Visible to the public Cyber Scene #9 - Private Sector Cyber Voices Speak as Congressional Committees Move to Closed SessionsConflict Detection Enabled

Cyber Scene

Cyber Scene is intended to provide an informative, timely backdrop of events, thinking, and developments that feed into technological advancement of SoS Cybersecurity collaboration and extend its outreach.

As we read in our discussion last month of cyber security seen from the optic of Congressional testimony, cyber has been politically weaponized and is now a 21st Century tool of warfare. Such an application has occurred in the U.S., directed by nation states with the collaboration of private sector players, and is presently, reportedly, playing a role in the French presidential election.

In an effort to inform this already tech-savvy readership of additional perspectives, we now look at the threats as seen by intelligent thinkers--the New York Times, Johns Hopkins University, a cyber expert legal authority, and briefly, a British Member of Parliament--before returning to a short update on extraordinary Congressional cyber events.

National Security Journalists

As cyber attacks come to be viewed as ubiquitous and the possibility of avoiding any threat restricted to an isolated 12th century-like monk, the New York Times Magazine started 2017 with a detailed analysis of the global high-tech theft ring which has put the politicization of cyber hacking to lucrative use. Author Mattathias Schwartz, a national security investigative reporter who has published in a wide-ranging spectrum of media, explores the nefarious industrial surge in cyber security in the "Cyber War, Inc." (print version) or "Cyber for Sale "(electronic).

He analyses the global industrialization of email theft with the point of departure being the hack of a surveillance software maker. In his study he explains, for the general populace, means of hacking into email accounts and the way hackers turn this theft into attacks on individuals, institutions, agencies, and governments. He identifies private firms that facilitate, for little money and scant expertise, such "terrifying" intrusions. Joel Brenner, former NSA IG, is quoted saying: "The technology is morally neutral. The same program that you use to monitor your babysitter might be used by Bashar Assad or Abdel Fattah el-Sisi to keep track of whomever they don't like." Schwartz goes on to look into the relationship with one of the hacking leaders, Hacking Team, and their relationship with Russia's FSB, formerly the KGB. The company located an American subsidiary in Reston VA in 2015 and pitched DOJ, US military, and even Royal Canadian Mounted Police as future hires. He also quotes FBI Director James Comey's "Going Dark" speech, noting that "The law hasn't kept pace with technology, and this disconnect has created a significant public-safety problem." At variance with the US Government urging, US businesses have expanded the sales of powerful cyber tools world-wide. One perspective he cites equates privacy with secrecy, and secrecy with terrorism.

Another national security and technology journalist, also linked like Schwartz to The Intercept, is Jenna McLaughlin who writes in Johns Hopkins Magazine on what she calls the "Internet of Bad Things," underscoring the fact referenced by Schwartz that computers connect everything, ..."and that's the problem." She expands on Joel Brenner's example of the babysitter monitor, including so-called innocuous gadgets such as a fitness watch, an E-Z Pass toll transponder, or your locks securing your home as examples of threats. She probes a distributed denial of service (DDOS) attack on a prominent cybercrime reporter that took down his system for days. She discusses the roots of these insecurities, originating with the creation of the internet. One such internet architect now at Google, Vinton G. Cerf, regrets that they didn't focus on how the system could be ruined intentionally. Addressing the inevitability of attacks, she closes in the only hope that one is not "...interesting enough to be a target."

Legal and British Views

To return the Government's role in Personal Privacy and National Security, legal cyber expert Stewart Baker addressed the issue in a presentation on 22 February 2017. A private practice lawyer and former General Counsel of NSA in the early 1990's, Baker delved into the challenges in protecting individuals, from George Soros to those with pacemakers. He noted that despite increased funding, security has worsened due to:

  1. new incentives to exploit security holes
  2. nation-states "enthusiastically" engaging in stealing secrets, from China's theft of OPM records to the more recent Russian cyber security involvement in the US election.

He cautioned to expect more intrusions. Both political and economic motivation is at play, and builds on past success. He felt encryption was oversold as a solution to intrusion, and that the US Government is hampered by intruders moving at the "speed of light, not the speed of lawyers." He underscored the remnants of "digital DNA" left all over the world and closed by saying that we need to accept the fact that we are losing our privacy as we "embrace the Internet of Things." (See below for CD info)

As a reminder of the global impact of these threats, Baroness Margaret Jay, both a Member of the British Parliament and a board member of British Telecom, presented on The Aftermath of Brexit in the same Global Issues forum on 13 February 2017. In a follow-up question by your author following the MP's presentation, she confirmed that collaboration across the Pond between the UK and the US would most certainly continue post- Brexit, given that we share both the threats as well as the technology and generally unity of political will to counter them. Both presentations in their entirety are available for purchase through the Global Issues Program at the Sarasota Institute of Lifetime Learning.

Back on the Hill

Returning briefly to Congress, SecDef General James Mattis, who now commands both the Commander of CYBERCOM and the Director of NSA (dual-hatted), soberly cautioned that the biggest cyber attacks may still be to come in his confirmation hearings before the Senate Armed Services Committee (SASC). Since then, the SASC held an open hearing on Russian Influence and Unconventional Warfare Operations on 29 March, and a closed hearing on Cyber Threats to the United States on 4 April. As for the Hill Intelligence Committees, following the front page news of the tectonic recusal of Senator Nunes as Chairman of the House Permanent Select Committee on Intelligence (HPSCI) hearings on the cyber influence/involvement of Russia in the U.S. elections, the duties passed to his Majority No. #2, Representative Conaway. The HPSCI has not held open hearings, per their own recordation, since then.

The Senate Select Committee on Intelligence (SSCI) chaired by Senator McCain has forged full speed ahead, with eight closed hearings and one open one which we will dissect in appropriate detail our next edition of Cyber Scene.