Where is the Legislation/Law Mandating Against Cyber Intrusions?

No one in Washington DC or media talks about the ever constant cyber attacks against all things United States.

There have been countless hearings on The Hill about Russian operations against the election architecture in the United States as well as other allied countries. While Russia is one of the top threats, Iran and North Korea are also guilty, yet China likely ranks number two behind Russia.

So, anti-Trump people inside the Beltway blame the Trump White House for the lack of leadership on the issue(s) especially when it comes to protections on the voter-roll databases at the state level and the learning curve of vulnerabilities of the voting machines themselves. So…where are these lawmakers and the bills they have introduced for debate, committee and eventual passage in both Houses of Congress anyway?

Who is protecting data across the board, our data? Where is the Department of Homeland Security and the FBI on the matter? Both those agencies were assigned to collaborate with threatened State Elections Commissions during the General election. Remember that?

This all began during the Obama administration where the ultimate punishment was to expel Russian diplomatic officials, close two dachas and the Russian compound in San Francisco. Has that sent a message to Moscow and fixed the problem(s)? NO….

There are thousands of experts outside the Federal government that do offer assistance with investigations and attributions and they too can offer some in sight into legislative frameworks and yet no one knows if that has been forthcoming.

*** Russian Attacks Will Continue

UPDATE: As the nation’s top intelligence chiefs testified before the Senate Intelligence Committee Tuesday, spelling out the very real threat Russia continues to pose to our democracy, Director of National Intelligence Dan Coats admitted “there is no single agency leading the United States’ efforts to respond to and combat Russian election meddling.”

Multiple Senators on the panel expressed their concern for President Trump’s ongoing unwillingness to acknowledge Russian interference in the 2016 election, echoing a common sentiment among national security experts that an absence of leadership at the top is hindering U.S. efforts to fight back.

CNN:

… Coats said Tuesday “there should be no doubt” that Russia sees the 2018 US elections as a target.

Coats and the other top national security officials told the Senate Intelligence Committee on Tuesday that they still view Moscow as a threat to the 2018 elections, a stance that appears at odds with President Donald Trump’s repeated dismissals of Russian election meddling.

“We expect Russia to continue using propaganda, social media, false-flag personas, sympathetic spokesmen and other means to influence, to try to build on its wide range of operations and exacerbate social and political fissures in the United States,” Coats said at a hearing on worldwide threats. “There should be no doubt that Russia perceives its past efforts as successful and views the 2018 US midterm elections as a potential target for Russian influence operations.”

(…)

Sen. Angus King, I-Maine, pressed on the disparity between the intelligence community’s viewpoint and the president’s — urging the intelligence chiefs to persuade the president to accept their findings that Russia interfered in the 2016 election.

“My problem is, I talk to people in Maine who say the whole thing is a witch hunt and a hoax ‘because the President told me’,” King said. “There’s no doubt, as you all have testified today, we cannot confront this threat, which is a serious one, with a whole of government response when the leader of the government continues to that deny it exists.”

The Atlantic:

John Sipher, a former chief of station for the CIA who served for 28 years in Russia, Europe, and Asia, told me that the intelligence community will continue to be focused on Russia’s threat “no matter what the White House says or doesn’t say.” Ultimately, though, it will be up to Trump to implement meaningful changes.

“The IC is not the most important in this case,” Sipher said, referring to the intelligence community. “They may uncover what the Russians are up to but they can’t really defend against it or take actions to deter it, unless the President supports a covert action effort to screw with the Russians, like with a cyber attack.”

“Tightening up our social media, protecting voter-registration systems and procedures—those things are beyond the ability or mandate of the IC,” Sipher said. “And I don’t think we have done nearly enough to deter or defend against Russian attacks.

US intel chiefs unanimous that Russia is targeting 2018 elections (CNN)

Russia Will Meddle in the Midterms (The Atlantic)

No Agency Leading U.S. Response to Russian Election Meddling, Says Intel Chief (The Daily Beast)


As the Senate Intelligence Committee hears from the nation’s top intelligence and national security officials on worldwide threats, a prepared written assessment warns of ongoing Russian efforts to undermine democracy.

NBC News:

“Foreign elections are critical inflection points that offer opportunities for Russia to advance its interests both overtly and covertly,” says the assessment. “The 2018 US mid-term elections are a potential target for Russian influence operations.”

(…)

“We assess that the Russian intelligence services will continue their efforts to disseminate false information via Russian state-controlled media and covert online personas about US activities to encourage anti-US political views,” the statement says.

“Moscow seeks to create wedges that reduce trust and confidence in democratic processes, degrade democratization efforts, weaken US partnerships with European allies, undermine Western sanctions, encourage anti-US political views, and counter efforts to bring Ukraine and other former Soviet states into European institutions.”

In his opening statement, Vice Chairman Mark Warner (D-VA) noted President Trump’s absence of leadership on the issue.

Sen. Mark Warner, D-Va., the top Democrat on the committee, said in prepared remarks that “the President inconceivably continues to deny the threat posed by Russia. He didn’t increase sanctions on Russia when he had a chance to do so. He hasn’t even Tweeted a single concern. This threat demands a whole-of-government response, and that needs to start with leadership at the top.”

U.S. intel agencies expect Russia to escalate election meddling efforts (NBC News)

Worldwide Threat Assessment (pdf)

22 Agencies Trump’s Proposed Budget Eliminates

Only 22? C’mon POTUS….there are thousands…

How about Alhurra TV? Or Mediation and Conciliation Service, Presidio Trust, National Mediation Board?

Image result for government agencies photo

President Trump on Monday unveiled his budget proposal for the 2019 fiscal year, which makes significant cuts to some federal agencies and projects as part of an effort to slash the federal deficit by $3 trillion over the next 10 years.

As part of that effort, Trump has proposed eliminating funding for several agencies, grant programs and institutes.

While lawmakers are unlikely to enact most of Trump’s proposal, here’s a look at some of the centers and agencies the White House wants to abolish.

1. The McGovern-Dole International Food for Education, which donates agricultural commodities and financial assistance to carry out school feeding programs in foreign countries.

2. The Rural Business and Cooperative Service, which provides loans, grants and payments intended to increase opportunities in rural communities.

3. The Economic Development Administration, which provides federal grants to communities in support of locally-developed economic plans.

4. The Manufacturing Extension Partnership, which subsidizes advisory and consulting services for small and medium-size manufacturers.

5. 21st Century Community Learning Centers, which helps communities establish or expand centers to provide before- and after-school programs and summer school programs.

6. Gaining Early Awareness and Readiness for Undergraduate Programs, an Education Department program that provides grants to support college preparation for low-income students.

7. The Agency for Healthcare Research and Quality, which researches ways to enhance the effectiveness of health services.

8. The Advanced Research Projects Agency, which provides support for Energy Department projects.

9. The National Wildlife Refuge Fund, which compensates communities for lost tax revenue when the federal government acquires their land.

10. The Global Climate Change Initiative, a proposal that reflects Trump’s decision last year to withdraw from the Paris climate agreement.

11. The NASA Office of Education, which provides grants to colleges and universities, museums and science centers. The funding would be redirected within NASA.

12. The Chemical Safety Board, which is tasked with investigating accidents at chemical facilities.

13. The Corporation for National and Community Service, which funds service opportunities, promotes volunteering and helps nonprofit organizations find volunteers.

14. The Corporation for Public Broadcasting, which funds public television and radio stations including Public Broadcasting Service  and NPR.

15. The Institute of Museum and Library Services, which funds museums and libraries nationwide with grants.

16. The Legal Services Corporation, a nonprofit that provides civil legal assistance for low-income individuals.

17. The National Endowment for the Arts, which funds American artists and projects with grants.

18. The National Endowment for the Humanities, which provides grants to American humanities scholars.

19. The Neighborhood Reinvestment Corporation, which funds community development projects nationwide.

20. The Denali Commission, the Delta Regional Authority and the Northern Border Regional Commission, which fund infrastructure and economic projects in specified areas.

21. The U.S. Trade and Development Agency, which provides U.S. goods and services for foreign projects.

22. The Woodrow Wilson International Center for Scholars, a think tank focused on international affairs and foreign policy.

Do You Know What CTIIC is? You Should

First…there is no policy as admitted in a Senate Intelligence Hearing of the heads of the intelligence agencies and confirmed by Senator Angus King (Maine).

Image result for CTIIC

CTIIC is the federal lead for intelligence support in response to significant cyber incidents, working—on behalf of the IC—to integrate analysis of threat trends and events, build situational awareness, and support interagency efforts to develop options for degrading or mitigating adversary threat capabilities.

The idea of creating a cyber threat framework came from observations among the US policy community that cyber was being described by different agencies in a variety of ways that made consistent understanding difficult. There are over a dozen analytic models being used across government, academia, and the private sector. Each model reflects the priorities and interests of its developer, but the wide disparities across models made it difficult to facilitate efficient situational analysis that was based on objective data.

 

The framework will be scalable and facilitate data sharing at “machine speed.” Implementation within the USG will include processes to reduce or eliminate double-counting of threat data.

resources

So….
In 2017 Equifax confirmed it has suffered a massive data breach, cyber criminals stole sensitive personal records of 145 million belonging to US citizens and hundreds of thousands Canada and in the UK.

Attackers exploited the CVE-2017-5638 Apache Struts vulnerability. The vulnerability affects the Jakarta Multipart parser upload function in Apache and could be exploited by an attacker to make a maliciously crafted request to an Apache web server.

The vulnerability was fixed back in March, but the company did not update its systems, the thesis was also reported by an Apache spokeswoman to the Reuters agency.

Compromised records include names, social security numbers, birth dates, home addresses, credit-score dispute forms, and for some users also the credit card numbers and driver license numbers.

Now experts argue the Equifax hack is worse than previously thought, according to documents provided by Equifax to the US Senate Banking Committee the attackers also stole taxpayer identification numbers, phone numbers, email addresses, and credit card expiry dates belonging to some Equifax customers.

This means that crooks have all necessary data to arrange any king of fraud by steal victims’ identities. More here.

Further, the Trump administration appears to omitted any reference to the Chinese cyber threat domestically….here is a clue on their activity and how they cannot be trusted…and we have not even mentioned Russia..

In 2012 Chinese companies Huawei and ZTE  were considered high threat risks to the United States and sadly, both were introduced again at this same Senate hearing on February 13, 2018.

China’s government has denied reports that it spied on the servers at the African Union’s Chinese-built headquarters for more than five years, gaining access to confidential information.

In an investigation published by French newspaper Le Monde, China, which also paid and built the computer network at the AU, allegedly inserted a backdoor (in French) that allowed it to transfer data. The hack wasn’t detected until Jan. 2017 when technicians noticed that between midnight and 2 am every night, there was a peak in data usage even though the building was empty. After investigating, it was found that the continental organization’s confidential data was being copied on to servers in Shanghai.

China’s ambassador to the AU dismissed the reports as “absurd” and “preposterous.” Kuang Weilin told reporters in Ethiopia that it was “very difficult to understand” Le Monde’s claims and that the story was certain to “create problems for China-Africa relations.”

The revelations come as African presidents convene in Addis Ababa to attend the continental summit on governance. In 2012, when the AU building was completed, it was signified as a symbolic gesture aimed at solidifying Sino-Africa relations. The landmark 20-story office tower overlooking a pearl-shaped conference center was “a gift” from the Chinese government to help African nations integrate better and improve their institutional capacity.

But the alleged data theft puts a spin on that rosy affair and might strain the relationship between the two sides. China is heavily involved in Africa, with its companies and entrepreneurs conducting trade and investing heavily in African countries. Chinese aid has also been blamed for propping up authoritarian regimes, constructing shoddy roads and infrastructure built by imported Chinese workers, and focusing mainly on countries home to oil, minerals, and other resources that China needs. But China is also cultivating the next generation of African leaders, with Beijing taking thousands of African leaders, bureaucrats, students, and business people to China for training and education. More here.

For sure there is no policy and lawmakers are dumbfounded on introducing any kind of offensive or consequential legislation. Hello Angus?

State Dept Proposes Lead Agency on Economic/Cyber Bureau

This sounds great until one considers there is no lawful cyber policy against any nation, rogue or otherwise where there are consequences for hacks, malicious malware or cyber theft. Meanwhile, all cyber units within the Federal government as well as independent outside corporations are well aware of China, North Korea, Russia and proxies are the constant and proven cyber threats to the United States without punishment.

Further, there are two details that are omitted in the summary below, the global actions of cybercurrencies and how governments are plotting regulations but more the global economic agenda. There is no way to stop a borderless world.

The 2016 State Department posture on foreign cyber threats is here.

Image result for tillerson russia cyber photo

Tillerson proposes new unified bureau at State to focus on cyber

Secretary of State Rex Tillerson is proposing the consolidation of two separate offices at the State Department to form a single bureau that will focus on a wide range of cyber issues.

A State Department spokesperson told The Hill that the two offices, the Office of the Cybersecurity Coordinator and the Bureau of Economic Affairs’ Office of International Communications and Information Policy, would be unified in order to form the proposed Bureau for Cyberspace and the Digital Economy.

“The combination of these offices in a new Bureau for Cyberspace and the Digital Economy will align existing resources under a single Department of State official to formulate and coordinate a strategic approach necessary to address current and emerging cyber security and digital economic challenges,” Tillerson said in a Tuesday letter to House Foreign Affairs Committee Chairman Ed Royce (R-Calif.). 

“The Department of State must be organized to lead diplomatic efforts related to all aspects of cyberspace,” the secretary added.

The decision comes after Tillerson faced scrutiny from both parties last year over his decision to fold the standalone Office of Cybersecurity Coordinator into an economic-focused bureau as part of his broad efforts to reorganize the agency.

Royce first relayed the news during a cyber diplomacy briefing on Tuesday that focused on the need to engage the international community on cybersecurity-related issues.

“The proposal will elevate the stature of the department official leading cyberspace policy to one that is confirmed by the U.S. Senate — an assistant secretary — to lead high-level diplomatic engagements around the world,” the secretary argued.

Last year, Royce introduced a bill, titled the Cyber Diplomacy Act, that seeks to restore a State Department office specifically focusing on cyber diplomacy efforts. The House passed the bill last month, which also calls for the official leading the cyber office to have the rank of ambassador.

Royce said Tillerson’s proposal is a “welcomed” move, but continued to vouch for the Cyber Diplomacy Act to “help keep America safe and strong.”

“Cyberspace is vital to America’s national security, and to our economy. That’s why I have long called for the State Department to have a high-ranking diplomat who can confront the full range of challenges we face online,” Royce said in a statement in response to Tillerson’s letter.

“The Foreign Affairs Committee will continue to work with the department and our colleagues in the Senate to ensure this assistant secretary and bureau is empowered to engage on the full range of cyber issues, dealing with security, human rights, and the economy,” he continued.

A State Department spokesperson said the proposal is part of an effort to spearhead cyber policy and address cybersecurity on a global scale.

“The State Department recognizes its leadership role of diplomatic efforts related to all aspects of cyberspace and the need to have an effective platform from which to engage relevant global stakeholders and exercise that leadership role,” the spokesperson said.

Under Tillerson’s proposal, the cyber bureau would seek to establish a “global deterrence framework” in an effort to outline how countries can respond when other nations “engage in malicious cyber activities.”

It would also seek to develop strategies against adversaries, promote programs that help with cyber threat prevention and responses, establish partnerships to keep the nature of the Internet open with a cross-border flow of data and open lines of dialogue for diplomatic officials to further engage on such issues.

At the start of the hearing, Royce emphasized the importance of the State Department’s role in cybersecurity issues as other countries attempt to impose control over cyberspace.

“The department’s role becomes essential when you consider that it’s not just computer networks and infrastructure that the United States needs to protect. The open nature of the internet is increasingly under assault by authoritarian regimes, like China, that aggressively promote a vision of ‘cyber sovereignty,’ which emphasizes state control over cyberspace,” Royce said in his opening remarks.

Three cyber experts testified before the lawmakers for roughly three hours on Tuesday, including the State Department’s former top cyber diplomat.

Chris Painter, the agency’s former cybersecurity coordinator, had already emphasized the need for the State Department to assume a key role in cyber policy before Tillerson’s proposal became public.

“[G]iven the international nature of the threats and the technology itself, that the State Department should play a leading role in that effort and that effective cyber diplomacy,” Painter told the lawmakers.

“For the U.S. to continue to lead, as it must, cyber issues must be re-prioritized and appropriately resourced at the State Department. Moreover, it is important that the position of the individual leading these efforts be at a very high-level — not buried in the bureaucracy or reporting through any one functionally or perspective limited chain of command,” he added.

Under the proposal, an assistant secretary will lead the new bureau and report to the Under Secretary for Economic Growth, Energy and the Environment.

Painter praised Tillerson’s plan after Royce relayed Tillerson’s proposal at the hearing. But he argued that it “makes a lot more sense” for the assistant secretary to report to the undersecretary for political affairs rather than economic affairs.

“I applaud the fact that they’ve taken action. I think it’s great they’re elevating it. That’s exactly what should be done,” Painter said.

In July, Painter left his top position shortly before Tillerson alerted Congress about his plans to close the cybersecurity office.

 

Swell, $800 Million Unaccounted for Defense Department

Ah, an audit finally? Missing documentation but not the assets? What did the ledger show?

The Defense Logistics Agency is the Department of Defense’s logistics combat support agency, providing worldwide logistics support in both peacetime and wartime to the military services as well as several civilian agencies and foreign countries.

DLA employs about 25,000 employees. The agency’s headquarters is at Fort Belvoir, in Northern Virginia.

 

Exclusive: Massive Pentagon agency lost track of hundreds of millions of dollars

A damning outside review finds that the Defense Logistics Agency has lost track of where it spent the money.

Image result for defense logistics agency

One of the Pentagon’s largest agencies can’t account for hundreds of millions of dollars’ worth of spending, a leading accounting firm says in an internal audit obtained by POLITICO that arrives just as President Donald Trump is proposing a boost in the military budget.

Ernst & Young found that the Defense Logistics Agency failed to properly document more than $800 million in construction projects, just one of a series of examples where it lacks a paper trail for millions of dollars in property and equipment. Across the board, its financial management is so weak that its leaders and oversight bodies have no reliable way to track the huge sums it’s responsible for, the firm warned in its initial audit of the massive Pentagon purchasing agent.

The audit raises new questions about whether the Defense Department can responsibly manage its $700 billion annual budget — let alone the additional billions that Trump plans to propose this month. The department has never undergone a full audit despite a congressional mandate — and to some lawmakers, the messy state of the Defense Logistics Agency’s books indicates one may never even be possible.

“If you can’t follow the money, you aren’t going to be able to do an audit,” said Sen. Chuck Grassley, an Iowa Republican and senior member of the Budget and Finance committees, who has pushed successive administrations to clean up the Pentagon’s notoriously wasteful and disorganized accounting system.

The $40 billion-a-year logistics agency is a test case in how unachievable that task may be. The DLA serves as the Walmart of the military, with 25,000 employees who process roughly 100,000 orders a day on behalf of the Army, Navy, Air Force, Marine Corps and a host of other federal agencies — for everything from poultry to pharmaceuticals, precious metals and aircraft parts.

But as the auditors found, the agency often has little solid evidence for where much of that money is going. That bodes ill for ever getting a handle on spending at the Defense Department as a whole, which has a combined $2.2 trillion in assets.

In one part of the audit, completed in mid-December, Ernst & Young found that misstatements in the agency’s books totaled at least $465 million for construction projects it financed for the Army Corps of Engineers and other agencies. For construction projects designated as still “in progress,” meanwhile, it didn’t have sufficient documentation — or any documentation at all — for another $384 million worth of spending.

The agency also couldn’t produce supporting evidence for many items that are documented in some form — including records for $100 million worth of assets in the computer systems that conduct the agency’s day-to-day business.

“The documentation, such as the evidence demonstrating that the asset was tested and accepted, is not retained or available,” it said.

The report, which covers the fiscal year that ended Sept. 30, 2016, also found that $46 million in computer assets were “inappropriately recorded” as belonging to the Defense Logistics Agency. It also warned that the agency cannot reconcile balances from its general ledger with the Treasury Department.

The agency maintains it will overcome its many hurdles to ultimately get a clean audit.

“The initial audit has provided us with a valuable independent view of our current financial operations,” Army Lt. Gen. Darrell Williams, the agency’s director, wrote in response to Ernst & Young’s findings. “We are committed to resolving the material weaknesses and strengthening internal controls around DLA’s operations.”

In a statement to POLITICO, the agency also maintained it was not surprised by the conclusions.

“DLA is the first of its size and complexity in the Department of Defense to undergo an audit so we did not anticipate achieving a ‘clean’ audit opinion in the initial cycles,” it explained. “The key is to use auditor feedback to focus our remediation efforts and corrective action plans, and maximize the value from the audits. That’s what we’re doing now.”

Indeed, the Trump administration insists it can accomplish what previous ones could not.

“Beginning in 2018, our audits will occur annually, with reports issued Nov. 15,” the Pentagon’s top budget official, David Norquist, told Congress last month.

That Pentagon-wide effort, which will require an army of about 1,200 auditors across the department, will also be expensive — to the tune of nearly $1 billion.

Norquist said it will cost an estimated $367 million to carry out the audits — including the cost of hiring independent accounting firms like Ernst & Young — and an additional $551 million to go back and fix broken accounting systems that are crucial to better financial management.

“It is important that the Congress and the American people have confidence in DoD’s management of every taxpayer dollar,” Norquist said.

But there is little evidence the logistics arm of the military will be able to account for what it has spent anytime soon.

“Ernst & Young could not obtain sufficient, competent evidential matter to support the reported amounts within the DLA financial statements,” the Pentagon’s inspector general, the internal watchdog that ordered the outside review, concluded in issuing the report to DLA.

The accounting firm itself went further, asserting that the gaping holes uncovered in bookkeeping procedures and oversight strongly suggest there are more.

“We cannot determine the effect of the lack of sufficient appropriate audit evidence on DLA’s financial statements as a whole,” its report concludes.

A spokeswoman for Ernst & Young declined to respond to questions, referring POLITICO to the Pentagon.

Grassley — who was fiercely critical when a clean audit opinion of the Marine Corps had to be pulled in 2015 for “bogus conclusions” — has repeatedly charged that “keeping track of the people’s money may not be in the Pentagon’s DNA.”

He remains deeply doubtful about the prospects going forward given what is being uncovered.

“I think the odds of a successful DoD audit down the road are zero,” Grassley said in an interview. “The feeder systems can’t provide data. They are doomed to failure before they ever get started.”

But he said he supports the continuing effort even if a full, clean audit of the Pentagon can never be done. It is widely viewed as only way to improve the management of such huge sums of taxpayer dollars.

“Each audit report will help DLA build a better financial reporting foundation and provide a stepping stone towards a clean audit opinion of our financial statements,” the agency maintains. “The findings also improve our internal controls, which helps to improve the quality of cost and logistics data used for decision-making.”