Google affiliate offers tools to safeguard elections from hacks
Posted on March 21, 2017 by Anick Jesdanun
In this Monday, Feb. 1, 2016, file photo, electronic screens post prices of Alphabet stock at the Nasdaq MarketSite in New York. An organization affiliated with Google is offering tools for news organizations and other election-related sites to protect themselves from hacking. Jigsaw, a research arm of Google parent company Alphabet Inc., says that free and fair elections depend on access to information, and to ensure such access, news, human rights and election-monitoring sites need to be protected from cyberattacks. (AP Photo/Mark Lennihan, File)
NEW YORK (AP) — An organization affiliated with Google is offering tools that news organizations and election-related sites can use to protect themselves from hacking.
Jigsaw, a research arm of Google parent company Alphabet Inc., says that free and fair elections depend on access to information. To ensure such access, Jigsaw says, sites for news, human rights and election monitoring need to be protected from cyberattacks.
Jigsaw’s suite of tools, called Protect Your Election, is mostly a repackaging of existing tools:
- Project Shield will help websites guard against denial-of-service attacks, in which hackers flood sites with so much traffic that legitimate visitors can’t get through. Users of Project Shield will be tapping technology and servers that Google already uses to protect its own sites from such attacks.
- Password Alert is software that people can add to Chrome browsers to warn them when they try to enter their Google password on another site, often a sign of a phishing attempt.
- 2-Step Verification helps beef up security beyond passwords by requiring a second access code, such as a text sent to a verified cellphone. Though Jigsaw directs users to turn this on for Google accounts, most major rivals offer similar protections, too.
“This is as much an occasion to have a conversation about digital security as it is putting all the tools in one place,” Jigsaw spokesman Dan Keyserling said.
While the tools can be useful to a variety of groups and individuals, Jigsaw says it is focusing on elections because cyberattacks often increase against news organizations and election information sites around election time. In particular, Jigsaw wants to help sites deploy the tools ahead of the French presidential elections, which begin April 23.
The tools are free, though Project Shield is limited to news organizations, individual journalists, human-rights groups and election-monitoring organizations.
It’s not known whether the tools might have prevented some of the high-profile attacks in the past, including the theft of emails from Democratic Party computers during the 2016 U.S. presidential campaign. The tools do not directly address such break-ins, but they could help guard against password stealing, a common precursor to break-ins.
What makes a cyberattack? Experts lobby to restrict the term
Posted on March 28, 2017 by Raphael Satter
Michael Schmitt, a professor of law at the U.S. Naval War College and University of Exeter in England, poses for a picture at the Victory Services Club, in London, Friday, March 24, 2017. Schmitt is one of a disparate group of experts campaigning against the layperson definition of “cyberattack” that they argue can lead to dangerous diplomatic missteps. (AP Photo/Tim Ireland)
LONDON (AP) — When U.S. senator John McCain told Ukrainian television that the allegedly Russian-backed breach of the Democratic National Committee’s server was “an act of war,” Michael Schmitt cringed.
Schmitt, a professor of law at the U.S. Naval War College and University of Exeter in England, has spent years trying to defuse talk of cyberattacks, an expression used to describe everything from remotely disabling a city’s power grid to stealing a Facebook password. The concern, for Schmitt and others, is that overheated rhetoric could prompt dangerous diplomatic missteps.
“We’re very nervous when people say ‘cyberattack,’ because a ‘cyberattack’ opens the door to a state responding at very highest level of severity,” Schmitt said in a recent interview. “If there’s any area where we need to be careful, it’s this.”
Schmitt is one of a group of academics campaigning to change the language around electronic subterfuge. Their work on a recently published handbook, the Tallinn Manual 2.0, is meant to help policymakers to distinguish serious attacks from minor incidents. Other experts are directly lobbying journalists and politicians to moderate their tone.
“Words matter,” said Thomas Rid, who teaches at the Department of War Studies at King’s College London. “Words affect intelligence operations; words affect military operations; words affect the behavior of allies and enemies. And of course words shape what lawmakers think and what laws are made. So if we’re not precise, we’re literally escalating a problem.”
Professionals are trying to knock back talk of cyberattacks, too. When Oklahoma Senator Jim Inhofe described the massive data breach at the U.S. Office of Personnel Management as one of America’s “most damaging cyberattacks,” one of America’s top spymasters corrected him.
“I would say that this was espionage,” then-National Security Agency Director James Clapper said. “I think there is a difference between an act of espionage, which we conduct as well, and other nations do, versus an attack.”
The indiscriminate use of the word “cyberattack” can also tip the scales of justice, said attorney Jay Leiderman, who has represented a Who’s Who of American hackers. Two of the cases Leiderman has been involved in, activist Jeremy Hammond and gonzo journalist Barrett Brown, have featured stiff sentences meted out over alleged “cyber attacks.”
“It affects the ability to get a fair trial,” said Leiderman. “The person who screws around a little bit is getting the same type of charges and the same kind of media coverage as a state-sponsored actor.”
Some don’t think it’s necessary to crack down on the term.
Dieter Fleck, the honorary president of the International Society for Military Law, said it was generally fine to use the word “cyberattack” so long as it wasn’t confused with the much more serious category of intrusions formally known as “armed attacks.”
But Jake Davis, the ex-spokesman for the Lulz Security group of hackers, said journalists needed to articulate what was happening online without resorting to the word “cyberattack,” a verbal crutch which he said came “from a place of laziness.”
The Associated Press Stylebook is defining a cyberattack narrowly as something that causes “physical damage or significant and wide-ranging disruption.” The malicious code that allegedly wrecked Iran’s centrifuges would qualify. The daily drumbeat of leaks and breaches wouldn’t.
The Stylebook definition, announced Friday, was welcomed by Schmitt, who called it a “monumental step forward.”
Even those who worry that the misuse of the word “cyberattack” is too widespread to stop backed the move.
“It may be too late,” said Josephine Wolff, an associate of the Harvard Berkman Center for Internet & Society. “But I do think that there’s value in helping people making the distinction.”
Cyber Command now looking to equip its cyber warriors
Posted on March 30, 2017 by Mark Pomerleau
Photo Credit: Michael L. Lewis
With the impending full operational capability of Cyber Command’s Cyber Mission Force – slated for 2018 – and an intense focus on personnel and manning the 6,000 person, 133 team force, the command and Congress are now focused on delivering capabilities to equip the CMF to do their job.
The Capabilities Development Group at CYBERCOM, stood up in February of 2016, is focused on just that. Their main mission now is development and fielding of what they call the Military Cyber Operations Platform, Keith Jarrin, executive director of the CGD said at the AFCEA Warfighter IT day March 30.
Jarrin’s presentation was the first public disclosure of the MCOP, as it’s referred to. MCOP is “essentially the sum total of the portfolios we manage,” he said.
Cyber warriors, in order to carry out their mission successfully, need a platform, an interface, a toolset and an infrastructure, just like warfighters in the more traditional physical domains. As discussions continue to surround the inevitable split of NSA and CYBERCOM – which are currently collocated – an independent CYBERCOM will need its own infrastructure to conduct warfighting missions separate from NSA, which is an intelligence collection, combatant command support agency.
MCOP and similar endeavors get at this specialized military cyber mission. “When you take a look at the Military Cyber Operations Platform, you have to recognize that there are tools that will use physical infrastructure, there are analytics that will be fed by the physical infrastructure through a kind of network of sensors – for full spectrum operations,” Jarrin said. “MCOP is a global presence that is hardware and software and the regime to be able to train and equip with the services the CMF.”
“There are essentially common services that provide vital things like mission orchestration so we can actually do combined operations that are full spectrum,” he continued adding that the joint force needs to understand where capabilities are and where and how they’re being employed.
Other similar efforts include the unified platform, essentially a shared platform to allow cyber forces to conduct full spectrum cyber operations.
The future of MCOP, Jarrin explained, will be to engage capability synchronization boards to make fundamental decisions, not only tactical decisions such as what widget goes at Fort Gordon, the future headquarters of Army Cyber Command. But more important decisions like what is the Air Force’s piece of MCOP? What makes sense from a functional alignment, from a threat alignment; how do the two relate to each other, Jarrin asked. Planning is an important stage of engagement with the services so the command and DoD can really understand how MCOP is going to be growing as DoD rolls it out, he added.
With the standing up of CDG, Congress sought to make CYBERCOM more agile with what some congressional aides have called a crawl, walk, run model by initially providing limited acquisitional capabilities.
“The whole point of CDG or the command gaining acquisition authority … is operational agility,” Jarrin said. He also described that CDG’s mission is threefold:
- Plan and synchronize Capability development for the joint cyber force
- Develop capability in order to reduce risk or meet urgent operational needs
- Maintain the command’s technical baseline
One of CDG’s biggest challenges currently, he said, is understanding how combat mission forces – one of the sets of cyber teams within the larger CMF focused on combatant command requirements – can be engaged in cyber activities in a true end to end fashion for the highest priority missions for the three highest priority combatant commands: Central Command, Pacific Command and European Command.
Jarrin also noted that capability development has to be thought of in three lines of effort. The first is operations. He explained that for the last seven or eight months, there have been organic DoD cyber operations, which means the department is conduction cyber operations in direct support of core DoD warfighting missions and objectives in a battlefield context.
“We’re learning so much from a doctrine standpoint about how to basically prosecute a new type of cyber full spectrum operation,” he said. “The capability development people … need to be in those doctrine tactics and techniques discussions about how things are changing, how we’re using different authorities, how the partnerships and coalitions are forming, what they’re doing. That has direct bearing on the types of operations that really get conducted.”
The second line of effort is cyber command and control, situational awareness and intelligence. This involves several sub-sets one of which he listed is the need for immediate situational awareness all source fusion at operations centers. The critical questions, from a capabilities development standpoint he described include what does this look like, how can they pull those things together – more than telecommunications, but software overlay, big data analytics and looking through the lens of all source cyber in new ways.
Lastly, he described force structure and whether or not the 6,000 personnel capacity is enough and if resources are being pooled efficiently.
“Are we really within a force of 6,000, are we geographically pooling our tool developers in the right place, are we pooling our requirements in targeting or analyst resources in the CMF in the right place?” he asked.
How harried Finland fends off nation-states in cyberspace
Posted on March 31, 2017 by Brad D. Williams
Antti Pelttari is head of the Finnish Security Intelligence Service. (Photo Credit: Soppakanuuna via Wikipedia Commons)
Finland’s intelligence security service, called Supo, released its annual public report this week, providing a glimpse into the country’s efforts to fend off near-continuous cyber and information operations. Finland, with a population of nearly 5.5 million and an 833-mile shared border with Russia, serves as a case study in national cyber strategy and relative deterrence, as well as resilience to hostile information operations.
In the report’s introduction, Finland’s Director of the Security Intelligence Service Antti Pelttari summarized current geopolitical security trends, which continue to be driven in large part by cyber:
Recent news from the world ha[s] shown that national sovereignty can no longer be taken for granted even though no physical violation of state borders takes place. In the “new normal” – today’s security environment – the threat may appear from an unexpected direction and in an unprecedented form. Various influencing and hybrid operations, influence by information and cyber espionage, have opened a new dimension with fewer predictable elements. In the last few years, the barriers between internal and external security have broken down in Europe.
Of all the nation-state adversaries alluded to throughout the report, only Russia is named.
The report notes the threat to Finnish “data network intelligence,” which is “constantly targeted by computer network attacks from abroad.” While cyberattacks against companies and critical infrastructure did not all together cease, fewer “such cases were observed in 2016.” Rather, in 2016, threat actors’ aims included, “stealing organizations’ vital knowledge capital.”
The report summarizes 2016’s “clear trends” in cyber espionage as, “A sharp increase in visible activity against Finland’s foreign and security policy, comprehensive espionage priorities and the abuse of Finnish data networks in espionage targeting third countries.”
The last trend is important for several, broader reasons, including cyber attribution and questions surrounding victim retaliation. For instance, based on legislation proposed in February in the U.S. House of Representatives, private companies who suffer cyberattacks will be legally empowered to undertake “active cyber defense measures.”
If a cyberattack appeared to originate from a country that was not the attack’s true source, and a company retaliated based on that mistaken information, it could lead to international diplomatic strains and potential military conflict.
The Finnish report continued:
In addition to cyber espionage against Finnish information systems, several cases of Finnish data networks being exploited in espionage campaigns against third countries were observed in 2016. Information stolen from the target countries was transferred through Finnish data networks, making it seem at first that Finland was targeting espionage against the affected countries. In all the disclosed cases, Finnish authorities warned the authorities of the country in question.
In a public attribution to Russia, the report said, “Most observations were related to an APT28/Sofacy attack in which no particular effort was made to conceal the activity.”
APT28/Sofacy, also known as Fancy Bear, is one of the two hacking groups the U.S. intelligence community has accused of interfering with the 2016 U.S. presidential election. Cybersecurity companies have associated Fancy Bear with Russian military intelligence agency GRU (Glavnoye Razvedyvatel’noye Upravleniye).
In congressional testimony on March 20, FBI Director James Comey also noted the “loudness” of Russian threat actors such as Fancy Bear during the U.S. election, saying the Russian hackers “wanted us to see what they were doing.”
In addition to cyber threats, the report notes the continuous attempts of foreign adversaries to compromise Finnish citizens in order to “influence political decision-making and shape public opinion.”
Human intelligence carried out by nation-states against Finland “continued to be active and at times aggressive in 2016,” the report said.
Since declaring its independence from Russia a century ago, Finland has accomplished one of the most impressive diplomatic feats in Europe: Balancing an aggressive neighbor with overwhelming military force to its east, while maintaining friendly ties with its European neighbors even as it declined NATO membership.
Except for twice during World War II, Finland has avoided war and maintained its national sovereignty since 1917. Critics have accused Finland of being too conciliatory to Russia, labeling the strategy with the derisive term “Finlandization,” but the pragmatic policy of strict neutrality between east and west – as well as economic cooperation – has enabled its continued independence.
More recently, western countries have viewed Finland as a case study in how to develop a national cyber strategy and achieve relative cyber deterrence. Finland has not suffered the same scale or severity of cyberattacks as other countries bordering Russia, such as Estonia, Lithuania, Georgia and Ukraine.
Perhaps even more remarkable is the country’s resilience to intensive, ongoing Russian information warfare. Finnish leaders, scholars and experts attribute Finland’s information warfare resilience to a strong public education system – with its widely admired model and consistently high rankings – that instills critical-thinking skills in its citizens.
Observers also credit a coordinated effort from the highest levels of the Finnish government to counter disinformation and propaganda – a task that has, so far, eluded the U.S.
SecDef adviser: ’99 percent sure we’ll elevate’ CYBERCOM
Posted on March 31, 2017 by Mark Pomerleau
Following the passage of the 2017 National Defense Authorization Act, which directed the Defense Department to elevate Cyber Command from a subunified combatant command under Strategic Command to a full-fledged combatant command, DoD is making this action a key priority.
“We are driving very hard at that solution,” Maj. Gen. Burke “Ed” Wilson, deputy principle cyber adviser to the Secretary of Defense, said March 30 at the AFCEA NOVA Warfighter IT Day.
He noted strong consensus for the move among the entire U.S. government, to include the new administration.
“I don’t see anybody that has come in and said that’s not a smart thing to do across the department or interagency,” he said, adding he is “99 percent sure we’ll elevate and do it fairly quickly.”
This marks an important milestone as it signals that the U.S. as a nation is taking all facets of cyberspace operations seriously, he said, citing network operations, defensive operations and offensive operations, which the U.S. has been using very heavily, especially in the fight to counter Islamic State group, he added.
Wilson also addressed key questions surrounding the elevation as well as the future of the still infant command. Assuming the current commander of CYBERCOM, Adm. Michael Rogers, is nominated to serve as the commander*—*which upon elevation will require Senate confirmation*—*will he also continue to be dual hatted as the director of the NSA?
This invariably leads to questions about separating the two organizations, which are currently co-located and for which Cyber Command is very heavily reliant upon.
This has been an ongoing discussion among the Defense Department and Congress, in which the latter has generally opposed splitting too early for fear CYBERCOM might fail on its own.
The 2017 NDAA stipulated a series of certifications DoD must present to Congress prior to the split. These include, among others, that if separated, capabilities of either organization won’t be degraded and that the Cyber Mission Force reach full operational capability.
While hitting initial operational capability in October of 2016 the CMF is not slated to reach FOC until October 2018, making that the earliest possible date of an NSA-CYBERCOM split provided Congress does not change the law.
While Wilson said the department is projecting that the CMF will hit FOC in October 2018, he noted that the FOC declaration will not mean full mission readiness. Few teams will be what is known as C1 at that time, which means the unit can fully carry out its wartime mission, Wilson said, calling it a bit of phasing in.
Wilson added that there is consensus CYBERCOM and NSA will split but it won’t be a quick process. They will have to make assessments regarding the maturity of the command given it is only seven years old. They are currently assessing what will need to be put in place in terms of resources, people and capabilities.
He also added that CYBERCOM is beginning to exhibit more independent behavior and capabilities as it grows the cyber mission force, there is still heavy reliance on NSA.
On the NSA side, the intelligence organization is also undergoing a major reorganization itself, which Wilson said DoD wants to see completed before the two organizations split.
One of the main efforts behind the reorganization, or NSA21 as it is called, is the merging of it’s two directorates: Signals intelligence (offense) and the information assurance directorate (defense). Wilson said that effort will be completed this fall.
Wilson said he would forecast a split in the late fiscal year 2018, 2019 or 2020.