The Wire
News & Dispatches
Shorter-form analysis on the developments shaping cyber law and security — between the volumes.
All news
Disrupting the syndicate: ransomware-as-a-service takedowns and the reach of law-enforcement operations
A series of coordinated international operations against ransomware-as-a-service infrastructure has again demonstrated both the promise and the limits of law-enforcement disruption as a counter-ransomware strategy. By s…
State responsibility returns to the fore as nations trade cyber accusations
A fresh round of public attributions this spring — several routed through joint government advisories rather than press releases — has pushed the old question of state responsibility back to the center of the cyber-law…
Software liability debate sharpens as SBOM mandates take hold
By: Kate Fazzini
The clock starts on CMMC: enforcement and the defense industrial base's compliance reckoning
As Cybersecurity Maturity Model Certification requirements phase into defense contracts through 2026, the defense industrial base is confronting the transition from aspirational cybersecurity guidance to enforceable con…
Agencies race to inventory cryptography ahead of post-quantum deadlines
With migration timelines to post-quantum cryptography now firmly on the calendar, federal agencies and their vendors are in the unglamorous phase of the work: discovering where, exactly, vulnerable public-key cryptograp…
Synthetic media and the ballot: election-integrity law heading into the 2026 midterms
With the 2026 U.S. midterms approaching, state legislatures and election administrators are racing to finalize rules governing AI-generated audio and video in political communications. A patchwork of state statutes now…
Cyber insurance war-exclusion clauses face renewed scrutiny
By: Kate Fazzini
Commercial spyware controls tighten as transparency gaps persist
The multinational effort to rein in the commercial spyware market entered a more demanding phase this winter, as governments that signed on to earlier joint principles began translating them into export controls, visa r…
When the defender is an algorithm: liability and command responsibility for autonomous cyber-defense agents
As enterprises and defense agencies increasingly deploy AI agents that detect, triage, and actively counter intrusions without a human in the loop, a difficult legal question has moved from the seminar room to the opera…
After the framework: data sovereignty, localization mandates, and the next transatlantic transfer regime
Cross-border data flows entered 2026 under renewed legal strain, as multinational firms confront a widening gap between the promise of stable transatlantic transfer mechanisms and the reality of proliferating data-local…
FY2026 NDAA carries a heavy cyber agenda into law
By: Kate Fazzini
Undersea cable incidents expose gaps in the law of critical infrastructure
A series of damaged submarine cables over the past year has drawn new attention to the thin legal protections around the physical backbone of the internet — and to how hard it is to distinguish accident from deliberate…
The state privacy patchwork hardens into an interstate compliance maze
By late 2025, roughly two dozen states had enacted comprehensive consumer privacy laws, and a fresh wave took effect during the year, deepening a compliance environment that businesses increasingly describe as unmanagea…
Healthcare ransomware renews calls for critical-infrastructure standards
By: Kate Fazzini
OFAC sanctions test the legal reach against ransomware's enablers
The Treasury Department's Office of Foreign Assets Control continued through 2025 to expand its use of sanctions against the infrastructure that makes ransomware profitable, designating cryptocurrency exchanges, mixing…
Autonomy in cyber operations tests the limits of existing law
As militaries fold more automation into both cyber defense and offense, legal scholars are asking whether accountability rules built for human decision-making can survive contact with machine-speed operations.
CIRCIA's reporting rule tests the limits of mandatory incident disclosure
The rulemaking to implement the Cyber Incident Reporting for Critical Infrastructure Act, known as CIRCIA, remained one of the most consequential and contested cyber-policy processes of 2025. Enacted in 2022, the statut…
EU Cyber Resilience Act enforcement begins to bite
By: Kate Fazzini
Water utilities under siege renew the fight over ICS oversight
A run of intrusions into water and wastewater industrial control systems has kept critical-infrastructure defenders on alert through 2025, reviving a regulatory fight that has simmered for years. Small and mid-sized uti…
UN cybercrime convention splits experts over surveillance risks
As governments weigh signature and ratification of the UN cybercrime convention, the treaty has become a flashpoint between the goal of cross-border cooperation and fears that its broad reach could legitimize surveillan…
The SEC's cyber disclosure rule meets its materiality reckoning
More than a year after the Securities and Exchange Commission's cybersecurity incident-disclosure rule took full effect, 2025 opened with the market still struggling to define its central term. The rule requires public…
Telecom breach fallout drives a reckoning on network security duties
By: Kate Fazzini
Defense contractor teams up with Microsoft to develop battlefield technology
Defense contractor Anduril Industries announced earlier this month it reached an agreement with Microsoft to develop cybernetic enhancements for soldiers in remote, dangerous locations.
Navy’s college Cyber Resiliency Challenge sees George Mason, USF on top
This week, the Naval Surface Warfare Center Dahlgren Division held its Cyber Resiliency and Measurement Challenge, a yearly event meant to highlight upcoming talent at universities with cyber warfare curricula.
Anniversary of China tech ban: what JLCW experts say about contracting and the role of the enterprise
By: Kate Fazzini