PoliticsWe Go To RSA So You Don’t Have To

We Go To RSA So You Don’t Have To


This episode of the Cyberlaw Podcast is dominated by things that U.S. officials said in San Francisco last week at the RSA conference.  We summarize what they said and offer our views of why they said it.

Bobby Chesney, returning to the podcast after a long absence, helps us assess Russian warnings that the U.S. should expect a “military clash” if it conducts cyberattacks against Russian critical infrastructure. Bobby, joined by Michael Ellis sees this as a run-of-the-mill Russian PR response to U.S. Cyber Command and NSA Director Paul M. Nakasone’s remarks about doing offensive operations in support of Ukraine.

Bobby also notes an FBI analysis of the NetWalker ransomware gang, an analysis made possible by seizure of the gang’s back office computer system in Bulgaria.  The unfortunate headline summary of the FBI’s work was a claim that “just one fourth of all NetWalker ransomware victims reported incidents to law enforcement.” Since many of the victims were outside the United States and would have had little reason to report to the Bureau, this statistic undercounts private-public cooperation. But it may, I suggest, reflect the Bureau’s increasing sensitivity and insecurity about its long-term role in cybersecurity.

Michael sees complaints about a dearth of incident reporting by the private sector as one of the themes emerging from the government’s RSA appearances. A Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) executive also complained about a lack of ransomware incident reporting, a strange complaint considering that CISA can solve much of the problem by publishing an incident reporting rule that Congress authorized last year.

In a more promising vein, two intelligence officials underlined a commitment on the part of intel agencies to sharing security data more effectively with the private sector. Michael sees that as the one positive note in an otherwise downbeat cybersecurity report from Avril Haines, Director of National Intelligence. And David Kris points to a similar theme offered by National Security Agency official Rob Joyce, who believes that sharing of (lightly laundered) intelligence  is increasing, thanks in part to the sophistication and cooperation of the cybersecurity industry.

Michael and I are taking with a grain of salt the New York Times’ claim that Russia’s use of U.S. technology in its weapons has become a vulnerability due to U.S. export controls.  We think it may take months to know whether those controls are really hurting Russia’s weapons production.

Bobby explains why the Department of Justice (DOJ) was much happier to offer a “policy” — instead of a legislative amendment — to protectgood-faith security research from prosecution under the Computer Fraud and Abuse Act. That’s understandable, but the DOJ policy doesn’t protect researchers from civil lawsuits, so DOJ may yet find itself forced to look for a statutory fix. (If it were up to me, I’d be tempted to dump the civil remedy altogether.)

Michael, Bobby, and I dig into the ways in which smartphones have transformed both the war and, perhaps, the law of war in Ukraine. The change is driven by a Ukrainian government phone app that lets every Ukrainian civilian direct artillery fire onto Russians they encounter in the street. That’s probably enough for the Russians to shoot all the civilians they encounter, but for armies that care about the law of armed conflict, the answer is surprisingly complicated and unsatisfying.

Finally, David, Bobby and I dig into a Forbes story, clearly meant to be a shocking expose, about the United States government’s use of the All Writs Act to monitor an indicted Russian hacker’s travel reservations for years until he finally headed to a country from which he could be extradited. We remain unshocked.

Download the 411th Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.





Original Source Link

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

Global climate leaders push for overhaul of IMF and World Bank

A rebellion against the status quo of the global financial architecture dating to the second world war gathered...

LinkedIn ran an experiment on 20M users from 2015 to 2019, randomly varying the strength of its People You May Know algorithm, without telling...

Zoho Assist has been recognized as an A-list product by PC Pro  —  Are you away from the...

CommonSpirit Health loses near $2B in 2022

CommonSpirit Health reported a $1.85 billion net loss for fiscal 2022 and closed out the year with a -3.8%...

House Republicans Use Russian Video To Unveil Their Agenda For America

House Republicans are using Russian stock footage to promote their midterm election agenda for America. Jennifer Bendery of HuffPost...

50 million tons of water vapor from Tonga’s eruption could warm Earth for years

More than eight months after the underwater volcano near Tonga erupted on Jan. 14, scientists are still analyzing...

Crypto Real Estate Sales Are Officially Here, But Will They Last?

With the arrival of Bitcoin in 2009 and subsequent blockchain currencies, conversations about crypto real estate immediately followed,...

Must Read

- Advertisement -

You might also likeRELATED
Recommended to you