Policymakers around the world are increasingly concerned about the security of information and communications technology (ICT) supply chains. Danielle Kriz explains how the U.S. government can defend its ICT supply chains against counterfeit products, malicious code, and cyberattacks.
This bill would require websites and technology firms to share user information with the government if the government wants the information to response to a cyber threat. Critics of the bill say it is similar to Cyber Intelligence Sharing and Protection Act (CISPA), which did not pass the Senate two years ago.
With over 40 percent of the world's population now online, the Internet has revolutionized the way the world communicates. But with fast evolving technology, a proliferation of actors with access to the Internet, and an absence of international consensus on what should be permissible, the gap between existing world arrangements and the challenges posed by the Internet is in fact widening.
With the U.S. government still dealing with the fallout from the cyber theft of over twenty million personnel records in 2014—one of the largest data breaches in history—a new book from Council on Foreign Relations Senior Fellow Micah Zenkoreveals how red teams might have helped avoid such adisaster.
As offensive cyber activity becomes more prevalent, policymakers will be challenged to develop proportionate responses to disruptive or destructive attacks. Tobias Feakin outlines the variables that each state should consider in determining the appropriate response to a state-sponsored cyber incident.
Hackers are often mistakenly portrayed in popular culture as inarticulate geeks donning hoodies or ninja suits. However, the opposite is true, and policymakers in Washington could benefit from a deeper understanding of who hackers are and what they have to offer.
National People's Congress of China released this draft text on July 6, 2015, and it will be available for public comment through August 2015. The law outlines the Chinese government's goals for security standards for technical systems, networks, and user data. It requires companies with operations in China to comply with government requests for regulating and restricting technology use. See also the broader National Security Law passed on July 1, 2015.
The use of social media and other Internet-enabled communications by the self-proclaimed Islamic State is pushing the United States and other democracies to react to the abuse of liberal freedoms by illiberal forces. CFR Visiting Fellow David P. Fidler outlines ways to counter the Islamic State's online onslaught through policies anchored in free speech, transparency, and accountability.
Ambiguity in cyberspace—in terms of who is responsible for and the intent of a cyberattack—poses a growing risk of unnecessary military escalation in and outside the cyber domain. Benjamin Brake details how the Obama administration can strengthen its ability to correctly and efficiently attribute an ambiguous attack, reduce the likelihood of its escalation, and mitigate the consequences.
The first Department of Defense strategy report on cyberspace was released on July 14, 2011 and an update to the strategy was released April 23, 2015. The strategy outlines the three missions in the cyber domain: to defend Department of Defense networks, systems, and information; to defend the U.S. homeland and U.S. national interests against cyberattacks of significant consequence; and to provide integrated cyber capabilities to support military operations and contingency plans.