Our picks20-year old internet vulnerability; the FBI & encryption; food & the apocalypse, and more

These hackers warned Congress the internet was not secure. 20 years later, their message is the same.(Derek Hawkins, Washington Post)
Twenty years ago this week, a collective of young hackers came to Washington with a warning for Congress: Software and computer networks everywhere were woefully insecure. During that now-infamous hearing in May 1998, one told senators that “any of the seven individuals seated before you” could take down the Internet in just half an hour. In a return trip to Capitol Hill on Tuesday, the same hackers offered a similarly bleak assessment: Digital security is hardly any better.

DHS tackles supply-chain issues over malware-laden smartphones(Security Boulevard)
At the Black Hat security conference last August, researchers from the security firm Kryptowire announced that they’d discovered Amazon’s #1-selling unlocked Android phone, the BLU R1 HD, was sending Personally Identifiable Information (PII) to servers in China. The culprit was a piece of firmware update software created by AdUps Technologies, a company based in Shanghai.

The FBI’s mistake on encryption(David Kris, Lawfare)
Over the course of the last several months, FBI Director Christopher Wray has sought to draw public attention to the problem posed to law enforcement by encrypted devices the Bureau is unable to unlock. Now, however, the Washington Post reportsthat the FBI has repeatedly overstated the number of devices whose data it can’t access. Instead of 7,800 phones, as Wray has asserted in at least two speeches (in Januaryand March) and in congressional testimony, the number is somewhere between 1,000 and 2,000. As the Post points out, this comes on the heels of the Inspector General’s special reportdocumenting internal coordination problems in the FBI’s assertions in the San Bernardino iPhone case: according to the report, the Bureau had not confirmed that it was unable to access the data on shooter Syed Rizwan Farook’s phone before seeking a court order to unlock it. This is a pretty bad mistake.

Does TSA really need a watch list for “unruly” travelers?(Faiza Patel, Just Security)
The New York Timesreported last week that the Transportation Security Administration (TSA) had “created a new secret watch list” (which is also known as a “95 list”) to “monitor people who may be targeted as potential threats at airport checkpoints simply because they have swatted away security screeners’ hands or otherwise appeared unruly.” According to the agency’s lawyer, the 95 list is meant to protect airport security screeners, who “were assaulted 34 times last year, up from 26 in 2016.” This justification for creating yet another watch list is weak, and the language of the directive is broad enough that the 95 list could easily turn into a sort of “enemies list” of people who the TSA will target at airports.

In a warming West, the Rio Grande is drying up (Henry Fountain, New York Times)
Even in a good year, much of the Rio Grande is diverted for irrigation. But it’s only May, and the river is already turning to sand.

UK begins to formalize its legal approach to cyber war(Alexander J. Martin, Sky News)
International law wasn’t developed with cyber space in mind, but the UK is setting out its legal approach amid tensions with Russia.

Are DoD’s cyber forces too focused on the network?(Mark Pomerleau, Fifth Domain)
Cyber Command’s primary mission is defense of the Department of Defense Information Networks, but some believe they might need to expand beyond DoD’s networks.

Let’s talk about food — and what happens in a crisis(Elizabeth Braw, Defense One)
Sweden is telling its citizens to be ready to feed themselves for a week. Other nations should follow suit.

Arkema officials were warned of flood risks a year before Hurricane Harvey(Alex Stuckey, Houston Chronicle)
‘The most valuable lesson here is that facilities should plan and plan again. Don’t be lulled into a false sense of security by thinking it can’t happen here.’