Cyber Weekly Roundup – June, 15 2018

Weekly Roundup

Cyber Weekly Roundup – June, 15 2018

By Colby Proffitt

1.) Trump, senators headed for clash on cyber policy (June 11, 2018)

http://thehill.com/policy/cybersecurity/391734-trump-senators-headed-for-clash-on-cyber-policy

Summary: Senators are barreling toward a clash with the Trump administration over how to deter and respond to cyberattacks.

Why it matters: It’s yet to be determined if authority will remain with the President or if it will shift somewhere else as a result of the defense policy legislation, but what’s clear is that legislators are talking a lot about deterrence, and making it clear to adversaries and would-be cyber attackers that any malicious acts will be met with severe consequences. As has always been the case, however, the challenge of attribution remains unresolved, making deterrence a challenging solution to successfully implement.

2.) OPM wants to know the most critical cyber workforce needs (June 12, 2018)

https://www.fifthdomain.com/management/2018/06/12/opm-calls-for-early-report-on-cyber-workforce-needs/

Summary: The Office of Personnel Management asked agencies to put together an earlier-than-anticipated report on the “critical need” for cybersecurity workers in a June 11 memo to human resource officers.

Why it matters: What’s most interesting about this approach to the cyber workforce shortage is that it appears to be a government-wide look at the cybersecurity workforce needs. Although the report will be classified, if it is released to the public in the future, it will be interesting to see the similarities and differences across federal organizations, as well as the action plans that each organization develops.

3.) U.S. counterspy warns World Cup travelers’ devices could be hacked (June 13, 2018)

https://uk.reuters.com/article/us-usa-russia-hackers-exclusive/exclusive-u-s-counterspy-warns-world-cup-travelers-devices-could-be-hacked-idUKKBN1J82YX

Summary: The top U.S. counterintelligence official is advising Americans traveling to Russia for football’s World Cup beginning this week that they should not take electronic devices because they are likely to be hacked by criminals or the Russian government.

Why it matters: This article doesn’t talk about it specifically, but the obvious takeaway is the incredible inconvenience necessary for cyber protection. And in some cases – even the impossibility of protection. The guidance suggests removing batteries from devices if they must be taken to Russia, but for many devices nowadays, it’s not even possible to remove the battery. And, if users opt for a ‘burner’ device – one that’s thrown away after use – that still comes at a cost and it’s still not necessarily any safer than other devices; it all depends on what you use the device for, what you access, and what data you put on the device.

4.) US Government’s biometric database worries privacy advocates (June 11, 2018)

https://nakedsecurity.sophos.com/2018/06/11/us-governments-biometric-database-worries-privacy-advocates/

Summary: It is something few Americans will have likely heard of, but the US Department of Homeland Security’s Homeland Advanced Recognition Technology (HART) is catching the eye of privacy advocates – and not in a good way.

Why it matters: George Orwell was onto something when he published his famous book, 1984. In an incredibly short amount of time, the things that were once considered private and secure (i.e., social security numbers) are now considered publicly available by many, and new forms of identity are being pursued (i.e., fingerprints, retina scans, scars, and tattoos) – but it raises the question of just how much identifiable data points – and in this case biometrics – are really needed, and why they’re needed. Is that data needed for our own protection? Is it needed to grant us access and permissions for every day transactions at banks, the post office, and the grocery store? Or is it needed to create a greater social relationship map to reduce crime – to eliminate threats before they become real crimes? If so, what happens when you get a random friend request on Facebook or a new follower on Instagram and they turn out to be a malicious actor? Are you then guilty by association? It’s easy to see that while these capabilities and this massive database is powerful, it also begs an endless supply of heavy questions. It’s going to be interesting to see how this program progresses, and if it’s successfully implemented to completion, how it impacts our lives – for better, or for worse.

5.) Two men killed over false child kidnapping claims on WhatsApp, Facebook (June 12, 2018)

https://www.cnn.com/2018/06/12/asia/india-whatsapp-facebook-false-kidnappings-intl-trnd/index.html

Summary: Twenty-seven people have been arrested after two men were beaten to death by a mob following false social media reports suggesting they were child kidnappers, police in India said.

Why it matters: Although this isn’t an obviously cyber story, it is an indicator of the power of social media – and the potential damage that cyber criminals can inflict by leveraging social media. Although this story doesn’t indicate that the rumors were spread by fake accounts or bots, more and more fake accounts are created every day, with Facebook alone admitting to more than 270 million fake or clone accounts in 2017. Malicious actors can use fake accounts and social bots to manipulate sentiment, influence politics, create false advocacy movements – in short, if enough “people” appear to be talking about something online, it gives the impression that it’s important, which entices authentic users to take notice and in some cases engage with the fake accounts. As the number of bots and fake accounts grows, the future of social media will be interesting to watch, especially given the volume of real users and organizations who have come to leverage the capabilities of social media so heavily in recent years.