fbpx

DISORGANIZED LAW ENFORCEMENT AT THE CAPITOL: JUST LIKE CYBER

Posted on February 25, 2021 at 10:06 am

The lead story in today’s New York Times on the investigation into the January 6 attack on the U.S. Capitol reports that yesterday’s Senate hearing “also showed that the overlapping jurisdiction of the Capitol Police, District of Columbia government and other agencies created utter confusion that hindered attempts to stop the assault.”


THE FEDS SHOULD LEARN FROM THE PRIVATE SECTOR IN FIGHTING CYBER CRIME

Posted on February 23, 2021 at 11:36 am

CrowdStrike just posted their latest research on cybercrime and found that intrusions threatening organizations’ cybersecurity across the globe grew – not 25 percent – but 400 percent in 2019 and 2020 combined. Nearly four out of five of those compromises in 2020 stemmed from cybercriminals, and attacks are unlikely to let up in 2021.


PUBLIC-PRIVATE PARTNERSHIP: PARENT-CHILD OR MARRIGE?

Posted on February 18, 2021 at 10:00 am

We are all in this together” has become one of the major narratives of the COVID era. The notion is that the virus can attack anyone of us – we are all essentially targets — and by protecting ourselves we are also protecting our friends and neighbors.


WHY IS CYBER LAW ENFORCEMENT FAILING SO BADLY? (Part I)

Posted on February 16, 2021 at 10:00 am

The classic TV Drama Dragnet was famous for Lieutenant Joe Friday’s straight forward instruction to witnesses “Just the facts Ma’am. So, let’s look at the facts with respect to cybercrime. The World Health Organization (WEF) currently estimates cybercrime as having revenues over $2 Trillion dollars a year.


Cyber Regulations Are Counter-Productive to True Security

Posted on February 9, 2021 at 10:01 am

The old model simply doesn’t work. All this analysis is not to impugn the policy makers who created, or more precisely attempted to adapt it, to the cyber environment. Faced with the quickening apparent threat from cyber-attacks policy makers naturally went to their ‘go-to” option using the independent agency model designed to address the hot technology of the 19th century – railroads. It was pretty much all they had.


Some Reasons Why Cyber Regulation Doesn’t Work

Posted on February 4, 2021 at 1:47 pm

In previous posts we have documented that independent research shows that even the most highly regulated industries for cybersecurity such as health care and financial services are not achieving adequate levels of cybersecurity, and in fact don’t score better on security effectiveness than less regulated sectors like IT and professional services. We have also documented that even the highly regulated federal government sector scores poorly with respect to cybersecurity effectiveness.


WHY IS CYBERSECURITY INCLUDED IN THE COVID RELIEF BILL?

Posted on February 2, 2021 at 3:13 pm

As we all know in addition to massive death and social destruction the pandemic has also brought economic collapse on many dimensions. Our economy, like just about everything else, is ultimately reliant on cyber systems. If the purpose of the legislation on the Senate floor is COVID relief then that needs to include making sure our economy recovers and our economy cannot recover unless the core systems of the economy – which in the 21st century are cyber – also recovers.


If Government Can’t Regulate Itself, how can it Regulate Industry?

Posted on January 26, 2021 at 10:15 am

The foundational assumption of the expert agency regulatory model is that government knows what to do; all that is needed is to compel a recalcitrant private sector to follow government mandates. There is no evidence that government has attained that degree of expertise in cybersecurity. In fact, the data suggest the opposite.


NEW CYBER PRINCIPLE SPEAKS TO “SOLARWINDS” STYLE ATTACKS

Posted on January 25, 2021 at 3:33 pm

Today The World Economic Forum, in collaboration with the National Association of Corporate Directors the Internet Security Alliance and PWC is today publishing a new set of principles for boards of directors to follow in exercising their duty of cyber risk oversight. While a number of these principles will be familiar to those who have followed the ISA/NACD work one important additional principle has been added.


AN ADVERSARIAL REGULATORY MODEL IS ANTI-CYBERSECURITY

Posted on January 21, 2021 at 10:00 am

A major reason why we are not making progress in securing cyberspace – and we are in fact losing ground rapidly– is that for the most part we have mis-analyzed the issue as a case of traditional corporate malfeasance.