Cybersecurity

Cybersecurity

Research

Anthony D. Glosson | Aug 10, 2015
This paper seeks to synthesize the available legal resources on active defense. It confronts the intertwined definitional, legal, and policy questions implicated in the active defense debate. The paper then proposes a legal framework to authorize active defenses subject to liability for third-party damages, an approach grounded in the technical and economic realities of the network security market.
Eli Dourado, Andrea Castillo | Jun 22, 2015
This paper will review the laws and standards governing federal cybersecurity policy and will highlight how overlapping responsibilities and unclear lines of authority have accompanied increasing rates of federal information security failures. The paper will then describe how these systemic cybersecurity weaknesses demonstrate the federal government to be an especially poor candidate for managing national systems, and it will explain the shortcomings of a top-down, technocratic approach.
Eli Dourado, Andrea Castillo | Jun 22, 2015
After briefly outlining the current cybersecurity information sharing proposals, we will examine the performance of the many similar programs that the federal government has operated for years. The government’s inability to properly implement previous information sharing systems even internally, along with its ongoing failures to secure its own information systems, casts doubt on the viability of proposed government-led information sharing initiatives to improve the nation’s cybersecurity. We will then examine the flawed assumptions that underlie information sharing advocacy before exploring solutions that can comprehensively address the nation’s cybersecurity vulnerabilities.
Eli Dourado, Andrea Castillo | Apr 17, 2014
This paper will describe the current dynamic provision of cybersecurity and explain how a technocratic solution like the Cybersecurity Framework could weaken this process and ultimately undermine cybersecurity.
Adam Thierer | Jan 25, 2013
This paper will consider the structure of fear appeal arguments in technology policy debates and then outline how those arguments can be deconstructed and refuted in both cultural and economic contexts. Several examples of fear appeal arguments will be offered with a particular focus on online child safety, digital privacy, and cybersecurity. The various factors contributing to “fear cycles” in these policy areas will be documented.
Sean Lawson | Dec 19, 2012
Cybersecurity proponents often rely upon cyber-doom scenarios as a key tactic for calling attention to prospective cyber-threats. This essay critically examines cyber-doom scenarios by placing them into a larger historical context, assessing how realistic they are, and drawing out the policy implications of relying upon such tales. It draws from relevant research in the history of technology, military history, and disaster sociology to examine some of the key assertions and assumptions of cyber-doom scenarios. It argues that cyber-doom scenarios are the latest manifestation of fears about “technology-out-of-control” in Western societies, that they are unrealistic, and that they encourage the adoption of counter-productive, even dangerous policies. The paper concludes by offering alternative principles for the formulation of cybersecurity policy.

Testimony & Comments

Research Summaries & Toolkits

Expert Commentary

Aug 16, 2016

If you can't understand how a cutting-edge new investment platform works, it's probably a bad idea to put serious money (or a good portion of an infant cryptocurrency network) behind it.
Aug 01, 2016

The Democratic National Committee email hack and leak, widely thought to be perpetrated by Russian spies, raise serious concerns about foreign attempts to influence the U.S. election. It is entirely possible that whoever is responsible will leak more files, including Secretary Clinton’s missing State Department emails, before November.
May 22, 2016

Requiring organizations to share information with hack-prone federal agencies under threat of penalty will only add to the current contradictory mess of policies.
May 10, 2016

The battle between the FBI and Apple over law enforcement access to encrypted communications may have died down a bit, but the international War on Crypto rages on.
Apr 12, 2016

The FBI may have been able to unlock San Bernardino shooter Syed Rizwan Farook’s work-related iPhone without conscripting Apple as an unwilling hacker, but that has not slowed down the government’s broader war on encrypted technologies one bit.
Mar 23, 2016

The FBI says a mysterious "outside party" has found a way to unlock San Bernardino shooter Syed Farook’s iPhone without assistance from Apple.

Charts

The FBI’s recent conflict with Apple over accessing a locked iPhone in its investigation of the San Bernardino terrorist attack eventually settled out of court when an external party was able to unlock the device. Contrary to the government’s claims that this incident was about just one iPhone, this was far from the first time that law enforcement cited the All Writs Act of 1789 (AWA) to compel private companies to compromise secure devices. This week’s chart shows that law enforcement agencies have attempted to apply this law numerous times in recent years for a range of criminal offenses, particularly drug-related crimes.

Experts

Podcasts

Eli Dourado | August 02, 2016
Eli Dourado and host Steve Cochran discuss the vulnerability of U.S. cyber security and the potential for future hacks.

Recent Events

Join Adam Thierer, senior research fellow at the Mercatus Center, for a Regulation University to discuss the best course of action for dealing with network technologies, without derailing innovation.

Media Clippings

Adam Thierer | Jun 24, 2013
"High technology companies are among the fastest growing lobbying shops in Washington," said Adam Thierer.
Jerry Brito | Jul 12, 2012
Jerry Brito cited discussing current cybersecurity concerns.
Eli Dourado | Jul 06, 2012
Eli Dourado explains how the United States can combat new threats to a free and open web.
Adam Thierer | Jun 28, 2012
Adam Thierer comments on Federal Communications Commission (FCC) Commissioner Robert McDowell's recent speech.
Jerry Brito | Jun 27, 2012
Jerry Brito cited discussing the possible effects of revisions to the UN's global telecommunications treaty.
' '