The Chinese Cyber Espionage Indictment: What It Means for Your Company

The questions have been coming fast and furious since the Justice Department indicted five Chinese hackers for systematic cyber espionage against five American companies.  A few are easy to answer:  There’s no realistic possibility that these defendants will be brought to trial, and yes, there will be diplomatic consequences for U.S. China relations and possibly [...]

An Emerging Standard of Care in Cybersecurity

  Three things drive change in a market economy:  market opportunity, liability, and government action through regulation and tax law.  Yet none of these forces has had a material effect on cyber security.  Even statutes that create liability and define damages for the loss of personal information have had only a minimal effect on security. [...]

Why Isn’t Cyberspace More Secure?

Note: This article first appeared in Communications of the ACM 53:11 (November 2010). In cyberspace it’s easy to get away with criminal fraud, easy to steal corpo­rate intellectual property, and easy to penetrate governmental networks.  This spring the new Commander of USCYBERCOM, NSA’s General Keith Alexander, acknowledged for the first time that even our classified [...]

The Policy Tension on Zero-Day Vulnerabilities Will Not Go Away

The proposition that NSA should under no circumstances stockpile zero-day vulnerabilities, but should in all cases disclose them in order to perfect defenses, apparently has appeal in some quarters.  It is based on at least two false assumptions.  The first is that the number of zero-days is finite, or, if not finite, then at least [...]

Cyber Threat Information and the Antitrust Canard

Those of us who tried to do big things in government have learned to be grateful for small things.  Yesterday the Justice Department’s Antitrust Division and the Federal Trade Commission jointly declared, “they do not believe that antitrust is – or should be – a roadblock to legitimate cybersecurity information sharing.” The business press immediately [...]

Snowden: What’s the Harm?

What harm has Edward Snowden done to his country? When Snowden asserts that the National Security Agency listens to encrypted Russian diplomatic traffic, it takes the Russians about twenty minutes to shut it down.  An operation like that can take many years to put in place.  When he explains exactly how NSA can implant devices [...]

Fruitcake for the Holidays

The Report of the President’s Review Group on Intelligence and Communications Technologies is, like many such reports, a fruitcake.  It’s chock full of tasty cherries – and other bits that are nuts.  You have to pick out what’s what.  Asking for an overall assessment is a disservice to the possibility of intelligent conversation.  But this [...]

N.S.A.: “Not (So) Secret Anymore”

  The National Security Agency is down in the dumps. It’s used to being heralded for brilliance.  It can’t understand how millions of Americans, not to mention foreigners, think it’s engaged in voracious, useless, and unlawful eavesdropping around the world, and dangerous to liberty at home.  Past intelligence scandals have always involved the failure to [...]

Intelligence by Plebiscite?

The world now has extraordinary access to the details of how the United States operates and funds its intelligence agencies, courtesy of Edward Showden and the Washington Post.  This will lead to no good.  It makes friendly countries nervous about what we can do, and unfriendly countries happy about what we can’t do.  This kind of information [...]

Clapper and Wyden: Scenes from a Sandbagging

NOTE: The following article also appears today in LawFare and in The New Republic.   On March 12 of this year, Senator Ron Wyden asked James Clapper, the director of national intelligence, whether the National Security Agency gathers “any type of data at all on millions or hundreds of millions of Americans.”   “No, sir,” replied [...]