White House Cybersecurity Adviser Wants a ‘Cleanliness Rating’ for Software Security
Policymakers are considering a number of changes to the nation’s cybersecurity posture as a result of the SolarWinds supply chain attack discovered late last year, including data breach notification laws and greater oversight of the nation’s critical infrastructure. In one of her first public appearances since joining the Biden White House, Deputy National Security Adviser Anne Neuberger floated another idea from an unlikely place: New York City dining establishments…
What It’s Like To Run a Tech Giant’s Security Team Without Ever Setting Foot in the Office
Mark Adams was appointed Adobe’s chief security officer about four months ago after serving in the same role for four years at Blizzard Entertainment. Thanks to the COVID-19 pandemic, his onboarding process has been untraditional, to say the least. For one, he hasn’t had a chance yet to visit the company’s physical offices. Instead, his calendar has looked like an ultramarathon of video conferences—days with a dozen back-to-back meetings during the first month to get to know his team and understand the company’s priorities…
Cybersecurity Failings Get Top Billing Among Lawmakers and Federal Watchdogs
Federal cybersecurity is in a worse place than it was two years ago, with agencies failing to implement more than 750 recommended changes, including ones that could have prevented or helped the government respond to the recent Russian cyberattack on dozens of public and private organizations. That’s the assessment the Government Accountability Office, a watchdog agency, gave Tuesday in its “high risk” report that it issues every two years to Congress….
Four Things We Learned (And Four Things That Remain Unclear) About the Russia Hack
The U.S. Senate and House of Representatives hauled the CEOs of SolarWinds, FireEye, CrowdStrike and Microsoft onto (semi-virtual) Capitol Hill last week to answer questions about the sweeping Russian compromise of U.S. government and corporate networks—the first public hearings dedicated to the campaign to date. In honor of the occasion, The Record watched 7.5 hours of testimony so you didn’t have to. Here are eight key takeaways…
Former NSA and Cyber Command Chief Keith Alexander on SolarWinds, Cyberwar, and China
“The commercial sector is trying its best to fight against a government and all its resources. That’s not a fair fight… China will tell you it’s not stealing your stuff, and then goes and steals your stuff…
It can’t be just trusting them—it’s trust but verify. Look at what’s going on in the COVID-19 arena alone and the theft of intellectual property. It’s huge… This is the biggest transfer of wealth in history, and it’s going right out the front door…”
With Biden in Office, Global Policymakers Are Making a Renewed Push for Cyber Norms
On Tuesday, diplomats from Australia, France, and Estonia, as well as private sector cybersecurity officials, emphasized the need for a renewed focus on norms in cyberspace, and suggested that progress could be made in the coming years. “As cyber threats grow, it’s vitally important that UN discussions keep pace, or they really do risk losing credibility,” said Tobias Feakin, Australia’s ambassador for cyber affairs and critical technology, at a virtual event on cyber norms hosted by the U.S. Chamber of Commerce. And one of the biggest assets for this renewed push may be the fact that there’s a new administration in the White House….
‘Every Attack Was Like a Slightly Deadlier Version Than the Last:’ NYT’s Perlroth Talks About Her New Book
When Nicole Perlroth joined The New York Times’ technology bureau nearly ten years ago, cybersecurity was in a much different place than it is today.
“The crazy thing happening in that moment was Anonymous, which seems so quaint these days,” she said.
As the decade unfolded, she witnessed and wrote about attacks that grew increasingly brazen and destructive: hacks targeting Sony Pictures, Yahoo, and Equifax, as well as incidents that spiraled out of control like WannaCry and NotPetya. Governments were stockpiling cyber weapons and unleashing them on adversaries. Occasionally the tools would get stolen and used against the country hoarding them….
Belgium’s Top Cybersecurity Authority on How To Make the Internet a Safer Place
In 2017, Belgian cybersecurity officials launched a campaign aimed at one the country’s most pervasive digital threats: phishing attacks. Citizens were taught how to spot potentially malicious emails and were instructed to forward them to an address administered by the Centre for Cyber Security Belgium, the country’s central authority for cybersecurity. At first only a trickle of emails came in, said CCB Managing Director Miguel De Bruycker. But the campaign continued and expanded over the last three years—by the end of 2020, about 10,000 suspicious emails a day were forwarded to the address, double the amount from a year prior.
As the head of the CCB, which manages Belgium’s Computer Emergency Response Team (CERT) and is under the authority of the country’s Prime Minister, De Bruycker has his sights on more ambitious projects aimed at making the internet more secure. He talked to The Record recently about the future of digital identity and how governments must gain trust to implement strong cybersecurity policies…
For Biden’s Cybersecurity Strategy, All Eyes Are on the New National Cyber Director Role
When President Joe Biden took office last week, he and his administration were immediately tasked with managing one of the largest cybersecurity failures in recent memory—a stealthy and methodical supply-chain intrusion into private companies and government agencies that has been blamed on Russia. Much of the work overseeing the response efforts will fall on a position that is not even a month old: the National Cyber Director. The first days of the Biden administration will be a make-or-break moment for the new White House posting…
‘Adopt the Adversarial Point of View:’ Cybersecurity Lessons From a National Intelligence Technology Leader
Amit Meltzer spent three decades working in Israel’s national security apparatus, including as chief technologist for Mossad, the country’s famed national intelligence agency. “The main reason I left was that my wife said: ‘Enough!’”
I caught up with Meltzer to talk about his time working in national intelligence and how it shaped his thinking on cybersecurity…