Cybersecurity

April 21, 2017
A zero-day, meaning a tool used to exploit a newly discovered computer vulnerability, alone does not make an attack. It is but one element of many in an attack, chain and there's much more we can do to increase the odds attacks are defeated.
April 20, 2017
Russian cyber operations are widely discussed and reported on today. Conversations frequently range from how the Russian government hacked the Democratic National Committee (DNC) to the utilization of Russian social media trolls for political influence.
April 18, 2017
How can a government, or a company, determine who launched a cyber attack? Attribution becomes even more difficult when the attackers disguise themselves as others.
April 18, 2017
False flag operations have been routine ploys in espionage and warfare for centuries. Now they have turned up in cyber operations.
April 18, 2017
A false flag operation – pretending to be someone else while conducting spycraft or warfare – is an age-old tactic. With the advent of cyber espionage and digital warfare, those maneuvering in the virtual domain can use false flags.
April 12, 2017
Wikileaks’ “Vault7” disclosure last month of apparent CIA hacking tools marked the third recent incident in which an inadvertent public release of alleged government hacking techniques has sent the private sector scrambling to protect users.
April 12, 2017
The Russian effort to influence the 2016 election will remain front-and-center as the House and Senate Intelligence Committee continue their probe and the FBI moves forward on its investigation. The issue is likely to weigh on the Trump Administration for some time to come.
April 12, 2017
With the seemingly constant barrage of leaks revealing the U.S.
April 12, 2017
Few topics lend themselves to more polemics than government collection and exploitation of zero-day vulnerabilities, or security flaws in commercial software and hardware not yet disclosed to the vendors, to facilitate intelligence gathering efforts.
April 2, 2017
In September 2015, Chinese President Xi Jinping and President Barack Obama reached an agreement that neither nation would “conduct or knowingly support cyber-e
April 2, 2017
China is a burgeoning great power. It is continually figuring out the various dimensions of power – not least of which is power in cyberspace – and putting them to use.
April 2, 2017
China continues to deploy military equipment to contested islands in the South China Sea, raising concerns among regional players and U.S. forces stationed in the Pacific.   
March 26, 2017
In the world of network security, the term air gap refers to a situation in which the computer network is physically separated from other networks, particularly, less secure and public networks such as the internet.
March 26, 2017
My late mother served as a sergeant in the Women’s Army Corps during World War II.
March 26, 2017
Connectivity continues to enmesh businesses, governments, societies and people – a trend that will only accelerate with the growth of public cloud services and devices linked together in the Internet of Things.
March 8, 2017
The drumbeat of cyber incidents continues unabated, with breaches at email providers, insurance companies, defense contactors, telecoms, adult websites, government databases, and so much more. These breaches typically have at least one thing in common: someone calls them “sophisticated.”
March 1, 2017
Cyberspace is often portrayed as a new domain of international relations – a Wild West where there are no rules or guiding principles to govern the behavior of states. Such perceptions of anarchism have bred uncertainty over what is or is not acceptable activity among governments.
March 1, 2017
NATO’s Cooperative Cyber Defence Centre of Excellence last month published the Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, a follow-on project to the first, 2013, edition of the manual, which focused on cyber
March 1, 2017
A group of international law experts met in Tallinn, Estonia, after the 2007 onslaught of cyber attacks against sites in the country, to create the Tallinn Manual in order to clarify what constitutes an act of war in cyberspace and how countries could lawfully respond.
February 24, 2017
Understanding the Russian criminal underground is essential when discussing Russian proxies in cyberspace. How do cybercriminal entities interact with each other and what is their relationship with the Russian government?
February 24, 2017
Cyber operations remain at the forefront of confrontations between the West and Moscow as relations continue to deteriorate. Russia asserted itself in 2007 with “patriotic hackers” launching a volley of distributed denial of service (DDoS) attacks on Estonian systems.
February 24, 2017
What if network defenders knew that a cyber operation occurred during Moscow business hours, that it involved a Russian IP address, and that the cyber actors used a Cyrillic keyboard? Would those indicators by themselves be enough for attribution?
February 5, 2017
The cybersecurity industry is currently enamored with concepts of autonomous defense, including elements of machine learning, behavioral analytics, and artificial intelligence—and rightly so.
February 5, 2017
Many view cybersecurity as passively blocking attempts to breach networks, but security experts have long advocated more active measures in defense of sensitive networks.
February 5, 2017
We live in an age where what used to be the figment of science fiction is now a reality, changing the way people go about their daily lives. Advances in artificial intelligence and machine learning are the new frontier, and their inception creates just as many risks as opportunities.
February 1, 2017
The Internet of Things (IoT), a phenomenon of everyday Internet-connected devices ranging from smart appliances to webcams and routers, is making the lives of companies, governments, and households more efficient and data-driven.
January 29, 2017
Recent years have witnessed a series of increasingly audacious and unprecedented cyber attacks, leading up to the recent accusations of Russian hacking throughout last year’s U.S. presidential election season.
January 29, 2017
Cyber is emerging as Iran’s weapon of choice for dealing with both domestic and foreign opponents.
January 29, 2017
Cybersecurity is often discussed in relation to the major global powers: China’s economic espionage, Russian influence operations, and U.S. dragnet global surveillance to thwart terrorism.
January 29, 2017
Steven Bay has held his secrets and his struggles close for nearly four years now.
January 25, 2017
Even before the release of the unclassified version of the U.S. intelligence community’s conclusions regarding Russian hacking and involvement in the U.S. presidential elections, before President-elect Donald Trump got his classified briefing on the report from the heads of the U.S.
January 22, 2017
U.S. failure to fully develop and implement a comprehensive cyber security strategy created the perfect opportunity for Russia to attack the Democratic National Committee computer network, and enabled them to meddle and interfere with the U.S. presidential election.  
January 22, 2017
In the fall of 2008, a bipartisan group of cybersecurity experts delivered some sage advice to Barack Obama, set to become president in January: “Don’t start over.” That group, organized by the
January 22, 2017
President Donald J. Trump’s Administration has suggested massive overhauls in a number of policy areas, but few have remained as shrouded in uncertainty as Trump’s vision for the future of cybersecurity.
January 11, 2017
President Barack Obama’s decision to impose a range of sanctions against Russia for its successful network strike and information operation against the U.S. electoral process was an excellent first step towards an improved cyber deterrent capacity.
January 8, 2017
Surveillance law is absolutely necessary because it compels the government to write down, for all to clearly see, the rules that they must abide by as they undertake intrusive powers, often in secret, to investigate criminal activity and protect a country.
January 8, 2017
On January 1st, the United Kingdom began the implementation of the Investigatory Powers Act, widely considered the most comprehensive—and intrusive—surveillance law in the Western world.
January 8, 2017
On November 29, Royal Assent was given to the UK Investigatory Powers Act, after eight months of intensive Parliamentary scrutiny, with hundreds of amendments made, following lengthy pre-legislative debate in three Parliamentary Committees.  The Act draws on the input from three separate, indepen
January 5, 2017
Pundits will pick over the lessons of 2016 for a long time, and as they do, cyber experts are looking at the past year and finding lessons as well, with far-reaching implications for our nation’s security.
December 25, 2016
Editor’s Note: Over the coming days, The Cipher Brief presents some of our most incisive coverage on key issues of 2016 and a look ahead at what is yet to come in 2017.
December 25, 2016
Hacktivism has been a fact of life even before the rise of Anonymous. In 2016, we saw a tidal wave of global hacktivism and cyber spying, and this trend will continue in 2017.
December 22, 2016
The cybersecurity environment is constantly changing.
December 18, 2016
On December 1, Congress authorized sweeping new government hacking and surveillance authorities by allowing changes to Rule 41 of the Federal Rules of Criminal Procedure to take effect.
December 18, 2016
What if the U.S. government could force entry—in other words, hack—into electronic devices around the world, using only one warrant, even if the owners of those devices were not suspected of any criminal activity - and it would be legal?
December 18, 2016
With the growth of cybercrime facilitated by the global nature of the Internet, law enforcement is adapting their toolsets to better tackle the challenges presented by technologies that blur legal jurisdiction.
December 11, 2016
China’s new Cybersecurity Law, which received parliamentary approval in November and will go into effect in June of 2017, is not necessarily novel.
December 11, 2016
Last month, China’s legislature passed the Cybersecurity Law, which is due to take effect next summer. The controversial law has received a number of criticisms from technology companies, Western government officials, and human rights advocates.
November 30, 2016
With the pervasive growth of smart phone and tablet use, cybersecurity professionals are worried these devices could present new vulnerabilities to company systems.
November 27, 2016
Amidst a rash of data breaches where compromised passwords provided the vector of attack – think Target, Anthem, OPM, or more recently, the Democratic National Committee – industry and government are working together to bolster their defenses. 
November 27, 2016
The use of biometrics to authenticate identity has been the subject of great debate for years, with opposing sides arguing its value for security, privacy, and convenience.

Pages