Category Archives: China

State Dept Proposes Lead Agency on Economic/Cyber Bureau

Posted on by

This sounds great until one considers there is no lawful cyber policy against any nation, rogue or otherwise where there are consequences for hacks, malicious malware or cyber theft. Meanwhile, all cyber units within the Federal government as well as independent outside corporations are well aware of China, North Korea, Russia and proxies are the constant and proven cyber threats to the United States without punishment.

Further, there are two details that are omitted in the summary below, the global actions of cybercurrencies and how governments are plotting regulations but more the global economic agenda. There is no way to stop a borderless world.

The 2016 State Department posture on foreign cyber threats is here.

Image result for tillerson russia cyber photo

Tillerson proposes new unified bureau at State to focus on cyber

Secretary of State Rex Tillerson is proposing the consolidation of two separate offices at the State Department to form a single bureau that will focus on a wide range of cyber issues.

A State Department spokesperson told The Hill that the two offices, the Office of the Cybersecurity Coordinator and the Bureau of Economic Affairs’ Office of International Communications and Information Policy, would be unified in order to form the proposed Bureau for Cyberspace and the Digital Economy.

“The combination of these offices in a new Bureau for Cyberspace and the Digital Economy will align existing resources under a single Department of State official to formulate and coordinate a strategic approach necessary to address current and emerging cyber security and digital economic challenges,” Tillerson said in a Tuesday letter to House Foreign Affairs Committee Chairman Ed Royce (R-Calif.). 

“The Department of State must be organized to lead diplomatic efforts related to all aspects of cyberspace,” the secretary added.

The decision comes after Tillerson faced scrutiny from both parties last year over his decision to fold the standalone Office of Cybersecurity Coordinator into an economic-focused bureau as part of his broad efforts to reorganize the agency.

Royce first relayed the news during a cyber diplomacy briefing on Tuesday that focused on the need to engage the international community on cybersecurity-related issues.

“The proposal will elevate the stature of the department official leading cyberspace policy to one that is confirmed by the U.S. Senate — an assistant secretary — to lead high-level diplomatic engagements around the world,” the secretary argued.

Last year, Royce introduced a bill, titled the Cyber Diplomacy Act, that seeks to restore a State Department office specifically focusing on cyber diplomacy efforts. The House passed the bill last month, which also calls for the official leading the cyber office to have the rank of ambassador.

Royce said Tillerson’s proposal is a “welcomed” move, but continued to vouch for the Cyber Diplomacy Act to “help keep America safe and strong.”

“Cyberspace is vital to America’s national security, and to our economy. That’s why I have long called for the State Department to have a high-ranking diplomat who can confront the full range of challenges we face online,” Royce said in a statement in response to Tillerson’s letter.

“The Foreign Affairs Committee will continue to work with the department and our colleagues in the Senate to ensure this assistant secretary and bureau is empowered to engage on the full range of cyber issues, dealing with security, human rights, and the economy,” he continued.

A State Department spokesperson said the proposal is part of an effort to spearhead cyber policy and address cybersecurity on a global scale.

“The State Department recognizes its leadership role of diplomatic efforts related to all aspects of cyberspace and the need to have an effective platform from which to engage relevant global stakeholders and exercise that leadership role,” the spokesperson said.

Under Tillerson’s proposal, the cyber bureau would seek to establish a “global deterrence framework” in an effort to outline how countries can respond when other nations “engage in malicious cyber activities.”

It would also seek to develop strategies against adversaries, promote programs that help with cyber threat prevention and responses, establish partnerships to keep the nature of the Internet open with a cross-border flow of data and open lines of dialogue for diplomatic officials to further engage on such issues.

At the start of the hearing, Royce emphasized the importance of the State Department’s role in cybersecurity issues as other countries attempt to impose control over cyberspace.

“The department’s role becomes essential when you consider that it’s not just computer networks and infrastructure that the United States needs to protect. The open nature of the internet is increasingly under assault by authoritarian regimes, like China, that aggressively promote a vision of ‘cyber sovereignty,’ which emphasizes state control over cyberspace,” Royce said in his opening remarks.

Three cyber experts testified before the lawmakers for roughly three hours on Tuesday, including the State Department’s former top cyber diplomat.

Chris Painter, the agency’s former cybersecurity coordinator, had already emphasized the need for the State Department to assume a key role in cyber policy before Tillerson’s proposal became public.

“[G]iven the international nature of the threats and the technology itself, that the State Department should play a leading role in that effort and that effective cyber diplomacy,” Painter told the lawmakers.

“For the U.S. to continue to lead, as it must, cyber issues must be re-prioritized and appropriately resourced at the State Department. Moreover, it is important that the position of the individual leading these efforts be at a very high-level — not buried in the bureaucracy or reporting through any one functionally or perspective limited chain of command,” he added.

Under the proposal, an assistant secretary will lead the new bureau and report to the Under Secretary for Economic Growth, Energy and the Environment.

Painter praised Tillerson’s plan after Royce relayed Tillerson’s proposal at the hearing. But he argued that it “makes a lot more sense” for the assistant secretary to report to the undersecretary for political affairs rather than economic affairs.

“I applaud the fact that they’ve taken action. I think it’s great they’re elevating it. That’s exactly what should be done,” Painter said.

In July, Painter left his top position shortly before Tillerson alerted Congress about his plans to close the cybersecurity office.

 

CIA Warning on Russia and China

Posted on by

2018-01-29 Treasury Caatsa 241 Final by CNBC.com on Scribd

  The Democrats on The Hill have been complaining for months about the Trump administration easy approach and policy regarding Russia. There may be some truth to that conclusion, however there are some very aggressive actions underway at Treasury and CIA that tell another story of sorts. While there are some additional sanctions that have been applied, there are some key people listed as being close to Putin and the Kremlin that have been identified as people of concern.

Image result for russian oligarchs u s treasury photo

The Democrats need to calm down and recite some facts regarding the actions of the Trump administration with the building approaches regarding shady characters of the Kremlin and Russian influence or operatives.

Image result for russian oligarchs u s treasury  photo

MOSCOW (Reuters) – The U.S. Treasury Department named major Russian businessmen including the heads of the two biggest banks, metals magnates and the boss of the state gas monopoly on a list of oligarchs close to the Kremlin.

The list, drawn up as part of a sanctions package signed into law in August last year, does not mean those included will be subject to sanctions, but it casts a potential shadow of sanctions risk over a wide circle of wealthy Russians.

Russian President Vladimir Putin’s inner circle is already subject to personal U.S. sanctions, imposed over Russia’s 2014 annexation of Ukraine‘s’ Crimea region.

But the so-called “oligarchs’ list” that was released on Tuesday, prompted in part by Washington’s belief the Kremlin meddled in the 2016 U.S. presidential election, covers many people beyond Putin’s circle and reaches deep into Russia’s business elite.

LONDON (Reuters) – CIA Director Mike Pompeo said Russia will target U.S. mid-term elections later this year as part of the Kremlin’s attempt to influence domestic politics across the West, and warned the world had to do more to push back against Chinese meddling.

In an interview with the BBC aired on Tuesday, U.S. intelligence chief Pompeo said Russia had a long history of information campaigns and said its threat would not go away.

Asked if Russia would try to influence the mid-term elections, he said: ”Of course. I have every expectation that they will continue to try and do that.

In an interview with the BBC aired on Tuesday, U.S. intelligence chief Pompeo said Russia had a long history of information campaigns and said its threat would not go away.

Asked if Russia would try to influence the mid-term elections, he said: ”Of course. I have every expectation that they will continue to try and do that.

“But I am confident that America will be able to have a free and fair election. That we’ll push back in a way that is sufficiently robust that the impact they have on our election won’t be great.”

He also said the Chinese posed a threat of equal concern, and were “very active” with a world class cyber capability.

“We can watch very focused efforts to steal American information, to infiltrate the United States with spies, with people who are going to work on behalf of the Chinese government against America,” he said.

“We see it in our schools, in our hospitals and medical systems, we see it throughout corporate America. These efforts we have to all be more focused on. We have to do better at pushing back against Chinese efforts to covertly influence the world.”

GLOBAL INFLUENCE

The Kremlin, which under Vladimir Putin has clawed back some of the global influence lost when the Soviet Union collapsed, has denied meddling in elections in the West. It says anti-Russian hysteria is sweeping through the United States and Europe.

In the interview, Pompeo also repeated his message that North Korea was close to developing missiles which could be used in a nuclear attack on the United States.

“I think that we collectively, the United States and our intelligence partners around the world, have developed a pretty clear understanding of (North Korean leader) Kim Jong Un’s capability,” he said.

“We talk about him having the ability to deliver a nuclear weapon to the United States in a matter of a handful of months.” More here.

Another Method on How China Spies

Posted on by

There has been so much domestic chatter about the FISA court granting warrants on U.S. citizens or intercepting communications between foreign nationals/diplomats and Americans, but in related reading –> US and Britain refine their ability to tap into airline passenger’s mobile phones while they are in the air.

Meanwhile…. Image result for chinese computer network african union photo

China built and paid for the African Union’s computer network  but inserted a backdoor allowing it access to the continental organisation’s confidential information

In January 2017, the information technology unit at the African Union’s headquarters in Addis Ababa noticed something strange, according to a stunning investigation in French newspaper Le Monde.

Every night, between midnight and 2am, there was a strange peak in data usage – even though the building was almost entirely empty. Upon further investigation, the technicians noticed something even stranger. That data – which included confidential information – was being sent to servers based in Shanghai.

The African Union’s shiny new headquarters was built and paid for by the Chinese government, as a gift to its “African friends”. But when the building was officially opened in 2012, China left a backdoor into the African Union’s computer network, allowing it to access the institution’s secrets at will.

“According to several sources within the institution, all sensitive content could be spied on by China,” wrote Le Monde. “It’s a spectacular leak of data, spread from January 2012 to January 2017.”

The Chinese mission to the AU did not respond to Le Monde’s request for comment.

Once the problem was discovered, African Union officials acted quickly to fix it. The organisation acquired its own servers, and began encrypting its communications. In July 2017, a team of experts from Algeria – a country with a notoriously efficient intelligence community – along with cybersecurity experts from Ethiopia combed the building from top to bottom, looking for hidden microphones and other potential weaknesses.

China would not be the first supposedly friendly superpower to spy on the African Union. A separate investigation in December 2016, conducted by Le Monde and The Intercept, revealed that African Union officials were targeted for surveillance by British intelligence.

*** The CIA and likely the NSA have a handle on all this but does the White House and the Congress, such that there is a cyber policy? Nope…. Just because there is a Chinese network in the Africa Union, does not mean it does not affect connected networks…..

A senior CIA analyst said China is continuing to conduct aggressive cyberespionage operations against the U.S., contrary to claims by security experts who say Beijing curbed cyberattacks in the past few years.

“We know the Chinese are very active in targeting our government, U.S. industry and those of our partners through cyberespionage,” said Michael Collins, deputy assistant CIA director and head of the agency’s East Asia Mission Center.

“It’s a very real, big problem, and we need to do more about it,” Mr. Collins told a recent security conference in Aspen, Colorado.

Mr. Collins said solving the problem of Chinese cyberattacks will require an “all-of-government, all-of-country approach to pushing back against it.”

The comments contradict a number of cybersecurity experts who have said Beijing’s digital spying and information theft decreased sharply as a result of the 2015 agreement between President Obama and Chinese President Xi Jinping.

The two leaders announced the cyber deal with great fanfare and said both countries had agreed to curtail cyberespionage against businesses.

DAVOS, a Chinese Summit, Take Caution President Trump

Posted on by

But we cant trust the Chinese….now or ever. Is this World Economic Forum a setup for world leaders? Just could be. So far, full reliance and trust with China regarding control of North Korea has been a fool’s errand.

A ‘fractured’ world, enhancing globalization and then the United States…where does she fit in? Hummm

Image result for one china policy photo

There is this stupid thing called the One China Policy. President Xi Jinping has exploited this agreement from 1972 and he is taking control of Asia and moving east to the cultural and economic and military expense of other nations. The One China Policy devours Taiwan completely. But there is more as defined in the China Constitution.

The latest trade bout is over President Trump’s moves against hardware—solar panels for now, with steel, aluminum and billions of dollars in machinery behind that in the “imbalance” that the U.S. administration resolves to rectify.  These accounts are subject to various distortions—the iphone being the classic case of misplaced export-import value—but arithmetic is what matters in Washington today. (Is the weakening dollar buying any quiet?)

In technology there is a welter of issues ranging from perceived security threats to the American state (Huawei blocked again) to perceived threats to the Chinese state (Internet social media).   Mixed into that are matters of piracy and intellectual property and barriers to trade (for example, the Great Firewall’s boost to China’s internal Web economy).  Perversely, a cyber age that ought to bring the world closer is aggravating tensions between the two greatest economies.

This second contentious area connects to worsening fears among Western intellectuals about freedom of dissent in China as repression under Xi Jinping is stepped up. Even more broadly, the U.S. establishment has grown wearily cynical about the fundamental hope underlying China’s accession to the WTO in 2000:  That, in granting Beijing a pass on massive disruption of American industry through lower-cost production, the West was winning a liberalization of China that would pay dividends for generations.  Only the die-hard Sinophiles believe that now. One upshot: A heightened guardedness about strategic industries on the American side, too.

Finally, there’s the military front.  Xi has made clear his intent to finish modernizing the Chinese force to project power for, he says, his country’s legitimate (and peaceful) ends.  Those clearly entail more presence, or dominance, of naval areas, including the South China Sea, as well as the trade routes extended vastly through the Belt and Road Initiative.  That inevitably leads to encirclement alarms in smaller rival nations and, oh yes, in the US Navy as well.  This is likely to result in a series of skirmishes and other rubs that the world can survive.  More here from Forbes.

Davos’ theme in sync with China’s policies: expert

China’s shared future ideal will benefit ‘fractured world’

This year’s theme of the World Economic Forum (WEF) meeting in Davos, Switzerland – Creating a Shared Future in a Fractured World – fits perfectly with China’s economic foreign policies and the Belt and Road initiative, say Chinese economists and experts.

Some 70 heads of state and government and 38 leaders of international organizations are heading for Davos and the annual WEF which runs from Tuesday to Friday.

This year China’s participation at the forum will focus on more specific areas and measures to boost the world economy and promote rulemaking to reform globalization, experts said.

China will be represented by Liu He, a member of the Political Bureau of the Communist Party of China Central Committee and director of the General Office of the Central Leading Group for Financial and Economic Affairs, the Xinhua News Agency reported.

National leaders including French President Emmanuel Macron, Canadian Prime Minister Justin Trudeau, German Chancellor Angela Merkel and Indian Prime Minister Narendra Modi will also attend the WEF.

Chinese President Xi Jinping told last year’s WEF that China was determined to safeguard free trade and globalization.

His ideas were well received and have encouraged leaders of other countries to use the WEF to expand their influence, Bai Ming, a research fellow at the Chinese Academy of International Trade and Economic Cooperation, told the Global Times on Monday.

“This year, Liu, as the senior official in charge of financial and economic areas, will bring more specific and targeted ideas to the forum,” said Bai.

With this year’s theme focused on a “Fractured World,” Klaus Schwab, founder and chief executive of the WEF, told the Xinhua News Agency that nations and economies are increasingly adopting competitive positions due to divergent interests, and fractures are also emerging within countries, as many societies continue to face instability.

“Regional integration, which has been encouraged globally in the past, has also caused fractures for globalization,” said Wang Yiwei, the Jean Monnet chair professor at Renmin University of China, while commenting on the competition between countries and coalitions from different regions.

Wang believes China’s Belt and Road initiative will turn competition into cooperation by establishing inter-connection between countries of different regions by boosting infrastructure cooperation, free trade and investment.

“China’s ambition to build ‘a community of a shared future for mankind’ has perfectly matched the theme of the WEF this year,” he said.

China can also push rulemaking in emerging fields like artificial intelligence and e-commerce, which could activate the next round of economic growth, with China as a leading country in these areas, Wang added.

Jack Ma and Liu Qiangdong, founders of China’s e-commerce giants Alibaba and JD.com, will also attend the forum.

China’s representative Liu has been an advocate of open and common interests with other countries.

Divided and uncertain West

However, the US will sell “America First” at the WEF, and Trump’s tax reforms are likely to directly impact the EU by attracting high-tech enterprises from Europe. This scenario could lead other major economies to back away from seeking common interests, and struggles of different interests could emerge at the WEF, Bai said.

“Western leaders are all impacted by their domestic politics, and in many cases, domestic pressure will impact their decision-making in the international arena. China is the most united and certain major economy, and it will continue to be the main engine of the global economic recovery,” Wang said.

“China is more reliable than others,” he added.

Russian Trolls, DAVOS and President Trump

Posted on by

So, while President Trump has again changed his schedule to attend the DAVOS World Economic Forum, there are some key items on the agenda.

With cybersecurity a top concern at the annual World Economic Forum meeting in Davos, Switzerland, Yahoo Finance asked experts: What is the topic or topics that business and government leaders should be focusing on when it comes to cybersecurity and policy in 2018?

Jason Glassberg, co-founder of Casaba Security, responded that currently the most pressing topics are “cryptocurrency ecosystems, election security, ‘DevSecOps’ (this may sound dull, but think: IoT, cars, airline computer systems, smart homes, smart cities, Intel chips, Juniper routers, Huawei, the Internet, basically everything digital under the sun), increased regulation, cyber warfare, and attribution.”

Glassberg broke down each of these six issues:

Cryptocurrency is obviously a major financial story these days. Everybody and their brother is looking into how to capitalize on it. These markets are notoriously murky, however – fraud and scams are rampant, as are the cyber attacks. So how do you make it safe? How do you take a Wild West gunslinging town, and turn it into the suburbs? It’s a tough issue, and I think we’ll have to look at the gambling industry as an example. The key to this is establishing better security within this ecosystem for the real players. The next step is finding a way to guarantee losses due to theft, similar to the FDIC [Federal Deposit Insurance Corporation] or SIPC [Securities Investor Protection Corporation].

Election security needs no introduction. But while everybody has been freaking out about voter suppression via phony Facebook ads, the reality is that the 2016 election interference was just a sample. It was a nation-state gently dipping its toe in the water, but deciding not to go all the way in. If a country wanted to get serious about election attacks, it could go much further. This is what we need to be prepared for.

It would be possible for a serious player to delete or alter voter registration databases, DDoS the servers used to run those database or the actual voting machines; not to mention, hack the voting machines themselves. The latter would definitely cross a red line, if for instance we found out that Russia had re-tabulated voting machines to directly affect the outcome of an election. But what if the attack was a little less black-and-white? For instance, what if the machines were just infected with random malware that didn’t actually do anything, other than make itself known to the IT team? That would send shockwaves through the system and call into question the voting results, even though the votes weren’t actually affected. This is what we need to be thinking about.

DevSecOps is one of those terms that causes people’s eyes to glaze over when they hear it (if they ever do), but it’s actually very relevant to our lives today. What it refers to is incorporating security into the software or hardware development process. This is hugely significant today because as we’re seeing with the Internet of Things devices that are flooding the market, and the connected cars that are rolling out onto our public streets, software security is usually not the first priority of these manufacturers.

But not to just pick on those two markets, the reality is that DevSecOps is a problem for every industry on the planet, even the security field. Businesses aren’t doing enough to bake in rigorous security into the DNA of their products from the very beginning. Too often they are relying on software updates and patches to fix the problem after the fact, and that is never an ideal solution. This will continue to become a bigger issue in the months and years ahead.

Increased regulation is another issue that businesses could face, as governments try to contend with the growing risk of data breaches and attacks on key infrastructure, whether it’s the GDPR [General Data Protection Regulation] in Europe or the Singapore Cybersecurity Bill. In my own opinion, I think that companies that store consumer data (whether it’s credit card numbers or credit reports), as well as private infrastructure entities like telecom and power companies, are probably most at risk of higher costs due to regulation.

Cyber warfare is another pressing issue today, as more countries are investing in offensive cyber operations. This often puts businesses in the crosshairs and it sticks government in a tough position too because there is no easy solution for preventing or responding to these incidents. A key question when it comes to cyber warfare is do we engage in “active defense”?

That is more commonly referred to as hack-back, but it’s a more complex concept than simply tit-for-tat cyber retaliation. Active defense can mean anything from advanced investigative techniques to disabling the servers behind an attack or turning a city’s lights off for 30 minutes in order to send a message to a rival nation. How we deter and respond to cyber warfare tactics will be a key question for policymakers and businesses over the next five to 10 years.

Attribution is another ongoing issue for governments and businesses, and it’s related directly to the cyber warfare question, although it also encompasses cybercrime as well. What’s also key with attribution is that the pressure to solve these cases could lead to encroachments on digital privacy. In fact, I’d be very surprised if that did not happen. Potential targets here include Tor, VPNs, and encryption tools in general.”