• Concerns Growing that China's Influence Operations Getting Bolder

    The U.S. intelligence community has warned that the battle for information dominance has been joined. Until now, much of the focus on been on Russia for its use of social media to meddle in a number of Western elections, including the 2016 U.S. presidential elections and, more recently, the 2018 congressional elections. But top U.S. intelligence officials have repeatedly warned Russia is not alone, and that other U.S adversaries would be using lessons from Moscow’s successes for their own purposes.

  • Russia’s and China’s Political Warfare Campaigns: How the West Can Prevail

    The United States and its allies are facing an unprecedented challenge: Russia and China, two authoritarian states possessing substantial human, economic, technological, and other resources; armed with conventional and nuclear forces which, in many respects, rival those held by the Western allies; and working actively to undermine the core interests of the West. Their operations are designed to subvert the cohesion of the Western allies and their partners; erode their economic, political, and social resilience; and undermine the West’s strategic positions in key regions. The Russian and Chinese regimes have made substantial progress towards these goals during the last two decades without conducting conventional military operations. Rather, Moscow and Beijing have employed sophisticated political warfare strategies and a wide range of mostly non-military instruments.

  • Ransomware Attacks Are Testing Resolve of Cities Across America

    Ransomware is hardly new, but it is in fashion. Two years ago such attacks were still relatively rare. But now they are far more targeted, and as companies and towns have shown an increased willingness to pay ransoms, criminals have turned to new and more powerful forms of encryption and more ingenious ways of injecting the code into computer networks. Only this summer did the United States begin to see multiple simultaneous attacks, often directed at government websites that are ill-defended.

  • Corporate Defenses Against Information Warfare

    When asked about Russian election interference during his congressional testimony last month, Robert Mueller said: “They’re doing it as we sit here.” To defend the nation against information warfare, the U.S. government has adopted a policy—by default, not by design—of relying on the private sector to police itself, with limited behind-the-scenes government assistance. Facebook’s website says: “Our detection technology helps us block millions of attempts to create fake accounts every day and detect millions more often within minutes after creation.” These numbers sound impressive, but they do not tell the whole story. To assess the effectiveness of company defenses, we must distinguish among three types of fake accounts: bots, fictitious user accounts, and impostor accounts. Russian agents have created and operated all three types of accounts.

     

  • A Cyberattack Could Wreak Destruction Comparable to a Nuclear Weapon

    People around the world may be worried about nuclear tensions rising, but I think they’re missing the fact that a major cyberattack could be just as damaging – and hackers are already laying the groundwork. The threat of a new nuclear arms race is serious – but the threat of a cyberattack could be as serious, and is less visible to the public. So far, most of the well-known hacking incidents, even those with foreign government backing, have done little more than steal data. Unfortunately, there are signs that hackers have placed malicious software inside U.S. power and water systems, where it’s lying in wait, ready to be triggered.

  • How Data Privacy Laws Can Fight Fake News

    Governments from Russia to Iran have exploited social media’s connectivity, openness, and polarization to influence elections, sow discord, and drown out dissent. While responses have also begun to proliferate, more still are needed to reduce the inherent vulnerability of democracies to such tactics. Recent data privacy laws may offer one such answer in limiting how social media uses personal information to micro-target content: Fake news becomes a lot less scary if it can’t choose its readers.

  • New Vulnerability Found in Internet-Connected Building Automation Devices

    Critical internet-connected smart building devices used in countless commercial and industrial properties, have been found to be vulnerable to a new malicious attack. The vulnerability exploits the properties in the building automation protocol (Bacnet) which enables technicians and engineers performing monitoring, setup changes and remote control of a wide range of key smart systems that impact temperature control, and other monitoring systems.

  • U.S. Elections Are Still Not Safe from Attack

    Russia’s attack on American elections in 2016, described in Special Counsel Robert Mueller’s recent report as “sweeping and systematic,” came as a shock to many. It shouldn’t have. Experts had been warning of the danger of foreign meddling in U.S. elections for years. Already by 2016, the wholesale adoption of computerized voting had weakened safeguards against interference and left the United States vulnerable to an attack. So, too, the shift to digital media and communications had opened new gaps in security and the law that could be used for manipulation and blackmail.

  • Hacking One of the World's Most Secure Industrial Programmable Logic Controllers (PLC)

    Researchers have managed to take control of a Siemens PLC, which is considered to be one of the safest controllers in the world. As part of the attack, the researchers analyzed and identified the code elements of the Siemens proprietary cryptographic protocol, and on the basis of their analysis, created a fake engineering station, an alternative to Siemens’ official station. The fake engineering station was able to command the controller according to the will of the attackers.

  • A Hacker’s Treasure: IoT Data Not Trashed

    While consumers are aware that data needs to be wiped from smart phones and computers before discarding, the proliferation of internet connected (IoT) devices poses new challenges and risks, as they too retain valuable data.

  • Foreign Campaign Intervention May Go Way Beyond Russia to China, Iran, North Korea, and Saudi Arabia

    The risk of foreign intervention goes far beyond Russia. Indeed, this type of action has happened many times in U.S. history. What’s new in 2020 is that, over the past few years, Russians have shown other nations how easy it is to sow disinformation and disrupt democratic elections. Many countries, including the United States, seek to make the voting process easy so balloting is designed much more for user-friendliness than electoral security. At the same time, technology companies have created social media platforms that are easily exploited through disinformation, false news, and fake videos. What’s more, the use of this technology to disrupt campaigns is cheap and difficult to trace.

  • Unlocking Market Forces to Solve Cyber Risk

    Markets have been slow to adjust to the multi-dimensional perils of cyber risk. Even headline-grabbing cyber incidents such as breaches of Equifax, Target, Anthem, Sony and Home Depot—along with NotPetya’s devastation of Merck, FedEx, and Maersk—have thus far had only fleeting impacts on assessments of major corporations’ prospects by investors, credit rating agencies and insurers. This disparity reflects the broader problem of a “cyber risk gap” between corporations’ exposure to cyber risks and the adequacy of their efforts to address it. Investors, insurers, credit rating agencies and others presently face this gap, and have been only slowly waking up to its magnitude.

  • Practicing Cybersecurity Gets Easier

    It’s expensive to train the people who defend us from cyberattacks. When big companies hold a large-scale exercise, they often take several months to prepare for it. Lots of people and computers, routers and other hardware form a complex infrastructure to create an attack that is as realistic as possible. That’s a good approach, but at the same time it is time consuming and expensive. This is where the Norwegian Cyber Range comes in, enabling medium and smaller players to train, too.

  • Combatting Russia’s Assault on Democracies: Lessons from Europe

    A 2018 report by the Senate Foreign Relations Committee says: “For years, Vladimir Putin’s government has engaged in a relentless assault to undermine democracy and the rule of law in Europe and the United States. Mr. Putin’s Kremlin employs an asymmetric arsenal that includes military invasions, cyberattacks, disinformation, support for fringe political groups, and the weaponization of energy resources, organized crime, and corruption.” For people pondering the potential effects of Russian interference in the 2020 elections here in the United States, it is worth understanding what other democracies are doing to confront the same problem and what lessons can be learned from their experiences.

  • Tech Companies Not Doing Enough to Fight Phishing Scams

    Technology companies could be doing much more to protect individuals and organizations from the threats posed by phishing, according to new research. However, users also need to make themselves more aware of the dangers to ensure potential scammers do not obtain access to personal or sensitive information.