By Tim Starks | 10/11/2017 10:00 AM EDT
With help from Bryan Bender, Eric Geller and Martin Matishak
MISSED SIGNAL BETWEEN FEDS, PRIVATE SECTOR - Despite a more than tenfold increase in cyberattacks on its networks, the creation of vast data-swapping infrastructure and the gathering of vast amounts of information about potentially malevolent actors, the federal government is struggling to share valuable threat information with the private sector, Cory reports. "One of the questions I always ask [companies]: 'Can you tell me best piece of information you ever got from the federal government to defend your infrastructure?'" said Rep. Will Hurd, who chairs a key House information technology subcommittee. "The answer is usually: nothing, silence."
The lack of sharing remains acute after an election that was rattled by Russian hackers. China continues to snoop on American companies, North Korea is increasingly turning to cybercrime to fund its isolated regime and Iran is poised to turn its digital might on the U.S. if the Trump administration moves to end the Obama-era nuclear deal with Tehran. And the entire world was gripped by two unprecedented malware attacks that seized tens of thousands of computers at international companies, universities and government agencies.
There's no shortage of reasons for the miscommunication, just as there has been no shortage of federal attempts to fix it. The private sector has been ramping up its own mechanisms to gather and share data on hackers, with new industries entering the field. But too often, potential government tips are being run through a laborious review process that sanitizes and strips many alerts of timeliness and crucial context, according to industry representatives, network defenders and lawmakers.
Rob Joyce, President Donald Trump's top cyber adviser, recently said the government is toying with the idea of bringing in industry-specific cyber analysts to cut through the data clutter and "identify information that then needs to be pushed out for action" - a major change from the "send us everything you've got" model. And while there have been some bright spots along the way, there's still a long road ahead. "The formation of any kind of team or activity goes: forming, storming, norming and performing," Hurd said. "We're in the storming phase." Pros can read the full story here.
HAPPY WEDNESDAY and welcome to Morning Cybersecurity! Your MC host is pro-porg. So is Eric. Martin? Anti. Send your thoughts, feedback and especially tips to firstname.lastname@example.org and be sure to follow @timstarks, @POLITICOPro and @MorningCybersec. Full team info below.
POLITICO's Agenda: The Data Issue: Data has emerged as a powerful tool for business and governance, and nobody collects more data than Washington. This issue of POLITICO Agenda goes deep on data and looks at the public challenges and opportunities that emerge as "big data" expands the possibilities for society and for government. From financial data ownership, to thwarting digital thieves and hackers, be sure to read the full edition HERE.
CHINA DEAL RENEWAL: LOOKS GOOD, BUT ASTERISK - Last week's re-up of the 2015 U.S.-China deal prohibiting cyber theft of intellectual property "shows there's some degree of confidence that the agreement is working," said Chris Porter, chief intelligence strategist of FireEye. The dramatic drop-off in such theft, as observed by FireEye and others, began even before the 2015 deal as China shifted its strategy toward fostering internal innovation in pursuit of patents, Porter told MC. That doesn't mean China has completely abandoned its cyberattacks on U.S. companies, though, with Porter's company noting an uptick in targeting cloud providers and law firms, and enhanced pursuit of individuals' personal data.
But there is a bigger asterisk. China might be willing to make an exception to the IP theft deal if it could get its hands on super high-tech material, such as in the areas of artificial intelligence, genetics or advanced batteries, Porter said. And Chinese unease with the Trump administration's attitude toward Beijing could further influence a China flip-flop. "We do think, especially if U.S. China trade disputes become more acrimonious, that for those truly revolutionary technologies, they would be willing to risk the diplomatic blowback."
THE KAS-PLOT THICKENS - The American government's scrutiny of the Russian cyber firm Kaspersky Lab stems in part from a secret warning the Kremlin issued after the FBI started poking around Kaspersky's operations approximately two years ago. After FBI officials heard that Kaspersky was pitching its software to catch terrorists, the bureau took an interest in the firm and its services and began assessing its claims, CyberScoop reported Tuesday. That prompted an immediate response from the Russian government, the publication reported: CIA officials were summoned to Moscow to meet with officials from Russia's Federal Security Service, or FSB, who warned them to leave Kaspersky alone. The FSB delivered the message through a formal diplomatic mechanism known as a démarche. Sources told the site that the document was "worded as an objection to what the Russians deemed malicious interference" with Kaspersky.
The use of this channel "sent up alarms" throughout Washington, according to CyberScoop, because démarches are not typically issued by intelligence agencies. "The Russian reaction to the FBI's interest seemed to reveal more to U.S. intelligence than the FBI's due diligence had," CyberScoop said, quoting a U.S. official. Multiple officials told the site that the démarche was a "major pivot point" in the relationship between the U.S. government and the Moscow-based company. Despite this hint, the Obama administration did not openly move against Kaspersky. The first blows came from the Trump administration, first from the General Services Administration and then from the Department of Homeland Security.
- ... AND THICKENS: A New York Times story Tuesday on Kaspersky and Russian intelligence completes the ouroboros. "It was a case of spies watching spies watching spies: Israeli intelligence officers looked on in real time as Russian government hackers searched computers around the world for the code names of American intelligence programs," the outlet reports. "What gave the Russian hacking, detected more than two years ago, such global reach was its improvised search tool - antivirus software made by a Russian company, Kaspersky Lab, that is used by 400 million people worldwide, including by officials at some two dozen American government agencies." Here's the payoff: "The Israeli officials who had hacked into Kaspersky's own network alerted the United States to the broad Russian intrusion, which has not been previously reported, leading to a decision just last month to order Kaspersky software removed from government computers."
Kaspersky Lab issued a statement in response to the Times story. "Kaspersky Lab was not involved in and does not possess any knowledge of the situation in question," the statement reads, noting that Kaspersky Lab has publicly reported and addressed a vulnerability identified in the piece and remains willing to work with the U.S. government to address its concerns. "Kaspersky Lab has never helped, nor will help, for any government in the world with its cyberespionage efforts, and contrary to erroneous reports, Kaspersky Lab software does not contain any undeclared capabilities such as backdoors as that would be illegal and unethical."
- ... PLUS WHAT'S NEXT: The House Science Committee will soon hold a hearing on Kaspersky, and the FBI continues to urge companies not to use Kaspersky software. Some in the international community think the U.S. campaign against the company is counterproductive; a senior INTERPOL official told Reuters that the campaign will hamper global efforts to combat cybercrime.
WELL THAT'S ... NOT IDEAL - North Korean hackers stole American and South Korean war plans, including information about a "decapitation strike" on North Korean leader Kim Jong-un, according to a South Korean lawmaker. The breach of the South's military networks exposed 235 gigabytes of material, including almost 300 documents classified at low levels, Rhee Cheol-hee, who sits on the South Korean parliament's defense committee, told reporters on Tuesday. South Korea discovered the hack in September 2016 but has kept quiet about what it exposed, saying only that the North obtained "some classified information." Rhee said the government has yet to identify more than 80 percent of the material that hackers took. Options for a "decapitation strike" were included in a document dubbed Operations Plan 5015, which was revised two years ago in response to the North's increasing aggression and accelerated nuclear and missile testing. The United States' broader North Korean war plans have been updated in the past few months to reflect more recent events.
Neither confirming nor denying, the Pentagon was mum Tuesday about the reports. "I'm not going to address the specifics of that discussion," Col. Rob Manning, a department spokesman, told reporters when pressed on the reported hack of war plans. "I'm not going to address whether or not that occurred." He did insist that the two allies are taking all necessary steps to ensure such sensitive data is protected. "The ROK-U.S. alliance remains steadfast in their commitment to make sure they safeguard that information and ensure readiness on the Korean peninsula to counter any North Korean threats," said Manning, using the acronym for the Republic of Korea. He also said he could not illuminate any efforts by the U.S. military to undermine Pyongyang's digital operations. "I am not going to address any specific cyber operations for operational security reasons."
IT'S SO EASY - DEFCON released a report Tuesday on its Voting Village hacking experiment this summer, concluding that voting machines are vulnerable in part because of foreign-manufactured hardware and software components that would allow attackers to massively manipulate votes. And the report concludes that the Voting Village was operating under constraints that showed veteran, nation-state hackers obeying no rules would find hacking voting machines even easier; every machine examined at the most recent conference was hacked within hours or even minutes. "Last year's attack on America's voting process is as serious a threat to our democracy as any I have ever seen in the last 40+ years - potentially more serious than any physical attack on our nation," former U.S. Ambassador to NATO Douglas Lute wrote in the report's foreword. DEFCON plans to expand on its voting security scrutiny at future editions of its annual hacker conference, although there could be handicaps for hackers if an exemption to a 1996 law expires on schedule.
Concurrently, the Atlantic Council announced plans to form a bipartisan election security group to recommend safeguards. Common Cause welcomed the report but said states and local governments should take steps even before any recommendations are issued, like audits of electronic ballots. "The good news is that with respect to protecting votes themselves, the solutions are low tech and within reach of every state and county," said Karen Hobert Flynn, president of Common Cause. Verified Voting President Barbara Simons said the report showed the need for everyone "to ensure that by this time next year, many more voters have the confidence in their elections and their democracy brought by a resilient and transparent voting system." The Center for Internet Security, meanwhile, announced Tuesday that it would develop its own recommendations for safeguarding U.S. election infrastructure.
EQUIFAX TROUBLE ACROSS THE POND - The fallout from the massive data breach at Equifax isn't clearing up anytime soon. The company announced Tuesday that 15.2 million client records in Britain were compromised. The credit monitoring firm also said that it will need to contact around 700,000 customers who had their sensitive data exposed. Last month, the company said fewer than 400,000 consumers in the U.K. had their personal information accessed in the breach. While the figure has nearly doubled, it still pales in comparison to the estimated 145.5 million Americans who were affected. Equifax has come under withering criticism from consumers and Capitol Hill over its response to the colossal breach, including waiting weeks to inform the public. Last week, former Equifax CEO Richard Smith appeared before four congressional committees but his answers - and lack of status with the company - left lawmakers fuming and wanting to hear from current executives. Oh, and more back home: the Equifax breach reportedly exposed driver's license data for approximately 11 million Americans.
DOJ RATCHETS UP ANTI-ENCRYPTION PRESSURE - The No. 2 official at the Justice Department on Tuesday inaugurated a new phase of the government's campaign against warrant-proof encryption, acknowledging that tech companies face financial pressure to stop designing systems that let investigators access users' data. Attempts to convince tech companies to design warrant-friendly encryption are "unlikely to work" because those companies' competitors "will always try to attract customers by promising stronger encryption," Deputy Attorney General Rod Rosenstein said at a U.S. Naval Academy conference. "Technology companies almost certainly will not develop responsible encryption if left to their own devices," Rosenstein added. "Competition will fuel a mindset that leads them to produce products that are more and more impregnable."
Rosenstein's speech represents an evolution in the government's approach to the challenges posed by encryption, which officials call "going dark." Speeches by top White House, DOJ and FBI officials, and even Rosenstein's own past remarks , sought to persuade companies to voluntarily stop deploying end-to-end encryption, which scrambles data in a way that hampers some criminal and counterterrorism investigations. Many in the tech community doubted that the government would move beyond this rhetoric after the highly public failure of draft legislation mandating warrant-friendly encryption last year.
But Rosenstein assailed Silicon Valley, suggesting that its refusal to comply with government pressure was due to fears for its bottom lines. "They are in the business of selling products and making money," he said at the Naval Academy. "We use a different measure of success. We are in the business of preventing crime and saving lives." He admitted that the government's position was "not popular," saying that everyone who discuss the dangers of encryption "faces attacks by advocates of absolute privacy." But, he concluded, "there is no constitutional right to sell warrant-proof encryption."
TWEET OF THE DAY - That laptop though.
- North Korean hackers targeted U.S. power companies with spearphishing emails, according to FireEye. NBC News.
- The Guardian reports that the Deloitte hack was worse than revealed.
- House Intelligence Chairman Devin "Nunes signs off on new subpoenas to firm behind Trump-Russia dossier," CNN reports.
- Here's an Apple password phishing scam. Felix Krause.
- Symantec is one of a few companies coming forward to say they won't allow foreign nations to review their source code. Reuters.
- POLITICO Magazine: "The secret history of the female code breakers who helped defeat the Nazis."
- Attacks from Russia and Eastern Europe netted more than $100 million from banks. Trustwave.
- Australia says one of its national security contractors was breached last year. The New York Times.
- Poland is forming a cyber army. Radio Poland.
- "Teen sentenced in cyber attack that nearly crashed 911 systems." Arizona Republic.
- The House Energy and Commerce Oversight Subcommittee likes moves from the Healthcare and Public Health Sector Coordinating Council.
- More cloud exposure, this time for Accenture. Upguard.
That's all for today. Poor, poor, black-hearted Martin.
Stay in touch with the whole team: Cory Bennett (email@example.com, @Cory_Bennett); Bryan Bender (firstname.lastname@example.org, @BryanDBender); Eric Geller (email@example.com, @ericgeller); Martin Matishak ( firstname.lastname@example.org , @martinmatishak) and Tim Starks (email@example.com, @timstarks).
To view online:
Please click here and follow the steps to unsubscribe.