Crossroads Blog | Institute National Security and Counterterrorism

Current Affairs, cyber attack, Cyber Exploitation, Legislation, Privacy, regulation

Cyber Roundup (4/23): Cyber week begins, CISPA, should NSA monitor private networks, North Korea’s cyber war, Iran’s cyber culture, and export restrictions on China?

Busy day.  Here's a quick survey . . .

***

Brendan Sasso and Andrew Feinberg reported for The Hill on cyber week.  This week is cyber week because the House will vote on four cybersecurity bills: CISPA, amendments to FISMA (providing "stronger oversight of the security of federal computer systems"), the Cybersecurity Enhancement Act (regarding cybersecurity research), and another bill authorizing research into new computer technology.  The fate of the PRECISE Act is unclear; Rep. Lungren recently weakened the PRECISE Act by dropping mandatory cybersecurity standards for critical infrastructure providers.

Brendan Sasso again wrote for The Hill on cybersecurity legislation.  In this article, Sasso suggested that regardless of what the House does during cyber week, the fate of cyber legislation will ultimately rest with the Senate.  In this sense, even if CISPA does pass the House, it is likely DOA in the Senate because the bill lacks cybersecurity standards for critical infrastructure.  Those standards are a Democratic (and administration) sticking point. 

Along those same lines, Jason Miller reported for FederalNewsRadio.com on the Obama administration's critique of Republican cybersecurity legislation.  Notably, the article quoted one administration official who said that the nation can't address vulnerabilities in critical infrastructure through information-sharing alone.  Moreover, we have to approach information-sharing very carefully.  Another administration official suggested the following improvements to all of the bill's information sharing provisions: establish clear policies that govern the use of the information; define minimization requirements that will limit what information can be received, retained, and shared; and implement strong oversight and accountability measures.  The administration ultimately believes that both the information-sharing provisions and liability provisions (exempting private companies from liability for sharing cyber threat information with the federal government) need to be narrowly tailored.

Scott Vernick wrote an excellent op-ed for the Huffington Post on how those arguing against cybersecurity legislation on privacy grounds are missing the point.  Noting the devastating attack that a cyberattack could have, Vernick argues that the internet privacy debate is "obscuring discussion about a threat that is . . . fare more important."  Indeed, Vernick believes that we should focus the debate not on the possible privacy implications of information over-sharing, but rather, the "very real possibility of crippling economic fallout" resulting from a cyberattack.

And on that note, Declan McCullagh wrote for CNET on how opposition has grown to CISPA, aka the "Big Brother" cybersecurity bill.  Specifically, both Rep. Ron Paul and 18 House Democrats issued strong statements deriding the bill.

Jessica-Herrera-Flanigan wrote for Nextgov on the role of government in cyberspace.  Flanigan broke down the main sticking points between the Republicans and Democrats on cybersecurity legislation:  Democrats wants critical infrastructure owners to meet standards in order to avoid catastrophic cyber attack, Republicans believe the "private sector knows best" and that standards are overly burdensome on business without guaranteeing more security.  Interestingly, Flanigan noted that this debate isn't really new; the same debate raged when President Clinton established the President's Commission on Critical Infrastructure Protection.

***

Martin Feldstein wrote an interesting op-ed for the Wall Street Journal.  In his op-ed, Feldstein argued that as the specter of cyber-war grows closer, we should authorize the NSA to scan e-mails headed to .gov, .com, and .edu addresses for malware.  Feldstein believes that the NSA could monitor the e-mails without reading content.  If a particular e-mail raised a red flag, the NSA could hand it over to the DHS, who would then "review the content of the email or could notify the intended recipient that a potentially dangerous email had been received." 

***

Megan Lunn wrote an interesting article for Korea IT Times detailing how the N. Koreans view hacking.  Notably, the N. Koreans teach children computer literacy courses, select the brightest for further IT training, then release those hackers to run international gaming websites.  Those gaming websites rake in cash that supports the N. Korean nuclear program and possibly the N. Korean's recently failed rocket.  Moreover, the article stated that the N. Koreans have expanded their hacker army from 500 to about 3,000 hackers.

***

Anshel Pfeffer wrote for Haaretz on Iran's attempt to control it's domestic internet.  Noting the Iranian's recent desire to build their own Internet free of the corrupting influences of the West, Pfeffer argued that the "Internet threatens a regime such as Iran's in every possible sphere" and trying to create a new Iranian internet "won't change the ongoing erosion of [the regime's] authority."

As for that earlier cyberattack on Iranian oil facilities, Mark Clayton explained for the Christian Science Monitor how the malware (called "Viper") did not target Iranian industrial control systems, but rather, wiped oil ministry data off their servers.

***

Phil Muncaster reported for The Register on an explosive new report that both accuses China of cyber-espionage and suggests tightening export restrictions on satellite technology headed to China.  That report, written by the Department of State, Commerce, and Defense, noted Chinese attempts to obtain U.S. space launch and cruise missile data.  Moreover, the report stated:

China’s continuing efforts to acquire US military and dual-use technologies are enabling China’s science and technology base to diminish the U.S. technological edge in areas critical to the development of weapons and communications systems. Additionally, the technologies China has acquired could be used to develop more advanced technologies by shortening Chinese R&D cycles.

Cue the faux Chinese outrage.  Xinhau called the report groundless, while a Chinese Foreign Ministry spokesman managed to say with a straight face that China's military advancements are not due to cyber-espionage.

You can find the DOD/Dept of State report here.

Leave a Reply

Current Affairs, cyber attack, Cyber Exploitation, Legislation, Privacy, regulation

Cyber Roundup (4/23): Cyber week begins, CISPA, should NSA monitor private networks, North Korea’s cyber war, Iran’s cyber culture, and export restrictions on China?

Busy day.  Here's a quick survey . . .

***

Brendan Sasso and Andrew Feinberg reported for The Hill on cyber week.  This week is cyber week because the House will vote on four cybersecurity bills: CISPA, amendments to FISMA (providing "stronger oversight of the security of federal computer systems"), the Cybersecurity Enhancement Act (regarding cybersecurity research), and another bill authorizing research into new computer technology.  The fate of the PRECISE Act is unclear; Rep. Lungren recently weakened the PRECISE Act by dropping mandatory cybersecurity standards for critical infrastructure providers.

Brendan Sasso again wrote for The Hill on cybersecurity legislation.  In this article, Sasso suggested that regardless of what the House does during cyber week, the fate of cyber legislation will ultimately rest with the Senate.  In this sense, even if CISPA does pass the House, it is likely DOA in the Senate because the bill lacks cybersecurity standards for critical infrastructure.  Those standards are a Democratic (and administration) sticking point. 

Along those same lines, Jason Miller reported for FederalNewsRadio.com on the Obama administration's critique of Republican cybersecurity legislation.  Notably, the article quoted one administration official who said that the nation can't address vulnerabilities in critical infrastructure through information-sharing alone.  Moreover, we have to approach information-sharing very carefully.  Another administration official suggested the following improvements to all of the bill's information sharing provisions: establish clear policies that govern the use of the information; define minimization requirements that will limit what information can be received, retained, and shared; and implement strong oversight and accountability measures.  The administration ultimately believes that both the information-sharing provisions and liability provisions (exempting private companies from liability for sharing cyber threat information with the federal government) need to be narrowly tailored.

Scott Vernick wrote an excellent op-ed for the Huffington Post on how those arguing against cybersecurity legislation on privacy grounds are missing the point.  Noting the devastating attack that a cyberattack could have, Vernick argues that the internet privacy debate is "obscuring discussion about a threat that is . . . fare more important."  Indeed, Vernick believes that we should focus the debate not on the possible privacy implications of information over-sharing, but rather, the "very real possibility of crippling economic fallout" resulting from a cyberattack.

And on that note, Declan McCullagh wrote for CNET on how opposition has grown to CISPA, aka the "Big Brother" cybersecurity bill.  Specifically, both Rep. Ron Paul and 18 House Democrats issued strong statements deriding the bill.

Jessica-Herrera-Flanigan wrote for Nextgov on the role of government in cyberspace.  Flanigan broke down the main sticking points between the Republicans and Democrats on cybersecurity legislation:  Democrats wants critical infrastructure owners to meet standards in order to avoid catastrophic cyber attack, Republicans believe the "private sector knows best" and that standards are overly burdensome on business without guaranteeing more security.  Interestingly, Flanigan noted that this debate isn't really new; the same debate raged when President Clinton established the President's Commission on Critical Infrastructure Protection.

***

Martin Feldstein wrote an interesting op-ed for the Wall Street Journal.  In his op-ed, Feldstein argued that as the specter of cyber-war grows closer, we should authorize the NSA to scan e-mails headed to .gov, .com, and .edu addresses for malware.  Feldstein believes that the NSA could monitor the e-mails without reading content.  If a particular e-mail raised a red flag, the NSA could hand it over to the DHS, who would then "review the content of the email or could notify the intended recipient that a potentially dangerous email had been received." 

***

Megan Lunn wrote an interesting article for Korea IT Times detailing how the N. Koreans view hacking.  Notably, the N. Koreans teach children computer literacy courses, select the brightest for further IT training, then release those hackers to run international gaming websites.  Those gaming websites rake in cash that supports the N. Korean nuclear program and possibly the N. Korean's recently failed rocket.  Moreover, the article stated that the N. Koreans have expanded their hacker army from 500 to about 3,000 hackers.

***

Anshel Pfeffer wrote for Haaretz on Iran's attempt to control it's domestic internet.  Noting the Iranian's recent desire to build their own Internet free of the corrupting influences of the West, Pfeffer argued that the "Internet threatens a regime such as Iran's in every possible sphere" and trying to create a new Iranian internet "won't change the ongoing erosion of [the regime's] authority."

As for that earlier cyberattack on Iranian oil facilities, Mark Clayton explained for the Christian Science Monitor how the malware (called "Viper") did not target Iranian industrial control systems, but rather, wiped oil ministry data off their servers.

***

Phil Muncaster reported for The Register on an explosive new report that both accuses China of cyber-espionage and suggests tightening export restrictions on satellite technology headed to China.  That report, written by the Department of State, Commerce, and Defense, noted Chinese attempts to obtain U.S. space launch and cruise missile data.  Moreover, the report stated:

China’s continuing efforts to acquire US military and dual-use technologies are enabling China’s science and technology base to diminish the U.S. technological edge in areas critical to the development of weapons and communications systems. Additionally, the technologies China has acquired could be used to develop more advanced technologies by shortening Chinese R&D cycles.

Cue the faux Chinese outrage.  Xinhau called the report groundless, while a Chinese Foreign Ministry spokesman managed to say with a straight face that China's military advancements are not due to cyber-espionage.

You can find the DOD/Dept of State report here.

Leave a Reply

Current Affairs, cyber attack, Cyber Exploitation, Legislation, Privacy, regulation

Cyber Roundup (4/23): Cyber week begins, CISPA, should NSA monitor private networks, North Korea’s cyber war, Iran’s cyber culture, and export restrictions on China?

Busy day.  Here's a quick survey . . .

***

Brendan Sasso and Andrew Feinberg reported for The Hill on cyber week.  This week is cyber week because the House will vote on four cybersecurity bills: CISPA, amendments to FISMA (providing "stronger oversight of the security of federal computer systems"), the Cybersecurity Enhancement Act (regarding cybersecurity research), and another bill authorizing research into new computer technology.  The fate of the PRECISE Act is unclear; Rep. Lungren recently weakened the PRECISE Act by dropping mandatory cybersecurity standards for critical infrastructure providers.

Brendan Sasso again wrote for The Hill on cybersecurity legislation.  In this article, Sasso suggested that regardless of what the House does during cyber week, the fate of cyber legislation will ultimately rest with the Senate.  In this sense, even if CISPA does pass the House, it is likely DOA in the Senate because the bill lacks cybersecurity standards for critical infrastructure.  Those standards are a Democratic (and administration) sticking point. 

Along those same lines, Jason Miller reported for FederalNewsRadio.com on the Obama administration's critique of Republican cybersecurity legislation.  Notably, the article quoted one administration official who said that the nation can't address vulnerabilities in critical infrastructure through information-sharing alone.  Moreover, we have to approach information-sharing very carefully.  Another administration official suggested the following improvements to all of the bill's information sharing provisions: establish clear policies that govern the use of the information; define minimization requirements that will limit what information can be received, retained, and shared; and implement strong oversight and accountability measures.  The administration ultimately believes that both the information-sharing provisions and liability provisions (exempting private companies from liability for sharing cyber threat information with the federal government) need to be narrowly tailored.

Scott Vernick wrote an excellent op-ed for the Huffington Post on how those arguing against cybersecurity legislation on privacy grounds are missing the point.  Noting the devastating attack that a cyberattack could have, Vernick argues that the internet privacy debate is "obscuring discussion about a threat that is . . . fare more important."  Indeed, Vernick believes that we should focus the debate not on the possible privacy implications of information over-sharing, but rather, the "very real possibility of crippling economic fallout" resulting from a cyberattack.

And on that note, Declan McCullagh wrote for CNET on how opposition has grown to CISPA, aka the "Big Brother" cybersecurity bill.  Specifically, both Rep. Ron Paul and 18 House Democrats issued strong statements deriding the bill.

Jessica-Herrera-Flanigan wrote for Nextgov on the role of government in cyberspace.  Flanigan broke down the main sticking points between the Republicans and Democrats on cybersecurity legislation:  Democrats wants critical infrastructure owners to meet standards in order to avoid catastrophic cyber attack, Republicans believe the "private sector knows best" and that standards are overly burdensome on business without guaranteeing more security.  Interestingly, Flanigan noted that this debate isn't really new; the same debate raged when President Clinton established the President's Commission on Critical Infrastructure Protection.

***

Martin Feldstein wrote an interesting op-ed for the Wall Street Journal.  In his op-ed, Feldstein argued that as the specter of cyber-war grows closer, we should authorize the NSA to scan e-mails headed to .gov, .com, and .edu addresses for malware.  Feldstein believes that the NSA could monitor the e-mails without reading content.  If a particular e-mail raised a red flag, the NSA could hand it over to the DHS, who would then "review the content of the email or could notify the intended recipient that a potentially dangerous email had been received." 

***

Megan Lunn wrote an interesting article for Korea IT Times detailing how the N. Koreans view hacking.  Notably, the N. Koreans teach children computer literacy courses, select the brightest for further IT training, then release those hackers to run international gaming websites.  Those gaming websites rake in cash that supports the N. Korean nuclear program and possibly the N. Korean's recently failed rocket.  Moreover, the article stated that the N. Koreans have expanded their hacker army from 500 to about 3,000 hackers.

***

Anshel Pfeffer wrote for Haaretz on Iran's attempt to control it's domestic internet.  Noting the Iranian's recent desire to build their own Internet free of the corrupting influences of the West, Pfeffer argued that the "Internet threatens a regime such as Iran's in every possible sphere" and trying to create a new Iranian internet "won't change the ongoing erosion of [the regime's] authority."

As for that earlier cyberattack on Iranian oil facilities, Mark Clayton explained for the Christian Science Monitor how the malware (called "Viper") did not target Iranian industrial control systems, but rather, wiped oil ministry data off their servers.

***

Phil Muncaster reported for The Register on an explosive new report that both accuses China of cyber-espionage and suggests tightening export restrictions on satellite technology headed to China.  That report, written by the Department of State, Commerce, and Defense, noted Chinese attempts to obtain U.S. space launch and cruise missile data.  Moreover, the report stated:

China’s continuing efforts to acquire US military and dual-use technologies are enabling China’s science and technology base to diminish the U.S. technological edge in areas critical to the development of weapons and communications systems. Additionally, the technologies China has acquired could be used to develop more advanced technologies by shortening Chinese R&D cycles.

Cue the faux Chinese outrage.  Xinhau called the report groundless, while a Chinese Foreign Ministry spokesman managed to say with a straight face that China's military advancements are not due to cyber-espionage.

You can find the DOD/Dept of State report here.

Leave a Reply

Bitnami