Tallinn 2.0 May Be More Useful Than Its Predecessor

In early February 2017, Tallinn Manual 2.0 was published by Cambridge University Press.  Led by the NATO Cooperative Cyber Defence Centre of Excellence, publication of the initial Tallinn Manual occurred in 2013 and focused on the applicability of international law to conventional state-authorized and operated cyber warfare.  Authored by a group of international law experts, the recent follow-up focuses on a full spectrum of international law as applicable to cyber operations conducted by and directed against nation states, ranging from peacetime legal regimes to the law of armed conflict.

Continue reading

The Cyber Coordinator: Let the Dog Bite

Former New York Mayor Rudy Giuliani has been tapped to be the President’s new “cyber security czar.”  The appointment has been met with trepidation among those in the information security business who point out Mr. Giuliani’s lack of expertise in anything cyber-related, despite being Chair of the Cybersecurity, Privacy and Crisis Management Practice at a Miami-based law firm and advising companies on information security since 2002.  In fact, critics cite recent reporting revealing that passwords used by Giuliani and 13 other top staff members have been leaked in mass breaches of websites like LinkedIn, MySpace, and others between 2012 and 2016.

Continue reading

Healthcare Data: Everything Has a Price; Everything Has Value

Unsurprisingly, the healthcare sector continues to be an attractive target as data stolen continues to provide value to a diverse threat actor set.  Indeed, criminals and those actors associated with traditional cyber espionage activities have conducted some of the more news garnering incidents over the past few years.  What’s more, depending on the actors’ intent, all types of information have been sought after and stolen by these groups and individuals to include financial and insurance-related information, personal identifiable information, and even the health records of patients.  The targeting of these different types of data should demonstrate to the healthcare industry that there is no seemingly benign data when it comes to healthcare and that strategies must be designed to safeguard any and all types of data that relate to patients and their care treatments.

Continue reading

Building a Security Minded Culture

Cybersecurity is no longer a question about whether an employee should have access to Facebook. Information security teams are dealing with phishing attacks, access to business cloud applications, mobility and zero-second malware on a minute-by-minute basis. We live in a cyber world where we cannot control systems nor the people accessing them, nor can we lock down the same tools that make employees more efficient.

Continue reading

IoT DDoS – When Will We Learn?

In late September and late October 2016 two massive distributed denial-of-service (DDoS) attacks successfully targeted and impacted the operations of their targets. In the October DDoS against Dyn, a cloud-based Internet Performance Management company, several high profile organizational websites (Twitter, Pinterest, Reddit, GitHub, Etsy, Tumblr, Spotify, PayPal, Verizon, Comcast, to name a few ) for a substantial part of the day. While Dyn was ultimately able to mitigate the three-wave attack, it did impact users’ abilities to access these sites.

Continue reading