Cybersecurity

Cipher Brief Expert Thomas Donahue retired from CIA after 32 years of service. He served as the Chief Editor of the President’s Daily Brief and other CIA daily production during the second term of the Clinton administration, and spent the last 18 years of his career focused on cyber threats ...

(Ed note: Follow co-author Dr. Catherine Lotrionte's sessions at RSA this week: Nation States Behaving Badly: The Evolving Rules of the Game in Cyberspace March 6, 8:00am and Engaging Internationally in Support of Cybersecurity for Critical Functions, March 6, 9:20am.) One of the fundamental issues for geopolitical leaders is to ...

Bottom Line Up Front Russia continues to attack the data and computer networks of Western countries and organizations. Moscow will target any organization that seeks to report the truth on the Kremlin’s criminal activities, from the downing of flight MH-17 to more banal Russian actions like sports doping. On October ...

Mr. President, as you know the United States has faced cyber attacks of increasing frequency and viciousness from our adversaries. Your NSC is about to bring you both a new cyber strategy and a proposal to modify a previous NSC document called PPD-20 to give US Cyber Command more authority ...

Rest in peace, Cyber Coordinator. The White House’s Special Assistant to the President and Cyber Coordinator has now been eliminated, apparently ending (or more likely pausing) a two-decade history. It will widely be reckoned as a hideous mistake but not perhaps the one which most needs our immediate attention. The ...

When accountability is used as innovation, it not only drives social change but also helps solve seemingly intractable problems. Cybersecurity is an industry that can desperately use a dose of accountability-as-innovation – and there are plenty of examples in U.S. industry it could follow. Take CVS, for instance. In the ...

It is not news that cyberspace is insecure. Attackers have had the advantage over defenders for not just years, but decades. Quotes from decades ago make it clear that cyber defenders then faced the same challenges we do today (and with a similar lack of success). When was the last ...

Cyber events of the past two years—perpetrated by state actors in several notable cases, according to public statements by the U.S. and British governments— have demonstrated the potential for damaging impact to national security, critical infrastructures, and the global economy. Electric power distribution, healthcare services, pharmaceutical manufacturing and global shipping ...

Everyone loves public-private sector partnerships (PPPs). For over 20 years, these initiatives have been critical to a range of cybersecurity solutions. Perhaps 85 percent of the critical infrastructure (the number varies depending on who is doing the guessing) is owned by the private sector, so government cannot do it on ...

The White House deployed words to chide Russia for the NotPetya attack. On 15 February 2018, the White House Press Secretary released a blunt statement: In June 2017, the Russian military launched the most destructive and costly cyber-attack in history. The attack, dubbed “NotPetya,” quickly spread worldwide, causing billions of ...

Every organization should have a plan to protect its critical information from the actions of a disgruntled employee, or from a criminal hacker looking to make money, or from a nation state actor – an advanced persistent threat or “APT” – looking to advance its national agenda. Management teams and ...

Cipher Brief Cyber Advisory Board members offer their views on threats to the U.S. power grid, as interviewed by Cipher Brief Publisher and CEO Suzanne Kelly. Former Deputy Secretary of State Robert Work, a member of The Cipher Brief’s Cyber Advisory Board, says potential attacks on the U..S power grid ...

The world is just beginning to experience the disruptions being generated by blockchain, the technology that underpins Bitcoin and that provides a new way to fight fraud and improve cybersecurity. The waves of innovation already underway make clear that it will change our overall business environment in the same way ...

Bottom Line: Since 2016, the North Korean regime has shown its hand as a state sponsor of cybercrime by targeting international financial institutions, engaging in broad ransomware campaigns, and illegally accruing and laundering cryptocurrencies such as bitcoin. This pattern of behavior supports Pyongyang’s objective of self-financing the ruling Korean Worker’s ...

We may be frustrated by the state of cybersecurity today, with the attackers getting better and more audacious year after year, but defenders would be even worse off without the dozens of technological, operational and policy innovations generated in the past 50 years. And even as measures once considered new ...

Cybersecurity researchers have discovered two major software vulnerabilities in the Intel microprocessors inside the vast majority of all computers. Dubbed “Meltdown” and “Spectre,” the vulnerabilities could allow hackers to siphon off the entire memory contents of computers, mobile phones and servers that run on cloud networks. Two Cipher Brief experts ...

Not a day goes by that Americans don't wake to the news of a new cyber intrusion affecting private sector or government networks, whether major cyber hacks at Target or Equifax, sloppy data breaches like those Verizon experienced, or nation-state-sponsored efforts like the WannaCry virus. Companies and institutions are pouring ...

Bottom Line: U.S. cyber defenders know how to take down botnets – networks of computers that have been hacked to act as one – but not how to keep them from coming back, nor necessarily how to determine who is behind them and hold them accountable. These networks under the ...

For this last week of 2017, we asked our experts to look ahead at key national security issues. NSA veteran Rick Ledgett offers some cybersecurity lessons learned, and a warning of what's to come. On Iranian and North Korean cyber activity: Those two actors are very different in their motivations and ...

The launch of Bitcoin futures trading is a good moment to consider the cyber and wider security issues raised by this and other cryptography-based currencies. It is worth making the distinction between the blockchain technology underpinning Bitcoin, and Bitcoin as a currency or investment. The second has generated heat and headlines, but it is ...

The Federal Communications Commission (FCC) voted 3-2 on Thursday to dismantle their authorities to enforce net neutrality rules that prohibit internet service providers, such as Verizon, AT&T, and Comcast, from interfering in the traffic streams that take place over their infrastructure. The reversal of the FCC’s 2015 decision means the ...

Terrorist groups are expanding their use of the internet beyond mere messaging and disseminating operational know-how, slowly adding a cyber-hacking toolset that could one day rival that of criminal or state-sponsored hacking. To date attacks have included website defacement, doxing of personally identifiable information, and distributed denial of service (DDoS) ...

Despite all the attention, cyberspace is far from secure. Why this is so reflects flawed technologies and conceptual weaknesses. The result is institutionalized stalemate. Two questions highlight shortcomings in the discussion of cybersecurity. The first is why, after more than two decades, we have not seen anything like a cyber ...

The Trump Administration’s National Security Council has released an unclassified set of guidelines for determining when the U.S. government will disclose – rather than retain for espionage purposes – a computer vulnerability that it discovers to the relevant private sector vendor so that a patch can be distributed. Led by ...

The Cipher Brief Cyber Advisory Board’s Bob Gourley commented on the Trump administration’s new process for disclosing software vulnerabilities it has detected – the first time a U.S. administration has revealed its internal rules, aka the Vulnerability Equities Process. This is a significant improvement and clarification of the existing process ...

The intelligence community has been taking body blows lately – with Friday’s WikiLeaks dump of CIA hacking tools and a report in The New York Times discusses just how damaging the August 2016 Shadow Brokers thefts from NSA have turned out to be.  While there has been no acknowledgment by ...

Software is the invisible underpinning for much of our digital world. At its core is source code: the lingua franca that allows software-based technology systems to operate and evolve. Typically, source code is the very embodiment of a particular innovation. It is intellectual property that defines the software-based innovation, its ...

The numbers are staggering, yet only the tip of the iceberg. More than 145 million American citizens are affected by the Equifax data breach disclosed last month; that’s more than half of the American adult population. At the same time, this is only the latest in a series of cyber ...

Earlier this month, two members of the House of Representatives Tom Graves (R-GA) and Kyrsten Sinema (D-AZ) introduced a bill called Active Cyber Defense Certainty Act, dubbed the “hack back” bill, which would allow companies to hack the hackers who infiltrate their computer networks to retrieve or delete stolen data ...

During multiple war zone tours of duty in the Middle East and South Asia, I learned firsthand how timely and effective incident response entails real time insight, color, and context for the analyst. Incident response should enable the analyst more efficiently to mitigate the damage from an attack, as well ...

Russian state-sponsored hackers reportedly stole details in 2015 on how the U.S. spies on foreign intelligence targets through cyber espionage, as well as how it defends against cyber operations directed at its classified networks. According to the Wall Street Journal, the material was taken from a NSA contractor’s private computer ...

In May 2015, Russia and China signed a “nonaggression pact” in cyberspace. They agreed not to target each other with cyber attacks and promote the idea of sovereignty in cyberspace. China and Russia are now seeking to eliminate virtual private network services (VPN’s) from their respective internet space. Russian President ...

It is a problem for the U.S. that many of the core concepts that guide internet policy date to the 1990s. One such concept is that the internet is a virtual alternative to the Westphalian state, without borders and where sovereignty does not apply. The problem with this concept is ...

In the nearly seven years since the U.S. Department of Defense declared cyberspace a “domain” of warfare – alongside land, air, sea, and space – the Pentagon has developed an overarching Cyber Strategy to guide their efforts in the new domain and raised a Cyber Command that has grown from ...

On Wednesday, the Department of Homeland Security (DHS) issued a binding directive compelling all federal civilian departments and agencies to identify and develop a plan to end any use of and remove any Moscow-based Kaspersky Lab products from their computer systems. “The Department is concerned about the ties between certain ...

Recent fatal accidents involving two vessels in the U.S. Seventh Fleet led to a spate of speculation about whether somehow the navigation in these ships was compromised by a cyber intrusion. Global Positioning System (GPS) spoofing has been highlighted as a possible contributing factor. While investigations are still underway to ...

There has been a recent wave of high-sea collisions in the Asia-Pacific involving U.S. naval vessels – most notably the USS Fitzgerald and USS John S. McCain, which together have resulted in the loss of more U.S. military personnel then in Afghanistan so far this year. The incidents, both involving ...

With round one of renegotiations behind us, and round two scheduled to begin on September 1 in Mexico City, despite efforts to move quickly, there is still a pretty long road ahead for the next version of the North American Free Trade Agreement (NAFTA). When NAFTA was first negotiated in ...

The reality of modern times is that nations are in a constant state of cyber engagement – either for espionage, influence, or disruption purposes. While there is a tacit acknowledgement that cyber espionage for political and military purposes is is fair game, some actions such as the disruption of critical ...

It’s likely only a matter of time before a major cyber attack hits U.S. civilian infrastructure, but the nature of that digital violation and the means to respond remain uncertain, as many of the most sensitive systems operate under private sector control. There is a “narrow and fleeting window of ...

The taxonomy of cybersecurity often includes alarming declarations on par with acts of war. But cyber campaigns outside of active conflict hardly meet such a coercive threshold. While there are major concerns over the cybersecurity of the nation’s critical infrastructure – the power grid, water treatment plants, transportation hubs, energy ...

Nearly everyone now accepts that Russia attempted to interfere with the U.S. electoral process with the aim of harming Hillary Clinton’s presidential campaign. Even President Donald Trump has grudgingly admitted that Russia was behind the hacking of the Democratic National Committee. But for a long, long time – far too ...

No consensus report resulted from the yearlong negotiations of the 5th United Nations Group of Governmental Experts (GGE) on the Developments in the Field of Information and Communications Technologies (ICTs). As the meeting drew to a close in June, the 25 government officials ended their work with a disappointing acknowledgement ...

The White House’s National Security team is expected to issue a report early this week outlining U.S. options for deterring adversaries in cyber space.  The report, called for as part of President Donald Trump’s Cyber Executive Order issued last May, is expected to offer a range of options from economic ...

Unsurprisingly, the fifth UN Group of Governmental Experts (GGE) ran into difficulties that proved fatal. Previous GGEs operated in a more favorable international climate. The substance of the GGE’s work peaked with its 2013 Report and by the end of the 2015 session, it was clear that the GGE format ...

The fallout of major cyber attacks and espionage campaigns increasingly shapes interactions between nations. The vulnerability of the United States to such digital intrusions will only grow as the country becomes more dependent on networked technologies, particularly the Pentagon’s weapon systems. Mere network defense is not sufficient; the United States ...

Disruptive and intrusive cyber activity pervades much of modern international relations. The trend towards the jockeying for global influence and geopolitical positioning through cyber means is only going to grow as more countries and non-state actors play out conflicts in the virtual domain. The responsibility for defending U.S. interests from ...

How should nations collaborate in cyberspace? Can a nation like the U.S. and one like Russia bridge their views on data collection? What’s the future of artificial intelligence? The Cipher Brief’s Kaitlin Lavinder talked with Michael Daniel, former special assistant to President Barack Obama and cybersecurity coordinator at the White ...

One of the only tasks the U.S. Constitution declares that the federal government must do is to provide for the common defense. That is the government’s foundational truth and purpose; to protect American lives, liberty, and their pursuit of happiness from those that would disrupt it. So, the question on ...