Category Archives: Legislation

Cyber: ‘Our adversaries have grown more emboldened’

Posted on by

Primer:

Russia hasn’t been sufficiently penalized for its meddling in the 2016 U.S. elections and that has emboldened Moscow to continue interfering in American elections, Adm. Michael Rogers, Commander of the U.S. Cyber Command, told the Senate Armed Services Committee on Tuesday.

“They haven’t paid a price sufficient to change their behavior,” Rogers said under questioning by Sen. Richard Blumenthal, D-Conn. Although the United States has taken some actions, including imposing additional sanctions and Special Counsel Robert S. Mueller III has indicted more than a dozen Russians for their role in the interference, “it hasn’t changed the calculus,” Rogers said, adding that “it hasn’t generated the change in behavior that we all know we need.”

In another exchange with Sen. Elizabeth Warren, D-Mass., Rogers said that Russian President Vladimir Putin has probably come to the conclusion that “that there’s little price to pay here so I can continue the activity” of interfering in the U.S. election system. More here.

*** In context however, where is Senator(s) Warren and Blumenthal’s proposed legislation on sanctions or punishment toward Russia for cyber and active measures interference? It was political posturing by Warren and Blumenthal when they can introduce multi-faceted legislation as Russia, China and North Korea continue to attack the United States via layered cyber operations including espionage.

Meanwhile…. Image result for admiral rogers nsa photo

WASHINGTON, Feb. 27, 2018

Although competitors such as China and Russia remain the greatest threat to U.S. security, rogue regimes such as Iran and North Korea have increased in capabilities and have begun using aggressive methods to conduct malicious cyberspace activities, the military’s top cyber officer told Congress today.

Navy Adm. Michael S. Rogers, director of the National Security Agency, commander of U.S. Cyber Command and chief of the Central Security Service, testified at a Senate Armed Services Committee hearing.

“Our adversaries have grown more emboldened, conducting increasingly aggressive activities to extend their influence without fear of significant consequence,” Rogers said. “We must change our approaches and responses here if we are to change this dynamic.”

But as the cyber domain has evolved, Rogers told the senators, Cybercom’s three major mission areas endure: protecting the Department of Defense Information Network; enabling other joint force commanders by delivering effects in and through cyberspace; and defending the nation against cyber threats through support to the Department of Homeland Security and others when directed to do so by the president or secretary of defense.

Cybercom Milestones

Rogers highlighted milestones in Cybercom’s growth.

Joint Force Headquarters DODIN, the subordinate headquarters responsible for securing, operating and defending the Defense Department’s complex information technology infrastructure, has achieved full operational capability, he said.

Joint Task Force Ares, created to lead the fight in cyber against the Islamic State of Iraq and Syria, has successfully integrated cyberspace operations into broader military campaigns, has achieved some “excellent results,” and will continue to pursue ISIS in support of the nation’s objectives, the admiral told the Senate panel.

Cybercom also has significantly enhanced training in cyber operation platforms to prepare the battlespace against key adversaries, he said.

Milestones expected to be achieved this year include Cyber Command’s elevation to a combatant command responsible for providing mission-ready cyberspace operations forces to other combatant commanders, Rogers said.

New Facility

In addition, the admiral said, Cybercom will be moving into a state-of-the-art integrated cyber center and joint operations facility at Fort Meade, Maryland, enhancing the coordination and planning of operations against cyber threats.

“Without cyberspace superiority in today’s battlefield, risk to mission increases across all domains and endangers our security,” Rogers said.

Cybercom’s focus on innovation and rapid tech development has extended all the way to small businesses and working with the private sector while maintaining cybersecurity, Rogers told the committee.

“We intend in the coming year to create an unclassified collaboration venue where businesses and academia can help us tackle tough problems without needing to jump over clearance hurdles, for example, which for many are very difficult barriers,” Rogers explained.

After serving more than four years as a commander of Cybercom and after nearly 37 years of service as a naval officer, Rogers is set to retire this spring.

“I will do all I can during the intervening period to ensure the mission continues, that our men and women remain ever motivated, and that we have a smooth transition,” he said.

Estimating the Costs of Cyber Attacks Against the U.S., Billions

Posted on by

Image result for cyber attacks against the united states 2018

photo

Cyberattacks cost the United States between $57 billion and $109 billion in 2016

The report published by the White House Council of Economic Advisers examines the cyberattacks cost that malicious cyber activities cause to the U.S. economy.

Paganini: How much cost cyber attacks to the US? According to a report published by the White House Council of Economic Advisers last week, the cyberattacks cost between $57 billion and $109 billion in 2016, and things can go worse in the future.

“This report examines the substantial economic costs that malicious cyber activity imposes on the U.S. economy. Cyber threats are ever-evolving and may come from sophisticated adversaries. Due to common vulnerabilities, instances of security breaches occur across firms and in patterns that are difficult to anticipate.” states the report.

“Firms in critical infrastructure sectors may generate especially large negative spillover effects into the wider economy.”

The report analyzed the impact of malicious cyber activities on public and private entities, including DoS attacks, sabotage, business disruption, and theft of proprietary data, intellectual property, and sensitive financial and strategic information.

Damages and losses caused by a cyber attack may spill over from the initial target to economically linked organizations. More exposed are critical infrastructure sectors, at attack against companies and organization in this industry could have a severe impact on the US economy.

The document warns of nation-state actors such as Russia, China, Iran, and North Korea, that are well funded and often conduct sophisticated targeted attacks for both sabotage and cyber espionage.

“Finally, and perhaps most important, if a firm owns a critical infrastructure asset, an attack against this firm could cause major disruption throughout the economy.” reads the report.

“Insufficient cybersecurity investment in these sectors exacerbates the risks of cyberattacks and data breaches. The economic implications of attacks against critical infrastructure assets are described in more detail later in the paper. “

US cyberattacls cost

The reports also warn of devastating cyberattacks that would target sectors that are internally interconnected and interdependent with other sectors.

The report offered little in the way of new recommendations on improving cybersecurity, but noted that the situation is hurt by “insufficient data” as well as “underinvestment” in defensive systems by the private sector.

“Cyber connectivity is an important driver of productivity, innovation, and growth for the U.S. economy, but it comes at a cost. Companies, individuals, and the government are vulnerable to malicious cyber activity.” concludes the report. “Effective public and private-sector efforts to combat this malicious activity would contribute to domestic GDP growth. However, the ever-evolving nature and scope of cyber threats suggest that additional and continued efforts are critical, and the cooperation between public and private sectors is key.” 

***

The forecast of the cost damage in coming years….

In part from Forbes: In 2015, the British insurance company Lloyd’s estimated that cyber attacks cost businesses as much as $400 billion a year, which includes direct damage plus post-attack disruption to the normal course of business. Some vendor and media forecasts over the past year put the cybercrime figure as high as $500 billion and more.

From 2013 to 2015 the cyber crime costs quadrupled, and it looks like there will be another quadrupling from 2015 to 2019. Juniper research recently predicted that the rapid digitization of consumers’ lives and enterprise records will increase the cost of data breaches to $2.1 trillion globally by 2019, increasing to almost four times the estimated cost of breaches in 2015.

The World Economic Forum (WEF) says a significant portion of cybercrime goes undetected, particularly industrial espionage where access to confidential documents and data is difficult to spot. Those crimes would arguably move the needle on the cyber crime numbers much higher.

Large banks, retailers, and federal agencies make the headlines when they are hacked – but all businesses are at risk. According to Microsoft, 20% of small to mid sized businesses have been cyber crime targets.

For anyone who wants to tally their own bill from cyber crime, check out Cyber Tab from Booz Allen. It is an anonymous, free tool that helps information security and other senior executives understand the damage to companies inflicted by cyber crime and attacks. More here.

 

U.S Ethics Office: we know how to rebuild the public’s trust

Posted on by

Ah what?

February 5, 2018

When we become public servants– custodians of the people’s government–we take an oath.

We take an oath to faithfully perform our duties, an oath to protect and defend the Constitution of the United States.

The success of our Constitution, the success of our government, depends on the trust of the people that we serve. Today, our fellow citizens are suspicious of their government. A recent Transparency International report found that a clear majority of the American People think that corruption is getting worse.1

Fortunately, we know how to rebuild the public’s trust.

We build their trust by doing our jobs, faithfully.

We build their trust by acting solely for the public good and eliminating conflicts of interests.

We build their trust by telling the truth.

The good news is that most of you are carrying out the people’s business with honor and integrity.  You’re keeping your oath. Thank you. Remember what is at stake and take pride in your service.

On the other hand, those who are doing things that undermine the public’s trust, even if they don’t violate a rule, need to stop. Nothing you could gain economically or politically could possibly justify putting our democracy at risk. These are perilous times.

So, keep your oath and earn the public’s trust. We, as public servants, hold our positions of trust “for such a time as this.”

But then…get a load of this document citing how bad things are and what is at the core of the matter.

Image result for u.s. office of ethics

So, if things are so great…then why these issues below?

Financial Conflicts of Interest & Impartiality
An executive branch employee’s personal or “imputed” financial interests or other circumstances may require that the employee be disqualified from working on a particular Government matter, be prohibited from holding specified property, or be prohibited from accepting a payment from a non-Federal source.
Learn More ›

Gifts and Payments
An executive branch employee generally may not give (or solicit contributions for) a gift to an official superior or accept a gift from another employee who receives less pay; generally may not solicit or accept a gift from a “prohibited source” or given because of the employee’s official position, and may be prohibited from accepting a payment from a non-Federal source.
Learn More ›

Use of Government Position & Resources
An executive branch employee is required to act impartially; may not make improper use of Government position, title, or authority; and may not use Government property, nonpublic information, or time (including the time of a subordinate) for other than authorized purposes.
Learn More ›

Outside Employment and Activities
An executive branch employee may be required to seek approval before engaging in an outside activity; may be disqualified from working on a particular Government matter while engaged in the activity; may be prohibited from accepting compensation for an activity; or may be prohibited from engaging in a particular outside activity.
Learn More ›

Post-Government Employment
An executive branch employee may be disqualified from working on a particular Government matter while seeking post-Government employment and, after leaving Government service, a former employee is prohibited from engaging in certain activities.
Learn More ›

Selected Employee Categories
Executive branch ethics provisions generally apply only to Government “employees”; may apply only to certain categories of employees or may apply differently to certain categories of employees or not at all; and generally do not apply to “representatives” serving on an advisory committee or to independent contractors.
Learn More ›

Enforcement
When ethics officials find evidence that an employee has violated an ethics criminal statute or regulation, they must refer that evidence to the appropriate authority for action.
Learn More ›

*** A program called Integrity? Yup…

Integrity

Integrity is an electronic financial disclosure system created by the U.S. Office of Government Ethics (OGE).

What is the purpose of financial disclosure?

Financial disclosure reports are the primary tool used to identify and resolve potential conflicts of interest between an employee’s official duties and his or her private financial interests and affiliations.

Why did OGE create Integrity?

The Stop Trading on Congressional Knowledge Act of 2012, as amended, directed the President, acting through the Director of OGE, to develop an electronic system for filing executive branch public financial disclosure reports. As a result, OGE developed a system named Integrity to collect, manage, process, and store financial disclosures.

Who uses Integrity?

Senior officials in the executive branch who are required to file public financial disclosure reports use Integrity to file their reports. OGE and agency ethics officials use Integrity to review financial disclosure reports for conflicts of interest and manage the executive branch financial disclosure program.

What are the benefits of Integrity?

Integrity was designed to help produce quality reports, enhance oversight, and promote transparency.

  • Integrity produces quality reports by helping filers more quickly, easily, and completely report required information.
  • Integrity enhances oversight of the executive branch ethics program by allowing OGE to monitor agencies’ progress in administering their individual financial disclosure programs.
  • Integrity promotes transparency by producing a clear and concise public financial disclosure report that allows the public to have confidence that their government leaders are making decisions free from conflicts of interest.

List of Companies, Amicus Brief Against Trump’s Sanctuary City Policy

Posted on by

The Senate defeated a GOP proposal based on President Donald Trump’s immigration framework.
The plan would have offered a path to citizenship for “Dreamers” and increased border security while also cutting legal immigration.
The vote was 39-60, with 60 votes needed for approval.

I say GOOD. It was fraught with loopholes and the actual number of illegals in question remained unknown.

Meanwhile, there is more going on with the whole sanctuary city thing. Hold on, you wont like this.

In 2017, State Atty. Gen. Xavier Becerra on Wednesday filed a brief in support of a Santa Clara County lawsuit challenging President Trump’s executive order targeting “sanctuary” cities that refuse to help federal authorities enforce immigration laws.

The amicus brief cites Trump’s threat to withhold federal funds from sanctuary cities and counties as well as the state’s interest in protecting state laws and policies that promote public safety and protect the constitutional rights of residents, Becerra said.

*** It gets worse… to read how the brief is cherry-picked on facts, go here.

So, there is a pile of companies that have filed an amicus brief against the Trump administration position on sanctuary cities.

The full list of tech companies (and a few others) that signed the amicus brief opposing President Trump’s executive order on immigration.

The full brief is available online.

1. AdRoll, Inc.

2. Aeris Communications, Inc.

3. Airbnb, Inc.

4. AltSchool, PBC

5. Ancestry.com, LLC

6. Appboy, Inc.

7. Apple Inc.

8. AppNexus Inc.

9. Asana, Inc.

10. Atlassian Corp Plc

11. Autodesk, Inc.

12. Automattic Inc.

13. Box, Inc.

14. Brightcove Inc.

15. Brit + Co

16. CareZone Inc.

17. Castlight Health

18. Checkr, Inc.

19. Chobani, LLC

20. Citrix Systems, Inc.

21. Cloudera, Inc.

22. Cloudflare, Inc.

23. Copia Institute

24. DocuSign, Inc.

25. DoorDash, Inc.

26. Dropbox, Inc.

27. Dynatrace LLC

28. eBay Inc.

29. Engine Advocacy

30. Etsy Inc.

31. Facebook, Inc.

32. Fastly, Inc.

33. Flipboard, Inc.

34. Foursquare Labs, Inc.

35. Fuze, Inc.

36. General Assembly

37. GitHub

38. Glassdoor, Inc.

39. Google Inc.

40. GoPro, Inc.

41. Harmonic Inc.

42. Hipmunk, Inc.

43. Indiegogo, Inc.

44. Intel Corporation

45. JAND, Inc. d/b/a Warby Parker

46. Kargo Global, Inc.

47. Kickstarter, PBC

48. KIND, LLC

49. Knotel

50. Levi Strauss & Co.

51. LinkedIn Corporation

52. Lithium Technologies, Inc.

53. Lyft, Inc.

54. Mapbox, Inc.

55. Maplebear Inc. d/b/a Instacart

56. Marin Software Incorporated

57. Medallia, Inc.

58. A Medium Corporation

59. Meetup, Inc.

60. Microsoft Corporation

61. Motivate International Inc.

62. Mozilla Corporation

63. Netflix, Inc.

64. NETGEAR, Inc.

65. NewsCred, Inc.

66. Patreon, Inc.

67. PayPal Holdings, Inc.

68. Pinterest, Inc.

69. Quora, Inc.

70. Reddit, Inc.

71. Rocket Fuel Inc.

72. SaaStr Inc.

73. Salesforce.com, Inc.

74. Scopely, Inc.

75. Shutterstock, Inc.

76. Snap Inc.

77. Spokeo, Inc.

78. Spotify USA Inc.

79. Square, Inc.

80. Squarespace, Inc.

81. Strava, Inc.

82. Stripe, Inc.

83. SurveyMonkey Inc.

84. TaskRabbit, Inc

85. Tech:NYC

86. Thumbtack, Inc.

87. Turn Inc.

88. Twilio Inc.

89. Twitter Inc.

90. Uber Technologies, Inc.

91. Via

92. Wikimedia Foundation, Inc.

93. Workday

94. Y Combinator Management, LLC

95. Yelp Inc.

96. Zynga Inc.

ADDED Feb. 6, 2017

97. Adobe Systems Inc.

98. Affirm, Inc.

99. Ampush LLC

100. Brocade Communications Systems Inc.

101. Bungie, Inc.

102. Casper Sleep, Inc.

103. Cavium, Inc.

104. Chegg, Inc.

105. ClassPass Inc.

106. Coursera

107. EquityZen Inc.

108. Evernote

109. Gusto

110. Handy Technologies, Inc.

111. HP Inc.

112. IAC/InterActive Corp.

113. Linden Lab

114. Managed by Q Inc.

115. MobileIron

116. New Relic, Inc.

117. Pandora Media, Inc.

118. Planet Labs Inc.

119. RPX Corporation

120. Shift Technologies, Inc.

121. Slack Technologies, Inc.

122. SpaceX

123. Tesla, Inc.

124. TripAdvisor, Inc.

125. Udacity, Inc.

126. Zendesk, Inc.

127. Zenefits

Where is the Legislation/Law Mandating Against Cyber Intrusions?

Posted on by

No one in Washington DC or media talks about the ever constant cyber attacks against all things United States.

There have been countless hearings on The Hill about Russian operations against the election architecture in the United States as well as other allied countries. While Russia is one of the top threats, Iran and North Korea are also guilty, yet China likely ranks number two behind Russia.

So, anti-Trump people inside the Beltway blame the Trump White House for the lack of leadership on the issue(s) especially when it comes to protections on the voter-roll databases at the state level and the learning curve of vulnerabilities of the voting machines themselves. So…where are these lawmakers and the bills they have introduced for debate, committee and eventual passage in both Houses of Congress anyway?

Who is protecting data across the board, our data? Where is the Department of Homeland Security and the FBI on the matter? Both those agencies were assigned to collaborate with threatened State Elections Commissions during the General election. Remember that?

This all began during the Obama administration where the ultimate punishment was to expel Russian diplomatic officials, close two dachas and the Russian compound in San Francisco. Has that sent a message to Moscow and fixed the problem(s)? NO….

There are thousands of experts outside the Federal government that do offer assistance with investigations and attributions and they too can offer some in sight into legislative frameworks and yet no one knows if that has been forthcoming.

*** Russian Attacks Will Continue

UPDATE: As the nation’s top intelligence chiefs testified before the Senate Intelligence Committee Tuesday, spelling out the very real threat Russia continues to pose to our democracy, Director of National Intelligence Dan Coats admitted “there is no single agency leading the United States’ efforts to respond to and combat Russian election meddling.”

Multiple Senators on the panel expressed their concern for President Trump’s ongoing unwillingness to acknowledge Russian interference in the 2016 election, echoing a common sentiment among national security experts that an absence of leadership at the top is hindering U.S. efforts to fight back.

CNN:

… Coats said Tuesday “there should be no doubt” that Russia sees the 2018 US elections as a target.

Coats and the other top national security officials told the Senate Intelligence Committee on Tuesday that they still view Moscow as a threat to the 2018 elections, a stance that appears at odds with President Donald Trump’s repeated dismissals of Russian election meddling.

“We expect Russia to continue using propaganda, social media, false-flag personas, sympathetic spokesmen and other means to influence, to try to build on its wide range of operations and exacerbate social and political fissures in the United States,” Coats said at a hearing on worldwide threats. “There should be no doubt that Russia perceives its past efforts as successful and views the 2018 US midterm elections as a potential target for Russian influence operations.”

(…)

Sen. Angus King, I-Maine, pressed on the disparity between the intelligence community’s viewpoint and the president’s — urging the intelligence chiefs to persuade the president to accept their findings that Russia interfered in the 2016 election.

“My problem is, I talk to people in Maine who say the whole thing is a witch hunt and a hoax ‘because the President told me’,” King said. “There’s no doubt, as you all have testified today, we cannot confront this threat, which is a serious one, with a whole of government response when the leader of the government continues to that deny it exists.”

The Atlantic:

John Sipher, a former chief of station for the CIA who served for 28 years in Russia, Europe, and Asia, told me that the intelligence community will continue to be focused on Russia’s threat “no matter what the White House says or doesn’t say.” Ultimately, though, it will be up to Trump to implement meaningful changes.

“The IC is not the most important in this case,” Sipher said, referring to the intelligence community. “They may uncover what the Russians are up to but they can’t really defend against it or take actions to deter it, unless the President supports a covert action effort to screw with the Russians, like with a cyber attack.”

“Tightening up our social media, protecting voter-registration systems and procedures—those things are beyond the ability or mandate of the IC,” Sipher said. “And I don’t think we have done nearly enough to deter or defend against Russian attacks.

US intel chiefs unanimous that Russia is targeting 2018 elections (CNN)

Russia Will Meddle in the Midterms (The Atlantic)

No Agency Leading U.S. Response to Russian Election Meddling, Says Intel Chief (The Daily Beast)

As the Senate Intelligence Committee hears from the nation’s top intelligence and national security officials on worldwide threats, a prepared written assessment warns of ongoing Russian efforts to undermine democracy.

NBC News:

“Foreign elections are critical inflection points that offer opportunities for Russia to advance its interests both overtly and covertly,” says the assessment. “The 2018 US mid-term elections are a potential target for Russian influence operations.”

(…)

“We assess that the Russian intelligence services will continue their efforts to disseminate false information via Russian state-controlled media and covert online personas about US activities to encourage anti-US political views,” the statement says.

“Moscow seeks to create wedges that reduce trust and confidence in democratic processes, degrade democratization efforts, weaken US partnerships with European allies, undermine Western sanctions, encourage anti-US political views, and counter efforts to bring Ukraine and other former Soviet states into European institutions.”

In his opening statement, Vice Chairman Mark Warner (D-VA) noted President Trump’s absence of leadership on the issue.

Sen. Mark Warner, D-Va., the top Democrat on the committee, said in prepared remarks that “the President inconceivably continues to deny the threat posed by Russia. He didn’t increase sanctions on Russia when he had a chance to do so. He hasn’t even Tweeted a single concern. This threat demands a whole-of-government response, and that needs to start with leadership at the top.”

U.S. intel agencies expect Russia to escalate election meddling efforts (NBC News)

Worldwide Threat Assessment (pdf)