Articles

Articles

US elections remain vulnerable to attacks, despite security improvements

Articles, Blog, News
featured image

Continued Russian interference, insecure paperless voting processes will sow doubt about the next election.

Days away from the Iowa caucuses, and less than 11 months from the general election, voting and election security continues to be a challenge for the U.S political system. Threats to a secure election appear to loom as large today as they did in 2016, when Russian state-backed hackers and social media trolls threw U.S. political campaign and election efforts into chaos, turmoil that has only become clear after the fact.

Certainly, voting security has made great strides since 2016. State and local governments took advantage of a funding boost under the Help America Vote Act to improve their infrastructure and better coordinate among themselves to harden election systems. Congress allocated an additional $425 million as part of a spending compromise that was passed and enacted in late-December, giving election officials even more latitude to make improvements.

[This article appeared in CSO Online. To read the rest of the article please visit here.]

2020 outlook for cybersecurity legislation

Articles, Blog, News
featured image

Here’s a rundown of all the security-related bills working their way through this year’s U.S. Congress, plus some hot security topics likely to be debated.

As the partisan divide in Washington widens during this 116th Congress, the prospects of enacting any meaningful legislation that bolsters the nation’s cybersecurity seem, at first blush, dim. Of the nearly 300 pieces of legislation that touch on some aspect of cybersecurity, or more urgently, election security, introduced since the current Congress began last year, only nine have become law. Most were budget-related measures that appropriated or increased funds for federal agencies to spend on cybersecurity or election security as part of the fiscal 2020 spending deal passed in December.

Now, roughly halfway through the current Congress, it’s time to take stock and review where things stand in the legislative arena. A number of bills have been passed by either the House or the Senate and are awaiting further action. They are worth watching in 2020 because they have progressed the farthest and arguably might come closest to gaining some momentum toward passage.

[This article appeared in CSO Online. To read the rest of the article please visit here.]

High-profile departures widen federal government’s security talent shortage

Articles, Blog, News
featured image

Recent key departures–voluntary and forced–might make it harder for government agencies to find the talent needed to fulfill their security missions.

Respected and influential government cybersecurity veteran Jeanette Manfra announced this month that she is leaving her position at DHS to join Google as its global director of security and compliance as part of a new security team at Google Cloud. At Google, Manfra, who currently holds the title of Assistant Director for Cybersecurity for the Office of Cybersecurity and Communications at DHS’ Cybersecurity and Infrastructure Security Agency, will spearhead an “Office of the CISO” initiative at Google Cloud to help customers improve their security postures.

Manfra’s departure is just the latest in a string of high-profile departures from the ranks of well-regarded cybersecurity experts from the federal government. Google recruited at least two other prominent government cybersecurity officials to join its ranks. Kate Charlet, who served as acting Deputy Assistant Secretary of Defense for Cyber Policy at the Department of Defense, left in 2017 and is now Director of Data Governance at Google. Daniel Pietro, who was Director for Cybersecurity Policy on the staff of the National Security Council, left his role in 2017 to work at Google as an executive for Public Sector Cloud at Google.

[This article appeared in CSO Online. To read the rest of the article please visit here.]

The race for quantum-proof cryptography

Articles, Blog, News
featured image

Lawmakers briefed on quantum computing’s threat to encryption and the urgent need for mathematical research

One of the biggest threats to privacy and national security is the ability of the immensely powerful quantum computers to break prevailing methods of encryption almost instantaneously. Once quantum computers become a reality, something that could conceivably happen in the next decade or two, all of the data protected by encrypted systems on the internet will become decrypted and unprotected, accessible to all individuals, organizations or nation-states.

Dr. Jill Pipher, President of the American Mathematical Society, VP for Research, and Elisha Benjamin Andrews Professor of Mathematics at Brown University led a briefing last week for lawmakers on Capitol Hill called “No Longer Secure: Cryptography in the Quantum Era” about the threats that quantum computing poses to existing cryptographic systems that support national and economic security. Senator Jack Reed (D-RI) began the briefing by saying “we’re acutely aware of the potential advantages and disadvantages that quantum presents. And we’re also very concerned that some of our adversaries and competitors are investing a great deal in quantum computing.”

[This article appeared in CSO Online. To read the rest of the article please visit here.]

CrowdStrike, Ukraine, and the DNC server: Timeline and facts

Articles, Blog, News
featured image

Politicizing cybersecurity only serves to undermine trust in its practices and objectivity, experts fear.

President Donald Trump, Senator John Kennedy from Louisiana and Secretary of State Mike Pompeo have all given credence to what cybersecurity experts and the US intelligence community deride as a baseless conspiracy theory pushed by Russia. That theory posits that Ukraine, and not Russia, was responsible for hacking into the networks of the Democratic National Committee (DNC) in the run-up to the 2016 presidential election.

Kennedy quickly backtracked from blaming Ukraine for the DNC hack, but nonetheless left wiggle room to return to this contention. After admitting he was “wrong” to imply Ukraine and not Russia hacked the DNC, he went on to say, “There is a lot of evidence, proven and unproven — everyone’s got an opinion — that Ukraine did try to interfere, along with Russia and probably others, in the 2016 election.”

[This article appeared in CSO Online. To read the rest of the article please visit here.]

Global threat groups pose new political and economic dangers

Articles, Blog, News
featured image

Nation-state players in Iran, North Korea, Saudi Arabia and Russia are getting new objectives and changing strategies, say experts.

While widely known advanced persistent threat (APT) groups emanating from Russia and China grab most of the spotlight, an array of other nation-state and adjacent threat actors are increasingly launching cyberattacks around the globe. At this year’s Cyberwarcon conference, nearly 20 of the world’s top cybersecurity researchers presented their thoughts on these less visible and complex groups, outlining their latest strategies and developments.

Iran, which is rapidly emerging as one of the most destructive of the nation-state cyberwarfare actors, has a threat group known as APT33, one of the country’s most malicious cyber actors. APT33 has targeted aerospace, defense, and energy organizations. For the most part, the group is regionally focused, targeting Saudi-owned and -operated entities, according to Saher Naumaan, a threat intelligence analyst at BAE Systems Applied Intelligence.

APT33, also called Refined Kitten, Magnallium, Holmium and Alibaba, has been around since 2014 and is best known for its data wiping malware called Shamoon, which erased at least 30,000 computers belonging to Saudi Aramco in 2012. Since then, APT33 has been implicated in campaigns against industrial players in the Middle East and Europe.

[This article appeared in CSO Online. To read the rest of the article please visit here.]

A new era of cyber warfare: Russia’s Sandworm shows “we are all Ukraine” on the internet

Articles, Blog, News
featured image

In-depth research on Russia’s Sandworm hacking group shows broad capabilities and scope to disrupt anything from critical infrastructure to political campaigns in any part of the world.

Speakers at this year’s CyberwarCon conference dissected a new era of cyber warfare, as nation-state actors turn to a host of new advanced persistent threat (APT) strategies, tools and tactics to attack adversaries and spy on domestic dissidents and rivals. The highest profile example of this new era of nation-state digital warfare is a Russian military intelligence group called Sandworm, a mysterious hacking initiative about which little has been known until recently. The group has nevertheless launched some of the most destructive cyberattacks in history.

Wired journalist Andy Greenberg has just released a high-profile book about the group, which he said at the conference is an account of the first full-blown cyberwar led by these Russian attackers. He kicked off the event with a deep dive into Sandworm, providing an overview of the mostly human experiences of the group’s malicious efforts.

Sandworm first emerged in early 2014 with an attack on the Ukrainian electric grid that “was a kind of actual cyberwar in progress,” Greenberg said. The grid operators in Ukraine watched helplessly as “phantom mouse attacks” appeared on their screens while Sandworm locked them out of their systems, turned off the back up power to their control rooms, and then turned off electricity to a quarter-million Ukrainian civilians, the first ever blackout triggered by hackers.

[This article appeared in CSO Online. To read the rest of the article please visit here.]

Twitter spy scandal a wake-up call for companies to clean up their data access acts

Articles, Blog, News
featured image

Two Twitter employees accessed user data on behalf of the Saudi government. Neither should have had access, and this is a sign of a bigger problem at all companies.

A tremor rippled across the information security community last week when the Justice Department announced criminal charges against two Twitter employees, Ahmad Abouammo and Ali Alzabarah, for acting as foreign agents under the direction and control of the Kingdom of Saudi Arabia. The complaint alleges that the two men used their ability to access user data to provide the Saudi rulers with private information on more than 6,000 Twitter users.

Abouammo, who was a media partnerships manager at Twitter, is a US citizen. Alzabarah, who was a site reliability engineer at the social media giant, is a Saudi citizen, while a third person who was an intermediary in the theft of some of the data and who did not work at Twitter, Ahmed Almutairi, is also a Saudi citizen.

Both former Twitter workers had access to a proprietary and confidential information for Twitter users, including the email addresses, birthdates, phone numbers and IP addresses. Alzabarah, who pulled data on four specific users at the request of the Saudis, also had access to users’ biographical information, logs that contained the users’ browser information, and a log of all of a particular user’s interactions at any given point in time, the complaint says.

[This article appeared in CSO Online. To read the rest of the article please visit here.]

US Department of Justice push for encryption backdoors might run afoul of First Amendment

Articles, Blog, News
featured image

Is encryption code speech? Earlier court rulings suggest that it is, legally, and therefore subject to First Amendment protections.

On October 22, the former general counsel of the FBI Jim Baker published a lengthy and astonishing piece called “Rethinking Encryption.” In that article, the conservative-leaning current director of national security and cybersecurity at the R Street Institute advised the Justice Department and law enforcement to “embrace reality and deal with it” when it comes to encrypted communications.

Running counter to the now decades-long on-again and off-again pursuit by the Justice Department and law enforcement for a backdoor that would allow access to encrypted communications, Baker wrote that encryption “is one of the few mechanisms that the United States and its allies can use to more effectively protect themselves from existential cybersecurity threats, particularly from China. This is true even though encryption will impose costs on society, especially victims of other types of crime.”

[This article appeared in CSO Online. To read the rest of the article please visit here.]

Cell phones don’t belong in SCIFs, says Republican congressman

Articles, Blog, News
featured image

Rep. Mike Rogers says his phone was infected by Russian malware three years ago. Also, why he believes we need fewer federal cybersecurity agencies and election laws.

An annual initiative launched 16 years ago by the Department of Homeland Security, National Cybersecurity Awareness Month (NCSAM) takes place every October. DHS’s main motivation in mounting a month of cybersecurity-related activities is to make consumers more aware of how to protect themselves online. This year’s awareness month theme is “Own IT. Secure IT. Protect IT.” with a focus on privacy, the internet of things (IoT) and e-commerce security.

DHS’s 2019 efforts include a consumer toolkit that features advice in 13 areas, from social media bots to home devices such as smart locks. The goal of the annual rite is to get organizations to promote DHS’s message about how to not click on phishing emails and the best methods to ensure secure passwords and other cybersecurity hygiene habits that ordinary users can deploy to make themselves safer. Last year, according to DHS, over 400 local events across the country focused on good cybersecurity habits.

[This article appeared in CSO Online. To read the rest of the article please visit here.]