GUEST BLOG: China’s Digital Strategy Threatens U.S. National Security & Diplomatic Partnerships
By Sarina Krantzler, ISA Research Associate This post is the first of two blogs concerning China’s Digital Strategy. “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If […]
CYBERSECURITY: STAKEHOLDERS OR PARTNERS? RETURN ON REPORTING?
This week the House Homeland Security Cyber Subcommittee will hold a hearing on one of the hottest legislative topics in the field entitled “Stakeholder Perspectives on the Cyber Incident Reporting for Critical Infrastructure Act of 2021” The witnesses will include representatives from IT, Telecommunications, and financial services industries -– all major players in the so-called, […]
Rethinking Ransomware: We Can Win If We Want To
I’m sure everyone reading this blog knows that about 2 months ago, Colonial Pipeline was hit with a ransomware attack and paid $4.4 million dollars. Just a few weeks later, the FBI announced that it had recovered about half the ransom. What does that prove? It proves our law enforcement agencies can achieve significant successes […]
Rethinking Cyber Regulation Part II: Creating A Risk-Based Regulatory System
In our previous post, we noted that the new National Cyber Director’s office, which is charged with coordinating federal cyber policy, ought to begin that effort by evaluating and coordinating current cyber regulation. We pointed to studies (including government studies) that showed from 40 to 70 percent of federal cyber regulation – including those imposed on states and localities – is redundant and/or conflicting, thus wasting scarce cyber resources.
Rethinking Cyber Regulation — Part I
Last Thursday’s confirmation hearing for Chris Inglis and Jen Easterly renewed talk of the need for federal regulation over cybersecurity.
NEW CYBER DIRECTOR NEEDS NEW CYBER THINKING
This post is a one in the “Rethink Cybersecurity” series. Additional posts in this series are available here Perhaps the most incisive part of Chris Inglis’ testimony before the Senate Homeland Security Committee was his statement: “Cybersecurity is comprised of far more than technology. Essential collaboration and integration will heavily depend on how roles and responsibilities […]
Can Chris Inglis Build an Effective Cyber Strategy?
In their 2019 book The Fifth Domain, Richard Clarke and Bob Knake note that the U.S. has basically not changed its cybersecurity approach since the Clinton Administration.
Treating Cybersecurity as an Economic Issue: Three Levels of Policy Action
On May 11, the chairs and ranking members of seven congressional committees that have jurisdiction over cybersecurity wrote a joint letter to National Security Advisor Jake Sullivan stressing that “cybersecurity is no longer just an ‘IT issue’ but instead an economic and national security challenge.”
Congressional Leaders Agree Cybersecurity is not just an IT Issue, finally
By now anyone who is reading this sort of blog is aware that the ransomware epidemic is totally out of control. Colonial just paid $5 million in Bitcoin to get their data (and our gas) released. But this is by no means an isolated event. Ransomware attacks have been proliferating both in number and size of ransom for a while. Earlier in May, former CISA Director Chris Krebs told the House Cybersecurity Subcommittee that we are on the cusp of a world-wide ransomware pandemic fueled by greed.
Solarium Chairs are Right: We Need a Cyber Social Contact
Cyberspace Solarium Commission co-chairs Sen. Angus King (I-ME) and Rep. Mike Gallagher (R-WI) said Monday that the Colonia Pipeline attack “underscores the vulnerability of our national critical infrastructure in cyberspace and “the disruption is a clear example of the need to create a new social contract between the Federal government and systemically important critical infrastructure,”
