On January 1st, the United Kingdom began the implementation of the Investigatory Powers Act, widely considered the most comprehensive—and intrusive—surveillance law in the Western world. The Act authorizes government access to bulk datasets such as travel logs, financial transactions, biometrics, the interception of digital communications data, the hacking of devices, ...

Russian President Vladimir Putin ordered a cyber and influence campaign aimed at interfering in the United States election and boosting President-elect Donald Trump’s chances, according to a declassified U.S. intelligence agencies’ report on Russian hacking and efforts to meddle in the 2016 election. “Russia’s goals were to undermine public faith ...

President-elect Donald Trump was briefed Friday on the findings of the intelligence community that Russia was behind hacks of the Democratic National Committee and Hillary Clinton’s staff during the election campaign. Trump has repeatedly cast doubt on the intelligence community’s conclusion that Russia meddled in the election process. It comes ...

Much like with traditional crimes, cybercrimes leave a trail of breadcrumbs that, if assembled correctly, can create a reliable understanding of what occurred and can even lead investigators to the perpetrators. With cybercrime expected to cost society some $2 trillion by 2019, the field of digital forensic investigations will be ...

Top United States intelligence officials on Thursday defended the intelligence agencies’ findings on Russian hacking and interference in the election, pushing back at the public criticism leveled by President-elect Donald Trump against the Intelligence Community (IC) and noting the rhetoric has raised concerns among allies. At Thursday’s Senate Armed Services ...

Pundits will pick over the lessons of 2016 for a long time, and as they do, cyber experts are looking at the past year and finding lessons as well, with far-reaching implications for our nation’s security. For most Americans, the 2016 election was the year cybersecurity moved from being an ...

It’s safe to say 2016 was a banner year for cyber attacks and data breaches. Whether talking about an organization, or even a nation-state, the volume and sophistication of attacks has greatly increased. From Internet of Things-powered botnets capable of taking down even the most hardened infrastructure, to nation-states targeting ...

Threat intelligence sharing among vendor and industry peers has come a long way, and in 2017 there will be more opportunities than ever to demonstrate its value; especially as conversations around sharing intelligence between the public and private sectors continues. Crossing the Last Mile With Threat Intelligence Security vendors and ...

Editor’s Note: Over the coming days, The Cipher Brief presents some of our most incisive coverage on key issues of 2016 and a look ahead at what is yet to come in 2017. From disruptive distributed denial of service (DDoS) attacks rendering entire swathes of the Internet including Netflix, Twitter, ...

Hacktivism has been a fact of life even before the rise of Anonymous. In 2016, we saw a tidal wave of global hacktivism and cyber spying, and this trend will continue in 2017. The social unrest around the world is ripe for escalating hacktivism, and it is increasingly fueled by ...

The cybersecurity environment is constantly changing. The Cipher Brief spoke with Tammy Moskites,  Chief Information Officer at the cybersecurity firm Venafi, who says cybersecurity professionals must refocus on the basics and build secure systems from the bottom up with security in mind while being quick and agile to address new ...

With the growth of cybercrime facilitated by the global nature of the Internet, law enforcement is adapting their toolsets to better tackle the challenges presented by technologies that blur legal jurisdiction. The Cipher Brief spoke with Elaine Lammert, former Deputy General Counsel at the FBI, about the recent changes made ...

What if the U.S. government could force entry—in other words, hack—into electronic devices around the world, using only one warrant, even if the owners of those devices were not suspected of any criminal activity - and it would be legal? The U.S. Department of Justice has made new changes to ...

On December 1, Congress authorized sweeping new government hacking and surveillance authorities by allowing changes to Rule 41 of the Federal Rules of Criminal Procedure to take effect. Republican leaders stonewalled bipartisan efforts in the Senate and the House to stop or delay the change and it went into effect ...

President Barack Obama says the U.S. will respond to the Russia’s interference in the 2016 campaign. In an interview with NPR on Friday, Obama said, "I think there is no doubt that when any foreign government tries to impact the integrity of our elections ... we need to take action. ...

When it comes to attribution—especially when foreign intelligence agencies are involved—plausible deniability is easy. However, the public has come to expect courtroom-quality evidence before believing attribution for cyber operations—a difficult task when the kind of cross-border cooperation you need to get to the bottom of the case is not likely ...

Last month, China’s legislature passed the Cybersecurity Law, which is due to take effect next summer. The controversial law has received a number of criticisms from technology companies, Western government officials, and human rights advocates. The Cipher Brief spoke with Adam Segal, Director of the Digital and Cyberspace Policy Program ...

With the pervasive growth of smart phone and tablet use, cybersecurity professionals are worried these devices could present new vulnerabilities to company systems. The Cipher Brief spoke with Michael Covington, Vice President of Product at Wandera, about the growing threats emanating from mobile devices and how he sees companies potentially ...

Cyberspace has grown into a vital domain of everyday life—we work, socialize, play, and conduct financial transactions online. Our lives now have a digital touch, and much like in the physical world, our identities are at the core of our virtual experience. We rely on passwords to verify that we ...

The use of biometrics to authenticate identity has been the subject of great debate for years, with opposing sides arguing its value for security, privacy, and convenience. On one side, there is an absolute: the demand for infallible security beyond notoriously weak passwords or basic access cards to protect priceless ...

Amidst a rash of data breaches where compromised passwords provided the vector of attack – think Target, Anthem, OPM, or more recently, the Democratic National Committee – industry and government are working together to bolster their defenses.  Augmenting – or ideally, replacing – passwords with more secure, multi-factor authentication (MFA) ...

The balance between privacy and security in the digital age will be a key cybersecurity challenge for the next administration, according to former Homeland Security Secretary Michael Chertoff. “We really need to get to the point where we really view security and privacy as two sides of the same coin ...

It’s hard today to find a major breach where weak identity solutions did not provide the vector of attack.  More than 21 million personnel records – including details of my background check and images of my fingerprints – were stolen last year from the Office of Personnel Management (OPM) because ...

The Putin government of Russia is conducting cyberspace-enabled Information Operations, including political “destabilizing operations” (a form of warfare), against the United States. Moscow is competing worldwide with the United States and rejects the Western, liberal world order as the model for all states. Russia is likely stealing internal documents related ...

With organizations and companies continuing to experience breaches in their networks, there is a need for the cybersecurity industry to quickly adapt their strategies so that they are inspecting the entire chain of steps leading up to a breach as well as taking an attacker point-of-view into where vulnerabilities exist ...

Americans will remember the 2016 U.S. Presidential Election as one of the most controversial in our history. Yet, debate extended beyond the fitness of the candidates. The threat of cyberattacks vexed the government and citizens alike. However, threats that haunted the public differed from those that could have influenced the ...

When it comes to cybersecurity preparations for the 2016 election, it is now officially too late. The success, perceived and actual, of the election on Tuesday will depend on the efforts officials have made thus far, the willingness of adversaries to interfere, and vulnerabilities that make those threats real. A ...

With elections around the corner and ongoing fears of Russian interference and vulnerabilities in electronic election systems, The Cipher Brief sat down with Rachel DeLevie-Orey of the Atlantic Council to discuss the current state of the U.S. election system and why election technology—when correctly implemented—is so important for actually creating ...

The idyllic American university campus conjures the image of a safe and open academic environment where students spend four or more years learning new ideas and preparing for future careers.  Professors challenge eager students to open their minds to old and new perspectives in science, mathematics, business, and of course, ...

On Tuesday, people around the United States will flood to local polling places to cast their vote for the future leadership of the United States. Voting—the very foundation of representative democracy—is predicated on privacy, anonymity, and freedom from outside influence or coercion. At the core of this system is transparency, ...

Earlier this month, Director of National Intelligence (DNI) James Clapper described reaching out to the private sector as a “daunting task,” and that “there is still much to be done,” to improve information sharing in the age of digital communications. Brad Brekke, the FBI’s director of private sector engagement, added ...

All Americans – including both company executives and law enforcement officials across the nation – want to keep our country safe and secure. This shouldn’t be a shocking statement, but so often we hear the debates around encryption, privacy, and data security framed as a battle between law enforcement or ...

At least twice in the past year, the U.S. was Twappled.  That is, multibillion-dollar U.S. corporations used their significant position in their respective industry to obstruct the U.S. from conducting activities intrinsic to the purpose of government, but which these corporations saw as inconsistent with their own interests and ideals.  ...

As the military prepares for the transition to the next administration, the three service secretaries on Monday detailed their concerns about the challenges posed by weaponized drones, cyber threats, and working with the private sector. The civilian officials told a gathering hosted by the Center for a New American Security ...

October is National Cyber Security Awareness Month and The Cipher Brief is pulling together a Cyber Advisory Task Force made up of public and private sector professionals who are coming together to help create a blueprint that will address critical and emerging cyber threats.  Our goal is to help educate ...

The past year has proven to be a contentious and disruptive time for the technology sector. The threat of home grown terrorism combined with the adroit usage of social media by terrorist groups, has forced the tech sector to come into far closer contact with the intelligence community than it ...

As cyber attacks against U.S. government and private networks have increased in severity in recent years, the Congress and President have actively sought to identify, with the assistance of the U.S. private sector, conditions in U.S. law that could be hampering America’s development of an effective defense against such attacks, ...

A confusing legal landscape and ever changing technology has created a challenging environment for businesses to navigate.  The Cipher Brief recently spoke to Chris Pogue, the Chief Information Security Officer at Nuix, about the nature of the problem and what needs to be done to bring government and the private ...

Recent amendments to the Wassenaar Arrangement (WA)—a multilateral voluntary agreement among 41 countries that places restrictions on the export of dual use technologies—have added intrusion software and Internet Protocol (IP) network surveillance systems to the list of technologies that cannot be exported. The amendments’ purpose is to prevent countries, known ...

As more and more business is conducted online and cyber criminals target in on a very lucrative market, both the public and private sector face increasing cybersecurity risks.  The Cipher Brief sat down with Scott Keoseyan, the leader for Deloitte’s Cyber Threat Analysis and Research Teams, and Keith Brogan, a ...

Whether it’s your phone, your computer, TV, or even a refrigerator, all those connected devices that we depend on in our daily lives have become targets for an ever-growing cadre of cyber criminals.  The Cipher Brief spoke with two Flashpoint officials, Chief Scientist Lance James and Subject Matter Expert Vitali ...

The risk of attack or theft from cyber-enabled actors has been made extremely clear to both private businesses and governments. The last few years have demonstrated that any connected device – be it a computer, a phone, or even a car – can be hacked by someone. Often the response ...

American businesses lose an estimated $160 billion to $480 billion annually due to trade secret misappropriation. To combat this loss, over the past few years the law enforcement community has enhanced its strategies, Congress has passed legislation to expand trade secret protection, and many businesses have made sweeping changes to ...

Observers around the world were shocked when news broke about a major bank heist in Bangladesh. This was no ordinary robbery though – this time, the thieves stole tens of millions of dollars by exploiting a flaw in the SWIFT network—an internationally recognized code for banks. The cyber-oriented nature of ...

Cyber threats pose a challenge to banks and firms operating in the financial sector, primarily due to the fact that “vulnerability really exists everywhere,” both on the technological side and the business side, says Michael Orozco, Managing Director in Accenture Strategy Security. To help improve security in the financial sector, ...

The Cipher Brief sat down with Steven Grossman, VP of Strategy and Enablement at Bay Dynamics, to discuss the current cyber threat landscape facing the financial sector. According to Grossman, insider threats pose the greatest risk to the global banking industry and that “being able to track, manage, and understand ...

There are two different types of insider threat: negligent and malicious. Negligent insiders are people who give attackers access by mistake. For example, the employee who clicks on a spear-phishing email and lets hackers into their employer’s networks is a negligent insider. This is a significant problem, but one that ...

The Cipher Brief sat down with Stuart Clarke, Chief Technical Officer for Cybersecurity at Nuix, to discuss how the visualization of data plays a critical role in detecting cyber threats, including insider threats originating from within a company itself. According to Clarke, visualization “solves a lot of problems” and being ...

Behavioral profiling plays an important role in the wider effort to counter cyber threats, explains Steve Bongardt, VP of Security Consulting Services at Fidelis Cybersecurity. When it comes to external threats, behavioral profiling helps when trying to“ understand motives in general and come up with typologies,” says Bongardt.  In regard ...

The controversial new movie “Snowden,” which is provocative director Oliver Stone’s take on NSA leaker Edward Snowden, was released in the United States on Friday.   The release of the film, along with his recent departure from Booz Allen Hamilton,  prompted Snowden’s former boss to speak out for the first time ...