CYBER SECURITY PROJECT
April 13, 2016
By Bruce Schneier, Research Fellow, Cyber Security Project
"There have been some stories of hacks against IRS databases in the past. I think that the IRS has been hacked even more than is publicly reported, either because the government is keeping the attacks secret or because it doesn't even realize it's been attacked."
April 1, 2016
By Katie Moussouris, Affiliate, Cyber Security Project
In a free society, the only way to identify technical talent among the population is to both provide safe harbor for people with the skills to hack and to offer cash compensation in the form of "bug bounties" for identifying security holes.
March 22, 2016
By Michael Sulmeyer, Director, Cyber Security Project
Michael Sulmeyer, director of the Belfer Center's Cyber Security Project, discusses the U.S. government's efforts to defend against cyber threats in the context of the legal battle between the FBI and Apple over its encryption methods.
March 8, 2016
War on the Rocks
"A key component of our framework entails distinguishing between two qualitatively different types of secrecy in the cyber domain. The first — the use of secrecy at the planning and execution stages of an attack — is often a technical prerequisite for success. The second type of secrecy — whether to claim credit for an attack privately or publicly — is a political decision. While many factors plausibly drive credit-claiming or credit-shirking behavior, two in particular stand out as significant: (1) whether target compliance is the objective; and (2) whether the perpetrator is a state or a non-state actor."
February 26, 2016
While there are undoubtedly aspects of the cybersecurity problem that demand complex technological solutions, we submit that the two most beneficial recommendations they can make are more straightforward. The first is to do everything possible to eliminate the vulnerabilities on which attackers depend. The second is to treat cybersecurity principally as a management problem rather than as a technology problem.
February 4, 2016
Director Michael Sulmeyer of the Cyber Security Project at the Belfer Center for Science and International Affairs welcomed industry experts Robert Lee, CEO of Dragos Security and former U.S. Air Force Cyber Warfare Operations Officer, and Mudge, founder of the Cyber Independent Testing Laboratory, with previous experience as a DoD official for DARPA and Deputy Director of Google’s Advanced Technology and Projects Division, to get to ground truth on this attack and its implications.