Publications

1 8 9 10

Differing outlooks impede Sino-US cooperation to enhance cybersecurity

August 3, 2015

SCMP-CCS

Zachary K. Goldman and Jerome A. Cohen

China and the US both talk about “cybersecurity”, but mean different things. In Washington, cybersecurity is fundamentally about preventing unauthorised access to digital systems and, notwithstanding massive foreign hacking of US government databases, mainly focuses on protecting private-sector data  as well as critical infrastructure.

Variability and Reliability Awareness in the Age of Dark Silicon

June 1, 2015

Florian Kriebel, Muhammad Shafique, Semeen Rehman, Jörg Henkel and Siddharth Garg

Ability to supply more transistors per chip is outpacing improvements in cooling and power delivery. The result is operation that selectively powers on or off subsets of transistors. This paper suggests innovate ways to take advantage of the consequent “dark” silicon to meet a pair of additional emerging challenges-reliability and tolerance of variability.

One More Reason for Companies to Report Data Breaches

May 26, 2015

Just-Security-CCS

Judith H. Germano

Do companies and their legal advisors trust the government enough to reach out for help in the event of a breach, and do they perceive sufficient benefits from doing so? One major stumbling block in that assessment is the dichotomous role of government toward corporate data breach victims on the cybersecurity stage: that as protector, and as enforcer. A number of executives remain wary about reaching out to the government for help in a cybersecurity breach (when not legally compelled to do so), recognizing that the same government with whom they will share data will investigate and potentially bring an enforcement action against the company for deficiencies in how they prepared for or responded to the incident. The government took a small but meaningful step toward addressing that concern last week.

Sanctioning Cyber Crime: The New Face of Deterrence

May 19, 2015

CFR_Featured

Zachary K. Goldman

Deterrence is fundamentally about manipulating an adversary’s cost/benefit calculations to dissuade him from doing something you want to prevent. Over the last several years, strategists have struggled to adapt venerable Cold War concepts like deterrence to the information age. But deterring financially-motivated cyber criminals—the kinds of people that attacked Target, Anthem Health, and many others—requires an approach tailored to hackers that seek to steal sensitive information that can be monetized quickly.

Terrorism 2.0? New Challenges in Cyberspace

April 17, 2015

GJIA-CCS

Zachary K. Goldman

Discourse around cyber security and cyber terrorism is changing. It is evolving, slowly but perceptibly, from anxiety about a single catastrophic event—a “cyber Pearl Harbor”—to a conversation about how to manage a digital threat landscape that includes a large number of smaller incidents directed against a wide range of targets. Some of these episodes, to be sure, may prove catastrophic to individual victims. The strategic impact of proliferating cyber challenges, however, is more likely to be felt in their accumulated effect on our economic interests over time than in a single catastrophic event targeting American infrastructure.

Cyberthreat Spawns New Era Of Public-Private Collaboration

February 20, 2015

Law 360

Judith H. Germano

On Feb. 13, 2015, President Barack Obama signed an executive order to encourage more companies and industries to engage in active information sharing, by setting up hubs for transmitting intelligence on attacks and threats. The executive order also called for common standards so government and industry can share threat information more easily. The White House also announced last week that it is creating a Cyber Threat Intelligence Integration Center, and has called for legislation to promote increased information sharing.

Cybersecurity and a New Era of Asymmetric Economic Warfare

January 16, 2015

Just-Security-CCS

Zachary K. Goldman

In the last two decades, and in particular after the 9/11 attacks, the United States and its allies have had a near-monopoly on the use of coercive economic measures (sanctions, trade controls, investment restrictions, etc.) to achieve foreign policy objectives. This dominance has been grounded in the central role that the U.S. financial system, capital markets, and the U.S. dollar play in international trade and commerce.But the most novel aspect of the recent cyberattack against Sony Pictures is that it demonstrates the proliferation of the weapons of economic warfare.

Cybersecurity Partnerships: A New Era of Public-Private Collaboration

October 1, 2014

Judith H. Germano

It is generally understood that the public and private sectors need to collaborate to address the nation’s cybersecurity challenges, yet there remain significant questions regarding the circumstances, nature, and scope of those relationships. Legal, strategic, and pragmatic obstacles often impede effective public-private sector cooperation, which are compounded by regulatory and civil liability risks. Different government agencies have competing roles and interests, with the government serving dual roles as both partner and enforcer, influencing how companies facing cyberthreats view public authority. These domestic cybersecurity challenges are complicated further by crossborder issues, including inconsistent laws and perspectives regarding, in particular, privacy norms and restrictions, data transferability, and divergent political interests in combatting cyberthreats.

After the Breach: Cybersecurity Liability Risk

June 1, 2014

Judith H. Germano and Zachary K. Goldman

Cybersecurity’s evolving regulatory and liability landscape compounds the challenges that companies face from cyber attacks, and further complicates the ability of corporate executives and their advisors to understand and effectively manage cyber risk. Companies must prepare for and respond to a potential cyberattack’s direct damage, including financial and data loss, system and service interruptions, reputational harm and compromised security.