• The Russia connectionU.S. Expels Russian Diplomats, Imposes New Sanctions on Russia in Retaliation for Hacking, “harmful activities”

    The U.S. has imposed a new round of sanctions against Russia targeting what it calls the “harmful” foreign activities of Moscow. U.S. intelligence officials have pointed the finger at Russia for a massive hack known as SolarWinds that hit large swaths of the U.S. public and private sectors last year. Widely used software is believed to have been infected with malicious code, enabling hackers to access at least nine U.S. agencies, dozens of corporations.

  • CybersecurityHarnessing Chaos to Protect Devices from Hackers

    Researchers have found a way to use chaos to help develop digital fingerprints for electronic devices that may be unique enough to foil even the most sophisticated hackers. Just how unique are these fingerprints? The researchers believe it would take longer than the lifetime of the universe to test for every possible combination available.

  • Security challengesGlobal Security Trends

    The National Intelligence Council (NIC) on Thursday released the seventh edition of its quadrennial Global Trends report. Global Trends 2040: A More Contested World is an unclassified assessment of the forces and dynamics that the NIC anticipates are likely to shape the national security environment over the next twenty years. Global competition for influence will intensify. “During the next two decades, the intensity of competition for global influence is likely to reach its highest level since the Cold War,” the report notes.

  • CybersecurityIn the Wake of SolarWinds: Making and Breaking a Rules-Based Global Cyber Order

    By Anatol Lieven

    We should recognize that the need to make careful distinctions between different categories of cyber operations, and shun the use of emotive and misleading language about “attacks,” should also be extended to the field of political influence via the internet. Using cyberspace to spread propaganda, influence political outcomes and reveal or invent damaging information is an extension of tactics that have been used in different ways for millennia—including by the U.S. Actually trying to rig U.S. elections by tampering with the count online would be completely different and vastly more serious.

  • CybersecurityCybersecurity Guide Tailored to the Hospitality Industry

    A new practical cybersecurity guide from the National Institute of Standards and Technology (NIST) can help hotel owners reduce the risks to a highly vulnerable and attractive target for hackers: the hotel property management system (PMS), which stores guests’ personal information and credit card data. 

  • ARGUMENT: Overhauling cybersecurityThe U.S. Government Needs to Overhaul Cybersecurity. Here’s How.

    After the 2015 hack of the U.S. Office of Personnel Management, the SolarWinds breach, and—just weeks after SolarWinds—the latest Microsoft breach, it is by now clear that the U.S. federal government is woefully unprepared in matters of cybersecurity. Jonathan Reiber and Matt Glenn write that “it is time for a different model for cybersecurity. U.S. military bases have layers of walls, guards, badge readers, and authentication measures to control access. The United States needs the same mindset for its cybersecurity.”

  • CybersecurityPunitive Response to SolarWinds Would Be Misplaced, But Cyber Deterrence Still Matters

    By Erica D. Borghard

    Some analysts argue that the United States should respond to the SolarWinds breach by focusing on improving defenses, rather than on conducting a retaliatory response such as some government officials have been advocating. Apunitive response to SolarWinds may be unwise because the available evidence indicates that the objective of the operation was national security espionage. However, this does not mean that the pursuit of deterrence strategies to address other types of malicious behavior in cyberspace, beyond espionage, is a fool’s errand. Deterrence is not a one-size-fits-all concept in cyberspace—or in any other domain.

  • ARGUMENT: CyberthreatsWhat Would Happen If States Started Looking at Cyber Operations as a “Threat” to Use Force?

    How are threats of force conveyed in cyberspace? Duncan B. Hollis and Tsvetelina van Benthem write that when, in the spring of 2020, hackers compromised the SolarWinds Orion software by “trojanizing” the so-called Sunburst backdoor, they raised a question: “If the presence of backdoors in a victim’s network allows for future exploits capable of causing functionality losses generating destruction (or even deaths), could their presence be seen as threatening such results? More broadly, when does a cyber operation that does not itself constitute a use of force threaten force?”

  • Election securitySpecific Cybersecurity Guidelines to Help Protect Our Elections

    Making elections secure means protecting against ever-evolving threats to information technology — which scans in-person and mail-in ballots, supports voter registration databases and communicates vote tallies. To reduce the risk of cyberattacks on election systems, NIST has released draft guidelines that provide a road map to help local election officials prepare for and respond to cyber threats that could affect elections. The plain-language guide provides strategies to guard election-related technology against cyberattack.

  • CybersecurityNew Initiative Aims to Ensure 5G Networks Are Reliable, Secure

    The transition to 5G will affect every device connected to the internet. Later this year, a team of Stanford researchers will demonstrate how a tight formation of computer-controlled drones can be managed with precision even when the 5G network controlling it is under continual cyberattack. The demo’s ultimate success or failure will depend on the ability of an experimental network control technology to detect the hacks and defeat them within a second to safeguard the navigation systems.

  • CybersecurityRussian-Backed Hackers Target German Lawmakers

    Suspected Russian state-backed hackers with a history of running disinformation campaigns against NATO have targeted dozens of German lawmakers, German media reported on 26 March. The hackers used spear-phishing e-mails to target the private e-mail accounts of members of the German parliament and regional state assemblies, in the latest suspected Russian-backed effort against lawmakers in the country.

  • CybersecurityU.S. Response to SolarWinds Cyber Penetrations: A Good Defense Is the Best Offense

    By Paul Kolbe

    We are in a new “Long War,” an ambient cyber conflict that will play out over decades against multiple adversaries. This is a conflict where the best offense may be a good defense. Limiting the potential harm adversaries can impose on us, while retaining the ability to inflict asymmetric damage, offers the best hope of bolstering U.S. national security and creating a world of cyber deterrence and restraint. Hopefully, SolarWinds marks the inflection point of a pivot to a more effective defense-based national cyber strategy.

  • ARGUMENT: Cyberspace spooksCovert Action, Espionage, and the Intelligence Contest in Cyberspace

    In recent months, the world learned that China carried out an indiscriminate hack against Microsoft Exchange, while Russia hacked U.S. information technology firm SolarWinds and used cyber capabilities in an attempt to influence the 2020 U.S. presidential election. Michael Poznansky writes that the attacks raise important questions about how best to characterize these and other kinds of disruptive cyber events. Cyber-enabled espionage and covert cyber operations both qualify as intelligence activities, but they are also distinct in key ways from one another. “Failing to appreciate these differences impedes our ability to understand the richness of cyber operations, underlying motivations, the prospect for signaling, and metrics of success,” he writes.

  • CybersecurityComputer Chip Pitted against 500+ Hackers. The Chip Won.

    An “unhackable” computer chip lived up to its name in its first bug bounty competition, foiling over 500 cybersecurity researchers who were offered tens of thousands of dollars to analyze it and three other secure processor technologies for vulnerabilities. MORPHEUS technology from the University of Michigan emerged unscathed from a DARPA virtual hackathon.

  • The Russia connectionRussia, Iran Meddled in November's Election; China Did Not: U.S. Intelligence

    By Jeff Seldin

    A just-released assessment by U.S. intelligence officials finds Russia and Iran did seek to influence the outcome of the November 2020 presidential election. But the assessment also concludes that, despite repeated warnings by a number of top Trump officials, China ultimately decided to sit it out. In the run-up to the November election, President Donald Trump, DNI John Ratcliffe, NSC Adviser Robert O’Brien, and AG William Barr. Among other Trump supporters, argued the Chinese interference in the election posed as much of a threat to the election as Russian interference, with Barr arguing that China posed an even greater threat. The intelligence community’s unanimous conclusions that “China did not deploy interference efforts and considered but did not deploy influence efforts intended to change the outcome of the U.S. Presidential election,” will likely lead to new questions about how the intelligence was presented to the public.