The reality of modern times is that nations are in a constant state of cyber engagement – either for espionage, influence, or disruption purposes. While there is a tacit acknowledgement that cyber espionage for political and military purposes is is fair game, some actions such as the disruption of critical ...

It’s likely only a matter of time before a major cyber attack hits U.S. civilian infrastructure, but the nature of that digital violation and the means to respond remain uncertain, as many of the most sensitive systems operate under private sector control. There is a “narrow and fleeting window of ...

The taxonomy of cybersecurity often includes alarming declarations on par with acts of war. But cyber campaigns outside of active conflict hardly meet such a coercive threshold. While there are major concerns over the cybersecurity of the nation’s critical infrastructure – the power grid, water treatment plants, transportation hubs, energy ...

Just as criminals conduct business in the dark allies of cities, they also trade in illicit products such as drugs, guns, and counterfeit documents through online bazaars hidden behind anonymizing technology in a place known as the darknet. Last month, law enforcement agencies led by U.S. and Dutch authorities took ...

On July 20, 2017, U.S. and European law enforcement authorities announced they had jointly taken down two major darknet marketplace sites: AlphaBay and Hansa. These sites, which aspire to operate in the shadows beyond the reach of national and international police forces and organizations, present a significant risk to national ...

On July 5, Thai police arrested a man in Bangkok named Alexandre Cazes, a 26-year-old Canadian, for running an expansive online criminal bazaar called AlphaBay. Previously only known to law enforcement by his online moniker DeSnake, Cazes reportedly made the mistake of using his personal Hotmail email address to communicate ...

Nearly everyone now accepts that Russia attempted to interfere with the U.S. electoral process with the aim of harming Hillary Clinton’s presidential campaign. Even President Donald Trump has grudgingly admitted that Russia was behind the hacking of the Democratic National Committee. But for a long, long time – far too ...

No consensus report resulted from the yearlong negotiations of the 5th United Nations Group of Governmental Experts (GGE) on the Developments in the Field of Information and Communications Technologies (ICTs). As the meeting drew to a close in June, the 25 government officials ended their work with a disappointing acknowledgement ...

The top U.S. cyber diplomat will no longer have the direct ear of Secretary of State Rex Tillerson. The impending closure of the U.S. State Department’s Office of the Coordinator for Cyber Issues, established under President Barack Obama in 2011, has left some in dismay on how cybersecurity plays into ...

Unsurprisingly, the fifth UN Group of Governmental Experts (GGE) ran into difficulties that proved fatal. Previous GGEs operated in a more favorable international climate. The substance of the GGE’s work peaked with its 2013 Report and by the end of the 2015 session, it was clear that the GGE format ...

Beset by disruptive digital attacks, espionage, and cyber-enabled influence campaigns intended to sway public opinion, the United States and its allies are looking for ways to stop the onslaught of computer breaches into their systems. Many nations’ security services are bolstering their offensive military cyber capabilities and response frameworks to ...

Time and time again companies, organizations, and government agencies have proven that they can’t completely secure their computer networks from hackers – particularly nation-states with the resources to pursue access persistently. Instead of focusing solely on network defense, the United States can adopt a deterrence strategy that dissuades foreign governments ...

Disruptive and intrusive cyber activity pervades much of modern international relations. The trend towards the jockeying for global influence and geopolitical positioning through cyber means is only going to grow as more countries and non-state actors play out conflicts in the virtual domain. The responsibility for defending U.S. interests from ...

Dan Coats, Director of National Intelligence, told the Aspen Security Forum today that he believes the U.S. national security community lacks the capability to prevent a “cyber-9/11”—meaning a collapse of critical infrastructure caused by malware unleashed by a state or transnational organized crime group. “Imagine a shutdown of the electric ...

Tradecraft. A term popularized in the novels of John le Carré, but practiced by spies throughout history. Tradecraft includes a number of methodologies, ranging from chalk-marked dead drops, and honey traps, to wiretapping, losing a tail, and safe houses. Spies have to master their craft if they are to be ...

Intelligence officers must often use a false identity – a legend or cover. How has social media and digital technology changed how they create and preserve these cover identities, and what have counterintelligence units traditionally looked for when trying to identify foreign spies? The Cipher Brief’s Levi Maxey spoke with ...

Intelligence officers’ tradecraft is highly guarded for good reason. One of its most important aspects is establishing a cover identity so foreign governments and hostile groups are not aware who is spying on them. The Cipher Brief’s Levi Maxey spoke with Daniel Hoffman, a former CIA station chief, about what ...

The main loss from the departure of Chris Painter, America’s top cyber diplomat, will not be the loss of one of the top U.S. civil servants in the field, with 26 years in government. Nor will the biggest hit be to U.S. airlines, whose business models have increasingly been depending ...

Despite the many logistical and operational challenges of a transition, many acknowledge that U.S. Cyber Command must eventually separate from the National Security Agency. According to news reports, the Trump Administration is now finalizing plans to separate Cyber Command from its parent organization, the National Security Agency. While the details ...

Reports of intrusions into industrial control systems (ICS) broke late last week – this time in several U.S. power plants, including the Wolf Creek nuclear facility in Kansas.  The alleged perpetrator? Russia, leading many to compare these incidents to the successful and damaging Russian attacks against the electrical grid in ...

Relations between the United States and North Korea hit a new low following Pyongyang’s test of an ICBM July 4. With a range of up to 5,000 miles – capable of reaching Alaska – the Hwasong-14 is North Korea’s longest-range missile to date, and its successful test is a direct ...

In May, the U.S. Ground-based Midcourse Defense system - the GMD - successfully intercepted a mock ICBM in a critical test of the U.S. missile defense umbrella. Given the growing threat of the development of a North Korean ICBM capable of reaching the United States, this is excellent news. However, ...

The Pentagon’s missile defense review is now underway, incorporating mandates from both the White House and Congress. One of its considerations, at presidential direction, is whether there should be a relative “rebalancing” between homeland and regional missile defense. Regional defense has received a relatively greater share of the Missile Defense ...

As the dust settles on last Tuesday’s NotPetya malware outbreak, it is increasingly evident that this was not a ransomware, money-making attack at all; rather it was a targeted, destructive cyberattack against Ukraine. It utilized deception in which it was designed to look like ransomware but wasn’t. It targeted obscure ...

Intelligence Advanced Research Projects Activity Director Jason Matheny worries a lot about national security risks that probably aren’t headlining many lists of pressing threats to the United States — pandemics, autonomous systems, and strategic nuclear war, to name a few. “We also have a need to protect what’s right now ...

It’s Labor Day, September 4, 2017, and the National Security Agency has just intercepted communications between the senior leadership of the Iranian Revolutionary Guard Corps, the militant purveyors of the 1979 Iranian Revolution, and employees of the Iranian companies ITSecTeam and Mersad. The communications reveal future disruptive cyber attacks against ...

Last February, President Donald Trump issued an Executive Order calling on the Department of Treasury to review the 2010 Dodd-Frank Wall Street Reform and Consumer Protection Act enacted in the wake of the 2008 financial crisis. One Dodd-Frank provision the Trump Administration would like to suspend  is Section 1502, which requires U.S. companies that ...

With the advent of digital communications, people thousands of miles apart can engage with each other seamlessly, and businesses can operate at a scale previously unknown, thanks to a burgeoning consumer electronics industry. But not all aspects of this industry are positive. Some contribute to global insecurity and human suffering. ...

Terrorism, political corruption, and human rights violations in sub-Saharan Africa are like any other business: management identifies and provides a needed product or service to willing buyers, thereby generating profits and reinvesting them. In the tragedy currently playing out in the Great Lakes region of Central Africa, especially in the ...

Malicious and trusted insiders pose a range of challenges in terms of counterintelligence risks and physical threats, and experts say policy needs to catch up quickly to the new technologies available to help mitigate the problem. “There’s a lack of willingness to share information, and that’s why I still believe ...

The explosion of data in a digital world has exposed people to volumes of information as never before. But just as this data will increase exponentially with time, so too will the number of questions that can be posed against these expansive datasets. To find insight buried in this immense ...

National Geospatial-Intelligence Agency Deputy Director Susan Gordon on Wednesday called for the government and Intelligence Community to prioritize innovation to better confront the broad array of threats the United States faces today. Adversaries always have access to commonly available things, which means that those in the IC must find ways ...

The United Kingdom has revamped the way its intelligence agencies collaborate with private industry by establishing a new National Cyber Security Centre that leans towards more open and meaningful exchanges to help secure the country against malicious cyber attacks. The Cipher Brief’s Levi Maxey spoke with Sir David Omand, the ...

Few security challenges muddle the distinction between government and business roles as those emanating from cyberspace. National security issues no longer remain solely under the purview of government agencies, and companies continue to find themselves in the sights of foreign adversaries. Moreover, attacks against commercial products have geopolitical ramifications. Software ...

Statecraft and business have always been closely linked, but the advent of digital technology has blurred the roles more than ever. Systems crucial to the economic well-being and national security of the United States rest in the hands of private companies. The two sectors must cooperate by sharing information at ...

Terrorists’ tactics evolve with the times. Just as we have seen an adaption of terrorist methods for sowing fear and distrust, so, too, we have seen their propaganda machines evolve to inspire audiences globally. Gone are the days of printed manifestos, pamphlets, or fuzzy VHS tapes. The internet now facilitates ...

Continuing terror attacks around the world indicate law enforcement and intelligence agencies face difficulty in trying to identify and disrupt the plans of globally disparate and loosely affiliated entities. Terrorist groups have adapted to each step security services take against terror, including the severing of financial lifelines. With growing terrorist ...

Discussion of malicious cyber activity has mainly focused on criminal activity and countries’ intelligence efforts. Entities other than national governments – particularly terrorist groups – seem to be making their way, if slowly, into the cyber realm through hacking and leaking techniques, and commandeering social media sites. Beyond savvy messaging, ...

The worldwide WannaCry ransomware, which targeted computers running the Microsoft Windows operating system, was an admonition to everyone who connects to cyberspace – especially the U.S. intelligence community.  WannaCry was only the most recent example in a long line of high-profile cyber attacks that demonstrated how the timely application of ...

Over the past few weeks, a critical question has been discussed amidst cybersecurity professionals and experts. Who would pair North Korean-linked malware with an alleged U.S. government cyber exploit leaked by the suspected Russia-affiliated Shadow Brokers to create a new variant of ransomware – a form of malware typically within ...

Today China began enforcing its controversial new Cybersecurity Law, which broadly demands that multinational companies make data accessible to the Chinese government while strengthening the regime's control over content found inappropriate. Such measures have been made under the auspices of bolstering Chinese national security, but could have profoundly negative impacts ...

The U.S. Missile Defense Agency (MDA) performed a successful test of the Ground-based Missile Defense (GMD) system on Tuesday. This was the first test of the GMD that simulated the intercept of an intercontinental ballistic missile (ICBM). The GMD is the United States’ only system that can defend against long-range ...

A new DIA effort to attract a wider range of contractors and be nimbler is showing promise despite the hurdles it has to jump. The "iHub" mechanism was instituted in September by Lt. Gen. Vincent Stewart, the DIA Director, and is aimed at connecting providers directly with DIA officers with ...

We are living in a new era, with unprecedented industrial scale theft of intellectual property and company secrets. The most recent example is a vast cyber espionage campaign, dubbed Operation Cloud Hopper, made public this April. In this global campaign, a China based group targeted IT service providers, thereby obtaining ...

Is this ever going to end? The daily barrage of hacking news assaulting us in headlines is making us numb, if not scared to death. However, there is a little-known secret that gets lost in all of this cyber-disaster noise. The U.S government does, in fact, have a three- to ...

One of the emerging trends in today’s expanding cyber espionage landscape has been China’s emergence as the leading practitioner of economic cyber espionage. What does the trajectory of Chinese economic espionage look like, and where do we still see barriers to the establishment of effective norms barring the practice before ...

It has been three years since the Obama Administration publically indicted five Chinese military officials for hacking U.S. companies, a move that prompted negotiations to halt economic cyber espionage intended to benefit Chinese economic competitiveness. The Cipher Brief spoke with John Hultquist, the Manager of Analysis at FireEye, about the ...

When Beijing got the word that the United States was accelerating the deployment of its Terminal High Altitude Area Defense (THAAD) system to South Korea as a response to North Korea’s latest missile tests, senior Communist Party officials went, no pun intended, ballistic. The official Chinese news agency Xinhua wrote ...

Everybody who depends on digital information systems, which is everybody, saw a few glimpses of silver lining from the WannaCry ransomware attack that took the planet by storm Friday. For one thing, the attacks slowed, and there was no massive second wave. “The good news is, the infection rates have ...