Houston | London | New York | Menlo Park | Washington DC
STAY CONNECTED: facebooktwitterfacebooktwitter


Ideas & Insights from The Chertoff Group

Digital Security Requires A Legislative Overhaul

Source: Time

February 10, 2016

Secretary Michael Chertoff is the Co-Founder and Executive Chairman at The Chertoff Group. In this article he argues that electronic communications require a legislative review.

Last week, the European Commission and the U.S. concluded tough negotiations to reach an important new agreement regarding cross-border data transfers, the so-called “E.U.-U.S. Privacy Shield,” which replaces the 15-year-old Safe Harbor compact. We also learned the U.S. and the U.K. began negotiations regarding a new data-sharing agreement that shows great promise to establish a basis for other like-minded democracies to develop a more modern and workable legal framework for government access to citizens’ data.

In recent years, major advances in technology and the globalization of electronic communications have rendered much of our existing regulatory framework obsolete. As a result, digital privacy issues have increasingly become regulated through a series of outdated statutes and regulations that are updated through “band-aids and paper clips” rather than comprehensive solutions.

These agreements are an important step, but far more work still needs to be done, in both the E.U. and the U.S.

Read Full Article>>>

Surfing the Body-Worn Camera Wave

Source: GCN

February 10, 2016

Paul Rosenzweig is Senior Advisor with The Chertoff Group and previously served as Deputy Assistant Secretary for Policy at the U.S. Department of Homeland Security.

Body-worn cameras (BWCs) are the next wave of policing.  If law enforcement officials aren’t careful, however, the wave may drown them rather than carry them to shore.

In mid-January, the International Association of Chiefs of Police, the Major Cities Chiefs Association, SafeGov.org and the Police Foundation hosted a day-long review of the current state of deployment of BWCs at the Newseum in Washington, D.C.  If the expert recommendations from that event could be summarized in a single phrase it would be: “Proceed with caution.”  

Read Full Article>>>

A Cyberwar Update

Source: The Wall Street Journal

February 10, 2016

General Michael Hayden is a Principal at The Chertoff Group and former director of the CIA and NSA.

MR. BUSSEY: We got some news last month. There's some legislation meant to increase cooperation between the government and business. Tell us about the bill and whether or not it helps CIOs protect corporate secrets.

GENERAL HAYDEN: We're talking about CISA, the Cybersecurity Information Sharing Act. Good news, a step in the right direction. But it's too long in coming, it's too small a step. And it reveals that within any realistic planning horizon, you are largely responsible for your own defense in the cyber domain.
The government, our government will be permanently late for your cybersecurity. Look, your armed forces view cyber as a domain. Land, sea, air, space, cyber. It's a new domain. You and I have decided that this domain is so wonderful, empowering, we're going to take things we used to keep down here in a safe, in a drawer, in a wallet, and put it up here where it's largely undefended. This is the largest ungoverned space in recorded human history. 
There is no rule of law up here.

As taxpayers, you and I are going to want our government to defend us up here the way we have become accustomed to relying on the government for defending us down here. But there's the general sclerosis of government, and the technology is going to move much faster than any government can move. Then we have not yet decided what it is we want or what it is we will allow the government to keep us safe. You're going to have to be responsible for your safety [in the cyber domain] in a way in which you have not been required to be responsible for your safety [in the physical domain] since the closing of the American frontier in 1890.

Read Full Article>>>

Seven Global Leaders Advise on Digital Risk 

Source: United States Cybersecurity Magazine

January 2016

In this article, Chad Sweet, Co-Founder of The Chertoff Group, offered his advice for Board of Directors on today's digital risk. 

As is typically true in crime of any type, the bad guys are always one step ahead. To put daily threats in perspective, consider this statistic from McAfee labs: while its team saw 25 new threats per day in 2005, this year the team sees 486,800. These threats have escalated to the point where individuals, commercial industry, and governments worldwide understand that if the top hackers want to get in, they will. It is crucial to understand criminal intent and position your organization’s ability to adapt post breach. “In the digital economy, CEOs and Boards must put in place an effective risk management framework to deal with today’s persistent and evolving cyber threat environment,” commented Chad Sweet, co-founder of the security intelligence advisory Chertoff Group.

Read Full Article>>>

Improving Aviation Security

Source: The Cipher Brief

December 24, 2015

Jayson Ahern is a Principal at The Chertoff Group and Head of the Firm's Security Services practice area where he advises clients on a broad range of services including homeland and border security management, global commerce and supply chain security, critical infrastructure protection, risk management and strategic planning and implementation.  

On October 31, 2015, an international charter flight departing from Sharm el-Sheik International Airport disintegrated mid-flight en-route to Saint Petersburg, Russia, killing all passengers onboard. Two weeks later, a series of coordinated attacks led by a Brussels-based terrorist cell struck Paris, resulting in the death of over 130 people. Last week, a female shooter who arrived to the United States on a fiancé visa in 2014, along with her husband killed 14 people in San Bernardino, California. It is evident that the Islamic State of Iraq and Syria (ISIS) has reached beyond its own borders, claiming responsibility for attacks, inspiring others, and striving to continuously expand its influence and network.

The recent terrorist attacks demonstrate that the threat to aviation security is real - and the threat is not just isolated to the aircraft.  Today, we are also concerned that terrorists can leverage commercial aviation to travel and coordinate attacks. The persistent threat of terrorism is driving the need for security forces around the world to monitor the movement of wanted individuals and potential terrorists.  Global travel awareness will continue to grow as one of the preeminent tools in the fight against terror as we confront an increasingly agile adversary.

Read Full Article>>>

A Better Way to Fight Terror with Tech

Source: CNBC.com

December 22, 2015

Commentary by Michael Chertoff who served as secretary of homeland security from 2005 to 2009. He is currently co-founder and executive chairman of The Chertoff Group, a premier advisory firm focused exclusively on security and risk management. 

Tension between the tech community and U.S. law enforcement agencies over privacy versus security is on the rise. But it's time for everyone to step back and take some of the drama out of the debate. There is much that the tech community and law enforcement can agree on. They can agree that we need a smooth, efficient legal process in place to provide law enforcement with access to information it needs to do its job. They can agree on the value of protecting end user privacy. And, they can agree that, in the long run, the globalized nature of the network requires us to forge international agreements that facilitate these two outcomes across international borders.

Success in the endeavor is not optional. The essential goals of preventing terrorism, combatting crime and protecting individual privacy and rights are intrinsic to a functioning society, not merely pleasant extrinsic objectives that are "nice to have."

Read Full Article>>>

Future of Policing: Four Factors to Consider When Deploying New Technologies 

Source: Government Technology

December 4, 2015

Paul Rosenzweig previously served as Deputy Assistant Secretary for Policy at the U.S. Department of Homeland Security. He is currently a Senior Advisor to The Chertoff Group, a global security advisory firm that advises clients on technology and security issues.

The future of policing is just around the corner. Law enforcement agencies across the country — and around the globe — are rushing headlong into the adoption of new technology and policing techniques.

Five years ago, body-worn cameras were virtually unheard of, almost no law enforcement agency in the world owned and operated a drone, and big data analytical techniques were in their infancy. Today, all of these techniques — and a host of others, such as facial recognition technology, fusion centers and shotgun detection tech — are the new currency of modern policing.

Wise law enforcement administrators would be well-advised to consider a number of factors before deploying these new technologies. As was detailed during a recent panel at the International Association of Chiefs of Police (IACP) convention, before you buy the new gadget, there are at least four factors that need to be addressed: costs, expectations, privacy policies and security implications.

Read Full Article>>>

Preventing Another San Bernardino

Source: The Cipher Brief

December 3, 2015

Jayson Ahern is a Principal at The Chertoff Group and former acting commissioner of U.S. Customs and Border Protection within DHS.

The Cipher Brief: We still don’t know the motive behind the attack in San Bernardino. If a link to terrorism is established, what does this attack tell you about the changing nature of the homeland threat? What more do law enforcement and the Intelligence Community need to do to prevent these types of plots?

Jayson Ahern: Whether the San Bernardino attack was carried out in support of an international terrorist group or as an independent act of violence, it is yet another reminder that we need to continue building and improving our capabilities to better prepare for acts of violence. This requires increased coordination and cooperation from the public, law enforcement, and government organizations that monitor today’s ongoing threats.  One of the greatest challenges the law enforcement and Intelligence communities face is detecting and interdicting attacks conducted by unidentified individuals. As a result, this places emphasis on the need for effective incident response plans.  Law enforcement already participates in regular trainings and exercises, but there is always more that can be done to improve response to today’s persistent and evolving threats. Moreover, law enforcement must continue to build relationships within their communities and improve the public’s awareness of these threats.  The public can serve as a force multiplier for law enforcement and together they can enhance homeland security.   

Read Full Article>>>

A Gap Left Unchecked in U.S. Border Security 

Source: The Hill

November 27, 2015

Jayson Ahern is a Principal at The Chertoff Group and former acting commissioner of U.S. Customs and Border Protection within DHS.

The United States has worked tirelessly to protect our borders and ensure that another terrorist attack does not occur on U.S. soil.  Our nation has committed billions of dollars in increased personnel, technology, and infrastructure for security by land, air, and sea.  

Yet, a massive gap remains that potentially threatens every citizen.  

Today, millions of packages originating overseas enter the United States annually.  Most of these packages - ranging from small letters to large boxes - are gifts, online purchases, or part of a business exchange.  While many of these items are benign, the United States took precaution to prevent dangerous items from being shipped from abroad to the homeland through the Trade Act of 2002.  Under this law, public and private carriers are required to provide advance electronic security data to Customs and Border Protection (CBP).  However, despite this law, each day thousands of packages enter the United States without law enforcement having any effective means of screening for dangerous materials.   

Read Full Article>>>

Preparation, not panic, is best way to meet threat of potential EMP attack

Source: Washington Examiner

October 20, 2015

Mark Weatherford is a senior advisor with The Chertoff Group

It's an unsettling scenario: An attack on the U.S. homeland in the form of an electromagnetic pulse - a massive blast from a high altitude (most likely nuclear) weapon intended to cripple our electrical control system infrastructures and the electronic devices we depend on. In this digital age, where electronic technology is prevalent in nearly all aspects of our daily lives, it's a threat that must be monitored closely - by government and industry leaders alike. As frightening as this doomsday scenario sounds, most experts consider it a low-likelihood event where consequences can vary significantly depending on how such a weapon is delivered.

Read Full Article>>>

The Chertoff Group Contributes Perspective in New Book for Boards of Directors Looking to Address Today's Cybersecurity Challenges  

Source: Securityroundtable.org

October 12, 2015

The Chertoff Group participated in a new book, Navigating the Digital Age: The Definitive Cybersecurity Guide for Directors and Officers.  Led by Palo Alto Networks (NYSE: PANW), the next generation security company, and the New York Stock Exchange (NYSE), a wholly owned subsidiary of Intercontinental Exchange (NYSE: ICE), this book provides boards, executives and officers at enterprises, government agencies and other organizations with practical, expert advice on how to best protect their businesses from cyberattacks.

The Chertoff Group provided two chapters to this anthology.  Co-authored by Michael Chertoff, Executive Chairman of The Chertoff Group and Former Secretary of the U.S. Department of Homeland Security, and Jim Pflaging, Principal and head of The Chertoff Group's Business Strategy practice area, "The Three T's of the Cyber Economy"examines the dynamic challenges of today's golden age of innovation, driven by newtechnology, an evolving threat landscape, and consumers' lack of willingness to trust their privacy is protected. "The Internet of Things," authored by Mark Weatherford, a Senior Advisor at The Chertoff Group, offers insight into why corporate executives should pause to consider the security and privacy implications of IoT devices as it will continue to impact their business decisions for the foreseeable future.  

Download the Chapters >>>

Time Has Come to Reform Laws Governing Law Enforcement Access to Data

Source: Nextgov

September 18, 2015

Paul Rosenzweig is a senior adviser to The Chertoff Group, a global security and risk management advisory, and former deputy assistant secretary for Policy at the Department of Homeland Security.

Some of the laws governing the process by which the federal government gains access to electronic data are nearly 30 years old. As a result, electronic evidence today is, effectively, accessible to the government by fiat at a time and place of its choosing, often without regard for who is holding the evidence or even where, on the vast globe of a connected Internet, the evidence is being stored.

Rules written for a time when smartphones and tablets didn’t even exist are hopelessly out of date in today’s world. It is time, and well past time, for Congress to begin the process of bringing federal electronic evidence-gathering law into the 21st century.

Read Full Article>>>

We Can Tighten Air Security Without Choking Off Travel

Source: USA Today

August 26, 2015

Michael Chertoff was Secretary of Homeland Security from 2005 to 2009.  He is Co-Founder and Executive Chairman of The Chertoff Group. 

Across the world, hundreds of thousands of people are fleeing areas of war and civil unrest, entering European countries at alarming rates. In fact, according to a recent BBC report, since the start of 2015, nearly 340,000 migrants have been discovered crossing Europe’s external border, more than double the number from the same time period in 2014. This influx of immigrants presents not only a strain on European economies and resources, but also a possible security problem given justified concerns regarding the spread of terrorism and return of foreign fighters to recruit and carry out attacks.

How do we, as Americans, ensure international travel security remains robust as the global environment changes?  Do we have the right security measures in place given today’s global risk environment? These are fair questions which require our constant attention and review to ensure our approach remains effective.  However, as we pursue this review, we must also keep in mind that an effective security program does not have to be at the sacrifice of an efficient travel system.  In fact, it can’t be.

We must be effective and efficient to guard against threats while also welcoming almost one million travelers who arrive at U.S. ports of entry each day.

Read Full Article>>>

National Self-Interest and the Coming Internet Crack-Up

Source: Forbes

August 21, 2015

Michael Chertoff was Secretary of Homeland Security from 2005 to 2009.  He is Co-Founder and Executive Chairman of The Chertoff Group. 

The singular characteristic that defines the cyber network is its universality. A web search in Germany works under exactly the same protocols as in Gabon. And it generally produces the same result. Information is seamlessly available on a global scale, to the betterment of all.

If we are not careful, however, that principle of universality will soon come to an end. National self-interest has us rushing headlong to the establishment of sovereign “borders” and jurisdictional limits across the cyber-globe that will fracture the network into multiple, overlapping, competing parts. And that, in turn, will come at a great cost to personal freedom, economic productivity and social development. As Edmund Burke might say, this catastrophe will come to pass if “good men [and women] do nothing” to thwart it.

Read Full Article>>>

An Incomplete European Cybersecurity Agenda

Source: EurActiv

August 5, 2015

Paul Rosenzweig is a Senior Advisor at The Chertoff Group, a global security advisory firm that advises clients on information security, including cloud computing, and former Deputy Assistant Secretary for Policy at the U.S. Department of Homeland Security.

Earlier this year the European Union released its new Agenda on Security. But the agenda, while admirable, is incomplete. It is missing a vital component – reform of the Mutual Legal Assistance Treaty (MLAT) process.

Europe’s new security agenda is an excellent first step toward greater EU cooperation in the cyber domain. European nations will work to reduce the barriers to cross-border cybercrime investigations, especially related to jurisdiction and evidence sharing. The agenda also obliges EU institutions to follow through on the 2013 Cybersecurity Strategy. That includes adopting a binding directive on network and information security.

Read Full Article>>>

Televising the Revolution

Source: Real Clear World

August 3, 2015

Bryan Cunningham is an information security, privacy, and data protection lawyer, and a senior advisor to The Chertoff Group, a global security advisory firm that advises clients on cyber security. Formerly, he was a US federal prosecutor and intelligence office and served as deputy legal advisor to national security advisor Condoleezza Rice.

Alex Deane is Head of Public Affairs UK and Managing Director at the global business advisory firm FTI Consulting. 

Some revolutions change humanity for better, some for the worse, but they all share this: You don't know they've started when you're in them. On August 1, 1981, Buggles' "Video Killed the Radio Star" was the debut music video on the new Music Television Network, MTV. It was probably seen by less than 1,000 people that very day, but ask anyone under 50 now about music without video and you'll get a blank stare. 

Read Full Article>>>

Why the Fear Over Ubiquitous Data Encryption is Overblown

Source: Washington Post 

July 28, 2015

Michael Chertoff is a former homeland security secretary and is executive chairman of the Chertoff Group, a security and risk management advisory firm with clients in the technology sector. Mike McConnell is a former director of the National Security Agency and director of national intelligence. William Lynn is a former deputy defense secretary and is chief executive of Finmeccanica North America and DRS Technologies.

More than three years ago, as former national security officials, we penned an op-ed to raise awareness among the public, the business community and Congress of the serious threat to the nation’s well being posed by the massive theft of intellectual property, technology and business information by the Chinese government through cyberexploitation. Today, we write again to raise the level of thinking and debate about ubiquitous encryption to protect information from exploitation.

Read Full Article>>>

"OPM Breach Leaves Threats Hidden in Plain Sight"

Source: Fedscoop.com

July 17, 2015

A 50-year veteran of U.S. intelligence, Charles Allen says the data breach at the Office of Personnel Management potentially casts doubt on the integrity of the entire security clearance system.

The data breach of the Office of Personnel Management could affect more than 20 million Americans. Yet the true magnitude of this breach lies not in the number of individuals affected, but in the seemingly infinite ways it has compromised our national security.

The risk of widespread identity theft or other uses of personally identifiable information for financial gain is not to be taken lightly. But, in my view, it pales in comparison to how it has jeopardized our national security workforce, both in government and the private sector, and degraded the integrity of our security clearance system. Quite simply, it is a national security risk unlike any I’ve seen in my 50 years in the intelligence community.

Read Full Article>>>

"Making Headway in the US"

Published by Exporter Magazine

Spring 2015 

Jim Pflaging identifies the big opportunities in cyber security and offers tips on successfully navigating the market.

Exporter: Describe your role as a Beachheads Advisor in Government and Public Safety and Security?

Jim Pflaging: It makes me chuckle a bit when I hear myself referred to as a government guy! In truth I’m a Silicon Valley tech guy and my background is primarily in security, technology and start-ups. That said, many of the technology waves that hit Silcom valley are applicable- and in many cases critical – to government operations, such as identity analysis and software, cybersecurity and enterprise technology.

My passion, and the reason we established The Chertoff Group, is to help make the world a safer place through a lens of national and local security. Government is a vital part of that and there’s an impressive caliber of New Zealand companies involved. I’m really attracted to the way Kiwis do business and, truthfully, their humor and style. I can’t tell you what a different that makes because, at the end of the day, business is about connections and relationships. 

Exporter: What are the top two things you find yourself saying to New Zealand companies?

JP: Be bold. New Zealand companies are creative and resourceful. However, coming to the US from a small island nation, a lot aren’t bold enough. They need to tell their stories in broader, more impactful ways and to connect with executives on meaningful levels. It is a delicate balance. On one hand, Kiwi humility is a positive. We don’t want Kiwi companies to lose that. On the other hand, they need to get used to going in guns blazing. Another commonality is the lack of governance in some of these early-stage companies.

The teams really need to ask themselves basic questions like, “How do I structure my company?” “How do I finance my company?” and “What should my board do?” before asking for connections. These issues are more important to tackle and get right than who will your next introduction is going to be.

Exporter: What advise do you have for Kiwi companies approaching the US government as its market?

JP: For those in the Public Safety and Security Space, it’s very important to know where the product should be and who the customer is. The US government isn’t a single purchaser and is obviously very big and very diverse. The good news is that from the perspective of the US Government buyer, New Zealand is highly trusted and its role as a member of the Five Eyes is important and meaningful. As with any market, it’s important to understand the unique needs and buying habits. For starters, the Federal Government has three divisions: Civilian, Defense and Intelligence, each of which has a network of loosely independent agencies. Civilian agencies include Health, Commerce and Treasury. Defense includes central groups like Defense Information Systems Agency (DISA), the centralized telecommunication and IT support organization as well as myriad groups across the different services.

The Intelligence arm is the most difficult, but not Impossible, to break into. There needs to be a compelling set of unique capabilities before the US Intelligence community will turn to a New Zealand technology provider. Further, there is a vast opportunity in the state and local market. I think Wynyard Group made a really smart decision to go after state and local law enforcement here.

Exporter: Where do you see the biggest opportunities in cyber security? Are any Kiwi companies doing it well?

JP: The biggest opportunities are in Malware Detection, Big Data and Identity.

There is a huge interest right now in cybersecurity. Everybody has been breached and the adage is that there are those who know it and those who don’t. There are two fundamental ways of tackling this: 1) Building walls or “strengthening the fences,” or 2) Developing advanced ways to detect the malware, contain it, and attack it.

Aura InfoSec is playing really well in this space. I see a real demand for not just technology solutions but business model innovation. In fact, I recently heard of a technology solution company who has partnered with an insurance company to provide a full solution and peace of mind for companies. It is a really interesting trend we are seeing in the market: “If you’re hacked while using our system, we’ll cover the recovery costs.” It takes the financial concerns away and is a huge value -add.

Security is a massive market for big data. You need to be able to find the needle in not just one, but hundreds of haystacks. Security apps that can do data analysis quickly through mounds of data- and in turn make decisions- are hugely sought after in cybersecurity. Again, Wynyard Group is a great example while, on a smaller scale, ikeGPS’ picture solution has great benefits for government and commercial users.
Building trust is a big opportunity. Companies offering strong methods of authentication will find success in this sector. Dual authentication- meaning authentication using something you ‘know,’ like a password, or something you ‘have,’ like a card, token fingerprint, or eye-scan- it’s a big trend. Gallagher Security is strong in this space.

Exporter: What is the long term opportunity for New Zealand?

JP: I’ve had the good fortune of being able to work directly with companies on their home turf and there’s not much difference between New Zealand and California. Whether its Wellington, Christchurch or Auckland, it’s a) a beautiful place, b) a great place to build software and technology, and c) an easy place to do business with the US- particularly the West Coast- from a time- zone point of view. Compared to the US, New Zealand is a relatively easy base to schedule meetings and work from. I always tell my friends who are VCs or investors or other technologists, “Don’t forget New Zealand! Great people and easily accessible”
Living in the US and recruiting engineering talent is expensive. When I was in New Zealand I thought, “What an easy place for a US company to feel like home. Why don’t US companies build their tech centres in New Zealand?” There are some serious long- term opportunities here. Universities could build world-class CS and entrepreneur programs and really kick-start the opportunity for New Zealand to become the tech and cybersecurity capital of the world - or at least the Southern Hemisphere. It’s a long term play, but why not get serious about it?

North America Beachhead Advisor Jim Pflaging has over 25 years of Silicon Valley experience, including 15 as CEO of cyber security and data management companies. Beachheads connects participating companies to a network of private sector advisors in New Zealand and around the world who can act as mentors and provide insights into the realities of growing internationally successful businesses.

Read Full Article>>>

"Complying with FBI Cloud Policy"

Source: American City & Country

June 03, 2015

All cloud products sold to law enforcement must comply with the FBI’s Criminal Justice Information Services (CJIS) Security Policy. Unfortunately, a recent study showed that half of law enforcement officials have no knowledge or are not familiar with CJIS rules and requirements. The International Association of Chiefs of Police (IACP) conducted the study and to help has issued a report,“Guiding Principles on Cloud Computing in Law Enforcement.”

GPN reached out to Paul Rosenzweig, senior advisor to the Washington, D.C.-based Chertoff Group, who offers his views on the topic. Michael Chertoff is one of the founders of the firm and is a former secretary of the U.S. Dept. of Homeland Security.

Read Full Article>>>

"Big Brother is Watching EU"

Source: POLITICO Europe

May 20, 2015

A strange — and strangely unnoticed — trend is emerging in the evolving global response to massive 2013 leaks about US surveillance activities. While our European cousins talk privacy reform, the United States is actually moving ahead with it, albeit more slowly than many would like. As the American side of the Atlantic inches toward self-restraint, many European governments are seeking sweeping new spying powers. Europe is at risk of falling behind the US in privacy reform. 

Following two post-Snowden reviews of US surveillance activities, the United States announced new limitations to its electronic surveillance activities, including additional privacy protections for Europeans and other non-US citizens, which few European countries currently afford Americans. Much-criticized US surveillance activities, including the bulk telephone metadata program, are set to expire in days unless Congress intervenes. Meanwhile, the bipartisan Law Enforcement Access to Data Stored Overseas (LEADS) Act and similar draft laws are moving through Congress and garnering broad support from technology companies, business organizations, and privacy and civil liberties advocacy groups.

Read Full Article>>>

"The Vast Amount of Personal Information (PII) Stored in the Cloud Needs to be Better Secured"

Source: Government Security News 

May 18, 2015

State and local law enforcement hold vast quantities of personally identifiable information (PII) about their citizens.  Arrest records; conviction records; finger prints; mug shots - all of them are collected by police departments around the country.  And, increasingly, this information is stored in a digital form with a cloud service provider.  How secure is that cloud storage?  Jennifer Lawrence and other celebrities know that the answer is "not necessarily as secure as we might hope."  And therein lies an alphabet soup of rules and standards.  Cloud data privacy is an alphabetic minefield of confusing three letter acronyms (TLAs to those of us in the know).  State and local law enforcement who don't make the effort to get to know these acronyms and what they mean do so at their own peril - at least insofar as they collect and store data about their citizens in cloud-based storage systems.

The latest entry into this derby of acronyms is the ISO, which is the International Standards Organization.  If you are familiar with the American National Institute for Standards and Technology (NIST) then you know what ISO does - it is a consensus-based body that is intended as a technical standard setter for the world, in a host of disciplines - the international version of NIST. 

Read Full Article>>>

"Convergence, Reemergence, or Convergence 2.0"

Source: Intelligent Utility

May 8, 2015

A little over a decade ago, the term convergence was de rigueur when talking about bringing the disciplines of physical security and IT security together to solve the challenges of stove-piped security.  Fast forward to 2015 and the challenges remain mostly the same, except the conversations are now about how to bring three disciplines-physical security, cybersecurity (formerly called IT security) and operational technology security (industrial control system/SCADA security)-together to manage the threats facing the electric utility industry.

Protecting our nation's electricity infrastructure has evolved from a subject relegated almost entirely to the corporate security officer, to a very visible and often political topic that gets almost daily attention by boards, CEOs, government regulators and even utility customers. While electric utilities in North America remain effective at addressing traditional threats such as severe weather, vegetation management and routine transmission disruptions, the evolving nature of physical, cyber and OT security is creating challenges that many companies are grappling with to ensure the resilience of their operations.

Read Full Article>>>

"ISO 27018: Protecting privacy and national security too"

Source: Federal Times

May 5, 2015

In the late 1970s, Leonard Nimoy (RIP Mr. Spock) hosted a weekly television "documentary" called "In Search Of…," in which he quested after Bigfoot, the Loch Ness Monster and other mythical creatures or phenomena. Nimoy's mysterious quarry almost always eluded him.

Many, myself included, generally expect the same outcome for international privacy and IT security standards that enhance the national security of countries implementing them: they are myths. But ISO (the Geneva-based multinational International Organization for Standardization) may have managed just such a mythical feat with its first-of-its-kind standard 27018, formally entitled "Information technology — Security techniques – Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors" (ISO 27018).

Read Full Article>>>

"Getting past the zero-sum game online"

Source: The Washington Post

April 2, 2015

As director of the National Security Agency and then the Central Intelligence Agency after the Sept. 11, 2001, attacks, I fought to provide our intelligence officers with every possible advantage in their work to detect and confront threats from our enemies.

We were entering a new kind of conflict. I had grown to professional maturity in an era in which it was NATO vs. the Soviet Union, and our enemy — with its tank divisions in Eastern Europe and intercontinental ballistic missile silos in our sights — was easy to find, though hard to defeat. Today, our enemies are relatively easy to defeat, but they often are damnably difficult to find. Hence the need to create timely, actionable — even exquisite — intelligence.

Read Full Article>>>

"Why State and Local Law Enforcement Should be Part of the MLAT Reform Process"

Source: Government Executive 

March 25, 2015

God forbid. You're an Assistant District Attorney in the midst of a case when gunfire erupts in the offices of a local magazine headquartered in your city which recently satirized ISIS. In "retaliation," terrorists have executed a dozen magazine employees although most had nothing to do with the offending column. Your top cops and prosecutors are immediately on the trail, but the gunmen disappear into the underworld of Europe. Your citizens demand swift justice and exemplary police work traces your perpetrators to social media accounts housed on servers in France. Time being of the essence, you quickly request vital evidence from the French social media companies before the killers' trail goes cold.

Read Full Article>>>

"Alibaba and the Cognititve Dissonance of American Data Policy"

Source: TechCrunch

March 25, 2015

"Who says A must say B..."

The aphorism, often attributed to the conservative philosopher James Burnham (though it originated in the fable of Hansel and Gretel), is a short-hand phrase that is intended to capture the requirement of intellectual consistency. Or, put more colloquially - don't be an intellectual hypocrite. American cyber policy makers may well rue not paying heed to Burnham. The legal interpretations they currently espouse may soon turn around to bite them in the proverbial hypocritical posterior.

Read Full Article>>>

Chertoff: Protect electronic conversation privacy today

Source: USA Today

March 3, 2015

Over a century ago, Alexander Graham Bell invented the telephone and it was soon within widespread use. Not surprisingly, police soon saw the value of listening in on private phone conversations, and wiretapping was born. But in 1933, Congress decided that interceptions of phone calls were an invasion of privacy comparable to a physical search under the Fourth Amendment. So, in order to listen to the content of a telephone call through a wiretap, police must first get a warrant and demonstrate to a judge that there is probable cause to think criminality is afoot. But what should be the rule when the conversation is by email and the substance of the conversation is stored on a server owned by an Internet service provider?   Read Full Article>>>

"DRM Institute Leader Series"

Source: Digital Risk Management Institute

February 24, 2015

Mark Weatherford, a Principal at The Chertoff Group, was featured in a Digital Risk Management Institute Leader Series featured article. Read the full Q&A with Mr. Weatherford where he discussed the digital threats facing industry and how executives can better manage the influx of new and increasingly complex cyber risks.    Read Full Article>>>

"Opinion: Privacy could be the victim if police body cameras aren't more hack-proof"

By: Paul Rosenzweig
Source: Christian Science Monitor - Passcode

February 3, 2015

President Obama's request that Congress spend $75 million to outfit police with body cameras after the Michael Brown shooting reflected a consensus that the technology will provide a clear record of interaction between the public and law enforcement.  But while civil rights and police groups agree that video can protect citizens and officers, the security within these systems needs to be addressed long before some 50,000 police strap cameras to their uniforms. After all, the information collected on video will be incredibly sensitive, and the impact of a hacker accessing this data could be extraordinary. Imagine a hacker who edits the data to change the identity of an assailant or leaks the footage of a victim immediately following a violent crime. The concern is not speculative – at least one white hat hacker has shown he can break into a police video system and criminals have demonstrated the ability to penetrate police department networks. Read Full Article>>>

"Wanted: An International Rule of Law for Cloud Data"

By: Michael Chertoff
Source: The Wall Street Journal

December 18, 2014

Imagine a world in which European regulators can order Google to delete information from its servers—information that, in America, would be protected by the First Amendment. Or a world in which Apple can be ordered by the Chinese government to keep all iCloud data created in China (even by Americans) on China-based servers so that the government could have ready access to it. Both of those real examples recently made headlines. But they exist in a world of conflict over whose national laws govern data held in cyberspace. And what is true for corporations is equally true for individuals.

Read Full Article>>>

"We Need a Clear Doctrine of Deterrence to Cyber Attacks"

By: Michael Chertoff
Source: TIME Magazine

December 18, 2014

For years, cyber security specialists have reported on intensifying intrusions into the information networks of our major institutions, both public and private. Most of these have involved theft of personal information for financial gain or espionage aimed at stealing valuable intellectual property. But occasionally we have seen more destructive attacks, aimed at “wiping” or destroying the networks and data themselves. In 2012, Saudi Aramco was a victim of a cyber attacks that destroyed thousands of machines, and in 2013 South Korean banks were also targeted for cyber damage. The recent Sony attack is a disturbing new chapter in this escalation of cyber conflict, not least because of the reaction we have seen.

Read Full Article>>>

"Managing Cyber Risk in Today's Security Landscape"

An Interview with Michael Chertoff

Published in Edison Electric Institute's November/December 2014 Issue of Electric Perspectives

Question: Based on your experience working with companies on their security issues, are they prepared for today's cyber threat?

Michael Chertoff: Some companies are better than others at their overall ability to manage risk, including today’s cyber threats. The good thing is that more and more members of the C-suite are becoming active in addressing these issues and no longer view cybersecurity as simply a technical matter best left to the chief information officer.  The key is to identify an effective risk management framework that will help a company intelligently examine the threats it faces; identify, assess, and where possible, eliminate security gaps or vulnerabilities; and ensure a robust plan for consequence management. A company needs to be prepared to respond when a crisis does occur. A risk management framework is an effective instrument to better inform decision making when it comes to prioritizing security investments, detecting new threats, and managing future security concerns and changes in the risk environment.

Read Full Interview>>>

Addressing Dynamic Threats to the Electric Power Grid Through Resilience


On November 14, 2014, the Chertoff Group released a new report examining the resiliency of the American electric grid against cyber and physical security threats. The report - Addressing Dynamic Threats to the Electric Power Grid Through Resilience - outlines the industry’s multipronged approach to grid security, including critical infrastructure standards, voluntary security initiatives, incident response preparations, and partnership with the government to enhance the reliability of our nation’s electric power grid. 

The U.S. electric power grid is often called the ‘largest machine in the world,’ and our society’s reliance on it is only increasing,” said Mark Weatherford, Principal at The Chertoff Group and former Deputy Under Secretary for Cybersecurity at the U.S. Department of Homeland Security. “As the grid transforms, it’s vital that we analyze and assess the risks in order to improve the security and resiliency of the electric grid.”

Download Full Report>>>

"Cybersecurity and Privacy Challenges with the Internet of Things"

By: Mark Weatherford
Published by Edelman.com

October 29, 2014

The Internet of Things  is coming. The term “Internet of Things” (IoT) refers to the increasing number of everyday objects – from airplanes, cars and trains, to light bulbs, blood pressure monitors and thermostats – that communicate with each other via the Internet. The IoT may provide fantastic new opportunities for humankind, but it may also lead to growing security risk and continued diminution of our privacy. It may do both.

Gartner has estimated that the number of things connected to the Internet will reach 26 billion by 2020 and John Chambers from Cisco has predicted that allowing these devices and applications to work together and create new services will realize savings to the tune of 19 trillion dollars.

While there are certainly profound efficiencies to be realized from the IoT in everything from manufacturing and agriculture, to health care and energy, there’s also a dark underside. When there is that much money involved, you can be assured that it will be very attractive to bad guys.

Read Full Article>>>

"Why Companies Need a Business Continuity Plan"

Published by Forbes.com

August 22, 2014

Christopher Skroupa:  At the time of a cyber-attack, how do company executives define and protect their most critical assets and put into place a business continuity plan?

Brian White:  It is important to note that at the time of an attack it will already be too late for a company executive to identify those critical assets.  The intruder will have located them and targeted these assets.   Once the company identifies the cyber intrusion, each second is critical to effectively responding.  With this in mind, it is essential for business executives to conduct a strategic review and analysis of their most vital assets and make investments to create a more resilient enterprise.  It’s not about what they should do at the time of an attack, but rather how they implement a response and recovery plan.  The biggest risk a company faces in today’s uncertainty of cyber-attacks is not being prepared.

Skroupa:  As cyber-attacks become more sophisticated, how does a company executive best prepare for agile risk management and prepare effective response plans?

White:  Practice is everything.  In today’s world of cyber uncertainty 100% protection against a cyber-attack is not possible, even with the strongest of security measures in place.  Therefore, creating an effective risk management and response plan is a key mitigation activity.  Companies and enterprises should prepare and practice table top exercises with key executives and work with crisis communications professionals.  Messaging the cyber-attack to customers and stakeholders must be included in an active response plan, both in protecting assets and restoring operational functionality.  Understanding the key decisions and having preemptive conversations on how to disclose the attack and seek to regain trust from customers is a fundamental step in developing an effective response plan.  Additionally, planning and preparation will be helpful in building the team regardless of whether it’s a cyber-event, a natural disaster or a product recall.

Skroupa: With an unforeseen attack, how can executives trust that their response plan will even work?

White:  The hard fact is that you will never know if the plan will work before a cyber-event.  But as General Dwight D. Eisenhower said, “Plans are nothing; planning is everything.”  The key is to engage in the process of planning and exercising so company stakeholders know their roles and responsibilities.  As a CEO, the first time meeting with the CISO and his or her team cannot be during the crisis.  Every plan will have opportunities and vulnerabilities.  Understanding the plan’s parameters and options will enable an executive to make decisions quickly and accurately at first response.  If the plan initially fails, they will have the knowledge to divert and implement a modified response.   An exercise two to three times a year for three to four hours each time will make all the difference if there is a major breach.

Read Full Article>>>

"Big Data and Cybersecurity Key Players in Dynamic M&A Market" 

By Sandra Jontz

Published in Signal Magazine

July 31, 2014

Enduring problems surrounding data analytics and emerging cyberthreats keep small businesses vital in mergers and acquisitions environment.

A resurgence of activity has hit the mergers and acquisition market this year, with companies operating in big data analytics and cybersecurity seeing a lot of the action, experts say.

"We believe [big data analytics] is going to be an enduring problem," said David Wodlinger, principal with Arlington Capital Partners, a leading investor firm in defense technology and the aerospace market. "Data is getting created at such an astronomical rate, the quality of sensors are getting so much better … that the market for companies that have the capabilities to analyze these massive amounts of data is going to be hot now and going to be hot for the foreseeable future.

“Similarly, cybersecurity is one problem that we don’t see a real solution to any time soon,” continued Wodlinger, a panelist on the Defense, Cyber, Intelligence and Homeland Security; Market Forecast and Emerging M&A Trends forum co-sponsored by The Chertoff Group and AFCEA International. “The problem is that adversaries keep … getting better at what they’re doing; consequently there is going to be a lot of [research and development] dollars spent on that.”

Small businesses with solutions to stamp out waste, fraud and abuse round out his top three of enduring business that will drive market movement and pique investors’ interest, said Wodlinger, also a member of the boards of directors of Novetta Solutions and Quantum Spatial.

There is a whirlwind of big companies buying smaller companies, setting up 2014 as a huge year for mergers and acquisitions. The economic recession spawned a new type of trend in the dynamic merger and acquisitions environment, said Jason Kaufman, principal at The Chertoff Group and the panel moderator.

“We had a long cycle of prosperity over the course of a dozen years where, because of the war years boom and post 9/11 spending, we had a lot of private equity groups who rushed to the market,” Kaufman said. “Since then, we obviously entered into a downturn, and over the course of that downturn, we’ve seen the emergence of a couple of new trends. … We’ve seen a new class of private equity firm come into the market to really focus on building scaled contractors who have the ability to remain agile and innovative and bring technology to the customer, but who also have enough size to handle large-scale programs.”

Read Full Article>>>

Our New Fear of Flying

The Ukraine shoot-down and FAA decision cry out for a revamping of global air security.

By Michael Chertoff

July 23, 2014

It may not exactly be easy to shoot down a civilian airliner—but it’s easier than ever before.

The missile attack on Malaysian Airlines Flight 17 over eastern Ukraine, and the decision by the Federal Aviation Administration to temporarily bar U.S. flights to Tel Aviv because of rocket fire, have riveted attention once again on the question of global aviation security. For aircraft cruising at high altitude, downing a plane requires either a relatively sophisticated missile or another aircraft, capabilities that up to now have been restricted to nation states (or their proxies). But recent developments in the global security situation, including the growing availability of less sophisticated technologies, suggest the rise of more broadly based threats to aviation in a number of regions around the world.

Read Full Article>>>

Building a Resilient Power Grid

Industry and government are working together to ensure necessary investments – not only to anticipate and prevent possible harm to critical energy supply – but also ensure a constant focus on building a more resilient grid.

By Michael Chertoff
Published in Edison Electric Institute's May/June Issue of "Electric Perspectives"

In the early morning hours of April 16, 2013, just 12 hours after the tragic Boston Marathon bombing, Pacific Gas and Electric’s (PG&E’s) Metcalf transmission substation, located just south of San Jose, CA, fell victim to well-planned and executed acts of sabotage.  Two fiber-optic lines running underground near the substation were cut, and more than 100 rifle shots were fired at the substation’s transformers and radiation cooling devices.  While substantial damage was done, it is important to note that no power was lost. Why? PG&E operators saw an anomaly in the system and acted in accordance with their training by rerouting power to another substation.  Their planning, training, monitoring, and response protocols helped them avoid a loss of power to a large portion of Silicon Valley.

There is no single solution that can completely eliminate each and every risk to our nation’s power grid.  However, the electric power industry and government can and are working together to ensure necessary investments – not only to anticipate, prepare for, and prevent possible harm to critical energy supply – but also to ensure a constant focus on building a more resilient grid. 

Read Full Article>>>

Why Every Board Should Care about Cybersecurity

By Michael Hayden, Principal with The Chertoff Group and Ben Besson, Lockton Companies

The Internet was originally designed to move large volumes of information among a limited number of trusted users.  Security was never a central component; no natural technical boundaries were put into place to protect information.  Today, the Internet has evolved into a massive global system essential to our daily lives, global commerce and national security. It also remains defined by the same core principals of openness, flexibility, speed and efficiency as when it was first created.   

Read Full Article>>>

Is Internet in Danger of Becoming "Splinternet"?

By Michael Hayden, Principal with The Chertoff Group and former director of the NSA and CIA 
Published in: CNN

The serial revelations by Edward Snowden, the former National Security Agency contractor who stole and leaked classified government information, have ignited a variety of disputes in the United States and around the world.

Is the collection of metadata, detailed records of phone calls and other communications, as benign or as malignant as it has been portrayed? What are the proper limits in conducting electronic surveillance of geopolitical allies or of ordinary citizens? How much government espionage activity must be publicly available to really give meaning to the concept of "consent of the governed"? Is it appropriate to secretly compel private enterprise to assist in intelligence collection?

Read Full Article>>>

Beyond Snowden: An NSA Reality Check

By Michael Hayden, Principal with The Chertoff Group and former director of the NSA and CIA 
Published in: World Affairs Jounral: January/February 2014

Despite continuing debates over debt limits and government shutdowns, the reach of NSA surveillance has become a hot and enduring topic. And foreign leaders are weighing in on the scope of alleged NSA activities against them.

Read Full Article>>>

2014 Market Outlook:  Jason Kaufman of Chertoff Capital Expects Surge in M&A Activity as Renewed Market Certainty Drives Cautious Optimism

By Jason Kaufman, Head of Investment Banking, Chertoff Capital 
Published in: Washington Executive, January 8 , 2013

Deal makers often greet the new year with optimism and this year is no different. Chertoff Capital expects a surge in mergers and acquisitions (M&A) in 2014 as renewed market certaintly enables a return to strategic planning and measured risk tolerance.  

Read Full Article>>>

US Must Tackle Cyberattacks from Chinese

By Michael Chertoff and Michael Hayden, Co-Founder and Principal with The Chertoff Group 
Published in: The Hill, April 18, 2013

The American public is waking up to a reality that many in government have known for some time — the threat of cyber espionage and intrusions, particularly from China.  

Read Full Article>>>

The Chertoff Group Partners with the FCC to Launch Smartphone Security Checker to Help Consumers Protect Mobile Devices This Holiday Season

By The Chertoff Group
Published:  December 18, 2012

More than 20 million Americans will unwrap a new mobile device this holiday season, but most smartphone users admit they don’t know how to protect themselves from mobile security threats

Read Full Article>>>

The Chertoff Group is Proud to Work with the FCC to Release Small Biz Cyber Planning 2.0 to Empower Small Businesses with Customizable Cybersecurity Plans

By The Chertoff Group
Published:  October 18, 2012

Small businesses are more dependent on the Internet than ever before, but 83 percent don't have a formal cybersecurity plan to protect against cyber threats.  

Read Full Article>>>

When Intel Meets the Political Debate

By General Michael Hayden, Principal 
Published in: The Washington Post, October 1, 2012

The intersection of intelligence reporting and policymaking is tricky.  

Read Full Article>>>

The Lesson of Google's Safari Hack

By Michael Chertoff, Chairman & Co-Founder
Published in: The Wall Street Journal - July 23, 2012

In the cyber age, privacy and security are two sides of the same coin. Digital privacy concerns can't be separated from security ones, and vice versa.

Read Full Article>>>

Cloud Computing and the Looming Global Privacy Battle

By Michael Chertoff, Chairman & Co-Founder
Published in: Washington Post

Agrave threat is said to be stalking Europe. No, it isn’t the financial crisis and the potential demise of the euro. It’s the “rapacious” U.S. approach to privacy — which portends, for those engaged in the development of cloud architecture, a coming “clash” of privacy laws.

Read Full Article>>>

China's Cyber Thievery Is National Policy—And Must Be Challenged

By Michael Chertoff, Chairman & Co-Founder, Mike McConnell & William Lynn

Published in: Wall Street Journal - January 27, 2012

Only three months ago, we would have violated U.S. secrecy laws by sharing what we write here—even though, as a former director of national intelligence, secretary of homeland security, and deputy secretary of defense, we have long known it to be true. The Chinese government has a national policy of economic espionage in cyberspace. In fact, the Chinese are the world's most active and persistent practitioners of cyber espionage today.

Read Full Article>>>

Can We Trust the Cloud to Protect Sensitive Law Enforcement Information?

By Michael Chertoff, Chairman & Co-Founder
Published in: safegov.org - January 18, 2012

Can we trust the cloud to protect sensitive law enforcement information? Today, the best answer to this question is- no pun intended - very cloudy.

There are good reasons to consider cloud storage - storage of large amounts of electronic information on servers hosted by third parties and located in one or more physical locations
beyond those controlled by the party responsible for the data.

Read Full Article>>>

A New Line of Defense in Cybersecurity, With Help From the SEC

By Jay Rockefeller and Michael Chertoff, Chairman & Co-Founder
Published in: The Washington Post - November 17, 2011

We have been in enough classified briefings over the years to know the details of the most significant threats to our national security and our way of life. One vulnerability in particular keeps us up at night: the state of our nation’s cybersecurity.

Read Full Article>>>

The World's 7 Most Powerful Defenders & Offenders

By Michael Hayden, Principal
Published in: Forbes - November, 2011

"Global security can be formed or threatened by heads of state whose wisdom, folly and obsessions shape global events. But often it is the security practitioners, those rarely in the headlines but whose craft and energy quietly break new ground, who keep us safe or put us in peril."

Read Full Article>>>

Re-Examining Our Bio-Defense

By Jeffrey Runge, Principal
Published in: Politico - October 20, 2011

This is the 10th anniversary of the anthrax letters – a deadly small-scale attack on our nation’s leadership and many innocent citizens. I was stunned to see some responses after three years of virtual radio silence by the Obama administration and the Congress, the very institution targeted by the “warning shot” from a lone wolf terrorist.

Read Full Article>>>

What's At Stake in the Cloud?

By Michael Hayden, Chairman & Co-Founder
Published in: The Hill - October 4, 2011

The new federal strategy for implementing cloud-computing solutions is called “Cloud First”— and with good reason. We now systematically prefer cloud-computing solutions to those based on local servers and laptops. The allure of efficiencies, economies of scale, high-end services and — most importantly — reduced costs are almost irresistible.

Read Full Article>>>

Our Salt Risks Draining into Cyberspace

By John Reid, Principal
Published in: Financial Times - June 22, 2011

The news was dominated on Wednesday by reports of the arrest of a suspected British teenage computer hacker, in connection with a range of security breaches including attacks on the website of the CIA and the UK’s Serious Organised Crime Agency. We can expect many more such events as our security agencies struggle to address the challenges of cyberspace.

Read Full Article>>>

Chertoff: Looking Ahead to What's Next in the War on Terror

By Michael Chertoff, Chairman & Co-Founder
Published in: USA Today - May 2, 2011

With the World Trade Center still smoldering, America promised to bring Osama bin Laden to justice or justice to him. President Obama's announcement that bin Laden has been killed brings a tremendous amount of gratification for all those who have fought for years to achieve this result as well as great comfort to those who lost loved ones on Sept. 11, 2001. There is no doubt, this is a great moment for America.

Read Full Article>>>

What Happens After Gaddafi is Removed?

By Michael Chertoff, Chairman & Co-Founder and Michael Hayden, Principal
Published in: The Washington Post - April 21, 2011

Libyan rebels have made it clear that any proposal to cease fighting and end their current battle against the Libyan government must include the removal of Moammar Gaddafi. President Obama, along with French President Nicolas Sarkozy and British Prime Minister David Cameron, has repeatedly called for the removal of this violent dictator. The objective is clear. And Libya’s future is being determined by a civil war, one in which we unarguably have a hand.

Read Full Article>>>

Ten Years Later

By Michael Hayden, Principal
Published in: World Affairs Journal - September/October 2011

As dusk fell on September 11, 2001, I made my way to the NSA office responsible for counterterrorism analysis. These analysts were still located on a floor near the top of one of our high-rise headquarters buildings because we could not afford the disruption in mission that would have resulted from moving them into spaces in the lower, presumably safer, ops building to which most essential personnel had decamped hours earlier.

Read Full Article>>>

The Future of Things "Cyber"

By Michael Hayden, Principal
Published in: Strategic Studies Quarterly - Spring 2011

In the Spring 2011 edition of Strategic Studies Quarterly, General Michael Hayden discusses the lack of clarity and agreement found among government officials and the private sector on how to create a more secure cyber space. He poses several important questions such as whether cyber is really a domain? What constitutes a reasonable expectation of privacy? What we should expect from the private sector? And is defense possible? While there are many other tough questions out there, General Hayden states that until these and others like them are answered, "we could be forced to live in the worst of all possible cyber worlds � routinely vulnerable to attack and self-restrained from bringing our own power to bear."

Read Full Article>>>

Defending Against Terror Threat to Cargo

By Jayson P. Ahern, Principal
Published in: CNN - November 11, 2010

Recently, the United States was tipped off by Saudi Arabian authorities that packages laden with explosives were en route to the United States.

With little time to react, the United States, as well as allied countries around the world, led a vigorous search through the multifaceted international cargo shipping system, ultimately discovering the packages, within hours of detonation, in time to prevent a devastating attack.

Read Full Article>>>

Chertoff: Keeping America Safe

By Michael Chertoff, Chairman & Co-Founder
Published in: The Washington Times - December 26, 2008

Why has our country remained safe since September 11? Because of concrete policies the president has pursued - policies that range from reorganizing the intelligence community to taking the fight to our enemies, from monitoring terrorist communications to creating the Department of Homeland Security.

Read Full Article>>>

We Should Be Prepared for an Emergency

By Michael Chertoff, Chairman & Co-Founder
Published in: The Vindicator - January 5, 2009

With the new year comes the inevitable urge to make ambitious resolutions for 2009. High on people's lists should be a resolve to become better prepared for emergencies.

Read Full Article>>>

Texting with Terrorists

By Richard A. Falkenrath, Principal
Published in: The New York Times - August 9, 2010

WHEN the United Arab Emirates announced last week that it would suspend BlackBerry service within its borders starting this fall, business travelers who rely on the handheld devices reacted with understandable dismay. But the decision was greeted quite differently by the men and women who make a living hunting terrorists, smugglers, human traffickers, foreign agents and the occasional team of clumsy assassins. Among law enforcement investigators and intelligence officers, the Emirates’ decision met with approval, admiration and perhaps even a touch of envy.

Read Full Article>>>











security services

“Our principals earned their reputations through direct operational responsibility and demonstrating successful results. By applying that same dedicated ‘hands on’ approach, we are now helping our clients achieve their objectives.”

Michael Chertoff