Cybersecurity and Cyberwarfare

NTIA, on behalf of the Department of Commerce, is requesting comment on actions that can be taken to address automated and distributed threats to the digital ecosystem as part of the activity directed by the President in Executive Order 13800, "Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure." Through this Request for Comments, NTIA seeks broad input from all interested stakeholders - including private industry, academia, civil society, and other security experts - on ways to improve industry's ability to reduce threats perpetuated by automated distributed attacks, such as botnets, and what role, if any, the U.S. Government should play in this area.

The Subcommittee on Oversight and Investigations, chaired by Rep Tim Murphy (R-PA), held a hearing examining the Department of Health and Human Services’ (HHS) role in cybersecurity efforts within the health care sector. Discussed during the hearing were two reports that HHS was required to submit to Congress, following the implementation of the Cybersecurity Information Sharing Act (CISA), which became law in 2015. The reports outline the department’s internal cybersecurity processes and industry recommendations for what the federal government and industry can do to improve cybersecurity efforts in the health care sector.

Building on the success of its two previous PrivacyCon events, the Federal Trade Commission is announcing a call for presentations for its third PrivacyCon, which will take place on February 28, 2018.

The call for presentations seeks research and input on a wide range of issues and questions to build on previously presented research and promote discussion, including:
What are the greatest threats to consumer privacy today? What are the costs of mitigating these threats? How are the threats evolving? How does the evolving nature of the threats impact consumer welfare and the costs of mitigation?
How can companies weigh the costs and benefits of security-by-design techniques and privacy-protective technologies and behaviors? How can companies weigh the costs and benefits of individual tools or practices?
How can companies assess consumers’ privacy preferences?
Are there market failures (e.g. information asymmetries, externalities) in the area of privacy and data security? If so, what tools and strategies can businesses or consumers use to overcome or mitigate those failures? How can policymakers address those failures?

Submissions for PrivacyCon must be made by November 17, 2017.

Two of the nation’s top intelligence officials said in a hearing they would not discuss specifics of private conversations with President Donald Trump, declining to say whether they had been asked to push back against an FBI probe into possible coordination between his campaign and the Russian government.

Testifying before the Senate Intelligence Committee, Director of National Intelligence Daniel Coats refused to say whether it was true that President Trump asked Coats if he could reach out to then-FBI Director James B. Comey and dissuade him from pursuing the Michael Flynn matter. “I don’t believe it’s appropriate for me to address that in a public session,’’ Coats said. “I don’t think this is the appropriate venue to do this in.’’ He added: “I have never felt pressure to intervene or interfere in any way … in an ongoing investigation.’’ Similarly, National Security Agency Director Michael S. Rogers declined to directly answer Sen Mark Warner’s (D-VA) question of whether President Trump sought his aid in downplaying the investigation.

Here are 5 other questions that remain unknown about this story and the ongoing threat that national security officials say Russia poses to the integrity of American elections.
1. How widespread are these attacks?
2. Can the federal government do more?
3. Why do these leaks keep happening?
4. Why can't the US stop these cyberattacks?
5. Will this change Trump's tune?

Apparently, Russian Military Intelligence executed a cyberattack on at least one US voting software supplier and sent spear-phishing e-mails to more than 100 local election officials just days before November 2016’s presidential election. The top-secret National Security Agency document, which was provided anonymously to The Intercept and independently authenticated, analyzes intelligence very recently acquired by the agency about a months-long Russian intelligence cyber effort against elements of the US election and voting infrastructure. The report, dated May 5, 2017, is the most detailed US government account of Russian interference in the election that has yet come to light.

While the document provides a rare window into the NSA’s understanding of the mechanics of Russian hacking, it does not show the underlying “raw” intelligence on which the analysis is based. A US intelligence officer who declined to be identified cautioned against drawing too big a conclusion from the document because a single analysis is not necessarily definitive. The report indicates that Russian hacking may have penetrated further into US voting systems than was previously understood.

Shifting from his previous blanket denials, Russian President Vladimir Putin said that “patriotically minded” private Russian hackers could have been involved in cyberattacks in 2016 to help the presidential campaign of Donald J. Trump. While Putin continued to deny any state role, his comments to reporters in St. Petersburg were a departure from the Kremlin’s previous position: that Russia had played no role whatsoever in the hacking of the Democratic National Committee and that, after Donald Trump’s victory, the country had become the victim of anti-Russia hysteria among crestfallen Democrats. Raising the possibility of attacks by what he portrayed as free-spirited Russian patriots, Putin said that hackers “are like artists” who choose their targets depending how they feel “when they wake up in the morning.”

A group of Democratic Sens, including some of the loudest critics of Federal Communications Commission Chairman Ajit Pai's effort to roll back Title II, have asked the FBI to investigate the multiple distributed denial of service (DDoS) attacks the FCC says it suffered that affected its online comment system. “This particular attack may have denied the American people the opportunity to contribute to what is supposed to be a fair and transparent process, which in turn may call into question the integrity of the FCC’s rulemaking proceedings,” the Sens wrote to acting FBI director Andrew McCabe. “We request that you update us on the status of the FBI’s investigation and brief us on this matter.”

President Donald Trump has been handing out his cellphone number to world leaders and urging them to call him directly, an unusual invitation that breaks diplomatic protocol and is raising concerns about the security and secrecy of the US commander in chief’s communications. President Trump has urged leaders of Canada and Mexico to reach him on his cellphone, apparently. Of the two, only Canadian Prime Minister Justin Trudeau has taken advantage of the offer so far, the officials said. President Trump also exchanged numbers with French President Emmanuel Macron when the two spoke immediately following Macron’s victory earlier in May.

The notion of world leaders calling each other up via cellphone may seem unremarkable in the modern, mobile world. But in the diplomatic arena, where leader-to-leader calls are highly orchestrated affairs, it is another notable breach of protocol for a president who has expressed distrust of official channels. The formalities and discipline of diplomacy have been a rough fit for President Trump — who, before taking office, was long easily accessible by cellphone and viewed himself as freewheeling, impulsive dealmaker.

More than a dozen people sent a letter to the Federal Communications Commission saying that their names and contact information were improperly used as part of a widespread political campaign meant to discredit the commission's network neutrality rules. Calling on the FCC to investigate and delete the "dishonest and deceitful" messages made in their name, the citizens said officials cannot afford to ignore the flood of fake comments apparently designed "to manufacture false support for your plan to repeal net neutrality protections."

"To see my good name used to present an opinion diametrically opposed to my own view on Net Neutrality makes me feel sad and violated," said Joel Mullaney, one of the people who signed the letter. "Whoever did this violated one of the most basic norms of our democratic society, that each of us have our own voice, and I am eager to know from what source the FCC obtained this falsified affidavit. I have been slandered."