Cybersecurity and Cyberwarfare

The use of computers and the Internet in conducting warfare in cyberspace.

House Communications Subcommittee Hearing on Cybersecurity Risks to Wireless Tech

The House Communications Subcommittee, chaired by Rep Marsha Blackburn (R-TN), held a hearing examining cybersecurity risks to wireless technologies with a particular focus on wireless networks and mobile devices. Cyber criminals often utilize a number of strategies to launch attacks on wireless technologies. Often times exploiting vulnerabilities within a network to gain unauthorized access to wireless networks or target mobile devices through malware and phishing attacks.

“Mobile connectivity has become essential to our daily lives as a result of advances in technology and consumer demand,” said Chairman Blackburn. “Increasing reliance on wireless devices and networks has provided more avenues for cyber criminals to compromise our security and harm consumers. Hackers are smart and they are adapting. The sophistication and frequency of cyberattacks against mobile devices continues to escalate and we must meet this challenge head on.”

Democratic Sens Seek Answers About Trump Officials and Encrypted Apps

Top Democratic Sens on the Homeland Security Committee are asking inspectors general at 24 federal agencies to investigate whether Trump Administration officials are skirting federal records laws by using encrypted and vanishing messaging apps. The committee’s current and former ranking members, Sens Claire McCaskill (D-MO) and Tom Carper (D-DE) also want the IGs to investigate whether top agency officials are barring staffers from responding to information requests from congressional Democrats.

That request follows a report that Trump Administration lawyers advised agencies to ignore Democratic requests. The senators collected the requests into a single, alphabetically arranged document that runs to 120 pages, beginning with the Agriculture Department IG and ending with Veterans Affairs.

Russian Cyber Hacks on US Electoral System Far Wider Than Previously Known

Russia’s cyberattack on the US electoral system before Donald Trump’s election was far more widespread than has been publicly revealed, including incursions into voter databases and software systems in almost twice as many states as previously reported.

The scope and sophistication so concerned Obama administration officials that they took an unprecedented step -- complaining directly to Moscow over a modern-day “red phone.” In October, the White House contacted the Kremlin on the back channel to offer detailed documents of what it said was Russia’s role in election meddling and to warn that the attacks risked setting off a broader conflict. The new details, buttressed by a classified National Security Agency document recently disclosed by the Intercept, show the scope of alleged hacking that federal investigators are scrutinizing as they look into whether Trump campaign officials may have colluded in the efforts. But they also paint a worrisome picture for future elections: The newest portrayal of potentially deep vulnerabilities in the US’s patchwork of voting technologies comes less than a week after former FBI Director James Comey warned Congress that Moscow isn’t done meddling.

Comey: Russian hacking ‘massive effort’ against US elections

Russian hackers were meddling with the 2016 US election right from the start of the campaign season. Former FBI director James Comey testified before a Senate Intelligence hearing on June 8, a month after President Donald Trump fired him on May 9. The hearing, centered on Comey's conversations with President Trump, comes amid the FBI's investigations into potential campaign ties with Russia that continue to haunt the commander-in-chief. Allegations of Russian influence on the US presidential election stretch all the way back before the midyear Democratic National Convention, when hackers spear-phished officials and released documents through WikiLeaks.

Request for Comments on Promoting Stakeholder Action Against Botnets and Other Automated Threats

NTIA, on behalf of the Department of Commerce, is requesting comment on actions that can be taken to address automated and distributed threats to the digital ecosystem as part of the activity directed by the President in Executive Order 13800, "Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure." Through this Request for Comments, NTIA seeks broad input from all interested stakeholders - including private industry, academia, civil society, and other security experts - on ways to improve industry's ability to reduce threats perpetuated by automated distributed attacks, such as botnets, and what role, if any, the U.S. Government should play in this area.

House Oversight Subcommittee Examines Federal Health Care Cybersecurity Efforts in Wake of ‘WannaCry'

The Subcommittee on Oversight and Investigations, chaired by Rep Tim Murphy (R-PA), held a hearing examining the Department of Health and Human Services’ (HHS) role in cybersecurity efforts within the health care sector. Discussed during the hearing were two reports that HHS was required to submit to Congress, following the implementation of the Cybersecurity Information Sharing Act (CISA), which became law in 2015. The reports outline the department’s internal cybersecurity processes and industry recommendations for what the federal government and industry can do to improve cybersecurity efforts in the health care sector.

FTC Announces Third PrivacyCon, Calls for Presentations

Building on the success of its two previous PrivacyCon events, the Federal Trade Commission is announcing a call for presentations for its third PrivacyCon, which will take place on February 28, 2018.

The call for presentations seeks research and input on a wide range of issues and questions to build on previously presented research and promote discussion, including:
What are the greatest threats to consumer privacy today? What are the costs of mitigating these threats? How are the threats evolving? How does the evolving nature of the threats impact consumer welfare and the costs of mitigation?
How can companies weigh the costs and benefits of security-by-design techniques and privacy-protective technologies and behaviors? How can companies weigh the costs and benefits of individual tools or practices?
How can companies assess consumers’ privacy preferences?
Are there market failures (e.g. information asymmetries, externalities) in the area of privacy and data security? If so, what tools and strategies can businesses or consumers use to overcome or mitigate those failures? How can policymakers address those failures?

Submissions for PrivacyCon must be made by November 17, 2017.

Intelligence officials Rogers and Coats said they won’t discuss specifics of private conversations with Trump

Two of the nation’s top intelligence officials said in a hearing they would not discuss specifics of private conversations with President Donald Trump, declining to say whether they had been asked to push back against an FBI probe into possible coordination between his campaign and the Russian government.

Testifying before the Senate Intelligence Committee, Director of National Intelligence Daniel Coats refused to say whether it was true that President Trump asked Coats if he could reach out to then-FBI Director James B. Comey and dissuade him from pursuing the Michael Flynn matter. “I don’t believe it’s appropriate for me to address that in a public session,’’ Coats said. “I don’t think this is the appropriate venue to do this in.’’ He added: “I have never felt pressure to intervene or interfere in any way … in an ongoing investigation.’’ Similarly, National Security Agency Director Michael S. Rogers declined to directly answer Sen Mark Warner’s (D-VA) question of whether President Trump sought his aid in downplaying the investigation.

5 Unanswered Questions Raised By The Leaked NSA Hacking Report

Here are 5 other questions that remain unknown about this story and the ongoing threat that national security officials say Russia poses to the integrity of American elections.
1. How widespread are these attacks?
2. Can the federal government do more?
3. Why do these leaks keep happening?
4. Why can't the US stop these cyberattacks?
5. Will this change Trump's tune?

Top-Secret NSA Report Details Russian Hacking Effort Days Before 2016 Election

Apparently, Russian Military Intelligence executed a cyberattack on at least one US voting software supplier and sent spear-phishing e-mails to more than 100 local election officials just days before November 2016’s presidential election. The top-secret National Security Agency document, which was provided anonymously to The Intercept and independently authenticated, analyzes intelligence very recently acquired by the agency about a months-long Russian intelligence cyber effort against elements of the US election and voting infrastructure. The report, dated May 5, 2017, is the most detailed US government account of Russian interference in the election that has yet come to light.

While the document provides a rare window into the NSA’s understanding of the mechanics of Russian hacking, it does not show the underlying “raw” intelligence on which the analysis is based. A US intelligence officer who declined to be identified cautioned against drawing too big a conclusion from the document because a single analysis is not necessarily definitive. The report indicates that Russian hacking may have penetrated further into US voting systems than was previously understood.