime facilitated by the global nature of the Internet, law enforcement is adapting their toolsets to better tackle the challenges presented by technologies that blur legal jurisdiction. The Cipher Brief spoke with Elaine Lammert, former Deputy General Counsel at the FBI, about the recent changes made ...

On December 1, Congress authorized sweeping new government hacking and surveillance authorities by allowing changes to Rule 41 of the Federal Rules of Criminal Procedure to take effect. Republican leaders stonewalled bipartisan efforts in the Senate and the House to stop or delay the change and it went into effect ...

What if the U.S. government could force entry—in other words, hack—into electronic devices around the world, using only one warrant, even if the owners of those devices were not suspected of any criminal activity - and it would be legal? The U.S. Department of Justice has made new changes to ...

President Barack Obama says the U.S. will respond to the Russia’s interference in the 2016 campaign. In an interview with NPR on Friday, Obama said, "I think there is no doubt that when any foreign government tries to impact the integrity of our elections ... we need to take action. ...

When it comes to attribution—especially when foreign intelligence agencies are involved—plausible deniability is easy. However, the public has come to expect courtroom-quality evidence before believing attribution for cyber operations—a difficult task when the kind of cross-border cooperation you need to get to the bottom of the case is not likely ...

Last month, China’s legislature passed the Cybersecurity Law, which is due to take effect next summer. The controversial law has received a number of criticisms from technology companies, Western government officials, and human rights advocates. The Cipher Brief spoke with Adam Segal, Director of the Digital and Cyberspace Policy Program ...

With the pervasive growth of smart phone and tablet use, cybersecurity professionals are worried these devices could present new vulnerabilities to company systems. The Cipher Brief spoke with Michael Covington, Vice President of Product at Wandera, about the growing threats emanating from mobile devices and how he sees companies potentially ...

Cyberspace has grown into a vital domain of everyday life—we work, socialize, play, and conduct financial transactions online. Our lives now have a digital touch, and much like in the physical world, our identities are at the core of our virtual experience. We rely on passwords to verify that we ...

The use of biometrics to authenticate identity has been the subject of great debate for years, with opposing sides arguing its value for security, privacy, and convenience. On one side, there is an absolute: the demand for infallible security beyond notoriously weak passwords or basic access cards to protect priceless ...

Amidst a rash of data breaches where compromised passwords provided the vector of attack – think Target, Anthem, OPM, or more recently, the Democratic National Committee – industry and government are working together to bolster their defenses.  Augmenting – or ideally, replacing – passwords with more secure, multi-factor authentication (MFA) ...

The balance between privacy and security in the digital age will be a key cybersecurity challenge for the next administration, according to former Homeland Security Secretary Michael Chertoff. “We really need to get to the point where we really view security and privacy as two sides of the same coin ...

It’s hard today to find a major breach where weak identity solutions did not provide the vector of attack.  More than 21 million personnel records – including details of my background check and images of my fingerprints – were stolen last year from the Office of Personnel Management (OPM) because ...

The Putin government of Russia is conducting cyberspace-enabled Information Operations, including political “destabilizing operations” (a form of warfare), against the United States. Moscow is competing worldwide with the United States and rejects the Western, liberal world order as the model for all states. Russia is likely stealing internal documents related ...

With organizations and companies continuing to experience breaches in their networks, there is a need for the cybersecurity industry to quickly adapt their strategies so that they are inspecting the entire chain of steps leading up to a breach as well as taking an attacker point-of-view into where vulnerabilities exist ...

Americans will remember the 2016 U.S. Presidential Election as one of the most controversial in our history. Yet, debate extended beyond the fitness of the candidates. The threat of cyberattacks vexed the government and citizens alike. However, threats that haunted the public differed from those that could have influenced the ...

When it comes to cybersecurity preparations for the 2016 election, it is now officially too late. The success, perceived and actual, of the election on Tuesday will depend on the efforts officials have made thus far, the willingness of adversaries to interfere, and vulnerabilities that make those threats real. A ...

With elections around the corner and ongoing fears of Russian interference and vulnerabilities in electronic election systems, The Cipher Brief sat down with Rachel DeLevie-Orey of the Atlantic Council to discuss the current state of the U.S. election system and why election technology—when correctly implemented—is so important for actually creating ...

The idyllic American university campus conjures the image of a safe and open academic environment where students spend four or more years learning new ideas and preparing for future careers.  Professors challenge eager students to open their minds to old and new perspectives in science, mathematics, business, and of course, ...

On Tuesday, people around the United States will flood to local polling places to cast their vote for the future leadership of the United States. Voting—the very foundation of representative democracy—is predicated on privacy, anonymity, and freedom from outside influence or coercion. At the core of this system is transparency, ...

Earlier this month, Director of National Intelligence (DNI) James Clapper described reaching out to the private sector as a “daunting task,” and that “there is still much to be done,” to improve information sharing in the age of digital communications. Brad Brekke, the FBI’s director of private sector engagement, added ...

All Americans – including both company executives and law enforcement officials across the nation – want to keep our country safe and secure. This shouldn’t be a shocking statement, but so often we hear the debates around encryption, privacy, and data security framed as a battle between law enforcement or ...

At least twice in the past year, the U.S. was Twappled.  That is, multibillion-dollar U.S. corporations used their significant position in their respective industry to obstruct the U.S. from conducting activities intrinsic to the purpose of government, but which these corporations saw as inconsistent with their own interests and ideals.  ...

As the military prepares for the transition to the next administration, the three service secretaries on Monday detailed their concerns about the challenges posed by weaponized drones, cyber threats, and working with the private sector. The civilian officials told a gathering hosted by the Center for a New American Security ...

October is National Cyber Security Awareness Month and The Cipher Brief is pulling together a Cyber Advisory Task Force made up of public and private sector professionals who are coming together to help create a blueprint that will address critical and emerging cyber threats.  Our goal is to help educate ...

The past year has proven to be a contentious and disruptive time for the technology sector. The threat of home grown terrorism combined with the adroit usage of social media by terrorist groups, has forced the tech sector to come into far closer contact with the intelligence community than it ...

As cyber attacks against U.S. government and private networks have increased in severity in recent years, the Congress and President have actively sought to identify, with the assistance of the U.S. private sector, conditions in U.S. law that could be hampering America’s development of an effective defense against such attacks, ...