Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: Cybersecurity

Cybersecurity and Information Sharing: Legal Challenges and Solutions

Cybersecurity and Information Sharing: Legal Challenges and Solutions, Andrew Nolan, Legislative Attorney. March 16, 2015.
“Over the course of the last year, a host of cyberattacks has been perpetrated on a number of high profile American companies. The high profile cyberattacks of 2014 and early 2015 appear to be indicative of a broader trend: the frequency and ferocity of cyberattacks are increasing, posing grave threats to the national interests of the United States. While considerable debate exists with regard to the best strategies for protecting America’s various cyber-systems and promoting cybersecurity, one point of general agreement amongst cyber-analysts is the perceived need for enhanced and timely exchange of cyber-threat intelligence both within the private sector and between the private sector and the government. Nonetheless, there are many reasons why entities may opt to not participate in a cyber-information sharing scheme, including the potential liability that could result from sharing internal cyber-threat information with other private companies or the government. More broadly, the legal issues surrounding cybersecurity information sharing— whether it be with regard to sharing between two private companies or the dissemination of cyber-intelligence within the federal government—are complex and have few certain resolutions. In this vein, this report examines the various legal issues that arise with respect to the sharing of cybersecurity intelligence, with a special focus on two distinct concepts: (1) sharing of cyber-information within the government’s possession and (2) sharing of cyber-information within the possession of the private sector. With regard to cyber-intelligence that is possessed by the federal government, the legal landscape is relatively clear: ample legal authority exists for the Department of Homeland Security (DHS) to serve as the central repository and distributor of cyber-intelligence for the federal government. Nonetheless, the legal authorities that do exist of ten overlap, perhaps resulting in confusion as to which of the multiple sub-agencies within DHS or even outside of DHS should be leading efforts on the distribution of cyber-information within the government and with the public. Moreover, while the government has wide authority to disclose cyber-intelligence within its possession, that authority is not limitless and is necessarily tied to laws that restrict the government’s ability to release sensitive information within its possession.”

Even more unwanted software protection via the Safe Browsing API

Google Online Security Blog: ” Deceptive software disguised as a useful download harms your web experience by making undesired changes to your computer. Safe Browsing offers protection from such unwanted software by showing a warning in Chrome before you download these programs. In February we started showing additional warnings in Chrome before you visit aContinue Reading

The Importance of Addressing Cybersecurity Risks in the Financial Sector

Sarah J. Dahlgren, executive vice president and member of the Bank’s Management Committee, head of the Financial Institution Supervision Group at the Federal Reserve Bank of New York – Remarks at the OpRisk North America Annual Conference, New York City: I am often asked about my list of “things that keep me awake at night,”Continue Reading

5 ways to keep your data safe right now

Christopher Soghoian is a TED Fellow, and the principal technologist at the American Civil Liberties Union, where he monitors the intersection of federal surveillance and citizen’s rights. Before joining the ACLU, he was the first-ever technologist for the Federal Trade Commission’s Division of Privacy and Identity Protection, where he worked on investigations of Facebook, Twitter,Continue Reading

Cybersecurity and Information Sharing: Legal Challenges and Solutions

CRS – Cybersecurity and Information Sharing: Legal Challenges and Solutions. Andrew Nolan, Legislative Attorney. March 16, 2015. “Over the course of the last year, a host of cyberattacks has been perpetrated on a number of high profile American companies. The high profile cyberattacks of 2014 and early 2015 appear to be indicative of a broaderContinue Reading

New GAO Reports – DOE Facilities, Financial Company Bankruptcies, Geospatial Data, IRS Info Security, Military Personnel

DOE Facilities: Better Prioritization and Life Cycle Cost Analysis Would Improve Disposition Planning, GAO-15-272: Published: Mar 19, 2015. Publicly Released: Mar 19, 2015. Financial Company Bankruptcies: Information on Legislative Proposals and International Coordination, GAO-15-299: Published: Mar 19, 2015. Publicly Released: Mar 19, 2015. Geospatial Data: Progress Needed on Identifying Expenditures, Building and Utilizing a DataContinue Reading

The HTTPS-Only Standard proposed by OMB

“The American people expect government websites to be secure and their interactions with those websites to be private. Hypertext Transfer Protocol Secure (HTTPS) offers the strongest privacy protection available for public web connections with today’s internet technology. The use of HTTPS reduces the risk of interception or modification of user interactions with government online services.Continue Reading

Insecurity in the Internet of Things

Symantec – Insecurity in the Internet of Things – Mario Ballano Barcena, Candid Wueest, March 12, 2015. “The Internet of Things (IoT) market has begun to take off. Consumers can buy connected versions of nearly every household appliance available. However, despite its increasing acceptance by consumers, recent studies of IoT devices seem to agree thatContinue Reading

StingRay surveillance device intercepts a cellphone signals, capture texts, calls, emails and other data

NYT – A Police Gadget Tracks Phones? Shhh! It’s Secret – “A powerful new surveillance tool being adopted by police departments across the country comes with an unusual requirement: To buy it, law enforcement officials must sign a nondisclosure agreement preventing them from saying almost anything about the technology… The technology goes by various names,Continue Reading

Senate Committee Approves Cyber Surveillance Bill

EPIC – “In a closed-door meeting, the Senate Select Committee on Intelligence approved the Cyber Information Sharing Act of 2015. The bill would allow the government to obtain user information from private companies without judicial oversight. Companies would receive immunity for their disregard of existing privacy law. Senator Wyden, who opposed the measure, stated, “IfContinue Reading

Cisco 2015 Annual Security Report

New Threat Intelligence and Trend Analysis – “Despite advances by the security industry, criminals continue to evolve their approaches to break through security defenses. Attackers are realizing that bigger and bolder is not always better. The Cisco 2015 Annual Security Report reveals shifts in attack techniques, emerging vulnerabilities, and the state of enterprise security preparedness.Continue Reading

Report – The Safe Cities Index 2015 – Economist Intelligence Unit

“The Safe Cities Index 2015 is an Economist Intelligence Unit report, sponsored by NEC. The report is based on an index composed of more than 40 quantitative and qualitative indicators. These indicators are split across four thematic categories: digital security; health security; infrastructure safety; and personal safety. Every city in the Index is scored acrossContinue Reading