×
JOIN US TODAY CONTRACT VEHICLES CONTACT US

Blog

Cyber Weekly Roundup – August 10, 2018

Written August 10th, 2018

Post Tags: Comcast, Cyber, cyber news, cyber weekly roundup, Cyberattacks, cybersecurity, cybersecurity news, Experiment, Force, Iran, news, Outreach, Pentagon, Sanctions, Space, Space Force, Subterranean, weekly cyber roundup, weekly roundup, West Virginia

By Colby Proffitt

1.) And after the Space Force, a Subterranean Force? (August 10, 2018)

https://www.fifthdomain.com/opinion/2018/08/09/and-after-the-space-force-a-subterranean-force/

Summary: President Donald Trump recently directed the Department of Defense to “establish a space force as the sixth branch of the armed forces” marking not only a major milestone in U.S. military history but also a significant shift in the way U.S. threats are perceived. Given that, might there be a seventh force directed in the near future?

Why it matters: This article focuses on the impact of technological change on society as a whole, coupled with the overall increase in population size. Together, a bigger, more complex attack ‘surface’ has formed over the last several decades – and, ironically, we now have to consider what’s beneath that surface as a potential threat. This article serves as a reminder that success necessitates speed and innovation – something the U.S. has done well in years past, but must do even better in the future.

2.) West Virginia to introduce mobile phone voting for midterm elections (August 6, 2018)

https://money.cnn.com/2018/08/06/technology/mobile-voting-west-virginia-voatz/index.html

Summary: The state’s decision to pioneer mobile voting comes even as the United States grapples with Russian interference in its elections. A recent federal indictment outlined Russia’s attempts to hack US voting infrastructure during the 2016 presidential race, and US intelligence agencies have warned of Russian attempts to interfere with the upcoming midterm election.

Why it matters: With so many headlines focused on election meddling – there seems to be an unspoken consensus that a secure vote is preferred over a convenient one. Yet, as this article points out, some innovators are claiming they can guarantee a secure mobile voting app. One the one hand, the motivation behind the effort is certainly a good one – making it easier for troops to vote. On the other hand, some would argue that the testing and audits performed thus far have been limited in scope; and, they’ve set about solving the problem of efficiency and convenience when they should have focused on security.

3.) Comcast customer portal vulnerabilities exposed sensitive data (August 9, 2018)

https://www.zdnet.com/article/comcast-vulnerabilities-exposed-sensitive-data-customers-allowed-brute-force-attacks/

Summary: Comcast has resolved two critical vulnerabilities which had the potential to expose confidential information belonging to over 26.5 million customers.

Why it matters: This article is important for two reasons. First, it highlights the fact that even today, many major service providers are still behind the times when it comes to security practices that should be normalized. However, service providers must perpetually toe the line between security and convenience when it comes to end users. Make something too secure and you lose users and revenue because the service is no longer convenient. Make something too convenient and you lose users and revenue because the service is no longer secure. Secondly, this article is an example of the perpetual problem of security ownership – who is responsible for data and who is accountable when that data is compromised? Everyone knows that when you sign up for a service or buy an app, you’re doing so because you want the benefit the service or the app provides – it’s a cultural understanding and a behavioral practice to simply click accept and move on through the installation process so you can get what you want, what you need. Users simply assume that security is included and their information will be protected. Users, however, as is pointed out in this Comcast example, are not always protected.

4.) U.S. braces for possible cyberattacks after Iran sanctions (August 8, 2018)

https://www.msn.com/en-us/news/world/us-braces-for-possible-cyberattacks-after-iran-sanctions/ar-BBLDwK4?ocid=spartanntp

Summary: The U.S. is bracing for cyberattacks Iran could launch in retaliation for the re-imposition of sanctions this week by President Donald Trump, cybersecurity and intelligence experts say.

Why it matters: This article highlights the economic and geopolitical relationship between cybersecurity and federal decision making, and shows just how hard it is to understand the motivation behind an attack. Some actors simply want to steal, others want political influence, while others just want power. Knowing the attacker may shed light on their motivating factors, but at the same time, knowing the motivation behind the attack may resolve the problem of attribution. What’s important to note from this article is that Iran has not only denied using cyber for offensive purposes, but has pointed to Operation Olympic Games (Stuxnet) as justification that U.S. is the cyber aggressor. What’s most important to take away from this article is the role that media plays in cyberwarfare. It’s harder to hide a physical attack – from a drone strike to an atomic bomb – than a cyber attack. And that anonymity has resulted in far more cyber activity – an increase that may ultimately result in a more kinetic attack.

5.) The Pentagon’s Startup Outreach Office is No Longer an Experiment (August 9, 2018)

https://www.nextgov.com/cio-briefing/2018/08/pentagons-startup-outreach-office-no-longer-experiment/150408/

Summary: Diving into long-term relationships can be scary, but the Defense Department said it’s ready to go to commit to its startup outreach program. Defense Innovation Unit Experimental, the office charged with bringing Silicon Valley tech to the Pentagon, will now be known as Defense Innovation Unit, the department announced Thursday.

Why it matters: A name change is one thing, but additional funding, raised expectations, and concrete outcomes are another. It will be interesting to see what DIU produces – and if its focus shifts to cyber specifically – in the coming months. Regardless, moving away from a potentially-temporary organization to a fully funded operation is a step in the right direction.