This Week in Cyber

NATHANIEL GLEICHER, Head of Cybersecurity Strategy, Illumio

Four things I’m reading this week:

  1. USG Modernizing Its Systems: The Federal CTO yesterday released new guidance directing federal agencies to prioritize their most critical networks and use resources from the new $3.1 billion IT Modernization Fund to modernize them. The guidance is obviously pretty high level, but it’s great to see. A concerted push to modernize government IT, combined with an effort to identify and focus on the most critical systems is a great step forward. I’m reading: “Laying the Foundation for a More Secure, Modern Government.”
  2. The March of Cyber Regulations: Earlier this month, the three federal banking regulatory agencies released an advance notice of proposed rulemaking that would apply enhanced cybersecurity standards to large regulated financial institutions. The proposed rulemaking is 48 pages long, and still only in the notice-and-comment period. But it’s still a big deal. New York has already released draft regulations that impose additional liability and requirements on New York financial institutions (barring unanticipated surprises, they go into effect in January 2017). This latest move adds the federal government to the party. We’re only going to see more of these requirements as time passes and awareness of and focus on the cybersecurity threat grows. I’m reading: “Governor Cuomo Announces Proposal of First-in-the-Nation Cybersecurity Regulation to Protect Consumers and Financial Institutions.”
  3. Everybody’s Talking About Emails: Everyone today is focused on FBI Director Comey’s letter to Congress concerning “emails that appear to be pertinent” to their ongoing investigation into “former Secretary Clinton’s personal email server.” There’s a lot of headlines being written about it. I recommend this Lawfare, which puts the new letter in context and explains what’s going on: “Memo to the Press: What Comey’s Letter Does and Doesn’t Mean.”
  4. Would You Like Some Artisanal, AI-Built Encryption: Google recently tasked two AI systems with figuring out how to have an encrypted communication, and a third AI system with trying to surreptitiously listen in. What happened? The short answer is that the cracking AI lost (the conversation remained secret). But the much more interesting outcome is the “oddly inhuman cryptographic schemes” created by the two communicating systems. It will be interesting to see how injecting AI-design into complex systems like cryptography will shift and/or improve our solutions. No doubt there’s plenty more to come! I’m reading: “Google’s AI creates its own inhuman encryption.”

Originally published at www.illumio.com.