With the approach of the United States’ 2018 midterm elections, concerns have been expressed by many regarding the security and integrity of the voting process. Given the news how suspected Russian agents actively sought to use hacking and influence operations to sway voters in a particular direction during the presidential election, the concern is legitimate, even if there was no evidence that votes were actually altered in 2016. The preservation of the democratic voting process has been thrust into symbolic “red line” territory that needs and should be protected against foreign interference. Indeed, the Department of Homeland Security re-enforced this by elevating election infrastructure to the status of “critical infrastructure” in early 2017.
Clearly, hacking and gaining unauthorized access to those systems and devices associated with the election process is something that deserves immediate attention. After all, many countries would ostensibly agree that breaking into computers is a criminal offense, regardless if data is taken, destroyed, or altered. In the 2016 U.S. presidential election, there were clear incidents where suspected Russian hackers stole data, and even compromised voter-related records, resulting an indictment of Russian nationals on a wide variety of charges ranging from conspiracy to commit fraud, money laundering, and identity theft, to name a few.
The White House has recently published its new National Cyber Strategy, rescinding an Obama-era memorandum Presidential Policy Directive-20 (PPD-20) that laid forth the process by which the United States would undertake cyber attacks against cyber foes, to include foreign state actors. The Strategy consists of four primary pillars designed to guide how the United States will undergo defensive, and perhaps more importantly, offensive actions in order to preserve its interests in cyberspace. Per the Strategy, the four pillars are:
A recent article revealed that the United States government has gotten better at providing unclassified cyber threat information to the private sector. Law enforcement and intelligence organizations have greatly cut down the time it takes to provide unclassified versions of cyber threat indicators (a term that can reference that can refer to a variety of technical data that includes but is not limited to IP addresses, malware, e-mail addresses, etc.) to the Department of Homeland Security (DHS) to disseminate promptly to the private sector. The process had traditionally been slow as it involves an originating agency to determine if the indicator has been properly vetted without exposing sources and methods, per the article.
Speed of delivering pertinent threat information is certainly an improvement in a domain where attacks occur in seconds. A November 2017 report from the DHS Office of the Inspector General provided a report on actions taken during 2016 in fulfillment of direction mandated by the Cybersecurity Information Sharing Act of 2015 with regards to the sharing of threat indicators. Per the report, despite successfully classifying indicators and defensive measures, it still faced challenges effectively sharing such information across the public and private sectors. The report advocated enhanced outreach and a cross-domain information processing solution.
Space Force picture, an independent military branch by 2020. The move is designed to counter the weapons that China and Russia have already developed that threaten U.S. satellites. The U.S. Vice President quickly assured that the force did not and would not be created from the ground up, but would leverage the personnel and material resources already existing in the service elements. The goal is to streamline efforts and maximize efficiency, a noble endeavor given the difficulties that invariable arise when mission responsibilities traverse and overlap so many different organizations.
The protection of U.S. civilian and military space assets are considered a national security concern. In December 2017, U.S. Department of Defense officials expressed concern that the United States’ anti-satellite capabilities were not up to par as some of its adversaries. In contrast, adversary adoption of anti-satellite weapons been documented in the news. In April 2018, a report detailing global counterspace capabilities (that include direct ascent weapons, co-orbital, directed energy, electronic warfare, and cyber warfare) underscores how adversarial nations are actively pursuing the development of such weapons and the threat that they pose to U.S. space interests. The report reveals that such investment by these states started in the mid-2000s.
In May 2018, the White House eliminated the position of National Cybersecurity Coordinator. The move has been met with much pushback from some in the cybersecurity community and even politicians. Democratic lawmakers were seeking to propose legislation to restore the position. In a statement made by the National Security Council the move was to “streamline management in order to improve efficiency, reduce bureaucracy, and increase accountability.” Nevertheless, given the fact that many security officials including the Director of National Intelligence have identified cyber threats as a national security priority, the removal of this position is largely considered a step backward and not forward. However, this may be more of a kneejerk reaction than an honest assessment of the roles and responsibilities that have been undertaken by those individuals appointed to the position.
With roots starting as early as 1997, the position first emerged in 2009 and has had three individuals in the role of Cybersecurity Coordinator – Howard Schmidt (2009-2012), Michael Daniel (2012-2017), and Rob Joyce (2017-2018), who is looking to return to the National Security Agency (NSA). The Cybersecurity Coordinator has been primarily a policy position lacking any day-to-day authority over any of the groups working on cyber security. Critics have pointed out that while the Cyber Coordinator can make recommendations, the position has no direct authority as far as budgeting is concerned, nor can the position compel agencies to comply with guidelines. This has been a systematic problem with the position – it can make all of the recommendations it wants, but if it cannot compel agencies to implement them within a specified amount of time, the title becomes largely ceremonial. Government Accounting Office reports on government cybersecurity efforts consistently find shortcomings in the federal government’s approach to ensuring the security of federal information systems and cyber critical infrastructure.
Recent reporting has revealed that there is a growing frustration expressed by members of the U.S. Senate Armed Committee that the U.S. Department of Defense has still not established any defined cyber deterrence policy or strategy, particularly with regard to “red lines.”
In December 2016, the National Defense Authorization Act sought “a report on the military and nonmilitary options available to the United States for deterring and responding to imminent threats in cyberspace.” Since that period, it appears that little has been done to develop a deterrent strategy, a perplexing turn of events given the fact that the United States has multiple avenues from which to develop a cyber deterrence strategy that includes diplomatic, economic, military, and trade options that can be leveraged to influence foreign state behavior.
Cyber deterrence is frequently discussed at the highest levels of the U.S. government, especially as hostile cyber actions continue to increase in frequency and magnitude, and in those instances where information destruction was the intended result. These include but are not limited to the theft of substantial personal indefinable information (e.g., Equifax), intellectual property (e.g., nation states), potential involvement in presidential elections (e.g., Russia ), theft of military plans (e.g., North Korea), and destruction of data (e.g., wiper malware). Historically, such activities have typically evaded any type of state repercussion, although there has been headway made in trying to punish suspected nation state actors for their suspected involvement in them to include:
There is an increased focus on Fake news, particularly in light of Russia’s alleged involvement in its creation and dissemination in the steps leading up to, during, and after the 2016 presidential election.
Many believe that the motivation behind this ongoing “fake news” campaign is to disrupt or subvert the democratic process. Recently, U.S. Senator Mark Warner said that between 2012-2016, there was more than 700 percent increase in the use of digital political adverting. Additionally, the Senate Committee on Intelligence is concerned about Russian use of social media platforms, inviting Google, Twitter, and Facebook and for a public hearing to further discuss this matter.
You wouldn’t believe this! Fake News is growing to scarry proportions!
Facebook disclosed that it had identified more than $100,000 worth of divisive ads suspected of having been purchased by Russian company with ties to the Kremlin. Approximately 3,000 ads running between June 2015-May 2017 and tied to 470 fake accounts neither targeted nor focused on a specific candidate as much as concentrated on pushing divisive social issues to the forefront. Facebook has since shut down these sites. This disclosure further supports the conclusions found by the U.S. Intelligence Community January 2017, “Assessing Russian Activities and Intentions in Recent U.S. Elections.” The assessment determined that the Russian influence campaign was designed to damage Hillary Clinton and boost Trump during the election. The report also determined that Russian Internet “trolls” had posted anti-Clinton messages.
On May 11, the U.S. President’s Executive Order (EO) “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure” was finally signed. This long awaited EO comes on the heels of leaked earlier versions throughout the first part of 2017. Each subsequent leaked iteration – a draft was published by the Washington Post in January, a revision was published by the Lawfare Blog in February, and the most comprehensive iteration was leaked in early May and also published by the Lawfare Blog.
Former New York Mayor Rudy Giuliani has been tapped to be the President’s new “cyber security czar.” The appointment has been met with trepidation among those in the information security business who point out Mr. Giuliani’s lack of expertise in anything cyber-related, despite being Chair of the Cybersecurity, Privacy and Crisis Management Practice at a Miami-based law firm and advising companies on information security since 2002. In fact, critics cite recent reporting revealing that passwords used by Giuliani and 13 other top staff members have been leaked in mass breaches of websites like LinkedIn, MySpace, and others between 2012 and 2016.