UK’s Digital Strategy – Future Model or Another Thought Piece?

First announced in 2015, the United Kingdom (UK) finally published its Digital Strategy that went into effect on March 1, 2017.  Per the government’s website, the goal of this document is to provide a blueprint how the UK will build on its success to date in developing a world-leading digital economy that works for the greater good.  This is particularly important given that the UK is a global capital for financial technology, which generated £6.6bn of revenue in 2015.

Continue reading

Tallinn 2.0 May Be More Useful Than Its Predecessor

In early February 2017, Tallinn Manual 2.0 was published by Cambridge University Press.  Led by the NATO Cooperative Cyber Defence Centre of Excellence, publication of the initial Tallinn Manual occurred in 2013 and focused on the applicability of international law to conventional state-authorized and operated cyber warfare.  Authored by a group of international law experts, the recent follow-up focuses on a full spectrum of international law as applicable to cyber operations conducted by and directed against nation states, ranging from peacetime legal regimes to the law of armed conflict.

Continue reading

The Cyber Coordinator: Let the Dog Bite

Former New York Mayor Rudy Giuliani has been tapped to be the President’s new “cyber security czar.”  The appointment has been met with trepidation among those in the information security business who point out Mr. Giuliani’s lack of expertise in anything cyber-related, despite being Chair of the Cybersecurity, Privacy and Crisis Management Practice at a Miami-based law firm and advising companies on information security since 2002.  In fact, critics cite recent reporting revealing that passwords used by Giuliani and 13 other top staff members have been leaked in mass breaches of websites like LinkedIn, MySpace, and others between 2012 and 2016.

Continue reading

Russia and China Are Making their Information Security Case

in December 2016, Russian President Vladimir Putin approved a new information security doctrine, which updates the older 2000 version. The doctrine, a system of official views on the insurance of the national security of the country in the information sphere, regards the main threats to Russia’s security and national interest from foreign information making its way into the country, and sets priorities for countering them.

Continue reading

Building a Security Minded Culture

Cybersecurity is no longer a question about whether an employee should have access to Facebook. Information security teams are dealing with phishing attacks, access to business cloud applications, mobility and zero-second malware on a minute-by-minute basis. We live in a cyber world where we cannot control systems nor the people accessing them, nor can we lock down the same tools that make employees more efficient.

Continue reading

Should We Just Accept Cyber Breaches as the New Normal?

An August article suggested that the due to the large amounts of cyber breaches that have impacted both public and private sectors that have put millions of individuals personal identifiable information at risk, the general attitude toward breaches is becoming more mainstream and accepted.  This is an unfortunate state of affairs when instead of compelling organizations to aggressively improve their network security practices, the public writ large is willing to accept credit monitoring for a period of time (usually 1-2 years) as a consolation prize.  According to one source, the first half of 2016 has seen 538 breaches identified; 60 percent of businesses losing valuable intellectual property and/or trade secrets; and approximately 13 million records exposed.

Continue reading