Here's what I’m reading this week:
To defend or not to defend: One of the perennial debates in cybersecurity is what role the federal government should play in protecting targeted U.S. companies. It is a source of endless frustration for many U.S. companies that feel as if they have little shielding or aid from the U.S. government, but are simultaneously prevented from taking matters into their own hands by U.S. law. At the same time, many companies are resistant to the U.S. government taking the steps that it might need to if it were going to provide more robust protections. Want U.S. law enforcement embedded in your networks? Filtering your traffic? Either or both of these might be key steps to stronger government protection of U.S. systems. Earlier this week, Tom Bossert — one of the most senior voices on cybersecurity in this Administration — suggested that a greater role for the U.S. government was warranted. He offered the Israeli government, which takes a much more aggressive role in defending its companies, as an example. What will be interesting now is to watch whether the companies that Bossert is offering to defend will step up to push back on that defense, as we've seen before.I'm reading: "Trump adviser proposes broader cybersecurity oversight for private-sector critical infrastructure."
- Nobody but us: The NSA "NOBUS" premise relies on the notion that they will develop means of accessing systems that no one but the U.S. government can leverage. As a result, these systems will still be secure to everyone but government surveillance — "nobody but us" will be able to access them. In the world of cyber spying, it is a long-standing principle. It's also increasingly under attack, as the changing sophistication of our adversaries makes it hard to credibly argue that we can develop access that no one else can take advantage of. It's been ridiculed and relied on for years, and Ben Buchanan has a new piece analyzing NOBUS, what it means, and why it has come under increasing fire.
I'm reading: "Nobody But Us: The Rise and Fall of the Golden Age of Signals Intelligence."