Cyber: ‘Our adversaries have grown more emboldened’

Posted on February 27, 2018February 27, 2018 by Denise Simon

Primer:

Russia hasn’t been sufficiently penalized for its meddling in the 2016 U.S. elections and that has emboldened Moscow to continue interfering in American elections, Adm. Michael Rogers, Commander of the U.S. Cyber Command, told the Senate Armed Services Committee on Tuesday.

“They haven’t paid a price sufficient to change their behavior,” Rogers said under questioning by Sen. Richard Blumenthal, D-Conn. Although the United States has taken some actions, including imposing additional sanctions and Special Counsel Robert S. Mueller III has indicted more than a dozen Russians for their role in the interference, “it hasn’t changed the calculus,” Rogers said, adding that “it hasn’t generated the change in behavior that we all know we need.”

In another exchange with Sen. Elizabeth Warren, D-Mass., Rogers said that Russian President Vladimir Putin has probably come to the conclusion that “that there’s little price to pay here so I can continue the activity” of interfering in the U.S. election system. More here.

*** In context however, where is Senator(s) Warren and Blumenthal’s proposed legislation on sanctions or punishment toward Russia for cyber and active measures interference? It was political posturing by Warren and Blumenthal when they can introduce multi-faceted legislation as Russia, China and North Korea continue to attack the United States via layered cyber operations including espionage.

Meanwhile…. Image result for admiral rogers nsa photo

WASHINGTON, Feb. 27, 2018 —

Although competitors such as China and Russia remain the greatest threat to U.S. security, rogue regimes such as Iran and North Korea have increased in capabilities and have begun using aggressive methods to conduct malicious cyberspace activities, the military’s top cyber officer told Congress today.

Navy Adm. Michael S. Rogers, director of the National Security Agency, commander of U.S. Cyber Command and chief of the Central Security Service, testified at a Senate Armed Services Committee hearing.

“Our adversaries have grown more emboldened, conducting increasingly aggressive activities to extend their influence without fear of significant consequence,” Rogers said. “We must change our approaches and responses here if we are to change this dynamic.”

But as the cyber domain has evolved, Rogers told the senators, Cybercom’s three major mission areas endure: protecting the Department of Defense Information Network; enabling other joint force commanders by delivering effects in and through cyberspace; and defending the nation against cyber threats through support to the Department of Homeland Security and others when directed to do so by the president or secretary of defense.

Cybercom Milestones

Rogers highlighted milestones in Cybercom’s growth.

Joint Force Headquarters DODIN, the subordinate headquarters responsible for securing, operating and defending the Defense Department’s complex information technology infrastructure, has achieved full operational capability, he said.

Joint Task Force Ares, created to lead the fight in cyber against the Islamic State of Iraq and Syria, has successfully integrated cyberspace operations into broader military campaigns, has achieved some “excellent results,” and will continue to pursue ISIS in support of the nation’s objectives, the admiral told the Senate panel.

Cybercom also has significantly enhanced training in cyber operation platforms to prepare the battlespace against key adversaries, he said.

Milestones expected to be achieved this year include Cyber Command’s elevation to a combatant command responsible for providing mission-ready cyberspace operations forces to other combatant commanders, Rogers said.

New Facility

In addition, the admiral said, Cybercom will be moving into a state-of-the-art integrated cyber center and joint operations facility at Fort Meade, Maryland, enhancing the coordination and planning of operations against cyber threats.

“Without cyberspace superiority in today’s battlefield, risk to mission increases across all domains and endangers our security,” Rogers said.

Cybercom’s focus on innovation and rapid tech development has extended all the way to small businesses and working with the private sector while maintaining cybersecurity, Rogers told the committee.

“We intend in the coming year to create an unclassified collaboration venue where businesses and academia can help us tackle tough problems without needing to jump over clearance hurdles, for example, which for many are very difficult barriers,” Rogers explained.

After serving more than four years as a commander of Cybercom and after nearly 37 years of service as a naval officer, Rogers is set to retire this spring.

“I will do all I can during the intervening period to ensure the mission continues, that our men and women remain ever motivated, and that we have a smooth transition,” he said.

Estimating the Costs of Cyber Attacks Against the U.S., Billions

Posted on February 20, 2018February 20, 2018 by Denise Simon

photo

Cyberattacks cost the United States between $57 billion and $109 billion in 2016

The report published by the White House Council of Economic Advisers examines the cyberattacks cost that malicious cyber activities cause to the U.S. economy.

Paganini: How much cost cyber attacks to the US? According to a report published by the White House Council of Economic Advisers last week, the cyberattacks cost between $57 billion and $109 billion in 2016, and things can go worse in the future.

“This report examines the substantial economic costs that malicious cyber activity imposes on the U.S. economy. Cyber threats are ever-evolving and may come from sophisticated adversaries. Due to common vulnerabilities, instances of security breaches occur across firms and in patterns that are difficult to anticipate.” states the report.

“Firms in critical infrastructure sectors may generate especially large negative spillover effects into the wider economy.”

The report analyzed the impact of malicious cyber activities on public and private entities, including DoS attacks, sabotage, business disruption, and theft of proprietary data, intellectual property, and sensitive financial and strategic information.

Damages and losses caused by a cyber attack may spill over from the initial target to economically linked organizations. More exposed are critical infrastructure sectors, at attack against companies and organization in this industry could have a severe impact on the US economy.

The document warns of nation-state actors such as Russia, China, Iran, and North Korea, that are well funded and often conduct sophisticated targeted attacks for both sabotage and cyber espionage.

“Finally, and perhaps most important, if a firm owns a critical infrastructure asset, an attack against this firm could cause major disruption throughout the economy.” reads the report.

“Insufficient cybersecurity investment in these sectors exacerbates the risks of cyberattacks and data breaches. The economic implications of attacks against critical infrastructure assets are described in more detail later in the paper. “

The reports also warn of devastating cyberattacks that would target sectors that are internally interconnected and interdependent with other sectors.

The report offered little in the way of new recommendations on improving cybersecurity, but noted that the situation is hurt by “insufficient data” as well as “underinvestment” in defensive systems by the private sector.

“Cyber connectivity is an important driver of productivity, innovation, and growth for the U.S. economy, but it comes at a cost. Companies, individuals, and the government are vulnerable to malicious cyber activity.” concludes the report. “Effective public and private-sector efforts to combat this malicious activity would contribute to domestic GDP growth. However, the ever-evolving nature and scope of cyber threats suggest that additional and continued efforts are critical, and the cooperation between public and private sectors is key.”

***

The forecast of the cost damage in coming years….

In part from Forbes: In 2015, the British insurance company Lloyd’s estimated that cyber attacks cost businesses as much as $400 billion a year, which includes direct damage plus post-attack disruption to the normal course of business. Some vendor and media forecasts over the past year put the cybercrime figure as high as $500 billion and more.

From 2013 to 2015 the cyber crime costs quadrupled, and it looks like there will be another quadrupling from 2015 to 2019. Juniper research recently predicted that the rapid digitization of consumers’ lives and enterprise records will increase the cost of data breaches to $2.1 trillion globally by 2019, increasing to almost four times the estimated cost of breaches in 2015.

The World Economic Forum (WEF) says a significant portion of cybercrime goes undetected, particularly industrial espionage where access to confidential documents and data is difficult to spot. Those crimes would arguably move the needle on the cyber crime numbers much higher.

Large banks, retailers, and federal agencies make the headlines when they are hacked – but all businesses are at risk. According to Microsoft, 20% of small to mid sized businesses have been cyber crime targets.

For anyone who wants to tally their own bill from cyber crime, check out Cyber Tab from Booz Allen. It is an anonymous, free tool that helps information security and other senior executives understand the damage to companies inflicted by cyber crime and attacks. More here.

13 Russians Indicted, Election Interference

Posted on February 16, 2018February 16, 2018 by Denise Simon

Hoorah for Rosenstein and Mueller!

Rosenstein: “No Allegations That Any American Had Any Knowledge” Of Russian Election Influence Operation

The Department of Justice indictment is here.

Image result for internet research agency Internet Research Agency, St. Petersburg, Russia NBC

The Department of Justice has issued charges against 13 Russian nationals involved with the Internet Research Agency, an organization at the center of fake news and trolling during the 2016 presidential election.

The US Justice Department has filed charges against 13 Russian nationals and three Russian groups for interfering with the 2016 presidential election.

In an indictment released on Friday (.pdf), the Justice Department called out the Internet Research Agency, a notorious group behind the Russian propaganda effort across social media. Employees for the agency created troll accounts and used bots to prop up arguments and sow political chaos during the 2016 presidential campaign.

Facebook, Twitter and Google have struggled to deal with fake news, trolling campaigns and bots on their platforms, facing the scorn of Capitol Hill over their mishandlings.

The indictment lists 13 Russian nationals tied to the effort. Prosecutors said the efforts began as early as 2014 to interfere with US politics, with trolls posing as Americans, creating false personalities and spreading fake news across Facebook, Twitter and YouTube.

“These groups and pages, which addressed divisive U.S. political and social issues, falsely claimed to be controlled by US activists when, in fact, they were controlled by defendants,” the indictment said.

More here.

U.S Ethics Office: we know how to rebuild the public’s trust

Posted on February 15, 2018February 15, 2018 by Denise Simon

Ah what?

Keeping Our Oath

February 5, 2018

When we become public servants– custodians of the people’s government–we take an oath.

We take an oath to faithfully perform our duties, an oath to protect and defend the Constitution of the United States.

The success of our Constitution, the success of our government, depends on the trust of the people that we serve. Today, our fellow citizens are suspicious of their government. A recent Transparency International report found that a clear majority of the American People think that corruption is getting worse.¹

Fortunately, we know how to rebuild the public’s trust.

We build their trust by doing our jobs, faithfully.

We build their trust by acting solely for the public good and eliminating conflicts of interests.

We build their trust by telling the truth.

The good news is that most of you are carrying out the people’s business with honor and integrity. You’re keeping your oath. Thank you. Remember what is at stake and take pride in your service.

On the other hand, those who are doing things that undermine the public’s trust, even if they don’t violate a rule, need to stop. Nothing you could gain economically or politically could possibly justify putting our democracy at risk. These are perilous times.

So, keep your oath and earn the public’s trust. We, as public servants, hold our positions of trust “for such a time as this.”

But then…get a load of this document citing how bad things are and what is at the core of the matter.

So, if things are so great…then why these issues below?

Financial Conflicts of Interest & Impartiality
An executive branch employee’s personal or “imputed” financial interests or other circumstances may require that the employee be disqualified from working on a particular Government matter, be prohibited from holding specified property, or be prohibited from accepting a payment from a non-Federal source.
Learn More ›

Gifts and Payments
An executive branch employee generally may not give (or solicit contributions for) a gift to an official superior or accept a gift from another employee who receives less pay; generally may not solicit or accept a gift from a “prohibited source” or given because of the employee’s official position, and may be prohibited from accepting a payment from a non-Federal source.
Learn More ›

Use of Government Position & Resources
An executive branch employee is required to act impartially; may not make improper use of Government position, title, or authority; and may not use Government property, nonpublic information, or time (including the time of a subordinate) for other than authorized purposes.
Learn More ›

Outside Employment and Activities
An executive branch employee may be required to seek approval before engaging in an outside activity; may be disqualified from working on a particular Government matter while engaged in the activity; may be prohibited from accepting compensation for an activity; or may be prohibited from engaging in a particular outside activity.
Learn More ›

Post-Government Employment
An executive branch employee may be disqualified from working on a particular Government matter while seeking post-Government employment and, after leaving Government service, a former employee is prohibited from engaging in certain activities.
Learn More ›

Selected Employee Categories
Executive branch ethics provisions generally apply only to Government “employees”; may apply only to certain categories of employees or may apply differently to certain categories of employees or not at all; and generally do not apply to “representatives” serving on an advisory committee or to independent contractors.
Learn More ›

Enforcement
When ethics officials find evidence that an employee has violated an ethics criminal statute or regulation, they must refer that evidence to the appropriate authority for action.
Learn More ›

*** A program called Integrity? Yup…

Integrity

Integrity is an electronic financial disclosure system created by the U.S. Office of Government Ethics (OGE).

What is the purpose of financial disclosure?

Financial disclosure reports are the primary tool used to identify and resolve potential conflicts of interest between an employee’s official duties and his or her private financial interests and affiliations.

Why did OGE create Integrity?

The Stop Trading on Congressional Knowledge Act of 2012, as amended, directed the President, acting through the Director of OGE, to develop an electronic system for filing executive branch public financial disclosure reports. As a result, OGE developed a system named Integrity to collect, manage, process, and store financial disclosures.

Who uses Integrity?

Senior officials in the executive branch who are required to file public financial disclosure reports use Integrity to file their reports. OGE and agency ethics officials use Integrity to review financial disclosure reports for conflicts of interest and manage the executive branch financial disclosure program.

What are the benefits of Integrity?

Integrity was designed to help produce quality reports, enhance oversight, and promote transparency.

Integrity produces quality reports by helping filers more quickly, easily, and completely report required information.

Integrity enhances oversight of the executive branch ethics program by allowing OGE to monitor agencies’ progress in administering their individual financial disclosure programs.

Integrity promotes transparency by producing a clear and concise public financial disclosure report that allows the public to have confidence that their government leaders are making decisions free from conflicts of interest.

List of Companies, Amicus Brief Against Trump’s Sanctuary City Policy

Posted on February 15, 2018February 15, 2018 by Denise Simon

The Senate defeated a GOP proposal based on President Donald Trump’s immigration framework.
The plan would have offered a path to citizenship for “Dreamers” and increased border security while also cutting legal immigration.
The vote was 39-60, with 60 votes needed for approval.

I say GOOD. It was fraught with loopholes and the actual number of illegals in question remained unknown.

Meanwhile, there is more going on with the whole sanctuary city thing. Hold on, you wont like this.

In 2017, State Atty. Gen. Xavier Becerra on Wednesday filed a brief in support of a Santa Clara County lawsuit challenging President Trump’s executive order targeting “sanctuary” cities that refuse to help federal authorities enforce immigration laws.

The amicus brief cites Trump’s threat to withhold federal funds from sanctuary cities and counties as well as the state’s interest in protecting state laws and policies that promote public safety and protect the constitutional rights of residents, Becerra said.

*** It gets worse… to read how the brief is cherry-picked on facts, go here.

So, there is a pile of companies that have filed an amicus brief against the Trump administration position on sanctuary cities.

The full list of tech companies (and a few others) that signed the amicus brief opposing President Trump’s executive order on immigration.

The full brief is available online.

1. AdRoll, Inc.

2. Aeris Communications, Inc.

3. Airbnb, Inc.

4. AltSchool, PBC

5. Ancestry.com, LLC

6. Appboy, Inc.

7. Apple Inc.

8. AppNexus Inc.

9. Asana, Inc.

10. Atlassian Corp Plc

11. Autodesk, Inc.

12. Automattic Inc.

13. Box, Inc.

14. Brightcove Inc.

15. Brit + Co

16. CareZone Inc.

17. Castlight Health

18. Checkr, Inc.

19. Chobani, LLC

20. Citrix Systems, Inc.

21. Cloudera, Inc.

22. Cloudflare, Inc.

23. Copia Institute

24. DocuSign, Inc.

25. DoorDash, Inc.

26. Dropbox, Inc.

27. Dynatrace LLC

28. eBay Inc.

29. Engine Advocacy

30. Etsy Inc.

31. Facebook, Inc.

32. Fastly, Inc.

33. Flipboard, Inc.

34. Foursquare Labs, Inc.

35. Fuze, Inc.

36. General Assembly

37. GitHub

38. Glassdoor, Inc.

39. Google Inc.

40. GoPro, Inc.

41. Harmonic Inc.

42. Hipmunk, Inc.

43. Indiegogo, Inc.

44. Intel Corporation

45. JAND, Inc. d/b/a Warby Parker

46. Kargo Global, Inc.

47. Kickstarter, PBC

48. KIND, LLC

49. Knotel

50. Levi Strauss & Co.

51. LinkedIn Corporation

52. Lithium Technologies, Inc.

53. Lyft, Inc.

54. Mapbox, Inc.

55. Maplebear Inc. d/b/a Instacart

56. Marin Software Incorporated

57. Medallia, Inc.

58. A Medium Corporation

59. Meetup, Inc.

60. Microsoft Corporation

61. Motivate International Inc.

62. Mozilla Corporation

63. Netflix, Inc.

64. NETGEAR, Inc.

65. NewsCred, Inc.

66. Patreon, Inc.

67. PayPal Holdings, Inc.

68. Pinterest, Inc.

69. Quora, Inc.

70. Reddit, Inc.

71. Rocket Fuel Inc.

72. SaaStr Inc.

73. Salesforce.com, Inc.

74. Scopely, Inc.

75. Shutterstock, Inc.

76. Snap Inc.

77. Spokeo, Inc.

78. Spotify USA Inc.

79. Square, Inc.

80. Squarespace, Inc.

81. Strava, Inc.

82. Stripe, Inc.

83. SurveyMonkey Inc.

84. TaskRabbit, Inc

85. Tech:NYC

86. Thumbtack, Inc.

87. Turn Inc.

88. Twilio Inc.

89. Twitter Inc.

90. Uber Technologies, Inc.

91. Via

92. Wikimedia Foundation, Inc.

93. Workday

94. Y Combinator Management, LLC

95. Yelp Inc.

96. Zynga Inc.

ADDED Feb. 6, 2017

97. Adobe Systems Inc.

98. Affirm, Inc.

99. Ampush LLC

100. Brocade Communications Systems Inc.

101. Bungie, Inc.

102. Casper Sleep, Inc.

103. Cavium, Inc.

104. Chegg, Inc.

105. ClassPass Inc.

106. Coursera

107. EquityZen Inc.

108. Evernote

109. Gusto

110. Handy Technologies, Inc.

111. HP Inc.

112. IAC/InterActive Corp.

113. Linden Lab

114. Managed by Q Inc.

115. MobileIron

116. New Relic, Inc.

117. Pandora Media, Inc.

118. Planet Labs Inc.

119. RPX Corporation

120. Shift Technologies, Inc.

121. Slack Technologies, Inc.

122. SpaceX

123. Tesla, Inc.

124. TripAdvisor, Inc.

125. Udacity, Inc.

126. Zendesk, Inc.

127. Zenefits