Cybersecurity and Cyberwarfare

FBI Director Christopher A. Wray renewed a call for tech companies to help law enforcement officials gain access to encrypted smartphones, describing it as a “major public safety issue.”  Director Wray said the bureau was unable to gain access to the content of 7,775 devices in fiscal 2017 — more than half of all the smartphones it tried to crack in that time period — despite having a warrant from a judge. “Being unable to access nearly 7,800 devices in a single year is a major public safety issue,” he said, taking up a theme that was a signature issue of his predecessor, James B. Comey.

Two critical vulnerabilities that affect modern computer processing chips are about to become a huge headache for governments worldwide. The vulnerabilities could allow hackers to pilfer sensitive data from virtually all modern computing devices, ranging from computers to smartphones to cloud infrastructure. Experts believe that they may be the most dangerous computer processor flaws to date.

While USAC is encouraged that its information technology systems delivered continual reliability and availability improvements for our universal service program participants and contributors in 2017, we agree with your assessment that USAC must redouble its efforts to ensure that we are adequately planning, coordinating, testing and reviewing our systems to ensure that they are functional, reliable, and secure.

Nearly half of federal website domains have policies in place to deal with spoofed emails after an October 2017 Department of Homeland Security directive mandated the use new email and web security standards.

According to a December 2017 report by cybersecurity company Agari, approximately 47 percent of the 1,106 federal domains have adopted policies for Domain-based Message authentication, Reporting and Conformance (DMARC), which allows for improved detection and management of spoofed emails. That figure is up from 34 percent in November 2017.

The events surrounding the FBI’s NorthernNight investigation follow a pattern that repeated for years as the Russian threat was building: US intelligence and law enforcement agencies saw some warning signs of Russian meddling in Europe and later in the United States but never fully grasped the breadth of the Kremlin’s ambitions. Top US policymakers didn’t appreciate the dangers, then scrambled to draw up options to fight back.

President Donald Trump's new America first National Security Strategy includes a key role for next gen wireless. "We will improve America’s digital infrastructure by deploying a secure 5G Internet capability nationwide," according to the White House plan, released Dec 18.

[Commentary] The US publicly attributes the massive “WannaCry” cyberattack to North Korea. The attack spread indiscriminately across the world in May. It encrypted and rendered useless hundreds of thousands of computers in hospitals, schools, businesses and homes. While victims received ransom demands, paying did not unlock their computers. It was cowardly, costly and careless. The attack was widespread and cost billions, and North Korea is directly responsible. We do not make this allegation lightly. It is based on evidence. We are not alone with our findings, either.

Federal Communications Commission Chairman Ajit Pai asked the Universal Service Administrative Company Board of Directors to redouble its efforts at oversight -- specifically in the areas of information technology and security. He said USAC's technology problems are why the FCC does not have a fully functional E-Rate Productivity Center or a Lifeline National Verifier.

In a letter sent to the Federal Communications Commission , 18 attorneys general from around the country called on the agency to delay the Dec 14 vote on a repeal of net neutrality protections. The 11th-hour letter, sent by the Oregon attorney general and signed by representatives of 17 states and DC, follows a high-profile press conference from the New York attorney general, who said the FCC had declined to investigate net neutrality comments posted under stolen identities.