By Colby Proffitt
1.) Careful what you wish for—change and continuity in China’s cyber threats (part 2) (April 9, 2018)
Summary: A At a time when ‘cyber anarchy’ seems to prevail in the international system, the emergence in 2015 of US–China consensus against ‘cyber-enabled theft of intellectual property’ initially appeared to promise progress towards order. The nascent norm against commercial cyber espionage that emerged between Xi Jinping and Barack Obama was later reaffirmed by the G‑20. China subsequently recommitted to this proscription in a number of bilateral agreements, including reaching a parallel commitment with Australia in April 2017.
Why it matters: As follow up to part 1 in last week’s roundup, part 2 offers a deeper dive into the growing cyber threats in China. Cyber actions are difficult to regulate – in part because the intent of those actions is often multi-faceted and can be interpreted a number of ways (e.g., acting in defense vs. acting for competitive gain or advantage) – and are often hard to attribute. Despite these challenges, it’s critical that the U.S. take careful action in the event that China does take malicious cyber action against the U.S., recognizing that the decisions made in the aftermath will set a precedent for the future.
2.) Cyber criminals earn up to $2m a year, study shows (April 10, 2018)
Summary: Academic study reveals just how lucrative cybercrime can be, with top-level cyber criminals out-earning government leaders and university graduates.
Why it matters: This article highlights some telling statistics from a recent study on the booming business of cybercrime, diving into some of the connections to drug production, human trafficking, and terrorism. The cyber industry has evolved to a platform, with many cybercrime businesses offering malware, hackers-for-hire, and other malicious cyber services. Cybercrime has changed the global economy. While there have always been thieves, it’s now a lot harder to identify and apprehend virtual thieves. This article points out how cyber criminals spend their earnings – from paying their bills to reinvesting for future campaigns – just as a bank robber’s earnings might be used to pay bills and buy materials for the next heist. While organized robbery and physical crime certainly has had influence over the U.S. economy over the years, it pales in comparison to the impact that organized cybercrime is having on the global economy. With many nation-state’s now investing in and relying on cybercrime to steal not just money, but data and intellectual property, the composition and variables influencing the economy have evolved considerably, and will continue to in the future.
3.) College Students Battle To Control the Power Grid in Energy Department Challenge (April 10, 2018)
Summary: Agency officials hope the competition will draw more young tech talent to the government and energy industry.
Why it matters: This article highlights the aging cyber workforce and the increasing skills gap – two reasons behind the creation of this particular event. Many in government realize that young talent coming into the cyber workforce will inevitably choose a job in industry over government, but they hope that the personal reward of supporting a federal mission will be enough to entice recent cyber graduates. In the past, going to war was considered an honorable duty – a way of serving your country and giving back to your community. That mindset hasn’t yet set in when it comes to the cyber war – largely because it’s an intangible concept. It will be interesting to see how federal agencies address the skills shortage in the coming months and years. Improvements will require change.
4.) Popular Android Phone Manufacturers Caught Lying About Security Updates (April 13, 2018)
Summary: Android ecosystem is highly broken when it comes to security, and device manufacturers (better known as OEMs) make it even worse by not providing critical patches in time.
Why it matters: This article explains that many Android vendors have been missing patches – deploying them after hackers have already had the opportunity to wreak havoc. While this article explains how end users can measure their patch level and verify vendor claims, it doesn’t explain what end users can do about it. What we can expect is that, despite some media attention, there will be too few who care enough to actually hold the vendors accountable. What’s clear is that, increasingly, personal security will continue to be an individual responsibility, even when those individuals are paying for vendor devices and services.
5.) Zuckerberg hearing: Grasping — and grasping for — tech terms (April 10, 2018)
Summary: Technology can prove confusing for even the most knowledgeable. There were a few moments during Tuesday’s testimony by Facebook CEO Mark Zuckerberg before the Senate Judiciary and Senate Commerce committees that left lawmakers — and viewers and even Zuckerberg — scratching their heads.
Why it matters: Probably one of the biggest stories in the news this week, it’s worth a Google search to read several different opinions of Zuckerberg’s testimony before Congress. Despite the lack of overall progress at the end of it all, several things were very clear. While Zuckerberg didn’t do a very good job (some would argue intentionally) answering many of the questions, stating that his team would follow up, the Senators didn’t ask all the right questions. And, when they did ask questions that made sense, not only was it a challenge to get the Senate to understand how the technology worked, but many in the Senate didn’t seem to understand Facebook’s entire business model, suggesting that the social platform was a monopoly without competition – a Ford without a Chevy. It’s important to recall how Facebook started and understand how it has evolved. While the majority of Facebook users in 2018 in the U.S. are 25-34 years old, when Facebook first started in 2004, early adopters were younger – they saw the platform as a way to connect and communicate with friends, and most of them didn’t think about the implications and risks of sharing their personal data with Facebook and the world. Since then, the social platform has evolved into a very lucrative advertising business – and, it’s attracted a different audience. Many of the original users no longer use Facebook – they’ve moved on to other image-intensive sharing options like Instagram (also owned by Facebook). If the government plans to regulate Facebook or develop policy around data privacy, they’re doing the right thing by engaging with Facebook and other leaders in the industry, but they need to make sure they’re asking the right questions, and industry needs to be more willing to cooperate.