The court order demanding Apple create an encryption-breaking tool was never about a single iPhone.  A disclosure in a federal court yesterday revealed that the Justice Department has made at least nine similar demands to Apple.  Officials in the department have sought to convince the world that this case is ...

There is a massive problem in cybersecurity, and it has been growing for years. This problem is not a malicious program, or a rogue nation-state, or angry hackers, but rather a persistent imbalance in the labor market. Simply put, there are not enough cybersecurity professionals in the United States to ...

There is a dearth of talent in the cybersecurity industry, and the talent that does exist tends to be very specific, with some skill sets being more rare than others. An IT guy with 15 years of experience in network engineering is not interchangeable with a skilled penetration tester (pentester), ...

Industry data regarding the cybersecurity skills shortage continues to paint a disturbing picture.  For example: Job market analytics vendor Burning Glass states that cybersecurity job postings grew 74% from 2007 to 2013, more than twice the growth rate of all IT jobs. Prospective employers posted more than 50 thousand jobs ...

With the Super Bowl just completed, corporate America might take this as a good time to step back and reevaluate how strong its offensive and defensive capabilities really are. With the economy showing signs of improvement, more companies are doing well on the offensive, or growth, side of their business. ...

A serious, potential malware threat has been detected on the systems that control many aspects of critical infrastructure in the United States.  These industrial control systems (ICS) manage the operation of valves, turbines, and other physical devices that are essential to manufacturing, electricity generation, and water services. ICS systems offer ...

Industrial control systems (ICS) underly many aspects of our critical infrastructure, and there are concerns that they are becoming more vulnerable to hackers. The Cipher Brief has covered the threats to these systems, but recently there have been reports that Russia-affiliated hackers were able to cause power outages in Ukraine ...

Industrial control systems are a profoundly important part of the critical infrastructure of the United States, but they are also increasingly vulnerable to cyber-attacks. The Cipher Brief spoke to former National Security Agency official Rhea Siers about the growing threat to these systems.  Siers says the U.S. is getting better ...

Cyber-crime and cybersecurity are locked in a perpetual competition – whenever one advances, the other changes to counter it. With every iteration of this contest, both sides become more nuanced, more complex, and begin to exploit more novel ways of gaining advantage. One of the more interesting types of malware ...

Ransomware is a relatively new type of threat, and like most malware it is constantly changing. Ryan Olson is the director of the threat intelligence team at Palo Alto Networks, and he spoke with the Cipher Brief about the threat posed by ransomware. He suggests making sure you keep your ...

The Internet of Things is poised to become as revolutionary as the Internet itself, but there are some major threats that must be dealt with first. J.J. Thompson, the founder of the cybersecurity firm Rook Security, spoke with the Cipher Brief about how ransomware could impact the Internet of Things ...

One of the key lessons of 2015 was that cybersecurity is more important than ever – a lesson that Sony and the Office of Personnel Management learned the hard way. In the wake of these hacks, information sharing has become a very popular way for private companies and the government ...

Countering cyber-threats can be difficult, and information sharing has come to be seen as a constructive way to attack the problem. Elaine Lammert, a former Deputy General Counsel with the FBI, spoke with the Cipher Brief about the need for a holistic approach to cybersecurity and the importance of trust ...

Threat intelligence sharing has a complex history within the security industry. The premise is simple: cybercriminals will often launch attacks with similar components, using the same tactics, or even re-use the same malware or exploits over and over again. If every organization was sharing intelligence on the attacks being launched ...

Late last year, the text of the Cybersecurity Information Sharing Act (CISA) found its way into a consolidated spending bill and was signed into law by President Barack Obama on December 18, 2015.  CISA is designed to "improve cybersecurity in the United States through enhanced sharing of information about cybersecurity ...

Estonia packs a punch in the cyber domain. The country is a world leader in cyber-related innovation, and it has charted that course without compromising security. Estonia initially gained global attention as a cyber-target, seeking to overcome a series of organized attacks in 2007 widely attributed to Russian groups.  Estonia ...

The legacy of the Cold War has left many enduring images in the minds of most Americans, images that are usually associated with Russia and its nuclear arsenal.    But a key threat, from what many believe is the new Cold War, could very well be from Russian hackers. When listing ...

In 2016, the gap between threat actors and the cybersecurity industry will continue to expand. The security industry continues to fight the cyber battles with strategies that are 10 years old, while threat actors change their strategies on a monthly basis. This situation isn’t given the attention it desperately requires. ...

With the proliferation of many advanced security tools, enterprise and C-Suite managers have recently turned to deploying the most fashionable, powerful, and popular tools on the market, bolstering their defense capabilities and impressing shareholders. The story is typical: A CIO or CISO is lured by clever marketing gimmicks or a ...

Large businesses in the United States are putting substantial resources into protecting their information from cybersecurity threats. As a result, they are tougher targets for malicious attacks, so hackers and cyber criminals are now focusing their unwanted attention on smaller, less secure businesses. Small businesses have money and information of ...

Justin Zeefe is a co-founder and Chief Strategy Officer for the Nisos Group.  Zeefe spoke with The Cipher Brief about the evolving cyber-threat and how smaller businesses can best protect themselves. His main advice?  Make cybersecurity a priority and be proactive about protecting your assets. The Cipher Brief: It seems ...

Few businesses today would think of operating without liability, property, or workers’ compensation insurance and yet, according to a recent survey by CSO magazine, only 59 percent of organizations have some form of cybersecurity insurance. Part of the problem is that cybersecurity insurance continues to be a maturing market that ...

Davis Hake is the Director of Cybersecurity Strategy for Palo Alto Networks and a former official at the Department of Homeland Security.  Hake spoke with The Cipher Brief about the importance of information sharing and creating a coordinated response to the changing cyber-threat. The Cipher Brief: It seems like cyber-attacks ...

Periodically, The Cipher Brief profiles an up and coming leader in the cybersecurity and national security fields.   This week we introduce you to Angela Knox, the Senior Engineering Director at Cloudmark, a network security company.  Computer Business Review recently named Knox as one of the five top women leading the ...

Chris Young is the general manager of the Intel Security Group at the Intel Corporation, where he leads the company’s security practice. Young sat down with The Cipher Brief to discuss the evolving nature of the cyber threat and what businesses can do to better protect themselves. The Cipher Brief: ...

Cybersecurity has not only dominated the headlines in the wake of the U.S. Office of Personnel Management (OPM) and Sony hacks, it has become a big business opportunity as well. The demand for protection in the cyber domain is rising across the world. According to current projections, cybersecurity firms can ...

Hollywood has a clear idea of what it would look like if someone used cyber-capabilities against us: a man in a room full of screens would be typing madly, planes would fall out of the sky, there would be explosions everywhere, and so forth. According to Director of National Intelligence, ...

David Navetta is an attorney who focuses primarily on technology, privacy, information security, and intellectual property law at Norton Rose Fulbright.  In an interview with The Cipher Brief, Navetta discussed the legal and liability issues associated with businesses attempting to utilize offensive cyber capabilities. The Cipher Brief: Recently, there have ...

Does the cyber domain call for a fundamentally different framework for achieving international order in the 21st century, requiring statesmen to critically rethink the art of statecraft?  Most likely not, for as in past eras when new technologies and global threats have arisen, statesmen are still occupied with the great ...

As President and CEO of FusionX, Matt Devost focuses on cybersecurity and risk management.  Devost told The Cipher Brief that offensive cyber operations should rest exclusively with the federal government. The Cipher Brief: It seems like there is a lot of confusion about what offensive cyber-operations would look like, with ...

The U.S. technology sector received a surprise jolt in October when the European Court of Justice struck down the Safe Harbor Framework, setting off a scramble to accommodate this sudden shift in privacy regulations. The framework was established in 2000 to provide guidance on how companies could transfer customer information ...

The European Union and the United States have been close allies for decades and "partners of first resort," to use the words of both former Secretary of State Hillary Clinton and current Secretary of State John Kerry. We are the largest trading bloc in the world and the primary destination ...

Twelve days after the Paris attacks, I was waiting for a flight at London's Heathrow Airport, which seemed to be running with its customary sedate orderliness despite Brussels being on "lockdown" and police raids still taking place in Paris and Belgium.  While checking online for the latest developments in the ...

The safe harbour was a convenient fiction that enabled business-as-usual processes to take place between the EU and the U.S. Many were shocked when the Court of Justice of the European Union (CJEU) ruled it invalid, but in reality, the judgment should not have come as a surprise. The reasoning ...

Nearly a year ago, we witnessed an act of cyber destruction directed against the networks of Sony Pictures Entertainment.  The destruction was serious and somewhat unprecedented – frozen computers, leaked proprietary and personal information accompanied by threats against movie theaters.   After the attack came an argument about attribution—whodunit?—lasting several weeks ...

205 Days. 69 Percent. $3.8 Million. These are important numbers that incident response company Mandiant highlights in their 2015 M-Trends Threat Report and the Poneman Institute identifies in their 2015 Cost of Data Breach Study: Global Analysis report.  Why are they important? 205 days is the median time between a ...

Jim Aldridge is a Director at Mandiant, a FireEye company, and focuses on incident response. Aldridge spoke with the Cipher Brief about the evolving cyber-threat, and what to do if you get hacked. The Cipher Brief: Are cyber attacks becoming more common, and what explains the rise in these incidents? Jim ...

Mayer Brown provides legal services to organizations across the globe and recently released a report entitled Preparing For and Responding to a Computer Security Incident: Making the First 72 Hours Count. The authors of the report, Marcus Christian and Stephen Lilley, spoke with the Cipher Brief about the key elements of ...

Does your organization have a cybersecurity program in place with the primary objective of proactively identifying and managing the cyber threats that you face every day?  Many enterprises harbor cybersecurity blind spots that leave them feeling unprepared amid a cyber incident. As threats continue to mount, organizations are responding by ...

Despite the concerns of privacy advocates, the Senate has passed cybersecurity legislation, creating a process for the government and private industry to share information on cyber attacks.    The Cybersecurity Information Sharing Act (CISA) was overwhelmingly approved by a 74-21 vote on Tuesday.   It must now be reconciled with two similar ...

The emerging world of ever-growing connectivity, cybersecurity, and cyber-threats has initiated an uncontrolled transformation in the balance of global superpowers. The old notion of power relying on the number of aircraft and missiles a country owns has expanded to include new terms—terms such as the magnitude of a denial of ...

Ronen Nir is a General Partner at Carmel Ventures, a venture capital firm based in Israel. Prior to joining Carmel Ventures, he worked for several Israeli tech companies and served in the Israeli Defense Force’s Intelligence Unit for 13 years. We spoke with Nir about the state of the Israeli ...

Rhea Siers is the Scholar In Residence at the George Washington University Center for Cyber and Homeland Security and the Director of the GW Cybersecurity Initiative. She has worked in the Intelligence Community for 30 years, and served as the Deputy Associate Director for Policy at the National Security Agency. ...

Bear in mind, when considering the relationship between Silicon Valley and Israel, this is not Detroit versus Tokyo. It’s not that sort of nationalistic, zero-sum rivalry. It’s an additive relationship – one that is emerging as an instructive, vitally important transnational model for developing and selling new, transformative technologies. This ...

People are the weakest link in any cybersecurity system.  Conversations about the cyber issue typically focus on systems, the primary targets of hackers and cyber criminals, as opposed to the people using them. Hackers can always count on the “human factor”— whether it’s an innocent mistake or calculated malfeasance—to help ...

Lillian Ablon is a cybersecurity researcher at the RAND Corporation. She spoke with The Cipher Brief about the threat posed by social engineering, and the critical vulnerability posed by unwary individuals within an organization. The Cipher Brief: Some of our readers may not be familiar with the concept of social ...

Information security has a problem; an awkward border that we have consistently failed to understand and protect. This constantly changing, infinitely variable border is known as our people. Globally, we are spending millions of dollars addressing human centric information security, from training videos and e-learning to audit and accountability software. ...

Mitch Silber is the Senior Managing Director at FTI Consulting, a global business advisory firm.  He spoke with the Cipher Brief about the threat posed by malicious insiders – people within an organization who abuse their network access to harm their employers. The Cipher Brief: How would you characterize the ...

Heroes in war movies rally the troops by pronouncing: failure is not an option. Heroes at the forefront of cybersecurity know better: failure is practically unavoidable.   To protect businesses, the new name of the game is visibility. Monitor your computing environment, recover from attacks quickly, and learn from breaches so ...

The ability of a business to respond with speed and agility after the discovery of a significant cyberattack is critical to its overall recovery and resilience. While the seriousness of cyber threats is becoming better understood, including at the Board of Directors and C-Suite levels, there is still a perception ...