experts and translators of the new domain
Articles by Paul Rosenzweig
Paul Rosenzweig is a prolific author, read a sampling of some of Paul’s most notable publications.
How Likely Is A Successful Attack On The Electric Grid?
If you ask many of the folks on the front line of cybersecurity for our critical infrastructure they will tell you that a large-scale attack is very unlikely to succeed. They will all acknowledge, as they must, that legacy control systems are…
CrowdStrike Global Threats Report 2013
CrowdStrike, a US-based cybersecurity company, has just released its annual Global Threat Report 2013. For those who follow the area, the report reflects some interesting (and disturbing) trends in malicious activity. Most notable:The increased use…
Privacy in the NIST Cybersecurity Framework
My friend Stewart Baker has likened the privacy requirements of the draft NIST framework to a “privacy tax.” His fear, which has sound economic force, is that the imposition of privacy protective requirements on cybersecurity efforts will drive up…
FTC Seeks New Privacy Authority
Lawfare readers will recall that I earlier blogged about the Federal Trade Commission’s case against Wyndham Hotels. Under the mantle of its consumer protection mandate, the FTC has sought to impose civil penalties against those companies who do not…
Immediate Opportunities for Strengthening the Nation’s Cybersecurity
Just before Thanksgiving, the President’s Council of Advisors on Science and Technology (which has among its membership luminaries such as Eric Schmidt of Google and Shirley Ann Jackson, the President of Renssalaer Polytechnic Institute) issued a…
Cyber and the NDAA
Congress is in recess now (that’s why it’s so quiet here in Washington) and when they return the first order of business for the Senate is to take up the 2014 NDAA. The bill, authorizing activities of the Department of Defense, is one of the few…
Cybersecurity and the Least Cost Avoider
Over the past month, Jane Chong has written a series of posts published over at Security States that go under the title “Bad Code.” Her thesis (amply documented) is that those who write software code generally take inadequate precautions to ensure…
What Does Cybersecurity Have To Do With Health Care?
Not much, of course. But according to this report in the Washington Post, Secretary Sebelius today responded to reports of a cybersecurity breach that was discovered recently. According to Sebelius “there was not a breach” but a “theoretical problem”…
The Official Preliminary NIST Cybersecurity Framework
And here it is: Preliminary Cybersecurity Framework. Details to follow …
The Growth of Cybersecurity Common Law Liability
Over at Security States, I have a post entitled “When Companies Are Hacked, Customers Bear the Brunt. But Not for Long” that details two recent Federal cases in which service providers were found potentially liable for tort injuries arising from…