On November 14, 2014, The Chertoff Group released a new report examining the resiliency of the American electric grid against cyber and physical security threats. The report, Addressing Dynamic Threats to the Electric Power Grid Through Resilience, outlines the industry’s multipronged approach to grid security, including critical infrastructure standards, voluntary security initiatives, incident response preparations, and partnership with the government to enhance the reliability of our nation’s electric power grid.
U.S. policy makers are currently engaged in a debate regarding the merits of mandating a means of “extraordinary access” to encrypted data for U.S. law enforcement or what is sometimes referred to as an encryption “backdoor.” This paper examines modern encryption technologies, the feasibility of providing law enforcement with extraordinary access, the impact that encryption technology is currently having on U.S. law enforcement (which some have referred to as “going dark”), and the likely impacts that an extraordinary access requirement would have on U.S. national security, the technology sector, and continued innovation in the security field.
The transition to a global Internet economy has been accompanied by a significant change in the nature of law enforcement activity. Evidence that formerly was available within the boundaries of a single jurisdiction and could be collected through the operation of domestic law now is often collected, stored, and processed globally by transnational companies. As a result significant potential exists for the disruption of law enforcement activities because those who hold relevant evidence may be subject to conflicting legal obligations, unilateral actions by a single jurisdiction, and significant economic pressures. Authored by experts within The Chertoff Group, Law Enforcement Access to Data in the Cloud Era outlines the scope of the problem and surveys existing technical, legal, and policy conflicts. While it does not endorse a single solution, this paper identifies potential responses to the changing dynamic.
Cyber-attacks are a present and growing danger. Massive data breaches and a steady stream of reports about vulnerability have put boardrooms on high alert and spurred companies to dedicate more resources to cyber-breach preparedness, response, and recovery. In 2013, the US budget for cybersecurity products and services exceeded US$67 billion. In addition, cyber-insurance premiums reached US$1.3 billion, and Marsh & McLennan Companies data indicates that take-up rates are climbing for a wide range of industries. With hackers constantly refining techniques and succeeding in their efforts, are we closing the gap on the cyber threat or falling farther behind?
“Insider threat” is no longer just a security buzzword; it has become an enterprise concern commanding executive-level attention. A new white paper, Stopping The Insider Threat, produced in collaboration between The Chertoff Group and SailPoint, a leading independent identity and access management (IAM) provider, seeks to inform the conversation around the importance of a complete Identity and access Management strategy in protecting against insider attacks.
The “Cybersecurity Sprint” of July 2015, launched by the White House in the wake of major breaches at the Office of Personal Management (OPM), was critical to efforts to improve the security of Federal IT systems. Federal agencies made significant progress in this initial 30 day sprint, closing the vulnerabilities associated with passwords and pushing agencies to increase their use of two-factor authentication to mitigate the risk of stolen credentials. However, it is important that agencies do not simply check the two-factor authentication box and proclaim they have “solved” identity security.
A new white paper, “Securing Identity Does Not Stop with Strong Authentication,” produced in collaboration between The Chertoff Group and SailPoint, a leading independent identity and access management (IAM) provider, seeks to inform the conversation around the importance of identity governance for federal agencies.