• Synack launches a pro bono Secure the Election initiative

    Redwood City, California-based cybersecurity firm Synack has launched the Secure the Election initiative, a pro bono campaign to help states secure voting systems before 2018 Midterm elections. Other cybersecurity companies have been in touch with states about offering free, or reduced price, services to help secure elections.

  • Cold War-era KGB “active measures” and the Kremlin’s contemporary way of war

    Bob Seely, a Conservative MP for the Isle of Wight and a Russia researcher, has just published the first comprehensive definition of the nature of modern Russian warfare. The paper draws a direct comparison between Cold War-era KGB “Active Measures” and the aggression of Putin’s Russia. “From fake news aimed at Europe to the propaganda of RT, and from the occupation of Crimea to the streets of Salisbury, Russia is waging a very modern kind of conflict on the West – as well as on the Russian people themselves,” Seely said.

  • Increased IT security at hospitals does not equal fewer cyberattacks, breaches

    The Verizon Data Breach report indicates the health care sector is the top target for cyberattacks. And, as hospitals do more to guard against attacks, it’s not necessarily translating into fewer data breaches, according to new research. Researchers found that the increased use of information technology security systems by hospitals did not equal fewer breaches, contrary to predictions.

  • Corporate data collection and U.S. national security: Expanding the conversation in an era of nation state cyber aggression

    What has the Russia investigation revealed about risks inherent in mass private data collection? Carrie Cordero writes that one thing we learned from the Russia investigation is that we may be framing the conversation about corporate data collection too narrowly. “Based on what we have learned publicly so far about the Russian election interference, it is worth pausing to reflect on the national security implications of corporate data collection and aggregation as it relates to the collection of individual, private citizens’ data,” she says. “Although the Senate Select Committee on Intelligence (SSCI) and special counsel investigations are not yet complete, we know enough already about Russia’s interference in the 2016 election to understand that data collected from private companies and organizations can be accessed, exposed and potentially misused in a way that is harmful to the country’s institutional stability. At the very least, its misuse sows distrust and confusion. At worst, it shreds the institutional and societal fabric that holds the country together.”

  • Mapping DHS’s new cybersecurity strategy, highlighting S&T’s R&D support

    Last month at a cybersecurity conference, Homeland Security Secretary Kirstjen Nielsen previewed the May unveiling of DHS’s new cybersecurity strategy and issued a stern warning to cybercriminals. The new DHS Cybersecurity Strategy was released 15 May. Nielsen said: “I have a news flash for America’s adversaries: Complacency is being replaced by consequences. We will not stand on the sidelines while our networks are compromised. We will not abide the theft of our data, our innovation and our resources. And we will not tolerate cyber meddling aimed at the heart of our democracy.”

  • World Cup 2018: British intelligence briefs players, staff on Russian cyberthreats

    The U.K. Football Association (FA) said it was taking cybersecurity seriously this summer – the Soccer World Cup tournament will be held in Russia from 15 June to 15 July — and will be taking advice from the National Cyber Security Center (NCSC) at the GCHQ (the British equivalent of the U.S. NSA). The England team will be briefed by GCHQ staff before flying out to the World Cup to help them stay safe from Russian hackers.

  • The era of fake video begins

    “Deepfake” videos produced by Russian-linked trolls are the latest weapon in the ongoing fake news war. The Kremlin-backed trolls are already experimenting with new video manipulation techniques which use artificial intelligence to create convincing doctored videos. Franklin Foer writes the internet has always contained the seeds of postmodern hell, and that mass manipulation, from clickbait to Russian bots to the addictive trickery that governs Facebook’s News Feed, is the currency of the medium. In this respect, the rise of deepfakes is the culmination of the internet’s history to date—and probably only a low-grade version of what’s to come. Fake-but-realistic video clips are not the end point of the flight from reality that technologists would have us take. The apotheosis of this vision is virtual reality.The ability to manipulate consumers will grow because VR definitionally creates confusion about what is real,” Foer writes. “Several decades ago, after giving the nascent technology a try, the psychedelic pamphleteer Timothy Leary reportedly called it ‘the new LSD’.”

  • Regulation or research? Searching for solutions to reduce Truth Decay in the media

    What is social media’s role in the decline of trust in the media? Is government intervention needed to help stop the spread of misinformation on these platforms? These questions were the focus of a recent RAND Corporation event on the connection between the media and Truth Decay.

  • Mobile security messages 20 percent more effective if warnings vary in appearance

    Using brain data, eye-tracking data and field-study data, researchers have confirmed something about our interaction with security warnings on computers and phones: the more we see them, the more we tune them out. But the major study also finds that slight changes to the appearance of warnings help users pay attention to and adhere to warnings 20 percent more of the time.

  • Hacker accused of aiding Russian spies in massive breach gets prison

    A Kazakh-born computer hacker who U.S. prosecutors say unwittingly worked with a Russian spy agency in a massive Yahoo data breach has been sentenced to five years in prison. Karim Baratov was named in an indictment last year that charged two Russian spies with orchestrating the 2014 Yahoo breach involving 500 million users — one of the largest breaches at any Internet company.

  • Russia asks Apple to help it enforce ban on Telegram

    Russia’s communications regulator says it has asked U.S. technology giant Apple to help it block the popular messaging service Telegram in Russia. The regulator sent a letter to Apple asking it to block push notifications for Telegram users in Russia, ensuring that Apple phone and tablet users do not receive alerts about new messages and rendering the application less useful.

  • Internet of Things: when objects threaten national security

    We all know personal devices can be hacked, but a whole country’s security could be at risk too. With the rise of the so-called Internet of Things (IoT), and against the backdrop of cyberwarfare, digital surveillance and digital subversion, the risk to national security is increasing. Earlier this year the head of the UK National Cyber Security Centre publicly stated that a major cyber-attack on the country’s essential services was a question of “when, not if.”

  • Cyber and international law in the 21st century

    “Cyber space is not – and must never be – a lawless world. It is the U.K.’s view that when states and individuals engage in hostile cyber operations, they are governed by law just like activities in any other domain,” said the U.K. Attorney General Jeremy Wright, QC MP, on 23 May 2018, setting out, for the first time, the U.K.’s position on applying international law to cyberspace. “What this means is that hostile actors cannot take action by cyber means without consequence, both in peacetime and in times of conflict. States that are targeted by hostile cyber operations have the right to respond to those operations in accordance with the options lawfully available to them and that in this as in all things, all states are equal before the law.”

  • Failing to keep pace: The cyber threat and its implications for our privacy laws

    “The time has come — indeed, if it has not already passed — to think seriously about some fundamental questions with respect to our reliance on cyber technologies: How much connected technology do we really want in our daily lives? Do we want the adoption of new connected technologies to be driven purely by innovation and market forces, or should we impose some regulatory constraints?” asked NSA General Counsel Glenn Gerstell in a Wednesday presentation at Georgetown University. “Although we continue to forge ahead in the development of new connected technologies, it is clear that the legal framework underpinning those technologies has not kept pace. Despite our reliance on the internet and connected technologies, we simply haven’t confronted, as a U.S. society, what it means to have privacy in a digital age.”

  • Russia’s active measures architecture: Task and purpose

    Russia’s latest iteration of the Soviet-era tactic of “active measures” has mesmerized Western audiences and become the topic de jour for national security analysts. In my last post, I focused on the Kremlin’s campaign to influence the U.S. elections from 2014 to 2016 through the integration of offensive cyber hacking, overt propaganda, and covert social media personas In this post, I focus on the elements of Russia’s national power that execute active measures abroad.