1 4 5 6

Sanctioning Cyber Crime: The New Face of Deterrence

May 19, 2015


Zachary K. Goldman

Deterrence is fundamentally about manipulating an adversary’s cost/benefit calculations to dissuade him from doing something you want to prevent. Over the last several years, strategists have struggled to adapt venerable Cold War concepts like deterrence to the information age. But deterring financially-motivated cyber criminals—the kinds of people that attacked Target, Anthem Health, and many others—requires an approach tailored to hackers that seek to steal sensitive information that can be monetized quickly.

Terrorism 2.0? New Challenges in Cyberspace

April 17, 2015


Zachary K. Goldman

Discourse around cyber security and cyber terrorism is changing. It is evolving, slowly but perceptibly, from anxiety about a single catastrophic event—a “cyber Pearl Harbor”—to a conversation about how to manage a digital threat landscape that includes a large number of smaller incidents directed against a wide range of targets. Some of these episodes, to be sure, may prove catastrophic to individual victims. The strategic impact of proliferating cyber challenges, however, is more likely to be felt in their accumulated effect on our economic interests over time than in a single catastrophic event targeting American infrastructure.

Cyberthreat Spawns New Era Of Public-Private Collaboration

February 20, 2015

Law 360

Judith H. Germano

On Feb. 13, 2015, President Barack Obama signed an executive order to encourage more companies and industries to engage in active information sharing, by setting up hubs for transmitting intelligence on attacks and threats. The executive order also called for common standards so government and industry can share threat information more easily. The White House also announced last week that it is creating a Cyber Threat Intelligence Integration Center, and has called for legislation to promote increased information sharing.

Cybersecurity and a New Era of Asymmetric Economic Warfare

January 16, 2015


Zachary K. Goldman

In the last two decades, and in particular after the 9/11 attacks, the United States and its allies have had a near-monopoly on the use of coercive economic measures (sanctions, trade controls, investment restrictions, etc.) to achieve foreign policy objectives. This dominance has been grounded in the central role that the U.S. financial system, capital markets, and the U.S. dollar play in international trade and commerce.But the most novel aspect of the recent cyberattack against Sony Pictures is that it demonstrates the proliferation of the weapons of economic warfare.

Cybersecurity Partnerships: A New Era of Public-Private Collaboration

October 1, 2014

Judith H. Germano

It is generally understood that the public and private sectors need to collaborate to address the nation’s cybersecurity challenges, yet there remain significant questions regarding the circumstances, nature, and scope of those relationships. Legal, strategic, and pragmatic obstacles often impede effective public-private sector cooperation, which are compounded by regulatory and civil liability risks. Different government agencies have competing roles and interests, with the government serving dual roles as both partner and enforcer, influencing how companies facing cyberthreats view public authority. These domestic cybersecurity challenges are complicated further by crossborder issues, including inconsistent laws and perspectives regarding, in particular, privacy norms and restrictions, data transferability, and divergent political interests in combatting cyberthreats.

After the Breach: Cybersecurity Liability Risk

June 1, 2014

Judith H. Germano and Zachary K. Goldman

Cybersecurity’s evolving regulatory and liability landscape compounds the challenges that companies face from cyber attacks, and further complicates the ability of corporate executives and their advisors to understand and effectively manage cyber risk. Companies must prepare for and respond to a potential cyberattack’s direct damage, including financial and data loss, system and service interruptions, reputational harm and compromised security.