• U.K.: Russia launched last June’s costly NotPetya cyberattacks

    Russian military hackers were behind the NoPetya cyberattack on Ukraine that spread globally last year, the British government said. The United States said June’s NotPetya ransomware attack caused billions of dollars in damage across Europe, Asia, and the Americas. U.K. Defense Secretary Gavin Williamson said Russia was “ripping up the rule book” and the U.K. would respond.

  • Securing U.S. election: Congressional panel release report, recommendations

    The Congressional Task Force on Election Security released its Final Report, including ten specific recommendations on what the federal government and states can and should be doing to secure U.S. elections. “Russia’s unprecedented assault on the country’s elections in 2016 – including targeting twenty-one states’ voting systems – exposed serious national security vulnerabilities to our election infrastructure – which includes voting machines and voter registration databases,” the Task Force said. The members of the Task Force also introduced legislation, the Election Security Act, to implement the recommendations of the report.

  • U.S. intel chiefs warn Russia intending to meddle in midterm elections

    Director of National Intelligence Dan Coats, in a Tuesday testimony before the Senate Intelligence committee, said that one of the major security challenges the United States faces is the continuing cyber activity by Russia, North Korea, China, and Iran, emphasizing “the potential for surprise in the cyber realm”: “Frankly, the United States is under attack,” Coats said. “Under attack by entities that are using cyber to penetrate virtually every major action that takes place in the United States.” Coats said that Russia views its interference in the 2016 election as a success. “There should be no doubt that Russia perceives its past efforts as successful and views the 2018 U.S. midterm elections as a potential target for Russian influence operations,” he said.

  • What’s important is not that Russia changed the 2016 election outcome, “but that it attempted to do so”: Report

    In an important new report on the challenges that Russia’s aggressive posture poses for U.S. interests in the world, and to U.S. democratic institutions and social cohesion at home, Council on Foreign Relations Senior Fellows Robert D. Blackwill and Philip H. Gordon warn that the United States has so far failed to elevate Russia’s intervention in U.S. elections to the national priority that it is. They add that the United States has neglected to respond to Russia’s intervention in a way sufficient to deter future attacks. They argue, “A wide range of additional measures is therefore needed in order to better protect U.S. society and political and electoral systems from further intervention.”

  • Most states’ election systems remain vulnerable to hacking or systemic failure

    Less than nine months before midterm elections, a new study shows that most state election systems remain vulnerable to hacking and other interference by foreign governments bent on disrupting the election process. Researchers have conducted research and interviewed election officials to determine their election security preparedness after U.S. intelligence agencies concluded that Russia tried to influence the 2016 election by targeting state voting systems.

  • To prevent cyberattacks, create agency similar to National Transportation Safety Board: Experts

    After arguably the worst year ever for cyberattacks and data breaches, Indiana University research suggests it may be time to create an independent cybersecurity agency board comparable in approach to the National Transportation Safety Board that investigates airplane crashes and train derailments.

  • Energy-efficient encryption for the internet of things

    Most sensitive web transactions are protected by public-key cryptography, a type of encryption that lets computers share information securely without first agreeing on a secret encryption key. Public-key encryption protocols are complicated, and in computer networks, they’re executed by software. But that won’t work in the internet of things, an envisioned network that would connect many different sensors — embedded in vehicles, appliances, civil structures, manufacturing equipment, and even livestock tags — to online servers. Embedded sensors that need to maximize battery life can’t afford the energy and memory space that software execution of encryption protocols would require. Special-purpose chip reduces power consumption of public-key encryption by 99.75 percent, increases speed 500-fold.

  • Russian Tumblr trolls posed as black activists to stoke racial resentment ahead of 2016 U.S. election

    Internet trolls working for the Russian government posed as black activists on Tumblr to share political messages before the 2016 U.S. presidential election, BuzzFeed reports. As was the case with the fake accounts created by Russian government operatives on other social media platforms such as Facebook, Twitter, and Instagram, the fake Tumblr accounts aimed to help Donald Trump win the 2016 election by spreading messages which stoked racial and ethnic resentment and intensified political polarization. A digital forensic analysis tied the fake Tumblr accounts to the St. Petersburg-based Internet Research Agency (IRA), a hacking and disinformation organization employed by the Kremlin to disseminate fake news and commentary on social media as part of the broad Kremlin campaign to weaken Western democracies and undermine organizations such as NATO and the EU.

  • Faraday rooms, air gaps can be compromised, and leak highly sensitive data

    Faraday rooms or “cages” designed to prevent electromagnetic signals from escaping can nevertheless be compromised and leak highly sensitive data, according to new studies. Air-gapped computers used for an organization’s most highly sensitive data might also be secluded in a hermetically-sealed Faraday room or enclosure, which prevents electromagnetic signals from leaking out and being picked up remotely by eavesdropping adversaries. Researchers from Ben-Gurion University showed for the first time that a Faraday room and an air-gapped computer that is disconnected from the internet will not deter sophisticated cyber attackers.

  • Digital dark age fears stoked by Davos elite doing little to address cybersecurity

    Business leaders who recently convened in Davos for the annual World Economic Forum fretted over the various catastrophes that could hit the globe hard and – given the recent spate of cyberattacks – cybersecurity was high up on the agenda. The end result was the launch of a Global Center for Cybersecurity (GCC) with a clear mission to “prevent a digital dark age.” The GCC undoubtedly offers a reasonable proposition to nation states, by urging them to collaborate on overcoming cyber threats in a coordinated way. But for such a noble goal to work, it requires deeper resolve to deliver and a level of national commitment unprecedented over previous efforts. Given the increased global uncertainty, we are yet to have faith.

  • Some real “bombshell news” in the Mueller investigation

    Former Trump team legal spokesperson Mark Corallo, in the summer of 2016, had concerns that White House communications director Hope Hicks may be considering obstructing justice after a comment she made in a conference call about emails between Donald Trump Jr. and Russians with ties to the Kremlin. “Mark Corallo is a pro’s pro who went to work for the Trump legal team completely on board and who wanted to help the president … well, make America great again. When he left after two months with some reports that he was troubled by what he was seeing … that was a deeply ominous sign,” Jim Geraghty writes in National Review. “If Corallo ends up offering sort of critical testimony, this is not because he’s a Judas or because he’s part of the establishment or some sort of ‘Deep State’ sellout. It’s because he saw stuff that genuinely struck him as either illegal or unethical or both and he’s not the kind of person who’s willing to lie under oath about it.”

  • Putin's postmodern war with the West; disinformation vaccination; firewalling democracy, and more

    · Putin’s postmodern war with the West

    · Firewalling democracy: Federal inaction on a national security priority

    · Twitter has notified at least 1.4 million users that they saw Russian propaganda during the election

    · The disinformation vaccination

    · Fear and loathing in Russia’s Catalonia: Moscow’s fight against federalism

    · What was Russia’s spy chief doing in Washington last week? Probably playing the Trump administration … again.

    · Keeping DOJ and FBI safe from a partisan president and Congress

    · Why the Russia probe demolished one lobbying firm but spared another

    · Electronic warfare trumps cyber for deterring Russia

  • Wanted: A firewall to protect U.S. elections

    As the FBI and Congress work to unravel Russia’s hacking of the 2016 presidential election and learn whether anyone in Donald Trump’s campaign supported the effort, one thing has become clear: U.S. elections are far more vulnerable to manipulation than was thought. A U.S. Department of Homeland Security warning and offer last year to help state election officials protect voter registration rolls, voting machines, and software from tampering was coolly received, perhaps out of skepticism or innate distrust of federal interference in a domain historically controlled by the states. Now, as federal and state officials are partnering to examine voting and election security, a new initiative at Harvard Kennedy School (HKS) is working to shore up another at-risk component of the U.S. election system: political campaigns.

  • Critical infrastructure firms face crackdown over poor cybersecurity

    An EU-wide cybersecurity law is due to come into force in May to ensure that organizations providing critical national infrastructure services have robust systems in place to withstand cyberattacks. The legislation will insist on a set of cybersecurity standards that adequately address events such as last year’s WannaCry ransomware attack, which crippled some ill-prepared NHS services across England. But, after a consultation process in the U.K. ended last autumn, the government had been silent until now on its implementation plans for the forthcoming law. A set of 14 guiding principles were drawn up, with the NCSC providing detailed advice including helpful links to existing cybersecurity standards. However, the cyber assessment framework, originally promised for release in January this year, won’t be published by the NCSC until late April – a matter of days before the NIS comes into force. Nonetheless, the NIS directive presents a good drive to improve standards for cybersecurity in essential services, and it is supported by sensible advice from the NCSC with more to come. It would be a shame if the positive aspects of this ended up obscured by hype and panic over fines.

  • Cyber incidents doubled in 2017

    The Online Trust Alliance (OTA) has just released its Cyber Incident & Breach Trends Report. OTA’s annual analysis found that cyber incidents targeting businesses nearly doubled from 82,000 in 2016 to 159,700 in 2017. Since the majority of cyber incidents are never reported, OTA believes the actual number in 2017 could easily exceed 350,000. The report analyzes data breaches, ransomware targeting businesses, business email compromise (BEC), distributed denial of service attacks (DDoS), and takeover of critical infrastructure and physical systems over the course of a year.