Cybersecurity and Cyberwarfare

Early last August, an envelope with extraordinary handling restrictions arrived at the White House. Sent by courier from the CIA, it carried “eyes only” instructions that its contents be shown to just four people: President Barack Obama and three senior aides. Only in the administration’s final weeks in office did it tell the public, in a declassified report, what officials had learned from Brennan in August — that Russian President Vladimir Putin was working to elect Donald Trump.

Over that five-month interval, the Obama administration secretly debated dozens of options for deterring or punishing Russia, including cyberattacks on Russian infrastructure, the release of CIA-gathered material that might embarrass Putin and sanctions that officials said could “crater” the Russian economy. But in the end, in late December, President Obama approved a modest package combining measures that had been drawn up to punish Russia for other issues — expulsions of 35 diplomats and the closure of two Russian compounds — with economic sanctions so narrowly targeted that even those who helped design them describe their impact as largely symbolic. President Obama also approved a previously undisclosed covert measure that authorized planting cyber weapons in Russia’s infrastructure, the digital equivalent of bombs that could be detonated if the United States found itself in an escalating exchange with Moscow. The project, which President Obama approved in a covert-action finding, was still in its planning stages when he left office. It would be up to President Trump to decide whether to use the capability.

The House Communications Subcommittee, chaired by Rep Marsha Blackburn (R-TN), held a hearing examining cybersecurity risks to wireless technologies with a particular focus on wireless networks and mobile devices. Cyber criminals often utilize a number of strategies to launch attacks on wireless technologies. Often times exploiting vulnerabilities within a network to gain unauthorized access to wireless networks or target mobile devices through malware and phishing attacks.

“Mobile connectivity has become essential to our daily lives as a result of advances in technology and consumer demand,” said Chairman Blackburn. “Increasing reliance on wireless devices and networks has provided more avenues for cyber criminals to compromise our security and harm consumers. Hackers are smart and they are adapting. The sophistication and frequency of cyberattacks against mobile devices continues to escalate and we must meet this challenge head on.”

Top Democratic Sens on the Homeland Security Committee are asking inspectors general at 24 federal agencies to investigate whether Trump Administration officials are skirting federal records laws by using encrypted and vanishing messaging apps. The committee’s current and former ranking members, Sens Claire McCaskill (D-MO) and Tom Carper (D-DE) also want the IGs to investigate whether top agency officials are barring staffers from responding to information requests from congressional Democrats.

That request follows a report that Trump Administration lawyers advised agencies to ignore Democratic requests. The senators collected the requests into a single, alphabetically arranged document that runs to 120 pages, beginning with the Agriculture Department IG and ending with Veterans Affairs.

Russia’s cyberattack on the US electoral system before Donald Trump’s election was far more widespread than has been publicly revealed, including incursions into voter databases and software systems in almost twice as many states as previously reported.

The scope and sophistication so concerned Obama administration officials that they took an unprecedented step -- complaining directly to Moscow over a modern-day “red phone.” In October, the White House contacted the Kremlin on the back channel to offer detailed documents of what it said was Russia’s role in election meddling and to warn that the attacks risked setting off a broader conflict. The new details, buttressed by a classified National Security Agency document recently disclosed by the Intercept, show the scope of alleged hacking that federal investigators are scrutinizing as they look into whether Trump campaign officials may have colluded in the efforts. But they also paint a worrisome picture for future elections: The newest portrayal of potentially deep vulnerabilities in the US’s patchwork of voting technologies comes less than a week after former FBI Director James Comey warned Congress that Moscow isn’t done meddling.

Russian hackers were meddling with the 2016 US election right from the start of the campaign season. Former FBI director James Comey testified before a Senate Intelligence hearing on June 8, a month after President Donald Trump fired him on May 9. The hearing, centered on Comey's conversations with President Trump, comes amid the FBI's investigations into potential campaign ties with Russia that continue to haunt the commander-in-chief. Allegations of Russian influence on the US presidential election stretch all the way back before the midyear Democratic National Convention, when hackers spear-phished officials and released documents through WikiLeaks.

NTIA, on behalf of the Department of Commerce, is requesting comment on actions that can be taken to address automated and distributed threats to the digital ecosystem as part of the activity directed by the President in Executive Order 13800, "Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure." Through this Request for Comments, NTIA seeks broad input from all interested stakeholders - including private industry, academia, civil society, and other security experts - on ways to improve industry's ability to reduce threats perpetuated by automated distributed attacks, such as botnets, and what role, if any, the U.S. Government should play in this area.

The Subcommittee on Oversight and Investigations, chaired by Rep Tim Murphy (R-PA), held a hearing examining the Department of Health and Human Services’ (HHS) role in cybersecurity efforts within the health care sector. Discussed during the hearing were two reports that HHS was required to submit to Congress, following the implementation of the Cybersecurity Information Sharing Act (CISA), which became law in 2015. The reports outline the department’s internal cybersecurity processes and industry recommendations for what the federal government and industry can do to improve cybersecurity efforts in the health care sector.

Building on the success of its two previous PrivacyCon events, the Federal Trade Commission is announcing a call for presentations for its third PrivacyCon, which will take place on February 28, 2018.

The call for presentations seeks research and input on a wide range of issues and questions to build on previously presented research and promote discussion, including:
What are the greatest threats to consumer privacy today? What are the costs of mitigating these threats? How are the threats evolving? How does the evolving nature of the threats impact consumer welfare and the costs of mitigation?
How can companies weigh the costs and benefits of security-by-design techniques and privacy-protective technologies and behaviors? How can companies weigh the costs and benefits of individual tools or practices?
How can companies assess consumers’ privacy preferences?
Are there market failures (e.g. information asymmetries, externalities) in the area of privacy and data security? If so, what tools and strategies can businesses or consumers use to overcome or mitigate those failures? How can policymakers address those failures?

Submissions for PrivacyCon must be made by November 17, 2017.

Two of the nation’s top intelligence officials said in a hearing they would not discuss specifics of private conversations with President Donald Trump, declining to say whether they had been asked to push back against an FBI probe into possible coordination between his campaign and the Russian government.

Testifying before the Senate Intelligence Committee, Director of National Intelligence Daniel Coats refused to say whether it was true that President Trump asked Coats if he could reach out to then-FBI Director James B. Comey and dissuade him from pursuing the Michael Flynn matter. “I don’t believe it’s appropriate for me to address that in a public session,’’ Coats said. “I don’t think this is the appropriate venue to do this in.’’ He added: “I have never felt pressure to intervene or interfere in any way … in an ongoing investigation.’’ Similarly, National Security Agency Director Michael S. Rogers declined to directly answer Sen Mark Warner’s (D-VA) question of whether President Trump sought his aid in downplaying the investigation.

Here are 5 other questions that remain unknown about this story and the ongoing threat that national security officials say Russia poses to the integrity of American elections.
1. How widespread are these attacks?
2. Can the federal government do more?
3. Why do these leaks keep happening?
4. Why can't the US stop these cyberattacks?
5. Will this change Trump's tune?