with Aaron Schaffer
Other witnesses include Nina Jankowicz, a disinformation fellow at the Wilson Center; Herb Lin, senior research scholar at the center for international security and cooperation at Stanford University; as well as Joseph Kirschbaum, director of the defense capabilities and management team at the Government Accountability Office.
The hearing underscores how the United States has struggled to combat the emerging cyberthreat of information warfare.
The rise of social media and other emerging technologies has enabled foreign adversaries to escalate their offenses in recent years. Russia and other adversaries relied on social media, bots and data leaks to stir up trouble in both the 2016 and 2020 elections. In 2019, the FBI became aware that Trump campaign advisor Rudolph W. Giuliani was the target of a Russian influence campaign, as Ellen Nakashima, Shane Harris and Tom Hamburger scooped yesterday. The warning reflects a broader concern by U.S. intelligence about Russia's influence operations during the election, they wrote.
The U.S. intelligence community warned that “Russia will remain a top cyber threat as it refines and employs its espionage, influence, and attack capabilities,” in its annual worldwide threats report earlier this year. Other adversaries, such as China and Iran, are also stepping up their information warfare, the report warns.
Engagement in information operations also isn't limited to election cycles: China and Russia launched disinformation campaigns around the coronavirus. Experts say that kind of interference will only get worse.
But so far the United States has failed to respond to those escalations with an integrated government approach, Jankowicz says in her written testimony.
“Rather than organizing crosscutting, proactive, whole-of-government responses, we have mostly stood up ad hoc capabilities only when necessary, such as election war rooms before events like the 2018 and 2020 elections,” she writes.
Experts will say the United States can learn from how cyberthreats have evolved in addressing growing online information operations.
Gerstell, a senior adviser at the Center for Strategic and International Studies, will warn that foreign intelligence agencies are taking a page from cyber criminals' playbook by operating just far enough under the radar to avoid repercussions.
“The same factors that shield those foes in hacks and attacks — the uncertainty of provable attribution, the absence of directly caused actual injury or physical damage and other factors — also will insulate them as they inevitably step up their disinformation campaigns,” he says in his written testimony.
The hearing comes just weeks after the Biden administration sanctioned Russian companies and actors for interfering in the U.S. elections as well as a massive cyberattack that infiltrated nine federal agencies.
The Biden administration has responded to the SolarWinds breach by committing to enhancing the federal cybersecurity workforce. Jankowicz will suggest a similar approach of creating a workforce “of skilled people with a nuanced understanding of the threat who are capable of applying the full range of tools and techniques for monitoring, detecting and responding to information operations.”
Correction: An earlier version of this newsletter cited a report that incorrectly stated that Giuliani had been warned about the Russian influence campaign.
Investigators found evidence of cyber breaches in at least five federal agencies.
The agencies were hit through a supply-chain attack on popular Pulse Secure virtual private network software, Reuters’s Christopher Bing and Joseph Menn report. Three cybersecurity consultants who have responded to the hacks said that other victims include defense contractors, solar energy firms and telecommunications companies.
Earlier this month, cybersecurity firm FireEye said that a China-linked hacking group was involved in some of the attacks.
“This looks like classic China-based espionage,” Charles Carmakal, the CTO of Mandiant, said at the time. “There was theft of intellectual property, project data. We suspect there was data theft that occurred that we won’t ever know about.”
The White House is working on a plan to combat hacks-for-ransom.
Secretary of Homeland Security Alejandro Mayorkas’s announcement came on the heels of the release of a report by cyber experts who urged the government to combat the growing tide of cyberattacks using ransomware, a malicious software that encrypts systems so that hackers can demand a ransom for unlocking them. He called the attacks a national security threat and committed to implementing “many” of the task force’s 48 recommendations.
The hacks, Mayorkas said, represent “one of the biggest challenges we face.” Hackers have hit thousands of victims during the pandemic, including critical services such as hospitals and police departments.
The Senate passed a water infrastructure bill with cybersecurity provisions.
The $35 billion water infrastructure bill easily passed the Senate, NBC News’s Dareh Gregorian and Frank Thorp V report. The bill’s passage was celebrated by senators including Senate Homeland Security and Governmental Affairs Committee Chairman Gary Peters (D-Mich.), whose provision to develop a cybersecurity framework and plan made it into the final bill.
The Biden administration has endorsed the proposal, which also includes $25 million in annual grants that recipients could use to patch holes in their cyber defenses.
Securing the ballot
Hackers used a software vulnerability to hold businesses’ networks for ransom, researchers say.
More than 100 organizations are believed to have been targeted through a vulnerability in SonicWall virtual private network software, while “a much smaller number” may have been hit with software that locked their data for ransom, cybersecurity firm FireEye said. The group behind the attacks, which FireEye’s Mandiant unit calls UNC2447, is “aggressively financially motivated” and focused on targeting small and medium businesses, according to FireEye.
Cybersecurity reporters discussed the ethics of interviewing hackers who lock and steal data for ransom. MIT Technology Review’s Patrick Howell O’Neill:
(And there should be! The best/only way to address a tricky situation like this is to have reporters, cybersecurity professionals, etc. talk it out in public. Just make sure to have some grace during what's likely to be an ongoing debate.)— Patrick Howell O'Neill (@HowellONeill) April 29, 2021
The Associated Press’s Frank Bajak:
Agreed. Publishing verbatim interviews with ransomware criminals during a crime in progress is a bit like calling a bank robber holding hostages inside a branch surrounded by cops and putting that live on the air.— Frank Bajak (@fbajak) April 29, 2021
Journalist Kim Zetter:
I understand the hate. But interviewing hackers about their crimes has been done for decades and is no different than interviewing a drug dealer. It’s how we learn about their methods and processes and shine a light on the individuals and communities that engage in this.— Kim Zetter (@KimZetter) April 29, 2021
- Leonid Volkov, Russian opposition leader Alexei Navalny’s chief of staff, discusses Russian cyberattacks that target Russian citizens at an Atlantic Council event today at 9:30 a.m.
- The McCrary Institute at Auburn University hosts a panel on digital supply chains today at 11 a.m.
- Deputy Attorney General Lisa Monaco discusses cybersecurity enforcement at the Munich Cyber Security Conference today at 11:20 a.m.
- Former National Security Agency general counsel Glenn Gerstell testifies at a House Armed Services Committee panel’s hearing on the Department of Defense’s information operations strategy today at 3 p.m.
- Rep. Yvette D. Clarke (D-N.Y.), the chair of the House Homeland Security Committee’s cyber panel, and other lawmakers speak at Hack The Capitol 4.0 on May 4.
- Krebs speaks at an event hosted by the U.S. Agency for Global Media and Aspen Digital on disinformation on May 5 at 9 a.m.
- The House Homeland Security Committee’s cyber subcommittee holds a hearing on hacks-for-ransom on May 5 at 2:30 p.m.
- The Intelligence and National Security Alliance holds an event on zero trust implementation on May 6 at 2:30 p.m.
- Rep. Mike Gallagher (R-Wis.) speaks at a Heritage Foundation event on defense supply chains on May 10 at 1 p.m.