Cyber Weekly Roundup – March 23, 2018

Weekly Roundup

Cyber Weekly Roundup – March 23, 2018

By Colby Proffitt

1.) Omnibus to include election cybersecurity funds (March 21, 2018)

http://thehill.com/policy/cybersecurity/379517-omnibus-to-include-election-cybersecurity-funds

Summary: Congressional leaders hammered out a massive spending bill that would include money to help secure U.S. voting systems from cyberattacks.

Why it matters: While the $1.3 trillion spending bill isn’t solely focused on cyber-specific funds, $380 million are allocated for election technology grants and $307 million for FBI counter-intelligence efforts against Russian cyberattacks. While Congress passed the bill, Trump’s tweet this morning seems to indicate that he may veto the bill, not only keeping cyber funds out of reach, but also reigniting the possibility of another government shutdown.

2.) The next Russian attack will be far worse than bots and trolls (March 22, 2018)

https://www.brookings.edu/blog/order-from-chaos/2018/03/22/the-next-russian-attack-will-be-far-worse-than-bots-and-trolls/

Summary: On March 15, the Department of Homeland Security together with the FBI announced that Russian government hackers infiltrated critical infrastructures in the U.S.—including “energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors.” According to the DHS-FBI report, malicious Russian activities have been ongoing since at least March 2016.

Why it matters: This article highlights that while most exploits have stemmed from end user naiveté, future attacks are likely to take a more effective and covert approach through the use of artificial intelligence and other technological advancements. Many point to the attacks on Ukrainian critical infrastructure as a smaller scale example of what could happen in the U.S. – and as this article points out, Ukraine had a number of cyber countermeasures in place to prevent such an attack, many of which the U.S. currently lacks. Although the Trump administration recently sanctioned the Russian troll factory, it’s critical that the U.S. take more aggressive and strategic action to defend against what many would call an inevitable attack.

3.) How Much Does Artificial Intelligence Threaten National Security? (March 21, 2018)

http://www.nextgov.com/policy/2018/03/how-much-does-artificial-intelligence-threaten-national-security/146844/

Summary: As policymakers debate the government’s role in developing artificial intelligence, a House bill aims to shed light on the emerging technology’s role in strengthening national security. The National Security Commission on Artificial Intelligence Act would create an independent panel to explore recent advancements in artificial intelligence and assess the economic and national security impacts of the budding technology.

Why it matters: Russian President Vladimir Putin stated in 2017 that the country that establishes superiority in artificial intelligence (AI) will become the ruler of the world. More recently, Tesla CEO Elon Musk and renowned psychologist Steven Pinker engaged in some rather heated debates over AI use, risks, and regulation, with Musk warning that while the benefits of the new tech are revolutionary, the exponential increase in hardware ability and software talent also make AI a potential source of incredible risk. Given the opposing views, coupled with the speed at which AI is being brought to market, it’s important that federal CIOs and CISOs understand the risks and collaborate with industry leaders in AI to determine the best way to introduce AI to their agency and mitigate the risks, while also capitalizing on the benefits, and it’s also critical that industry reevaluate the speed and manner with which they bring new tech to market.

4.) Here Are Some Key Challenges to Critical Infrastructure Security (March 16, 2018)

http://www.nextgov.com/cybersecurity/2018/03/here-are-some-key-challenges-critical-infrastructure-security/146737/

Summary: Government and industry should conduct more research into understanding which complex security questions can be fully automated and which ones require “humans in the loop,” according to the readout of a Feb. 28 meeting between government and critical industry sectors.

Why it matters: With rapid advancements in articifical intelligence and other technologies, combined with the increase in cyber attacks and the increased threat of an attack on U.S. critical infrastructure, it’s important that the U.S. press ahead and develop and implement plans to protect U.S. assets.

5.) Weighing Privacy vs. Security for the Internet’s Address Book (March 13, 2018)

 https://www.wired.com/story/weighing-privacy-vs-security-for-the-internets-address-book/

Summary: The European Union’s General Data Protection Regulation will take effect on May 25. The regulation forbids companies from sharing their European customers’ personal data without explicit permission, and gives customers the right to delete their data at any time. As a result, Whois entries may soon contain a lot less information.

Why it matters: One the one hand, removing personal data from this particular resource may seem like something that should be been done long ago. However, the data found on Whois is often a valuable resource to law enforcement when tracking down cyber criminals. It’s to be determined whether the benefits of public access outweigh the privacy benefits or making it harder to access. While some who register their domains may understand how a proxy works and how it can mask their identity, or at least make it harder to find, many who register a domain don’t understand the value of it, or don’t want to pay the additional fee. Cyber criminals, on the other hand, are more likely to use a proxy – although they sometimes make mistakes and can still be tracked.