In light of Michael Sulmeyer’s excellent recent piece on splitting NSA and CYBERCOM, which ran at War on the Rocks last week, I want to pull together some of the key legal and policy developments of the past year in a single narrative. My aim is to put them in context with each other in a way that will provide useful background for those new to this issue, while also putting a spotlight on the deconfliction-of-equities issue that the split proposal raises.
Latest in Cyber & Technology
C4ISRNET recently published an interesting and useful four-part series exploring what U.S. Cyber Command will need to operate on its own, separate from the National Security Agency. (Part I is here and provides links to the other parts in the series.)
The recent WannaCry and NotPetya global cyber incidents have fueled the debate already raging over the role of and limits on corporate self-defense in cyberspace. The emerging international practice of “active cyber defense” (ACD) moves this debate beyond the merely theoretical realm. Private sector active defense potentially shifts the balance in favor of defenders and would improve companies’ ability to complicate and disrupt attacks and mitigate damages.
The University of California, Irvine’s new Cybersecurity Policy & Research Institute (CPRI), which opened last year under the directorship of Bryan Cunningham, launched several interesting new cybersecurity initiatives earlier this week, including a research project on cyberattack attribution and supply chain security; a law enforcement cyber training program; a cyber victims defense clinic, and a curriculum development effort for high school students. The press release is here.
Inspecting anti-virus source code is probably not enough to make Kaspersky products a safe tool for Congress.
How to understand the latest ransomware epidemic.
Citizen Lab found that Russian hacking group conducted a cyberattack against a U.S. journalist, an example of a dangerous trend of targeting civil society members in Russia and abroad.
Allowing Senate staff to use Signal is an important move toward better information security.
Matthew Waxman testifies before the Senate Armed Services Committee on the international law dimensions of U.S. cyber strategy and policy.