Cybersecurity and Cyberwarfare

Secretary of Commerce Wilbur L. Ross, Jr. announced the selection of Roscoe Howard, Jr. to be the Special Compliance Coordinator (SCC) for Zhongxing Telecommunications Equipment Corporation, of Shenzhen, China and ZTE Kangxun Telecommunications Ltd. of Hi-New Shenzhen, China (collectively, ZTE). The Special Compliance Coordinator was selected after a rigorous search by the Bureau of Industry and Security (BIS).

Technology giants increasingly are casting themselves as defenders of online integrity as American democracy, yet again, comes under attack. A recent string of revelations from companies including Facebook, Microsoft and Google about foreign hacking and disinformation amount to a public answer to charges that the technology industry should have done more to thwart Russia’s online attacks in 2016.

T-Mobile, the nation’s third-largest wireless carrier, said that it had discovered a data breach potentially affecting some of its customers' account information. No financial data was stolen in the incident, the company said, but some personal details such as customer names, email addresses, phone numbers and account numbers may have been compromised. In a statement on its website, T-Mobile said it uncovered the hack on Aug 20. The company “promptly reported it to authorities” and shut down the attack.

“The work you see now from Facebook, Microsoft and others to be more proactive is a trend that is positive — it’s part of the solution, and I would want to see that trend continue,” said Graham Brookie, director of the Digital Forensic Research Lab at the Atlantic Council, a think tank that has been working with Facebook on election-security issues. “Is this a solution? No, definitely not.”  

Silicon Valley’s biggest social media companies provide some of the best tools for spreading propaganda. Social media poses an ongoing risk that will only grow without a coordinated effort to prevent manipulation. “The main takeaway from Facebook's announcement is not just that Russia-style meddling is exportable, but that it's inevitable,” said Chris Meserole, a fellow in the Center for Middle East Policy at the Brookings Institution. “If Moscow authored the playbook, Tehran read it word for word, and they won't be the only country to do so.

Apple ruled that Facebook's data-security app violated Apple's data-collection policies designed to limit data collection by app developers. Apple informed Facebook that Onavo also violated a part of its developer agreement that prevents apps from using data in ways that go beyond what is directly relevant to the app or to provide advertising. The app, called Onavo Protect, has been available as a free download through Apple’s app store for years, with updates regularly approved by Apple’s app-review board.

[Commentary] US officials have often said that the United States has unrivaled offensive cybercapabilities. Why hasn’t that deterred anyone? It’s simple. The United States is so reliant on computer networks that we’re afraid to launch a tit-for-tat exchange in cyberspace. We need to get tougher and more inventive. In the hope of inspiring others’ imagination, here are a few options that belong in the US toolkit:

The Russian military intelligence unit that sought to influence the 2016 election appears to have a new target: conservative American think tanks that have broken with President Trump and are seeking continued sanctions against Moscow, exposing oligarchs or pressing for human rights. Microsoft detected and seized websites that were created in recent weeks by hackers linked to the Russian unit formerly known as the G.R.U.

Privacy and security online continue to be major issues for Americans, according to a National Telecommunications and Information Administration survey conducted by the US Census Bureau. Nearly three-quarters of Internet-using households had significant concerns about online privacy and security risks in 2017, while a third said these worries caused them to hold back from some online activities. About 20 percent said they had experienced an online security breach, identity theft, or a similar crime during the past year.