with Aaron Schaffer

The Biden administration is plunging ahead in a pair of high-profile cybersecurity investigations into North Korean and Russian hackers, shedding light on how it plans to crack down on foreign hackers after the Trump administration downplayed the issue in the 2016 election and its aftermath.

The Biden administration yesterday elaborated on its ongoing investigation into a massive Russian hack of at least nine government agencies and about 100 companies tied to the SolarWinds breach.

The White House is focused on “working to expel the adversary, we are working to build those networks and improve the cybersecurity of federal networks, and we're also carefully thinking through how we respond,” Anne Neuberger, national security adviser for cyber and emerging technology, told reporters in her first White House briefing.

The Russia probe response includes plans for an executive order to address security gaps raised by the investigation, she announced.

“Because of the sophistication it's taking layer by layer, but we're working at the same pace to ensure we lock down networks and really think through how to ensure this doesn't happen again in the future,” Neuberger said.`

The Biden administration has not laid out any specific plans for retaliation against Russia, but Neuberger says the conversations are underway. Biden last month denounced Russian hackers in a call with Russian President Vladimir Putin and has promised to weigh Russian hacking alongside other aggressions in his Russia policy.

The investigation into the massive Russian hack and recovery efforts will take months.

The U.S. government is not ruling out the possibility of additional breaches being uncovered or that hackers may have had motives beyond espionage.

When there is a compromise of this scope and scale, both across government and across the U.S. technology sector, to lead to follow-on intrusions, it is more than a single incident of espionage,” Neuberger said. “It’s fundamentally of concern for the ability for this to become disruptive.”

Russia also got a rebuke in new charges against North Korean hackers.

The Justice Department is charging two additional hackers and adding more than $1.3 billion in attempted financial crimes to 2018 hacking charges against North Korean hackers for the Sony Pictures hack, Ellen Nakashima reported

Officials say the indicted hackers worked at times out of both Russia and China, which are known to harbor cybercriminals from prosecution. North Korean hackers also used Chinese cryptocurrency traders and criminal networks to launder funds.

“The time is beyond ripe for Russia and China, as well as any other country whose entities or nationals play a role in the DPRK revenue generation to take action,” said John C. Demers, assistant attorney general for national security. 

North Korea's cyberattacks will shape the president's policy toward North Korea.

The country's history of hacking the United States and its allies is something the State Department is carefully evaluating, spokesperson Ned Price told reporters yesterday.

We know from previous casesthat North Korea poses a significant cyber threat to financial institutions. It remains a cyber espionage threat. It retains the ability to conduct disruptive cyberattacks, and several of those cases in the past are quite high-profile and prominent,” Price said.

Indicting hackers is a first step toward setting international hacking red lines for adversaries.

While it's unlikely that the Justice Department will be able to actually bring the North Korean hackers to trial, law enforcement says the indictments are important to helping international partners with their investigations and attributing activity to North Korea.

They're also a warning shot to adversaries.

The investigations are framed “with a view of creating norms for nation state behavior in cyberspace and then encouraging those countries that are breaking those norms to follow them" as well as "warning other countries who may be thinking of engaging in that kind of behavior that we will catch them out and call them out,” Demers said.

The investigation into Russian and the North Korean indictments come amid a push by lawmakers to systemize the State Department's role in making cyber policy through diplomacy.

“The hackers indicted today may not be in custody yet, but our reach is long, time is on our side and their world just got a whole lot smaller, said Rep. Jim Langevin (D-R.I.), chairman of the House Armed Services Committee’s subcommittee on cyber, innovative technologies, and information systems and a member of the Cyberspace Solarium Commission. 

I look forward to working with the Biden administration to ratchet up the pressure on Kim Jong Un and his enablers in China and Russia to stop these campaigns, he said, adding a push for Congress to pass legislation to codify the role of the State Department in cyberspace diplomacy.

The keys

A top senator is pressing federal authorities for answers on a Florida water treatment plant hack.

Senate Intelligence Committee Chairman Mark R. Warner (D-Va.) asked the FBI and Environmental Protection Agency (EPA) for answers about a cyberattack on a Florida water treatment plant.

Warner wants the EPA to review whether the Oldsmar plant was compliant with federal water security plans — and whether that plan, which was updated in 2015, should be updated. He also wants confirmation that the U.S. government is sharing information on threats to water and critical infrastructure providers.

The hack received congressional attention after a Florida sheriff said that the hacker tried to poison the water supply by increasing the supply of lye. At the time, Sen. Marco Rubio (R-Fla.) tweeted that it “should be treated as a matter of national security,” while Rep. Jim Langevin (D-R.I.) noted the hack is “the type of activity that keeps me up at night.”

Civil rights groups want Biden to oppose facial recognition technology.

They want the Biden administration to freeze federal use of the technology and block funds from being used by local governments to buy or access AI tools, Drew Harwell reports

The push by the nearly 50 groups, including Amnesty International, the Electronic Frontier Foundation and Freedom House, is an attempt to persuade Washington’s Democratic-controlled government, which could be more receptive to their arguments than the previous administration. 

“Even if the technology worked perfectly, it would facilitate the mass tracking of each person’s movements in public space — something intolerable in a free and open society,” the letter states. “We cannot allow its normalization.” The White House did not respond to requests for comment.

Research has shown that facial recognition is less effective on people with darker skin and has led to false arrests. Law enforcement officials, who say the tool is useful for fighting crime, have pushed back against local and federal proposals to ban the technology.

A faulty coronavirus tracking app exposed the sensitive documents of travelers to Jamaica.

The app, which was designed so that travelers could submit negative coronavirus test results before traveling to the island nation, stored the files on the Internet without a password, TechCrunch’s Zack Whittaker reports. The breach includes more than 425,000 immigration documents and more than 440,000 images of traveler signatures. Americans were among the victims.

The data is now secure. It is not clear when the documents were first uploaded to the exposed Amazon Web Services server, but documents dating back to June 2020, when the country began welcoming back tourists, were found on it.

Global cyberspace

Mentions

  • David Mussington, a cyber policy professor at the University of Maryland, has been appointed as a senior adviser at the Cybersecurity and Infrastructure Security Agency, he wrote on LinkedIn.
  • New Biden administration hires include Melanie Hart, a former Center for American Progress senior fellow tasked with examining some Huawei policies at the State Department; and Elizabeth Rosenberg, a former senior fellow at the Center for a New American Security who has called for strengthening supply chain measures.
  • Van Scoyoc Associates has registered to lobby for the Bank Policy Institute, which represents the country's biggest banks. Albert Kammler and Norma Krayem plan to lobby on cybersecurity, intelligence and national security issues.

Daybook

  • Brandon Wales, the acting director of the Cybersecurity and Infrastructure Security Agency, speaks at an event hosted by the Business Council for International Understanding today at 10 a.m.
  • Georgia secretary of state Brad Raffensperger speaks at a webinar on the future of secure and transparent elections today at 10 a.m. The event is hosted by MITRE’s Center for Data-Driven Policy and the Center for Securing the Homeland.
  • Cybersecurity executives speak at a virtual conference hosted by Cobalt today at 11 a.m.
  • NextGov hosts a supply chain security event today at 1 p.m.
  • AFCEA hosts a webinar on Defense Industrial Base cybersecurity standards on Friday at noon.
  • National Cyber Security Alliance executive director Kelvin Coleman speaks at an event hosted by the Institute for Gulf Affairs that will focus on Gulf countries’ social media and technological repression. The event begins at 10 a.m. on Feb. 22.
  • Microsoft President Brad Smith and former Google CEO Eric Schmidt testify at a Senate Armed Services Committee hearing on emerging technology on Feb. 23 at 9:30 a.m.
  • Former DARPA director Victoria Coleman, former acting deputy defense secretary Christine Fox and American Enterprise Institute resident fellow Klon Kitchen testify at a House Armed Services Committee cyber panel hearing on Feb. 23 at 11 a.m.

Chat room

Cybersecurity reporter Patrick Howell O'Neill and researcher Kevin Beaumont had this thought-provoking exchange on cybersecurity in response to a comment made by an official during the press call on the North Korean indictments:

Same

Secure log off