national security policy

On Microsoft’s Lousy Cloud Security

| | cloud computing, Cybersecurity, Microsoft, national security policy, security theater, Uncategorized
ProPublica has a scoop: In late 2024, the federal government’s cybersecurity evaluators rendered a troubling verdict on one of Microsoft’s biggest cloud computing offerings. The tech giant’s “lack of proper detailed security ...
Schneier on Security

US Bans All Foreign-Made Consumer Routers

| | china, cyberattack, hardware, national security policy, Uncategorized
This is for new routers; you don’t have to throw away your existing ones: The Executive Branch determination noted that foreign-produced routers (1) introduce “a supply chain vulnerability that could disrupt the ...
Schneier on Security

Is “Hackback” Official US Cybersecurity Strategy?

| | Cybersecurity, hackback, Hacking, national security policy, Uncategorized
The 2026 US “Cyber Strategy for America” document is mostly the same thing we’ve seen out of the White House for over a decade, but with a more aggressive tone. But one ...
Schneier on Security

Is “Hackback” Official US Cybersecurity Strategy?

| | Cybersecurity, hackback, Hacking, national security policy, Uncategorized
The 2026 US “Cyber Strategy for America” document is mostly the same thing we’ve seen out of the White House for over a decade, but with a more aggressive tone. But one ...
Schneier on Security
The Danger of Treating CyberCrime as War - The New National Cybersecurity Strategy

The Danger of Treating CyberCrime as War – The New National Cybersecurity Strategy

| | 2026 National Cyber Strategy, Adversary Disruption, Critical Infrastructure Protection, Cyber Deterrence, Cyber Power Projection, Cybercrime Economics, Cybersecurity Incentives, Federal Cybersecurity Posture, national security policy, Office of the National Cyber Director, Private Sector Cooperation., ransomware mitigation, Regulatory Burden, secure by design, Threat Actor Profiling
The March 2026 Cyber Strategy shifts focus from private sector compliance to national power and adversary disruption. Explore the tension between geopolitical deterrence and the economic realities of cybercrime ...
Security Boulevard

CVE Program Almost Unfunded

| | DHS, national security policy, Uncategorized
Mitre’s CVE’s program—which provides common naming and other informational resources about cybersecurity vulnerabilities—was about to be cancelled, as the US Department of Homeland Security failed to renew the contact. It was funded ...
Schneier on Security

Arguing Against CALEA

| | CALEA, Cybersecurity, eavesdropping, national security policy, Telecom, Uncategorized
At a Congressional hearing earlier this week, Matt Blaze made the point that CALEA, the 1994 law that forces telecoms to make phone calls wiretappable, is outdated in today’s threat environment and ...
Schneier on Security

DIRNSA Fired

| | national security policy, nsa, Privacy, surveillance, Uncategorized
In “Secrets and Lies” (2000), I wrote: It is poor civic hygiene to install technologies that could someday facilitate a police state. It’s something a bunch of us were saying at the ...
Schneier on Security

DOGE as a National Cyberattack

| | breaches, Hacking, national security policy, Uncategorized
In the span of just weeks, the US government has experienced what may be the most consequential security breach in its history—not through a sophisticated cyberattack or an act of foreign espionage, ...
Schneier on Security

The Scale of Geoblocking by Nation

| | academic papers, Cuba, national security policy, Privacy, surveillance, Uncategorized
Interesting analysis: We introduce and explore a little-known threat to digital equality and freedom­websites geoblocking users in response to political risks from sanctions. U.S. policy prioritizes internet freedom and access to information ...
Schneier on Security
Load more