Politico: Congress gets started early on future cyber debates

August 24, 2017
In The News

HANDS OFF OUR CYBER DIPLOMATS — Congress is still out on recess and lawmakers are still back in their districts, but we’re already seeing rumblings of the legislative cyber debates to come. On Wednesday, six House Democrats moved to block Secretary of State Rex Tillerson from closing the State Department office that coordinates government-wide cyber diplomacy. Rep. Debbie Dingell filed an amendment — co-sponsored by Reps. Jacky Rosen, Kathleen Rice, Ted Lieu, top Intelligence Committee Democrat Adam Schiff and top Homeland Security Committee Democrat Bennie Thompson — stipulating that none of the funds in a House spending bill for several agencies “may be used to close the Office of the Coordinator for Cyber Issues … or to merge such Office with any other office or entity in the Department of State.”

Former State Cyber Coordinator Christopher Painter — a veteran of cyber negotiations with foreign governments — abruptly left the department at the end of July, and Tillerson plans to merge the cyber office with State’s economic bureau. In late July, Dingell and nearly two dozen House colleagues warned Tillerson to leave the office intact. “At a time when the world is more interconnected than ever and we face constant cyber threats from state actors,” they wrote, “it is vital that we retain a high-level diplomatic role to report directly to the Secretary on global cybersecurity.”

— AND NO LOVE LOST HERE: Senate Armed Services Committee Chairman John McCain on Wednesday chided the Trump and Obama administrations for not showing enough backbone on cybersecurity. “Unfortunately, leadership from the executive branch on cybersecurity has been weak. As America’s enemies seized the initiative in cyberspace, the last administration offered no serious cyber deterrence policy and strategy,” McCain said in prepared remarks at a cybersecurity conference hosted by Arizona State University. “And while the current administration promised a cyber policy within 90 days of inauguration, we still have not seen a plan.” President Donald Trump signed a long-awaited executive order on cybersecurity in May, but tangible results from the action have been slow in coming. McCain said that “despite inaction” from the executive branch, Congress “has not stood still.” He said the Armed Services panel “has implemented more than 50 provisions focused on organizing and enabling DoD to address threats in cyberspace” over the last four years. The Arizona Republican also pointed to the Senate’s draft of the annual defense policy bill, which calls for a cyber review that would clarify the country’s cyber strategy and help “defines the threat.”

And while McCain said he is “pleased” the administration elevated U.S. Cyber Command, he called for “greater centralization” in the federal government when it comes to cybersecurity. “It makes little sense for us to continue down our current path, overgrown with bureaucracy and choked by duplication,” he told the audience. “Not surprisingly, this three-legged structure — DOD, DHS and FBI — undermines the unified strategic guidance required to meet cyber threats and slows our response.” He predicted that “poorly defined” responsibilities and a lack full legal authorities among the agencies would put the U.S. at a disadvantage. “My friends, I can assure you that our enemies are not the junior varsity. Until we reassess the cumbersome status quo, in place since the early years of the Obama administration, our own capabilities will be needlessly limited.”

THIS AGAIN? — The Department of Homeland Security on Wednesday offered new information about North Korea’s cyber operations and the networks that it uses to launch attacks. The new DHS report assesses key parts of the malware and infrastructure that North Korea uses for its digital warfare campaign, which the government has dubbed “Hidden Cobra.” DHS previously identified 630 IP addresses associated with servers that have powered distributed denial-of-service attacks — in which websites are blasted with traffic until they collapse — and distributed malware-laden files. Cybersecurity researchers are closely watching the government’s threat intelligence work: DHS and the FBI earned the ire of the research community in December when they published an analysis of Russia’s digital infrastructure that was riddled with inaccurate and useless indicators, including IP addresses not connected to Russian hacking.

DHS made a similar blunder in its analysis of North Korean hacking, according to one researcher. “The fact that they didn’t include any time range for the malicious activity hampers the ability to effectively use these IP addresses for network detection,” said Sergio Caltagirone, director of threat intelligence at the security firm Dragos, in an email to MC. “An unbounded search by defenders for any connectivity to 630 IP addresses over all time is likely to produce false positives.” Echoing concerns first voiced after a high-profile false alarm in January, Caltagirone added, “These false positives may lead to false reports and unnecessary escalation by concerned organizations wasting precious cybersecurity resources.” As for the new report, Caltagirone said it largely confirmed what private sector experts had already concluded about North Korea’s operations. “The technical analysis does not reveal any radical new intelligence, capabilities, or behaviors,” he told MC. “It does add more insight into how the malware operates on a victim and may help some organizations with additional host-level detection.”

GETTING BETTER (CAN’T GET MUCH WORSE) An analysis of hundreds of state, local and federal government bodies out today finds that the government sector’s cybersecurity readiness ranks near the bottom compared to every other sector, although it has climbed out of last place since the last study. The security ratings company SecurityScorecard ranked the government sector third from the bottom out of 18 in its 2017 U.S. State and Local Government Report. The best 10 government entities: the President’s Council on Fitness, Sports and Nutrition; the National Highway Traffic Safety Organization; the Federal Reserve; the Secret Service; Waukesha County, Wisc.; USAJOBS; the Internal Revenue Service; Lansing, Mich.; North Carolina State Parks; and the Congressional Budget Office.

ZERO DAY PRICE FOR SIGNAL — Zerodium, a broker of previously undisclosed software flaws, is offering up to half a million dollars for vulnerabilities in secure messaging apps like Signal and WhatsApp. “Wow. If that isn't an endorsement of Signal, I don't know what is,” Nicholas Weaver, senior staff researcher focusing on computer security at the International Computer Science Institute in Berkeley, Calif., responded on Twitter. That amount is still a third of the company’s maximum bounty on exploits that could be used to crack Apple’s operating system, however.

MORE HEAT ON KASPERSKY The White House’s cybersecurity coordinator, Rob Joyce, is warning Americans against using the anti-virus products of Kaspersky Lab, a Russian company. He said in an interview with CBS News that he doesn’t use the products himself, and wouldn’t advise his family to use it, either. "I worry that as a nation state Russia really hasn't done the right things for this country and they have a lot of control and latitude over the information that goes to companies in Russia,” he said. “So I worry about that." Kaspersky has repeatedly denied any connection to the Russian government, but there’s a growing movement in Congress and the executive branch to exile Kaspersky products from use in the federal government.

SMALL BIZ CONCERNS — More than half of small business owners are worried about digital threats, according to a new survey. The latest MetLife and U.S. Chamber of Commerce Small Business Index found that nearly 60 percent of are concerned about cybersecurity. Companies with 20 to 99 employees in particular are losing sleep over it, with 62 percent expressing concern and one in five feeling “very concerned.” “Cybersecurity poses a threat to all businesses, but it is particularly challenging for small businesses,” said Ann Beauchesne, senior vice president of the Chamber’s National Security and Emergency Preparedness Department, in a statement. The Index is meant to “elevate the voice of the small business owners to better understand the issues that stand in their way,” added James W. Reid, executive vice president for Regional & Small Business Solutions at MetLife.

DREAM A LITTLER DREAM A U.S. court today will hold a hearing on a scaled back search warrant from the Justice Department of DreamHost that the hosting company said originally would have demanded 1.3 million internet protocol addresses. As part of its investigation into a riot during a January protest, the Justice Department issued a search warrant related to how the website disruptj20.org was used to organize riots. It said in a filing this week that it wasn’t aware that the search warrant’s scope would have the effect of collecting such broad data. "These additional facts were unknown to the government at the time it applied for and obtained the warrant," the filing states. "Consequently, the government could not exclude from the scope of the warrant what it did not know existed." Ultimately, the filing states, "The government is focused on the use of the website to organize, to plan, and to effect a criminal act — that is, a riot. The government has no interest in seizing data from the website that does not relate to this limited purpose."

DreamHost celebrated the revised search warrant but said it still has concerns. “We see this as a huge win for internet privacy, and we absolutely appreciate the DOJ’s willingness to look at and reconsider both the scope and the depth of their original request for records,” the company wrote in a blog post. “That’s all we asked them to do in the first place, honestly.”

DOJ SWEEPS UP CYBER CRIME ENABLERS — Federal prosecutors on Wednesday announced charges against 20 people for helping launder $16 million stolen in hacking and fraud schemes. The 20 suspects, all from the area around Youngstown, Ohio, each face wire fraud, bank fraud and money laundering charges for participating in “an international fraud organization” that stretched from Canada to Africa, according to the Justice Department. Other co-conspirators conducted the initial thefts, either by directly hacking their targets or by posing as their legitimate business partners and convincing them to transfer the funds. Then, according to the indictments, a mid-level co-conspirator recruited the Youngstown defendants to create shell companies and fake bank accounts that could be used to route the stolen money. “These defendants were a vital cog in an international theft ring,” said Justin Herdman, the U.S. Attorney for the Northern District of Ohio, in a statement. “They laundered millions of dollars of stolen money and now have to answer for their actions.” The DOJ has already secured guilty pleas from 10 other co-conspirators.

CYBER ADVISORY COUNCIL LOSES SOME A “number” of members have resigned from the president’s National Infrastructure Advisory Council, a White House official confirmed to MC, but it’s unclear who is staying and who is going. “We can confirm that a number of members of the NIAC who had been appointed under the previous administration have submitted their resignation,” the official said. “The NIAC met on August 22 as planned with the majority of its members, who remain committed to the important work of protecting our nation’s critical infrastructure.” The official did not answer a request about which members resigned. The Hill first reported the resignations.

TWEET OF THE DAY — Talk about an inflexible Acrobat.

QUICK BYTES

A top Trump official sent an email about arranging a meeting with Russian President Vladimir Putin. CNN.

“Many County Election Officials Still Lack Cybersecurity Training.” NBC News.

The Department of Justice and Office of the Director of National Intelligence released the targeting procedures for non-United States persons on foreign soil.

“Washington, Not Silicon Valley, Leads the Way in Cybersecurity.” Nextgov.

The Health and Human Services Department cyber workforce is dwindling and about to dwindle even more, emphasizing the need for diversity. Federal News Radio.

What would happen under international law if, hypothetically, the U.S.S. McCain was cyberattacked? Council on Foreign Relations.

Assessing the security of the electricity grid. Scientific American.

“Pro-Russian Bots Take Up the Right-Wing Cause After Charlottesville.” ProPublica.

That’s all for today. Looking forward to opening night in the NBA.