ICD Brief 36.
This week’s Brief includes significant updates from the USA, Australia, China, Germany, India, Israel, NATO, and the UK.
We lead with video and print reports from two open hearings of the Senate Select Committee on Intelligence on Russian Influence and Disinformation. No movie could have improved on the setting; Chairman Richard Burr(R-NC), Vice Chairman Mark Warner(D-VA) and their committee members heard and engaged six expert witnesses* detail the history, context, tactics and strategy of attacks and vulnerabilities in more than 6 hours of testimony.
*Eugene Rumer, Director of Russia and Eurasia Program
Carnegie Endowment for International Peace
Roy Godson, Professor of Government Emeritus
Clint Watts, Senior Fellow,
Foreign Policy Research Institute Program on National Security
Kevin Mandia, Chief Executive Officer, FireEye
General (Ret.) Keith Alexander, Chief Executive Officer and President,
Thomas Rid, Professor Department of War Studies, King’s College London.
The Fix Here’s What We Learned From the Senate Hearing on Russia
Peter W. Stevenson, Washington Post
This post has been updated.
The Senate Intelligence Committee held a rare public hearing on Thursday, a first look at its investigation into Russian interference in the 2016 election.
The hearing, broken up into several sessions, began Thursday morning with a panel of academics brought in to explain Russia’s history of trying to influence politics in other countries. Sen. Richard Burr (R-N.C.), the committee chairman, and Sen. Mark R. Warner (D-Va.), the vice chairman, made it clear that they want to be thorough, starting with an understanding of how Russia interferes in other countries’ affairs and why.
On Thursday afternoon, the committee brought in a panel of cybersecurity experts, including Gen. Keith Alexander, who was head of the National Security Agency from 2005 to 2014. The experts are expected to discuss the techniques Russia uses to influence other countries and their politics over the Internet.
- Sen. Marco Rubio’s campaign was the target of hacks – as recently as yesterday.
- The Senate Intelligence Committee wants to avoid the partisanship we have seen from the House Intelligence Committee.
- Russia has a history of meddling in other countries’ affairs.
- Some Russian interference techniques are easier to spot than others.
- This isn’t just about the United States and Russia.
- Russia has a lot of resources devoted to cyberespionage.
- The hackers know they’re being watched.
First Public Senate Intelligence Hearing Russia Probe Highlights Influence Disinformation
Judy Woodruff PBS Newshour
The Senate Intelligence Committee held its first public hearing on Russia’s election season meddling, where both committee leaders made clear they wanted to avoid the partisanship that’s plagued their House counterparts’ investigation. They focused on issues from the very real threats of fake news stories, to rules for engagement in a cyber war.
Take these 5 steps to help protect your privacy online
Good news, everyone: Your privacy online did not vanish when Congress voted Tuesday to throw out planned rules that would have stopped Internet providers from tracking your browsing history and selling that data to advertisers. Bad news: Your privacy on the Internet wasn’t in great shape before that vote either.
In other words, the death of pending Federal Communications Commission regulations is a reminder to perform the privacy check-up that you should have done anyway.
A Scramble at Cisco Exposes Uncomfortable Truths About US Cyber Defense
“When WikiLeaks founder Julian Assange disclosed earlier this month that his anti-secrecy group had obtained CIA tools for hacking into technology products made by U.S. companies, security engineers at Cisco Systems (CSCO.O) swung into action.
The Wikileaks documents described how the Central Intelligence Agency had learned more than a year ago how to exploit flaws in Cisco’s widely used Internet switches, which direct electronic traffic, to enable eavesdropping.”
Feds to Battle Cybersecurity with Analytics
“For the federal government to better secure its information systems and support cybersecurity in the private sector, departments and agencies will need to dramatically improve the way they collect, analyze and share information about emerging threats, current and former government officials are cautioning. At a government IT conference convened by Akamai, a content delivery and cloud service provider, officials stressed the importance of casting a wide net for gathering information about cyberthreats, calling for the advancement of new standards and protocols to automate information sharing across the public and private sectors.”
Congress Eyes Shakeup of Homeland Security Unit
“Lawmakers are taking a second stab at legislation that would reorganize the Department of Homeland Security’s cybersecurity efforts with the goal of bolstering its cyber operations in the face of evolving threats. A House panel with oversight of DHS is getting ready to again consider legislation that would consolidate the department’s cyber efforts under one operational agency.”
NASA Faces Down New Cybersecurity Vulnerabilities
“It’s not surprising NASA has a lot of technology to protect — it is, after all, the agency that put men on the moon. But the space agency is now taking steps to enhance its cybersecurity, in part by embracing a key Department of Homeland Security program and also by coordinating its own efforts internally.”
Industry Support Is Helping Australian Cybersecurity Startups Shake Off Risk Aversion
“Austrade is reviewing the lessons learned to date after successful trade missions to India and the United States that laid the groundwork for Australian cybersecurity innovators to build bridges for facilitating international growth.”
Australia Highlights Region’s Commitment to Cyber Security
“Aligning cyber security plans to business challenges was a hot topic at the recent ACSC (Australian Cyber Security Centre) conference in Canberra. Recently I joined our regional Australian team to help increase Carbon Black’s involvement and impact on the Australian (and greater) cyber security market. The ACSC and its conference stand front and centre in the changing cyber security mandates in Australia and surrounding regions.”
German army launches new cyber command
“Future cyber attacks are to be fended off by the new “Cyber and Information Space Command” (CIR), which will become operational on April 1. The command will have its own independent organizational structure, thus becoming the sixth branch of the German military – on a par with the army, navy, air force, joint medical service and joint support service. Although other countries, such as the USA, set up cyber commands long ago, the Bundeswehr now sees itself “at the international forefront.”
Digital India Requires Cyber Security Investments
“Prime Minister Modi has embarked on a series of transformative initiatives including Aadhar, De-monetization and Digital India to hasten India’s transition from an analog to a digital economy. This is a laudable goal and if executed properly could really jumpstart India’s economic growth and create crores of new jobs. However, these goals are not achievable unless India dramatically improves its cyber security infrastructure”
Hackers dive into India’s big issues to find digital solutions
“BENGALURU: Over 10,000 students. 1,266 teams. 36 hours. On Saturday, the hacks of India got to work, hunching over to stitch codes for digital solutions for the government, at the grand finale of Smart India Hackathon 2017.”
NATO Plans €3 Billion Investment in Satellite Bandwidth, Cybersecurity
“As security threats move online, the NATO Communications and Information Agency wants to strengthen network capabilities. To that end, the alliance plans to invest around €3 billion in satellite bandwidth and stronger cybersecurity, a NATO official confirmed today. The contracts for the expansion will be presented in Ottawa, Canada’s capital, at an April defense conference.”
Airports and nuclear power stations on terror alert as government officials warn of ‘credible’ cyber threat
“Britain’s airports and nuclear power stations have been told to tighten their defences against terrorist attacks in the face of increased threats to electronic security systems.
Security services have issued a series of alerts in the past 24 hours, warning that terrorists may have developed ways of bypassing safety checks.”
First Cyber Security Startups Graduate from GCHW Accelerator
“The first group of companies has completed a government-led cyber accelerator programme aimed at helping UK startups take the lead in producing the next generation of cyber security systems, with another round to be announced in 2017”
UK Leading in Using Red Team Cyber Security Testing
“In the face of increasing data protection regulations and cyber security threats, red team testing is an essential tool to find out just how susceptible organisations are to cyber attack. This is the view of risk management and red teaming expert Justin Clarke-Salt, managing director and co-founder of Gotham Digital Science, a Stroz Friedberg company.”
BRC Launches Student Competition to Fight Retail Cyber Crime
“As part of the British Retail Consortium’s (BRC) campaign to tackle the threat of cybercrime on the UK retail industry, students are being called upon to offer ideas.
A contest hosted by the BRC has invited students from any higher education establishment to propose ideas on how the government, law enforcement and retail industry can work together to fight digital threats.”
Survey Shows Increasing Focus on Cybersecurity in UK Financial Services
“The latest CBI/PwC financial services quarterly survey highlighted a number of measures being implemented by firms to tackle cyber crime. The survey, of 98 firms, charted the views of firms during the three months to March 2017. According to the newly published survey results, 84% of financial services firms expect to invest in “preventative technology and IT systems” during the next year, and 83% expect to engage in “penetration testing”. A further 82% of firms said they would test incident response plans they have in place for reacting to cyber incidents when they occur.”