Cybersecurity & Tech

Bits and Bytes

Paul Rosenzweig
Sunday, February 16, 2014, 11:28 AM
Bob Gourley, of CTO Vision, thinks that the NIST Cybersecurity Framework is OK as far it goes.  But he is concerned that the “framework is missing something very important that enterprises big and small need to be aware of, and most will need a dedicated program for.

Published by The Lawfare Institute
in Cooperation With
Brookings

Bob Gourley, of CTO Vision, thinks that the NIST Cybersecurity Framework is OK as far it goes.  But he is concerned that the “framework is missing something very important that enterprises big and small need to be aware of, and most will need a dedicated program for. It is missing a respect for the threat.” Even lawyers are not immune from cyber spying.  Apparently the NSA may have collected data from Mayer Brown in connection with its representation of Indonesia.  This is reflective of a growing turn to secondary sources for hackers – law firms, newspapers, accounting companies and anyone else who holds confidential information on behalf of others. And, as this report from the Citizen’s Lab in Canada shows, the capability is increasingly available to unsophisticated actors. The “plus” in Google+ -- it’s mostly for Google, not for you.  I continue, however, to really not understand this one … after all you are getting Google services for free.  TANSTAAFL.

Paul Rosenzweig is the founder of Red Branch Consulting PLLC, a homeland security consulting company and a Senior Advisor to The Chertoff Group. Mr. Rosenzweig formerly served as Deputy Assistant Secretary for Policy in the Department of Homeland Security. He is a Professorial Lecturer in Law at George Washington University, a Senior Fellow in the Tech, Law & Security program at American University, and a Board Member of the Journal of National Security Law and Policy.

Subscribe to Lawfare