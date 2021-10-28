National Cyber Director Chris Inglis says he has a plan to gird government agencies against hacking and improve private sector security with new policies. As a key component of that plan, he has picked Chris DeRusha, the federal chief information security officer, to join his office as a deputy for federal government cybersecurity, Inglis told my colleague Ellen Nakashima in an interview.
The details:
- DeRusha will continue to serve as federal CISO where he’s responsible for boosting the cybersecurity standards of dozens of civilian government agencies.
- He’ll also be dual-hatted as a member of Inglis’s office, where he’ll try to gear government’s internal cybersecurity plans and policies to serve the administration’s larger cyber efforts, such as combating ransomware.
- One big job where they plan to work together: Reviewing agencies’ cybersecurity budgets to make sure they align with President Biden’s cybersecurity priorities.
- Another big job: Implementing a May cybersecurity executive order, which, among other things, requires companies that sell software to the government to meet basic cybersecurity standards.
- DeRusha’s north star: He wants to move as much of the government as possible to a “zero-trust” model. That essentially means designing cybersecurity systems to assume all computer network activity is malicious until users prove it isn't.
The hope is that boosting cybersecurity standards and requirements inside government can be a model that pushes industry in the same direction.
“I think we'll use our buying power” with federal contractors to encourage stronger cybersecurity practices, Inglis told Ellen. But “we're not going to be big enough to drive the entire marketplace.”
DeRusha’s dual-hatted role marks the latest move in a radical reshaping and elevating of the government’s cyber mission less than a year into the Biden administration.
A quick rundown:
- Inglis’s position was newly created by Congress last year, designed to be the highest-ever ranking cyber official in the White House who is confirmed by the Senate and a top adviser to the president. He took office in June and will ultimately run a staff of about 75 people.
- Anne Neuberger is serving in a newly created position on the National Security Council as deputy national security adviser for cybersecurity.
- Jen Easterly, director of the three-year-old Cybersecurity and Infrastructure Security Agency, has launched a new office designed for sharing cyber threat information between industry and government. The NSA launched a similar center.
- The Justice Department has launched one new task force focused on combating ransomware and another on broader crimes involving cryptocurrency.
Inglis is also laying the groundwork for more cyber regulations in key industry sectors.
Leaders in the White House and Congress have said such mandates may be necessary if key industry sectors such as energy, agriculture and transportation don’t raise cyber protections on their own.
“You can't rule that out,” Inglis said of ramping up cyber regulations. “I'm confident that at some point we'll get to that bridge and have to cross it.”
He added that such mandates will come from Congress and would be done “on an exceptional basis as opposed to a primary tool.”
Facebook researchers had deep knowledge of how vaccine misinformation spread on its site
Researchers at the company ran studies and produced internal reports on the types of users most likely to share falsehoods about the virus, according to documents disclosed by Facebook whistleblower Frances Haugen.
“But even as academics, lawmakers and the White House urged Facebook for months to be more transparent about the misinformation and its effects on the behavior of its users, the company refused to share much of this information publicly, resulting in a public showdown with the Biden administration,” our colleagues Gerrit De Vynck, Cat Zakrzewski and Cristiano Lima report. “Taken together, the documents underline just how extensively Facebook was studying vaccine misinformation on its platform as the virus tore across the world, unearthing findings that concerned its own employees.”
Watch out for Iranian influence ahead of renewed nuclear talks
Iranian operations to influence U.S. public opinion on social media and elsewhere may increase as the United States and Iran prepare for potential talks about the country’s nuclear program in November, Mandiant vice president of intelligence analysis John Hultquist told us.
“In 2020, they kind of took the cake for the most aggressive [information] operations during the election and it surprised me,” Hultquist said. “I was expecting to see more aggressive Russian operations and there were definitely Russian operations, but the Iranian operation was very aggressive to the point where we were somewhat surprised.”
Iran is also likely to step up its digital spying efforts against anyone that might have insight into U.S. planning for the talks, Hultquist told us. Potential targets include officials from the United States and allied nations and even think tanks.
“I would expect them to be carrying out collections in advance of anything like that against any party they assume will have information that could benefit them or give them the upper hand,” he said. Reviving the 2015 nuclear deal was a central goal of President Biden’s 2020 campaign. But in the months since he was inaugurated, Iran has appeared to inch closer to being able to produce a nuclear weapon.
There’s less likely to be any change in the pace of disruptive or destructive hacks linked to Tehran, Hultquist said.
Iran’s hacking efforts against U.S. targets peaked with brazen cyberattacks against U.S. banks between 2011 and 2013. But they largely cooled off when nuclear talks began with the Obama administration. They haven’t resumed in earnest since then even though many experts predicted cyber volleys after former president Donald Trump exited the Iran nuclear deal or after the U.S. killing of Iranian Maj. Gen. Qasem Soleimani.
Russia-linked hackers say they’ve breached the National Rifle Association
The ransomware group dubbed “Grief” posted 13 apparently stolen files in an attempt to get the gun rights organization to pay a ransom, NBC News’s Kevin Collier reports.
Researchers say Grief is a rebranding of the U.S.-sanctioned cybercriminal gang Evil Corp. Those sanctions would likely make it illegal to pay the group a ransom under U.S. law.
Though ransomware groups are known for their bluster, Grief isn’t known for taking credit for other groups’ hacks. “I’m not aware of any incidents in which Grief/Evil Corp has attempted to take credit for other operations’ attacks,” Emsisoft’s Brett Callow told Collier.
The NRA neither confirmed nor denied the breach in a statement on Twitter:
A “cyber event” hit a major U.S. dairy company
Schreiber Foods’s operations were affected starting Friday and it began bringing its plants and distributions up on Monday, spokesman Andrew Tobisch told CyberScoop’s Tim Starks. Tobisch declined to say whether it was a ransomware attack.
It’s the latest cyber incident to affect the food and agricultural sectors. “The May ransomware attack on meat supplier JBS, in which the firm paid an $11 million extortion fee, was the most prominent, followed by attacks on two grain cooperatives,” Starks writes. “Attackers hit Iowa-based New Cooperative in September, demanding $5.9 million, and Crystal Valley Cooperative, a Minnesota agriculture supplier.”
The New America think tank and #ShareTheMicInCyber will launch a fellowship next year for “marginalized and diverse” cyber professionals, per the think tank. Share The Mic is a Twitter campaign aimed at elevating the experience of Black cyber workers,
Google, Twitter and Craig Newmark Philanthropies are funding the partnership. Fellows will “dive deep on technical and policy challenges, expand their networks, and hone professional skills like media engagement,” New America said.
