Cybersecurity and Cyberwarfare

Four years ago, well before the furor over allegations Moscow meddled in the 2016 election that put Donald Trump in the White House, at least 195 web addresses belonging to Trump, his family or his business empire were hijacked by hackers possibly operating out of Russia.  The Trump Organization denied the domain names were ever compromised. But a review of internet records by the AP and cybersecurity experts shows otherwise. And it was not until the week of Oct 30, after the Trump camp was asked about it by the AP, that the last of the tampered-with addresses were repaired.

US lawmakers say Russia's use of social media in the 2016 presidential election amounts to cyberwarfare. Sens Dianne Feinstein (D-CA) and Angus King (I-ME) both used that term to describe Russian accounts and advertising that sowed division among Americans by promoting fake news and even protests. "This country has to have some kind of cyberwarfare deterrent capacity," Sen King said. "Right now, there's no price to be paid for meddling in our democracy." But there's no explicit definition or legal framework in the United States for what constitutes cyberwar.

Despite some onlookers calling him — or her — a hero, the anonymous Twitter employee who pulled the plug on President Donald Trump's Twitter account before leaving the company may want to lawyer up, according to experts on computer law. Whether or not Twitter pursues legal action against its former worker, federal officials could be motivated to prosecute — if only to deter future cases, analysts say.

Attorney General Jeff Sessions is taking aim at technology firms for preventing law enforcement from accessing encrypted evidence for ongoing terror investigations, warning that such actions could have “deadly consequences.”  The issue has become a point of tension between tech companies and federal investigators in high-profile cases, such as the 2016 dispute between the FBI and Apple over data stored on an iPhone belonging to a suspect in the 2015 San Bernardino terror attack.  Sessions, who delivered remarks on national security in New York City, said that over the past year the FBI was

Apparently, the Justice Department has identified more than six members of the Russian government involved in hacking the Democratic National Committee’s computers and swiping sensitive information that became public during the 2016 presidential election. Prosecutors and agents have assembled evidence to charge the Russian officials and could bring a case in 2018. Discussions about the case are in the early stages, apparently. If filed, the case would provide the clearest picture yet of the actors behind the DNC intrusion. U.S.

Sen Ed Markey (D-MA) and Rep Ted Lieu (D-CA) have teamed up to introduce a bill to boost IoT cybersecurity by creating a voluntary self-certification program under the Department of Commerce. The Cyber Shield Act would establish a voluntary cybersecurity program for the Internet of Things things, with input from an advisory committee comprising "academia, industry, consumer advocates, and the public" on benchmarks for security for consumer devices from baby monitors, cameras and cell phones to laptops and tablets. The goal is to have manufacturers hold themselves to "industry-leading cybersecurity and data security standards, guidelines, best practices, methodologies, procedures, and processes" for the reward of branding their products as such. Manufacturers would self-certify that their products met the benchmarks, and then could display a "Cyber Shield" label, like a "Good CyberHouseprotecting" seal of approval.

The committee will advise the Secretary of Commerce, who could elect not to treat a product as certified unless it was tested and accredited by an independent laboratory. The secretary would have two years from the enactment of the legislation to establish the cybersecurity benchmarks. The program would get a going over by the Commerce inspector general every two years staring not more than four years after enactment.

[Commentary] It is this committee’s mission to protect consumers, and in the coming months, we will be taking a more expansive look at the online experience to ensure safety, security, and an unfiltered flow of information. Recently, the Equifax data breach compromised the personal information of 145 million Americans, including social security numbers, addresses, credit card numbers, and more. This committee held a hearing on the breach and will continue to deeply scrutinize the staggering amount of personal information changing hands online and the business practices surrounding those transactions.

My colleagues and I will hold a separate hearing to assess identity verification practices, and determine whether they can be improved to protect personal data on the web even after a consumer’s information has been breached. These hearings are just the start of a long-term, thoughtful, and research-focused approach to better illuminate how Americans’ data is being used online, how to ensure that data is safe, and how information is being filtered to consumers over the web. While technology is responsible for a lot of positive change in our world, malignant behavior online can have consequences that are not fully disclosed to the American people.

The Trump Administration is planning to write a new cybersecurity strategy, White House Homeland Security Adviser Tom Bossert said, suggesting that the slew of Obama-era cyber plans and strategies are fast outliving their usefulness.

There’s no timeframe for when the strategy will launch, Bossert told reporters, but it will follow the broad outlines of a cybersecurity executive order President Donald Trump released in May. “As soon as we’re prepared to put forward a strategy that will be beneficial to the government and the nation, we’ll do so,” Bossert said on the sidelines of a Washington cybersecurity conference hosted by Palo Alto Networks.

Two House committees announced that they would conduct a joint probe into the FBI's handling of the Hillary Clinton e-mail investigation. The Clinton investigation concluded with no charges being levied against the former secretary of state who was running for president under the Democratic ticket.

House Oversight and Government Reform Committee Chairman Trey Gowdy (R-SC) and House Judiciary Committee Chairman Bob Goodlatte (R-VA) said in a joint statement that they are unsatisfied with how the probe into Clinton's private e-mail server concluded. Among other things, the chairmen want to know why the bureau publicly said it was investigating Clinton while keeping silent that it was looking into President Donald Trump's campaign associates and their connections to Russia. "Our justice system is represented by a blind-folded woman holding a set of scales. Those scales do not tip to the right or the left; they do not recognize wealth, power, or social status," Chairmen Goodlatte and Gowdy said in a joint statement. "The impartiality of our justice system is the bedrock of our republic, and our fellow citizens must have confidence in its objectivity, independence, and evenhandedness. The law is the most equalizing force in this country. No entity or individual is exempt from oversight."

The FBI hasn’t been able to retrieve data from more than half of the mobile devices it tried to access in less than a year, said FBI Director Christopher Wray, turning up the heat on a debate between technology companies and law enforcement officials trying to recover encrypted communications.

In the first 11 months of the fiscal year, federal agents were unable to access the content of more than 6,900 mobile devices, Wray said. “To put it mildly, this is a huge, huge problem,” Wray said. “It impacts investigations across the board — narcotics, human trafficking, counterterrorism, counterintelligence, gangs, organized crime, child exploitation.” The FBI and other law enforcement officials have long complained about being unable to unlock and recover evidence from cellphones and other devices seized from suspects even if they have a warrant, while technology companies have insisted they must protect customers’ digital privacy.