Distilling Cyber Policy

In this episode of Distilling Cyber Policy, Alex Botting and Jen Ellis from the Center for Cybersecurity Policy & Law sat down with Joshua Corman, co-founder of I Am The Cavalry, to learn more about the movement and its significant impact on the development of cybersecurity policy.  In addition to the above, this week’s episode features recent cyber policy developments from Japan, the U.K., and Bangladesh, as well as some tricky cryptography trivia. News Section:Chinese military hackers penetrated Japan’s most sensitive computer networksPolice Service of Northern Ireland (PSNI) BreachesNorfolk and Suffolk police: Victims and witnesses hit by data breachBangladesh proposes a new Cybersecurity LawInterview Section:I Am The Cavalry SiteOriginal Cavalry Launch video "The Cavalry Isn't Coming…10 Years Later Keynote "And together we crossed the river.. "Cavalry Track Day 1Cavalry Track Day 2Trivia Section:Skipjack

In this episode of Distilling Cyber Policy, hosts Alex Botting and Jen Ellis dive into the world of hacker conferences with guests Beau Woods and Harley Geiger. The discussion focuses on the importance of collaboration between the policy and security communities at these events, and the unique policy learning opportunities at the upcoming DEF CON, the world’s biggest hacker conference. News:Kenya Experiences Major Cyber AttackSEC Adopts Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public CompaniesDNI Haines Statement on the President’s Intent to Nominate Harry Coker Jr. as the National Cyber DirectorInterview:Beau WoodsHarley GeigerHacking Policy CouncilThe Hackers, the Lawyers, and the Defense Fund - Harley's Presentation at DEF CONPolicy @ DEF CONAI Village @ DEF CON 31Hacker Summer Camp Party ListTrivia: EFF Tech Trivia @ DEF CON 31Investigation Into Encrypted Phone Network Leads to 6,500 ArrestsIf you have a trivia question for Jen and Alex, email it to info@centerforcybersecuritypolicy.org!

In this episode of Distilling Cyber Policy, hosts Alex Botting and Jen Ellis engage in a riveting conversation with Kaja Ciglic, Senior Director of Digital Diplomacy at Microsoft. The discussion delves into the proposed UN Cybercrime Convention, including its origins and scope, as well as some of the treaty’s most contentious topics. The hosts and Kaja also touch on the role of industry and civil society in shaping cyber policy, emphasizing the importance of diverse voices in these critical conversations.News:National Cyber Strategy Issues Implementation Plan Acting National Cyber Director Withdraws NominationWhite House IoT Labeling ProgramEvaluation of the European Union Agency for Cybersecurity (ENISA) and the European Cybersecurity Certification FrameworkInterview Section:UN Cybercrime Convention DraftParis CallThe Budapest Convention on Cyber CrimeTrivia:Intelligence-Driven Incident Response, 2nd Edition by Rebekah Brown, Scott J. RobertsPPD-41

In this episode of Distilling Cyber Policy, hosts Alex Botting and Jen Ellis engage in a thought-provoking discussion with cybersecurity expert and Member of European Parliament, Bart Groothuis. The conversation centers around the Cyber Resilience Act (CRA), its implications for cybersecurity globally, and how to address untrustworthy vendors in European networks..MEP Groothuis, drawing from his experience as Parliament's cybersecurity rapporteur, sheds light on the extensive influence an individual can have in shaping legislation. He emphasizes the importance of understanding the subject matter and leveraging expertise to convince stakeholders, ultimately shaping the language and provisions of the CRA. This insightful perspective highlights the significant role of security professionals in driving meaningful change.The conversation then delves into the concept of software liability.  Groothuis explains how the legislation provides a framework for legal disputes arising from cybersecurity incidents. He emphasizes the need for clear legislation concerning risky vendors, particularly those associated with countries known for offensive espionage programs.  Groothuis advocates for de-risking practices and the incorporation of non-technical factors when evaluating software for critical infrastructure.Throughout the episode, Groothuis’ expertise and passion for cybersecurity legislation shine. His calls for stronger measures against risky vendors and his efforts to ensure the protection of critical infrastructure create a compelling narrative. Listeners gain valuable insights into the complex world of cybersecurity legislation and the vital role it plays in securing our digital landscape.Additional Resources:Europol press release on EncroChatAustralia’s New National Cyber CoordinatorGoogle Announces $20M for Cyber ClinicsCRA ProposalITRE Amendments:Amendments 124-404Amendments 405-546