Cybersecurity and Cyberwarfare

The FBI has confiscated the phone of the gunman who opened fire at a Texas church Nov 5 but is unable to access it for the ongoing investigation.  FBI Special Agent Christopher Combs, who is leading the investigation, told reporters that the bureau had flown the device to Quantico (VA) Nov 6 and that agents have been reviewing the phone but have not been able to get into it.  “It actually highlights an issue that you’ve all heard about before with advance of the phones and the technology and the encryption, law enforcement, whether it’s at the state, local or the federal level, is increasin

Reps Ted Poe (R-TX) and Zoe Lofgren (D-CA) have proposed amending the USA Liberty Act to toughen protections against warrantless searches and seizures of emails and other online communications. In Oct, House Judiciary Committee Chair Bob Goodlatte (R-VA) and Ranking Member John Conyers (D-MI) introduced the USA Liberty Act, which would reform and reauthorize Sec. 702 of the Foreign Intelligence Surveillance Act, which authorizes the surveillance of communications from non-U.S. residents.

Four years ago, well before the furor over allegations Moscow meddled in the 2016 election that put Donald Trump in the White House, at least 195 web addresses belonging to Trump, his family or his business empire were hijacked by hackers possibly operating out of Russia.  The Trump Organization denied the domain names were ever compromised. But a review of internet records by the AP and cybersecurity experts shows otherwise. And it was not until the week of Oct 30, after the Trump camp was asked about it by the AP, that the last of the tampered-with addresses were repaired.

US lawmakers say Russia's use of social media in the 2016 presidential election amounts to cyberwarfare. Sens Dianne Feinstein (D-CA) and Angus King (I-ME) both used that term to describe Russian accounts and advertising that sowed division among Americans by promoting fake news and even protests. "This country has to have some kind of cyberwarfare deterrent capacity," Sen King said. "Right now, there's no price to be paid for meddling in our democracy." But there's no explicit definition or legal framework in the United States for what constitutes cyberwar.

Despite some onlookers calling him — or her — a hero, the anonymous Twitter employee who pulled the plug on President Donald Trump's Twitter account before leaving the company may want to lawyer up, according to experts on computer law. Whether or not Twitter pursues legal action against its former worker, federal officials could be motivated to prosecute — if only to deter future cases, analysts say.

Attorney General Jeff Sessions is taking aim at technology firms for preventing law enforcement from accessing encrypted evidence for ongoing terror investigations, warning that such actions could have “deadly consequences.”  The issue has become a point of tension between tech companies and federal investigators in high-profile cases, such as the 2016 dispute between the FBI and Apple over data stored on an iPhone belonging to a suspect in the 2015 San Bernardino terror attack.  Sessions, who delivered remarks on national security in New York City, said that over the past year the FBI was

Apparently, the Justice Department has identified more than six members of the Russian government involved in hacking the Democratic National Committee’s computers and swiping sensitive information that became public during the 2016 presidential election. Prosecutors and agents have assembled evidence to charge the Russian officials and could bring a case in 2018. Discussions about the case are in the early stages, apparently. If filed, the case would provide the clearest picture yet of the actors behind the DNC intrusion. U.S.

Sen Ed Markey (D-MA) and Rep Ted Lieu (D-CA) have teamed up to introduce a bill to boost IoT cybersecurity by creating a voluntary self-certification program under the Department of Commerce. The Cyber Shield Act would establish a voluntary cybersecurity program for the Internet of Things things, with input from an advisory committee comprising "academia, industry, consumer advocates, and the public" on benchmarks for security for consumer devices from baby monitors, cameras and cell phones to laptops and tablets. The goal is to have manufacturers hold themselves to "industry-leading cybersecurity and data security standards, guidelines, best practices, methodologies, procedures, and processes" for the reward of branding their products as such. Manufacturers would self-certify that their products met the benchmarks, and then could display a "Cyber Shield" label, like a "Good CyberHouseprotecting" seal of approval.

The committee will advise the Secretary of Commerce, who could elect not to treat a product as certified unless it was tested and accredited by an independent laboratory. The secretary would have two years from the enactment of the legislation to establish the cybersecurity benchmarks. The program would get a going over by the Commerce inspector general every two years staring not more than four years after enactment.

[Commentary] It is this committee’s mission to protect consumers, and in the coming months, we will be taking a more expansive look at the online experience to ensure safety, security, and an unfiltered flow of information. Recently, the Equifax data breach compromised the personal information of 145 million Americans, including social security numbers, addresses, credit card numbers, and more. This committee held a hearing on the breach and will continue to deeply scrutinize the staggering amount of personal information changing hands online and the business practices surrounding those transactions.

My colleagues and I will hold a separate hearing to assess identity verification practices, and determine whether they can be improved to protect personal data on the web even after a consumer’s information has been breached. These hearings are just the start of a long-term, thoughtful, and research-focused approach to better illuminate how Americans’ data is being used online, how to ensure that data is safe, and how information is being filtered to consumers over the web. While technology is responsible for a lot of positive change in our world, malignant behavior online can have consequences that are not fully disclosed to the American people.

The Trump Administration is planning to write a new cybersecurity strategy, White House Homeland Security Adviser Tom Bossert said, suggesting that the slew of Obama-era cyber plans and strategies are fast outliving their usefulness.

There’s no timeframe for when the strategy will launch, Bossert told reporters, but it will follow the broad outlines of a cybersecurity executive order President Donald Trump released in May. “As soon as we’re prepared to put forward a strategy that will be beneficial to the government and the nation, we’ll do so,” Bossert said on the sidelines of a Washington cybersecurity conference hosted by Palo Alto Networks.