3:55 PM, Jul 17, 2014 • By KEN JENSEN
What to do about cyber attacks from state actors and their surrogates? For the State Department and DHS it would seem that the answer is now the courts and international negotiation. Hints of this came recently with the indictment of 5 Chinese military personnel for hacking. An utterly futile gesture as the Chinese are not about to extradite the 5 to stand trial, it bespeaks reliance on legal remedies that are, at best, only a matter of public shaming. Now, however, there is new evidence regarding the U.S. intent to negotiate on cyber with state actors like China, Russia, and Iran.
Along with recent Chinese hacking into the Office of Personnel Management comes a reports that Chinese hackers, almost certainly at the behest of their government, have begun targeting Middle East experts at major U.S. think tanks. This, in response to events in Iraq and, seemingly, an urgent Chinese need to know where U.S. policy regarding them might be going. Operation “Deep Panda,” as it is named by researchers, was announced by Dmitri Alperovitch, chief technology officer of cyber security company CrowdStrike. Alperovitch suggested that perhaps the Chinese were concerned about their oil infrastructure in Iraq. Whether the U.S. will intervene and protect Chinese interests may be the question of the hour for Beijing.
The above came on the eve of last week’s annual Strategic and Economic Dialog between Washington and Beijing. One of Secretary of State John Kerry’s goals is to secure the revival of the Sino-U.S. working group on cyber issues. The group was shut down by the Chinese after the military hackers’ indictments. The intent to negotiate on the matter is another indicator of administration intents. An unnamed official has said:
“We share an interest in a secure and predictable and orderly cyber environment. We see the bilateral U.S.-China working group as an important forum and vehicle for fulfilling our responsibilities and for making progress, so we certainly would like to see the earliest practical resumption of that forum.”
DHS released its 2014 Quadrennial Homeland Security Review on June 18. Despite administration carryings-on about the growth of the cyber threat in complexity and numbers of intrusions, the DHS strategic plan is written in general terms and effectively says nothing we haven’t heard before about “protecting critical infrastructure” from cyber depredations. However, at the very end of its cyber section, the plan strongly hints at the courts and negotiation approach in saying:
“Internationally, DHS will work with the Department of State and other partners to build global networks to share vital cybersecurity information and help enable international response to cyber incidents. DHS, with our partners, will also work to harmonize international laws to effectively combat transnational cybercrime.”
The most revealing—and troubling—indicator of administration cybersecurity intent comes from a 40-page draft State Department report dated July 2 and obtained by Inside Cybersecurity. The year-long study was done by State’s International Security Advisory Board, chaired by former Senator Gary Hart with the writing done under the supervision of retired Army General Montgomery Meigs.
As Inside Cybersecurity says, the study is an "effort to craft a "framework for international cyber stability" and endorses "ongoing work on international norms of behavior for cyberspace and urging industry involvement, though the document fails to break much new ground.” However, the opening paragraphs of the report reveal the administration’s intent to focus on negotiations, one might say in the spirit of 21st-century “international norming:”
8:17 AM, Jul 16, 2014 • By JERYL BIER
The threat to the U.S. government and U.S. businesses from foreign hackers, especially from China, has been increasingly in the news in recent months. In a little noticed WTOP interview last week, recently installed National Counterintelligence Executive William Evanina expressed the threat in terms that almost seem hyperbolic:
7:01 AM, Jul 11, 2014 • By DANIEL HALPER
Agence France-Presse State Department correspondent Jo Biddle is claiming on Twitter that members of the media traveling with Secretary of State John Kerry to China "have had their bank accounts hacked."
7:05 AM, Apr 3, 2014 • By JERYL BIER
Millions of individuals who recently entrusted personal, medical, and financial information to the federal government while enrolling in Obamacare via Healthcare.gov may find a recent trend reported by the Government Accountability Office (GAO) rather unsettling. The number of security breaches involving Personally Identifiable Information (PII) at federal agencies more than doubled in recent years, increasing from 10,481 in 2009 to 25,566 in 2013.
7:01 AM, Mar 10, 2014 • By JERYL BIER
Less than a month after the exposure of a widespread vulnerability on government "open data" websites, another perhaps even more insidious opening for abuse of government websites has come to light.
8:07 AM, Feb 20, 2014 • By JERYL BIER
At first glance, a page on the Health and Human Services (HHS) website seems to be giving that agency's official advice on the "The Health Benefits of Nootropics," a classification of purportedly memory-enhancing drugs. The page is found on the website's subdomain of the Assistant Secretary for Planning and Evaluation (ASPE) as part of the Health System Measurement Project.
10:07 AM, Jan 19, 2014 • By DANIEL HALPER
According to a cyber security expert, security for the Obamacare website, Healthcare.gov, is "much worse off" now than before:
1:23 PM, Oct 4, 2013 • By JERYL BIER
A portion of the website of the Substance Abuse and Mental Health Services Administration (SAMHSA) was apparently hacked as long as two months ago. SAMHSA is an agency of the Department of Health and Human Services (HHS). HHS also runs the new Obamacare insurance marketplace, Healthcare.gov.
11:02 AM, Aug 27, 2013 • By DANIEL HALPER
Senator Mary Landrieu, a Democrat from Louisiana, is making the case that some "cyber" jobs need to be moved away from the Washington, D.C. area -- and to Louisiana, where those people might be physically safer.
“Those jobs can’t all be based inside Washington, D.C., and Arlington, Va.,” she explained to a local paper. "Some of those jobs need to be located outside the blast zone."
Landrieu did not explain what blasts she expects to hit the Washington, D.C. area, or when those blasts might hit.
12:00 AM, Jun 15, 2013 • By IRWIN M. STELZER
Chinese president Xi Jinping and U.S. President Barack Obama doffed their ties, rolled up their sleeves (well, at least Obama did), and even took the now-obligatory stroll around the Sunnylands Estate in Rancho Mirage, California, in the manner of Eisenhower and Khrushchev at Camp David, and Reagan and Gorbachev in Switzerland. This enabled the leaders to “establish and deepen their personal relationship,” according to Tom Donilon, Obama’s national security adviser at the time of the meeting.
10:32 AM, Jun 3, 2013 • By KEN JENSEN
Over the past few weeks things cyber have blown up in our faces once again. While some of the media noticed, the gist of the reporting was on who was doing what to us now, not the growing scandal of our essentially supine reaction to it.
11:11 AM, Jun 1, 2013 • By DANIEL HALPER
Defense Secretary Chuck Hagel had some words about the cyber threat from China while speaking today in Singapore. But a Chinese general, in the room for the speech, immediately responded by saying, "China is not convinced."
"Even as we seek to uphold principles in well-established areas, we must also recognize the need for common rules of the road in new domains," Hagel said, according to an official transcript of his remarks.
1:21 PM, May 13, 2013 • By KEN JENSEN
On May 6, the media was full of warnings about an immediately pending cyberattack called “OpUSA.” Homeland Security said “The attacks will likely result in limited disruptions and mostly consistent of nuisance-level attacks against publicly accessible web pages and possibly data exploitation.”