Austin | Houston | London | New York | San Francisco | Washington DC
STAY CONNECTED: facebooktwitterfacebooktwitter


Ideas & Insights from The Chertoff Group


"Why State and Local Law Enforcement Should be Part of the MLAT Reform Process"

Source: Government Executive 

March 25, 2015

God forbid. You're an Assistant District Attorney in the midst of a case when gunfire erupts in the offices of a local magazine headquartered in your city which recently satirized ISIS. In "retaliation," terrorists have executed a dozen magazine employees although most had nothing to do with the offending column. Your top cops and prosecutors are immediately on the trail, but the gunmen disappear into the underworld of Europe. Your citizens demand swift justice and exemplary police work traces your perpetrators to social media accounts housed on servers in France. Time being of the essence, you quickly request vital evidence from the French social media companies before the killers' trail goes cold.

Read Full Article>>>

"Alibaba and the Cognititve Dissonance of American Data Policy"

Source: TechCrunch

March 25, 2015

"Who says A must say B..."

The aphorism, often attributed to the conservative philosopher James Burnham (though it originated in the fable of Hansel and Gretel), is a short-hand phrase that is intended to capture the requirement of intellectual consistency. Or, put more colloquially - don't be an intellectual hypocrite. American cyber policy makers may well rue not paying heed to Burnham. The legal interpretations they currently espouse may soon turn around to bite them in the proverbial hypocritical posterior.

Read Full Article>>>

Chertoff: Protect electronic conversation privacy today

Source: USA Today

March 3, 2015

Over a century ago, Alexander Graham Bell invented the telephone and it was soon within widespread use. Not surprisingly, police soon saw the value of listening in on private phone conversations, and wiretapping was born. But in 1933, Congress decided that interceptions of phone calls were an invasion of privacy comparable to a physical search under the Fourth Amendment. So, in order to listen to the content of a telephone call through a wiretap, police must first get a warrant and demonstrate to a judge that there is probable cause to think criminality is afoot. But what should be the rule when the conversation is by email and the substance of the conversation is stored on a server owned by an Internet service provider?   Read Full Article>>>

"DRM Institute Leader Series"

Source: Digital Risk Management Institute

February 24, 2015

Mark Weatherford, a Principal at The Chertoff Group, was featured in a Digital Risk Management Institute Leader Series featured article. Read the full Q&A with Mr. Weatherford where he discussed the digital threats facing industry and how executives can better manage the influx of new and increasingly complex cyber risks.    Read Full Article>>>

"Opinion: Privacy could be the victim if police body cameras aren't more hack-proof"

By: Paul Rosenzweig
Source: Christian Science Monitor - Passcode

February 3, 2015

President Obama's request that Congress spend $75 million to outfit police with body cameras after the Michael Brown shooting reflected a consensus that the technology will provide a clear record of interaction between the public and law enforcement.  But while civil rights and police groups agree that video can protect citizens and officers, the security within these systems needs to be addressed long before some 50,000 police strap cameras to their uniforms. After all, the information collected on video will be incredibly sensitive, and the impact of a hacker accessing this data could be extraordinary. Imagine a hacker who edits the data to change the identity of an assailant or leaks the footage of a victim immediately following a violent crime. The concern is not speculative – at least one white hat hacker has shown he can break into a police video system and criminals have demonstrated the ability to penetrate police department networks. Read Full Article>>>

"Wanted: An International Rule of Law for Cloud Data"

By: Michael Chertoff
Source: The Wall Street Journal

December 18, 2014

Imagine a world in which European regulators can order Google to delete information from its servers—information that, in America, would be protected by the First Amendment. Or a world in which Apple can be ordered by the Chinese government to keep all iCloud data created in China (even by Americans) on China-based servers so that the government could have ready access to it. Both of those real examples recently made headlines. But they exist in a world of conflict over whose national laws govern data held in cyberspace. And what is true for corporations is equally true for individuals.

Read Full Article>>>

"We Need a Clear Doctrine of Deterrence to Cyber Attacks"

By: Michael Chertoff
Source: TIME Magazine

December 18, 2014

For years, cyber security specialists have reported on intensifying intrusions into the information networks of our major institutions, both public and private. Most of these have involved theft of personal information for financial gain or espionage aimed at stealing valuable intellectual property. But occasionally we have seen more destructive attacks, aimed at “wiping” or destroying the networks and data themselves. In 2012, Saudi Aramco was a victim of a cyber attacks that destroyed thousands of machines, and in 2013 South Korean banks were also targeted for cyber damage. The recent Sony attack is a disturbing new chapter in this escalation of cyber conflict, not least because of the reaction we have seen.

Read Full Article>>>

"Managing Cyber Risk in Today's Security Landscape"

An Interview with Michael Chertoff

Published in Edison Electric Institute's November/December 2014 Issue of Electric Perspectives

Question: Based on your experience working with companies on their security issues, are they prepared for today's cyber threat?

Michael Chertoff: Some companies are better than others at their overall ability to manage risk, including today’s cyber threats. The good thing is that more and more members of the C-suite are becoming active in addressing these issues and no longer view cybersecurity as simply a technical matter best left to the chief information officer.  The key is to identify an effective risk management framework that will help a company intelligently examine the threats it faces; identify, assess, and where possible, eliminate security gaps or vulnerabilities; and ensure a robust plan for consequence management. A company needs to be prepared to respond when a crisis does occur. A risk management framework is an effective instrument to better inform decision making when it comes to prioritizing security investments, detecting new threats, and managing future security concerns and changes in the risk environment.

Read Full Interview>>>

Addressing Dynamic Threats to the Electric Power Grid Through Resilience


On November 14, 2014, the Chertoff Group released a new report examining the resiliency of the American electric grid against cyber and physical security threats. The report - Addressing Dynamic Threats to the Electric Power Grid Through Resilience - outlines the industry’s multipronged approach to grid security, including critical infrastructure standards, voluntary security initiatives, incident response preparations, and partnership with the government to enhance the reliability of our nation’s electric power grid. 

The U.S. electric power grid is often called the ‘largest machine in the world,’ and our society’s reliance on it is only increasing,” said Mark Weatherford, Principal at The Chertoff Group and former Deputy Under Secretary for Cybersecurity at the U.S. Department of Homeland Security. “As the grid transforms, it’s vital that we analyze and assess the risks in order to improve the security and resiliency of the electric grid.”

Download Full Report>>>

"Cybersecurity and Privacy Challenges with the Internet of Things"

By: Mark Weatherford
Published by

October 29, 2014

The Internet of Things  is coming. The term “Internet of Things” (IoT) refers to the increasing number of everyday objects – from airplanes, cars and trains, to light bulbs, blood pressure monitors and thermostats – that communicate with each other via the Internet. The IoT may provide fantastic new opportunities for humankind, but it may also lead to growing security risk and continued diminution of our privacy. It may do both.

Gartner has estimated that the number of things connected to the Internet will reach 26 billion by 2020 and John Chambers from Cisco has predicted that allowing these devices and applications to work together and create new services will realize savings to the tune of 19 trillion dollars.

While there are certainly profound efficiencies to be realized from the IoT in everything from manufacturing and agriculture, to health care and energy, there’s also a dark underside. When there is that much money involved, you can be assured that it will be very attractive to bad guys.

Read Full Article>>>

"Why Companies Need a Business Continuity Plan"

Published by

August 22, 2014

Christopher Skroupa:  At the time of a cyber-attack, how do company executives define and protect their most critical assets and put into place a business continuity plan?

Brian White:  It is important to note that at the time of an attack it will already be too late for a company executive to identify those critical assets.  The intruder will have located them and targeted these assets.   Once the company identifies the cyber intrusion, each second is critical to effectively responding.  With this in mind, it is essential for business executives to conduct a strategic review and analysis of their most vital assets and make investments to create a more resilient enterprise.  It’s not about what they should do at the time of an attack, but rather how they implement a response and recovery plan.  The biggest risk a company faces in today’s uncertainty of cyber-attacks is not being prepared.

Skroupa:  As cyber-attacks become more sophisticated, how does a company executive best prepare for agile risk management and prepare effective response plans?

White:  Practice is everything.  In today’s world of cyber uncertainty 100% protection against a cyber-attack is not possible, even with the strongest of security measures in place.  Therefore, creating an effective risk management and response plan is a key mitigation activity.  Companies and enterprises should prepare and practice table top exercises with key executives and work with crisis communications professionals.  Messaging the cyber-attack to customers and stakeholders must be included in an active response plan, both in protecting assets and restoring operational functionality.  Understanding the key decisions and having preemptive conversations on how to disclose the attack and seek to regain trust from customers is a fundamental step in developing an effective response plan.  Additionally, planning and preparation will be helpful in building the team regardless of whether it’s a cyber-event, a natural disaster or a product recall.

Skroupa: With an unforeseen attack, how can executives trust that their response plan will even work?

White:  The hard fact is that you will never know if the plan will work before a cyber-event.  But as General Dwight D. Eisenhower said, “Plans are nothing; planning is everything.”  The key is to engage in the process of planning and exercising so company stakeholders know their roles and responsibilities.  As a CEO, the first time meeting with the CISO and his or her team cannot be during the crisis.  Every plan will have opportunities and vulnerabilities.  Understanding the plan’s parameters and options will enable an executive to make decisions quickly and accurately at first response.  If the plan initially fails, they will have the knowledge to divert and implement a modified response.   An exercise two to three times a year for three to four hours each time will make all the difference if there is a major breach.

Read Full Article>>>

"Big Data and Cybersecurity Key Players in Dynamic M&A Market" 

By Sandra Jontz

Published in Signal Magazine

July 31, 2014

Enduring problems surrounding data analytics and emerging cyberthreats keep small businesses vital in mergers and acquisitions environment.

A resurgence of activity has hit the mergers and acquisition market this year, with companies operating in big data analytics and cybersecurity seeing a lot of the action, experts say.

"We believe [big data analytics] is going to be an enduring problem," said David Wodlinger, principal with Arlington Capital Partners, a leading investor firm in defense technology and the aerospace market. "Data is getting created at such an astronomical rate, the quality of sensors are getting so much better … that the market for companies that have the capabilities to analyze these massive amounts of data is going to be hot now and going to be hot for the foreseeable future.

“Similarly, cybersecurity is one problem that we don’t see a real solution to any time soon,” continued Wodlinger, a panelist on the Defense, Cyber, Intelligence and Homeland Security; Market Forecast and Emerging M&A Trends forum co-sponsored by The Chertoff Group and AFCEA International. “The problem is that adversaries keep … getting better at what they’re doing; consequently there is going to be a lot of [research and development] dollars spent on that.”

Small businesses with solutions to stamp out waste, fraud and abuse round out his top three of enduring business that will drive market movement and pique investors’ interest, said Wodlinger, also a member of the boards of directors of Novetta Solutions and Quantum Spatial.

There is a whirlwind of big companies buying smaller companies, setting up 2014 as a huge year for mergers and acquisitions. The economic recession spawned a new type of trend in the dynamic merger and acquisitions environment, said Jason Kaufman, principal at The Chertoff Group and the panel moderator.

“We had a long cycle of prosperity over the course of a dozen years where, because of the war years boom and post 9/11 spending, we had a lot of private equity groups who rushed to the market,” Kaufman said. “Since then, we obviously entered into a downturn, and over the course of that downturn, we’ve seen the emergence of a couple of new trends. … We’ve seen a new class of private equity firm come into the market to really focus on building scaled contractors who have the ability to remain agile and innovative and bring technology to the customer, but who also have enough size to handle large-scale programs.”

Read Full Article>>>

Our New Fear of Flying

The Ukraine shoot-down and FAA decision cry out for a revamping of global air security.

By Michael Chertoff

July 23, 2014

It may not exactly be easy to shoot down a civilian airliner—but it’s easier than ever before.

The missile attack on Malaysian Airlines Flight 17 over eastern Ukraine, and the decision by the Federal Aviation Administration to temporarily bar U.S. flights to Tel Aviv because of rocket fire, have riveted attention once again on the question of global aviation security. For aircraft cruising at high altitude, downing a plane requires either a relatively sophisticated missile or another aircraft, capabilities that up to now have been restricted to nation states (or their proxies). But recent developments in the global security situation, including the growing availability of less sophisticated technologies, suggest the rise of more broadly based threats to aviation in a number of regions around the world.

Read Full Article>>>

Building a Resilient Power Grid

Industry and government are working together to ensure necessary investments – not only to anticipate and prevent possible harm to critical energy supply – but also ensure a constant focus on building a more resilient grid.

By Michael Chertoff
Published in Edison Electric Institute's May/June Issue of "Electric Perspectives"

In the early morning hours of April 16, 2013, just 12 hours after the tragic Boston Marathon bombing, Pacific Gas and Electric’s (PG&E’s) Metcalf transmission substation, located just south of San Jose, CA, fell victim to well-planned and executed acts of sabotage.  Two fiber-optic lines running underground near the substation were cut, and more than 100 rifle shots were fired at the substation’s transformers and radiation cooling devices.  While substantial damage was done, it is important to note that no power was lost. Why? PG&E operators saw an anomaly in the system and acted in accordance with their training by rerouting power to another substation.  Their planning, training, monitoring, and response protocols helped them avoid a loss of power to a large portion of Silicon Valley.

There is no single solution that can completely eliminate each and every risk to our nation’s power grid.  However, the electric power industry and government can and are working together to ensure necessary investments – not only to anticipate, prepare for, and prevent possible harm to critical energy supply – but also to ensure a constant focus on building a more resilient grid. 

Read Full Article>>>

Why Every Board Should Care about Cybersecurity

By Michael Hayden, Principal with The Chertoff Group and Ben Besson, Lockton Companies

The Internet was originally designed to move large volumes of information among a limited number of trusted users.  Security was never a central component; no natural technical boundaries were put into place to protect information.  Today, the Internet has evolved into a massive global system essential to our daily lives, global commerce and national security. It also remains defined by the same core principals of openness, flexibility, speed and efficiency as when it was first created.   

Read Full Article>>>

Is Internet in Danger of Becoming "Splinternet"?

By Michael Hayden, Principal with The Chertoff Group and former director of the NSA and CIA 
Published in: CNN

The serial revelations by Edward Snowden, the former National Security Agency contractor who stole and leaked classified government information, have ignited a variety of disputes in the United States and around the world.

Is the collection of metadata, detailed records of phone calls and other communications, as benign or as malignant as it has been portrayed? What are the proper limits in conducting electronic surveillance of geopolitical allies or of ordinary citizens? How much government espionage activity must be publicly available to really give meaning to the concept of "consent of the governed"? Is it appropriate to secretly compel private enterprise to assist in intelligence collection?

Read Full Article>>>

Beyond Snowden: An NSA Reality Check

By Michael Hayden, Principal with The Chertoff Group and former director of the NSA and CIA 
Published in: World Affairs Jounral: January/February 2014

Despite continuing debates over debt limits and government shutdowns, the reach of NSA surveillance has become a hot and enduring topic. And foreign leaders are weighing in on the scope of alleged NSA activities against them.

Read Full Article>>>

2014 Market Outlook:  Jason Kaufman of Chertoff Capital Expects Surge in M&A Activity as Renewed Market Certainty Drives Cautious Optimism

By Jason Kaufman, Head of Investment Banking, Chertoff Capital 
Published in: Washington Executive, January 8 , 2013

Deal makers often greet the new year with optimism and this year is no different. Chertoff Capital expects a surge in mergers and acquisitions (M&A) in 2014 as renewed market certaintly enables a return to strategic planning and measured risk tolerance.  

Read Full Article>>>

US Must Tackle Cyberattacks from Chinese

By Michael Chertoff and Michael Hayden, Co-Founder and Principal with The Chertoff Group 
Published in: The Hill, April 18, 2013

The American public is waking up to a reality that many in government have known for some time — the threat of cyber espionage and intrusions, particularly from China.  

Read Full Article>>>

The Chertoff Group Partners with the FCC to Launch Smartphone Security Checker to Help Consumers Protect Mobile Devices This Holiday Season

By The Chertoff Group
Published:  December 18, 2012

More than 20 million Americans will unwrap a new mobile device this holiday season, but most smartphone users admit they don’t know how to protect themselves from mobile security threats

Read Full Article>>>

The Chertoff Group is Proud to Work with the FCC to Release Small Biz Cyber Planning 2.0 to Empower Small Businesses with Customizable Cybersecurity Plans

By The Chertoff Group
Published:  October 18, 2012

Small businesses are more dependent on the Internet than ever before, but 83 percent don't have a formal cybersecurity plan to protect against cyber threats.  

Read Full Article>>>

When Intel Meets the Political Debate

By General Michael Hayden, Principal 
Published in: The Washington Post, October 1, 2012

The intersection of intelligence reporting and policymaking is tricky.  

Read Full Article>>>

The Lesson of Google's Safari Hack

By Michael Chertoff, Chairman & Co-Founder
Published in: The Wall Street Journal - July 23, 2012

In the cyber age, privacy and security are two sides of the same coin. Digital privacy concerns can't be separated from security ones, and vice versa.

Read Full Article>>>

Cloud Computing and the Looming Global Privacy Battle

By Michael Chertoff, Chairman & Co-Founder
Published in: Washington Post

Agrave threat is said to be stalking Europe. No, it isn’t the financial crisis and the potential demise of the euro. It’s the “rapacious” U.S. approach to privacy — which portends, for those engaged in the development of cloud architecture, a coming “clash” of privacy laws.

Read Full Article>>>

China's Cyber Thievery Is National Policy—And Must Be Challenged

By Michael Chertoff, Chairman & Co-Founder, Mike McConnell & William Lynn

Published in: Wall Street Journal - January 27, 2012

Only three months ago, we would have violated U.S. secrecy laws by sharing what we write here—even though, as a former director of national intelligence, secretary of homeland security, and deputy secretary of defense, we have long known it to be true. The Chinese government has a national policy of economic espionage in cyberspace. In fact, the Chinese are the world's most active and persistent practitioners of cyber espionage today.

Read Full Article>>>

Can We Trust the Cloud to Protect Sensitive Law Enforcement Information?

By Michael Chertoff, Chairman & Co-Founder
Published in: - January 18, 2012

Can we trust the cloud to protect sensitive law enforcement information? Today, the best answer to this question is- no pun intended - very cloudy.

There are good reasons to consider cloud storage - storage of large amounts of electronic information on servers hosted by third parties and located in one or more physical locations
beyond those controlled by the party responsible for the data.

Read Full Article>>>

A New Line of Defense in Cybersecurity, With Help From the SEC

By Jay Rockefeller and Michael Chertoff, Chairman & Co-Founder
Published in: The Washington Post - November 17, 2011

We have been in enough classified briefings over the years to know the details of the most significant threats to our national security and our way of life. One vulnerability in particular keeps us up at night: the state of our nation’s cybersecurity.

Read Full Article>>>

The World's 7 Most Powerful Defenders & Offenders

By Michael Hayden, Principal
Published in: Forbes - November, 2011

"Global security can be formed or threatened by heads of state whose wisdom, folly and obsessions shape global events. But often it is the security practitioners, those rarely in the headlines but whose craft and energy quietly break new ground, who keep us safe or put us in peril."

Read Full Article>>>

Re-Examining Our Bio-Defense

By Jeffrey Runge, Principal
Published in: Politico - October 20, 2011

This is the 10th anniversary of the anthrax letters – a deadly small-scale attack on our nation’s leadership and many innocent citizens. I was stunned to see some responses after three years of virtual radio silence by the Obama administration and the Congress, the very institution targeted by the “warning shot” from a lone wolf terrorist.

Read Full Article>>>

What's At Stake in the Cloud?

By Michael Hayden, Chairman & Co-Founder
Published in: The Hill - October 4, 2011

The new federal strategy for implementing cloud-computing solutions is called “Cloud First”— and with good reason. We now systematically prefer cloud-computing solutions to those based on local servers and laptops. The allure of efficiencies, economies of scale, high-end services and — most importantly — reduced costs are almost irresistible.

Read Full Article>>>

Our Salt Risks Draining into Cyberspace

By John Reid, Principal
Published in: Financial Times - June 22, 2011

The news was dominated on Wednesday by reports of the arrest of a suspected British teenage computer hacker, in connection with a range of security breaches including attacks on the website of the CIA and the UK’s Serious Organised Crime Agency. We can expect many more such events as our security agencies struggle to address the challenges of cyberspace.

Read Full Article>>>

Chertoff: Looking Ahead to What's Next in the War on Terror

By Michael Chertoff, Chairman & Co-Founder
Published in: USA Today - May 2, 2011

With the World Trade Center still smoldering, America promised to bring Osama bin Laden to justice or justice to him. President Obama's announcement that bin Laden has been killed brings a tremendous amount of gratification for all those who have fought for years to achieve this result as well as great comfort to those who lost loved ones on Sept. 11, 2001. There is no doubt, this is a great moment for America.

Read Full Article>>>

What Happens After Gaddafi is Removed?

By Michael Chertoff, Chairman & Co-Founder and Michael Hayden, Principal
Published in: The Washington Post - April 21, 2011

Libyan rebels have made it clear that any proposal to cease fighting and end their current battle against the Libyan government must include the removal of Moammar Gaddafi. President Obama, along with French President Nicolas Sarkozy and British Prime Minister David Cameron, has repeatedly called for the removal of this violent dictator. The objective is clear. And Libya’s future is being determined by a civil war, one in which we unarguably have a hand.

Read Full Article>>>

Ten Years Later

By Michael Hayden, Principal
Published in: World Affairs Journal - September/October 2011

As dusk fell on September 11, 2001, I made my way to the NSA office responsible for counterterrorism analysis. These analysts were still located on a floor near the top of one of our high-rise headquarters buildings because we could not afford the disruption in mission that would have resulted from moving them into spaces in the lower, presumably safer, ops building to which most essential personnel had decamped hours earlier.

Read Full Article>>>

The Future of Things "Cyber"

By Michael Hayden, Principal
Published in: Strategic Studies Quarterly - Spring 2011

In the Spring 2011 edition of Strategic Studies Quarterly, General Michael Hayden discusses the lack of clarity and agreement found among government officials and the private sector on how to create a more secure cyber space. He poses several important questions such as whether cyber is really a domain? What constitutes a reasonable expectation of privacy? What we should expect from the private sector? And is defense possible? While there are many other tough questions out there, General Hayden states that until these and others like them are answered, "we could be forced to live in the worst of all possible cyber worlds � routinely vulnerable to attack and self-restrained from bringing our own power to bear."

Read Full Article>>>

Defending Against Terror Threat to Cargo

By Jayson P. Ahern, Principal
Published in: CNN - November 11, 2010

Recently, the United States was tipped off by Saudi Arabian authorities that packages laden with explosives were en route to the United States.

With little time to react, the United States, as well as allied countries around the world, led a vigorous search through the multifaceted international cargo shipping system, ultimately discovering the packages, within hours of detonation, in time to prevent a devastating attack.

Read Full Article>>>

Chertoff: Keeping America Safe

By Michael Chertoff, Chairman & Co-Founder
Published in: The Washington Times - December 26, 2008

Why has our country remained safe since September 11? Because of concrete policies the president has pursued - policies that range from reorganizing the intelligence community to taking the fight to our enemies, from monitoring terrorist communications to creating the Department of Homeland Security.

Read Full Article>>>

We Should Be Prepared for an Emergency

By Michael Chertoff, Chairman & Co-Founder
Published in: The Vindicator - January 5, 2009

With the new year comes the inevitable urge to make ambitious resolutions for 2009. High on people's lists should be a resolve to become better prepared for emergencies.

Read Full Article>>>

Texting with Terrorists

By Richard A. Falkenrath, Principal
Published in: The New York Times - August 9, 2010

WHEN the United Arab Emirates announced last week that it would suspend BlackBerry service within its borders starting this fall, business travelers who rely on the handheld devices reacted with understandable dismay. But the decision was greeted quite differently by the men and women who make a living hunting terrorists, smugglers, human traffickers, foreign agents and the occasional team of clumsy assassins. Among law enforcement investigators and intelligence officers, the Emirates’ decision met with approval, admiration and perhaps even a touch of envy.

Read Full Article>>>











security services

“Our principals earned their reputations through direct operational responsibility and demonstrating successful results. By applying that same dedicated ‘hands on’ approach, we are now helping our clients achieve their objectives.”

Michael Chertoff