with Bastien Inzaurralde
The State Department's top cybersecurity diplomat, Robert Strayer, tells me the consequences could include joint announcements of criminal charges against hackers or financial sanctions.
The important point, he stressed, is that allied nations will be working together to draw hard lines about what’s in and out of bounds in cyberspace.
“It’s about bringing swift and transparent consequences that will change their calculus,” Strayer said on the sidelines of the RSA Conference. He is working with allies on ensuring that punishment comes as quickly as possible after officials determine a nation is responsible for a hack.
Strayer says he's talking with some foreign officials who are attending RSA about how they might impose joint consequences.
The plan is a further indication that when it comes to cybersecurity, the Trump administration has eschewed its go-it-alone approach.
Indeed, when it comes to changing bad behavior in cyberspace, “there’s strength in numbers,” Australian Ambassador for Cyber Affairs Tobias Feakin told me.
Australia is among the nations that joined the United States over the past 18 months in publicly blaming North Korea for the 2017 WannaCry attack, which infected computers in more than 150 nations and cost billions of dollars. And it joined the United States to blame Russia for the 2017 NotPetya malware campaign that wiped data from computers at banks and energy firms.
Australia also joined the United States and a dozen other nations in attributing a decade-long campaign to steal intellectual property from hordes of companies to a Chinese hacking group called APT 10, or Stone Panda.
“It sends a very clear message that it’s not just one country saying: ‘This is not okay,’ ” Feakin told me. “It’s a group of countries saying as a community: ‘This is not okay and we don’t expect this kind of behavior to happen again.’ ”
The coordination on hacking consequences is part of a broader U.S. government effort to deter adversaries in cyberspace including by raising the defenses of U.S. companies, and by U.S. Cyber Command more often hacking back against adversaries.
Strayer expects to have details worked out with other nations to start rapidly imposing joint consequences this year, he told me.
He declined to say which nations might be targeted with the collective consequences, but noted the United States has traditionally grappled with just four main cyberspace adversaries: Russia, China, Iran and North Korea.
|You are reading The Cybersecurity 202, our must-read newsletter on cybersecurity policy news.|
|Not a regular subscriber?|
PINGED: Huawei sued the federal government Wednesday, seeking to reverse a governmentwide ban on its products that became law in August. The lawsuit, filed in a federal court in Texas, essentially argues the U.S. government mistreated the Chinese tech giant by singling it out for punishment. It comes while the U.S. is urging allies to ban Huawei from their 5G networks – a major diplomatic push that will be far more consequential for Huawei’s bottom line and for China’s global standing than the government ban.
The prospects for the lawsuit aren’t good. The Russian anti-virus company Kaspersky made nearly the same argument after a similar governmentwide ban and lost at the district court and appeals court levels. The suit will, however, give Huawei a prominent venue to air its gripes against the U.S. government as the 5G dispute continues to gather steam. Reuters’s Sijia Jiang reported Wednesday that the telecom giant was launching a major messaging and public relations campaign over the 5G fight, including attempting to hire about 10 senior Reuters journalists.
The United States’ foreign allies, meanwhile, remained “skeptical” of U.S. officials push to ban Huawei from 5G networks, The Washington Post's Ellen Nakashima and Brian Fung reported. “They understand there’s a security concern,” Strayer told my colleagues. “The issue is how you solve it. Our position is there’s no way to effectively manage it. In a 5G network that relies on millions of lines of code, it only takes one line of code to compromise the network.”
PATCHED: Microsoft said a hacking campaign tied to an Iranian group has targeted more than 200 companies in the past two years, the Wall Street Journal's Robert McMillan reported. The attacks, which targeted more than 2,200 people, were carried out by a group that Microsoft calls Holmium and increased late last year. The hackers used phishing emails that can steal or erase data if victims click on them.
“It caused damages estimated at hundreds of millions of dollars in lost productivity and affected oil-and-gas companies, heavy-machinery manufacturers and international conglomerates in more than a half-dozen countries including Saudi Arabia, Germany, the U.K., India and the U.S.,” McMillan wrote.
Iranian hackers have recently concentrated their attacks in the Middle East but previously targeted U.S. critical infrastructure including a barrage against U.S. financial firms between 2011 and 2013. “They’re definitely sharpening their skills and moving up their capabilities,” John Hultquist, director of intelligence analysis at FireEye, told the Journal. “When they turn their attention back to the United States, we may be surprised by how much more advanced they are.”
PWNED: Facebook, which built its business on the free sharing of information, will pivot to offering more encrypted services, The Post's Elizabeth Dwoskin reported. The shift, which was announced in a lengthy post by Facebook chief executive Mark Zuckerberg, is a blow to federal law enforcement, which has urged tech companies to cooperate on ways to allow police to access some encrypted communications.
“While offering few specifics, Zuckerberg said the company would move from being a social network where people broadcast information to large groups — a town hall — to a service that is modeled after a living room, where people communicate with smaller, trusted groups,” my colleague reported.
Just a day before Zuckerberg's announcement, FBI Director Christopher A. Wray said the problems that encryption poses for law enforcement are “getting worse and worse,” as Gizmodo's Patrick Howell O'Neill reported. “It can’t be a sustainable end state for there to be an entirely unfettered space that’s utterly beyond law enforcement for criminals to hide,” Wray said at RSA. “We have to figure out a way to deal with this problem.”
— Gen. Paul Nakasone, the director of the National Security Agency and commander of U.S. Cyber Command, recommended that a split of the two organizations be pushed back to 2020, Defense One's Patrick Tucker reported. Nakasone made the recommendation to then-Defense Secretary Jim Mattis in August 2018. “That’s another delay for an organizational change first planned for in 2016 and since slowed to allow officials time to sort out the authorities for the civilian agency and military command and ensure that both entities can perform well independently,” Tucker wrote. Nakasone declined during a keynote address at RSA to confirm when the split will happen, saying that’s the president’s decision.
— Three Democratic senators on the Senate Intelligence Committee asked Director of National Intelligence Daniel Coats to declassify a letter he sent in October responding to their inquiries on whether China interfered in U.S. elections in 2016 and 2018. “There may be no intelligence issue in which the public interest is stronger than foreign influence with regard to U.S. elections,” Sens. Ron Wyden (Ore.), Martin Heinrich (N.M.) and Kamala D. Harris (Calif.), who is running for the Democratic nomination for the 2020 presidential election, told Coats in a letter. “It is critically important that the American people understand which specific activities each of our adversaries have or have not undertaken, and to what degree.”
— A report from the Department of Homeland Security's Office of Inspector General said DHS has made progress protecting U.S. election infrastructure but the agency must do more, TechCrunch's Zack Whittaker reported. “Making matters worse, the 102 advisors tasked with protecting more than a dozen critical infrastructure sectors — including elections — have shifting priorities, and are often told to ‘focus on the next widespread or known event,’ such as preventing school shootings and preparing for major events,” TechCrunch reported.
— More cybersecurity news from the public sector:
— Chinese authorities use different tactics from Russia to carry out influence operations on social media in the United States, according to a report from the cybersecurity company Recorded Future. Social media accounts controlled by the Chinese state did not try to conduct a vast online influence operation before the U.S. midterm election last year, as Russia did, the researchers concluded. Rather, “we believe that the Chinese state has employed a plethora of state-run media to exploit the openness of American democratic society in an effort to insert an intentionally distorted and biased narrative portraying a utopian view of the Chinese government and party,” the researchers wrote.
— More cybersecurity news from the private sector:
— Russian President Vladimir Putin told top officials of Russia's domestic security service FSB to bolster the protection of sensitive information against foreign spies' attempts to obtain such data, the Associated Press's Vladimir Isachenkov reported. “They are looking for access to political, economic, scientific and technological information,” Putin said, according to the AP. “That means that your work should become even more effective.”
— More cybersecurity news from abroad:
- The Brookings Institution holds a discussion on “How to improve cybersecurity career and technical education” on March 13.
Republican lawmaker compares influx of migrants to D-Day invasion:
Rep. Barragán's heated exchange with Nielsen for her department's treatment of asylum seekers: