Our picksExposing Nuclear Weapons Secrets | Cybersecurity Safety Review Board | Incentives & Vaccination, and more

Incentives May Have Little Impact on American Anti-Vaxxers  (Economist)
But those who did not vote in the 2020 elections seem more easily swayed, especially by money.

Finally! A Cybersecurity Safety Review Board  (Steven M. Bellovin and Adam Shostack, Lawfare)
One element of President Biden’s executive order on cybersecurityestablishes a board to investigate major incidents involving government computers in somewhat the way that the National Transportation Safety Board investigates aviation disasters. The two of us, among many others, have been advocating for such a board for many years. The creation of the board is a good first step, possibly as much as can be done without legislative action. But we think that additional action is needed and will magnify the value the board offers.

Ransomware Has Thrust Cybersecurity into the Spotlight  (Joseph Marks, Washington Post)
The Biden administration is responding to the growing threat of ransomware attacks with a vigor and seriousness unparalleled in the government’s decades-long battle against hacking.

DHS Faces Rising Costs as Planned Biometrics Cloud Gets Pushed Back  (Aaron Boyd, Nextgov)
Three years behind schedule, the move from legacy IDENT to the new Amazon-hosted HART system is now slated for the end of 2021.

Capitol Police Had Intelligence Indicating an Armed Invasion Weeks Before Jan. 6 Riot, Senate Probe Finds  (Karoun Demirjian, Washington Post)
The U.S. Capitol Police had specific intelligence that supporters of President Donald Trump planned to mount an armed invasion of the Capitol at least two weeks before the Jan. 6 riot, according to new findings in a bipartisan Senate investigation released Tuesday, but omissions and miscommunications kept that information from reaching front-line officers targeted by the violence.
….
It is the first such record of systemic deficiencies and leadership mistakes to have the endorsement of senior Democrats and Republicans — a rare bright spot in a Congress riven by partisan division as it debates how to investigate the riot’s genesis.
….
According to the report, Capitol Police intelligence officers knew as early as Dec. 21 that protesters planned to “bring guns” and other weapons to the Jan. 6 demonstration and turn them on any law enforcement officers who blocked their entry into the Capitol. They knew that would-be rioters were sharing maps of the Capitol campus online and discussing the building’s best entry points — and how to seal them off to trap lawmakers inside. But that information was shared only with command officers.

Congress Is Tiring of the “Don’t Blame Hacked Companies” Line  (Joseph Marx, Washington Post)
Colonial Pipeline CEO Joseph Blount will today face his second round of congressional grilling from lawmakers who are clearly frustrated with the private sector’s slow pace in getting its cybersecurity up to snuff.
Blount’s company, which suffered a devastating ransomware attack last month, has vowed to close any remaining gaps in its cyber protections.
But even business-friendly lawmakers are wearying of such commitments to cybersecurity that come after a major attack.

The Government’s Swift Response to Pipeline Cyberattack: Executive Order and TSA Security Directive  (Carol Holahan and Cloe Pippin, Energy & Climate Counsel)
In the wake of the attack on Colonial Pipeline, the federal government has taken several steps to begin to address vulnerabilities in the country’s cybersecurity infrastructure.  On May 12, 2021, two days after the Colonial Pipeline attack, President Biden signed an Executive Order on Improving the Nation’s Cybersecurity (the “Order”).  A few weeks later on May 27, 2021, the Transportation Security Administration (“TSA”) released a security directive (the “Directive”) which directly addresses cybersecurity of pipelines.

How a Single Cloud Computing Customer Caused Half the Internet to Go Dark  (Rebecca Heilweil, Vox)
Countless websites, including major news outlets, were offline after an outage at Fastly, a cloud computing provider.

U.S. Soldiers Expose Nuclear Weapons Secrets Via Flashcard Apps  (Foeke Postma, Bellingcat)
For US soldiers tasked with the custody of nuclear weapons in Europe, the stakes are high. Security protocols are lengthy, detailed and need to be known by heart. To simplify this process, some service members have been using publicly visible flashcard learning apps — inadvertently revealing a multitude of sensitive security protocols about US nuclear weapons and the bases at which they are stored.