WASHINGTON, June 17, 2011 –,The Philadelphia-based Foreign Policy Research Institute presented expertise on the emerging threat in cyberspace Thursday to journalists, private sector industry leaders, government officials and strategists in Washington.
Lawrence Husick, Senior Fellow at Foreign Policy Research Institute’s (FPRI) Center on Terrorism and Counter-Terrorism, offered his expertise on leveraging technology as a defining characteristic of the modern terrorist. His presentation centered on the rapidly evolving nature of cyber attacks, and the lack of a comprehensive private sector cybersecurity initiative.
Husick expertise illuminated gaping technical holes in current cyber protection efforts.
“We have complex computers and networks that run the world, and these systems are vulnerable and attractive targets,” said Husick. “We have stricter laws on screening our pharmaceutical drugs than we do for the microchips we depend on.
“The consequences are not that these systems will be difficult to fix should they be attacked,” Husick continued, “but rather, that they will be reprogrammed to do the wrong thing at the wrong time.”
Chair of the House Subcommittee on Intellectual Property, Competition, and the Internet, Rep. Bob Goodlatte (R-VA), expressed similar sentiments last month when his subcommittee held a hearing to probe Obama administration officials on the President’s cybersecurity review.
“Despite the fact that the federal sector grabs the headlines, in many respects it really is the private sector that stands on the front lines of cybersecurity,” said Goodlatte.
Legislation, however, is only part of a needed approach, Husick asserted.
“In addition to appropriate legislation, the federal government should use its contracting to establish standards fir data security and integrity among its contracting partners, taking the lead by example and offering assistance,” he said.
Those comments drew agreement from at least one of the attendees.
“He’s right. There’s no leadership in the private sector. There’s a lot of pious talk, and committees,” said Mark Davis, Senior Director of White House Writers Group.
Davis, whose expertise lies in online reputation management, acknowledged the very real, and potentially fatal physical threat cyberattacks.
“I don’t know if there will be an Electronic Pearl Harbor, but there will be [cyber related] events that kill people that will wake officials up,” he said. “Because of the oceanic nature of the Internet it will always make it difficult to defend, but if there’s no effort, we’re not even in the game.”
Husick defined cyber threat as three separate, but overlapping, categories with separate, but interdependent, goals: cyber crime, aimed towards monetary ends and often used to fund cyberterrorisim; cyberespionage, aimed at obtaining high-value information and data of an enemy; and cyberwarfare, the chief end being disruption of critical infrastructure systems, both military and civilian.
Husick, also gave his insights on his captured strain of the Stuxnet virus, a virus that disrupted Iranian uranium enrichment efforts in 2010. His efforts enabled experts to study the malicious strain that he termed a ‘software guided missle.’
FPRI’s talk came a day after House Subcommitee on Commerce, Manufacturing and Trade Chairman Mary Bono Mack assembled subcommittee members, government and private sector witnesses to review the language of the discussion draft of her upcoming bipartisan data breach security bill.
Further detail about Husick’s work on understanding cyberspace as a battlefield can be found online at http://www.fpri.org.
Rep. Swalwell Says App Preference Bill Will Harm National Security
‘I just want to limit the ability for any bad actor to get into your device.’
July 27, 2022 – Antitrust legislation that would restrict the preferential treatment of certain apps on platforms would harm national security by making more visible apps from hostile nations, claimed Representative Eric Swalwell, D-Calif, at a Punchbowl News event Wednesday.
The American Innovation and Choice Online Act is currently under review by the Senate and, if passed, would prohibit certain online platforms from unfairly preferencing products, limiting another business’ ability to operate on a platform, or discriminating against competing products and services.
The legislation would ban Apple and Google from preferencing their own first-party apps on their app stores, which would make it easier for apps disseminated from hostile nations to be seen on the online stores, Swalwell said.
“[Russia and China] could flood the app store with apps that can vacuum up consumer data and send it back to China,” said Swalwell, adding that disinformation regarding American elections would spread. “Until these security concerns are addressed, we should really pump the breaks on this.”
Swalwell asked for a hearing conducted by Judiciary Committee of the House with the National Security Agency, Federal Bureau of Investigation, and Homeland Security officials to lay out what the bill would mean for national security.
“I just want to limit the ability for any bad actor to get into your device, whether you’re an individual or small business,” said Swalwell.
Lawmakers have become increasingly concerned about China’s access to American data through popular video-sharing apps, such as TikTok. Last month, Federal Communications Commissioner Brendan Carr called for Apple and Google to remove the app on the grounds that the app’s parent company, ByteDance, is “beholden” to the Communist government in China and required to comply with “surveillance demands.”
The comments follow debate surrounding the bill, which was introduced to the Senate on May 2 by Sen. Amy Klobuchar, D-Minn., on how it would affect small businesses and American competitiveness globally.
Government Should Incentivize Information Sharing for Ransomware Attacks, Experts Say
‘Information sharing between the government and the private sector, while integral to tackling ransomware, is inconsistent.’
WASHINGTON, July 27, 2022 – The federal government should incentivize the reporting of cyberattacks through safe harbor and shield laws, said experts at an Atlantic Council event Tuesday, as a recent law requiring companies in critical infrastructure sectors to report such attacks to the federal government is limited and currently unclear on who exactly it impacts.
The Cyber Incident Reporting for Critical Infrastructure Act passed in March does not cover private companies who do not operate in the critical infrastructure sectors and does not include safe harbor and shield laws that would encourage private companies to engage in the process.
Oftentimes, companies will avoid interacting with law enforcement to avoid the stigma associated with being a victim of a cyberattack and out of fear of being held liable by regulators and investors, said Trent Teyema, senior fellow at technology policy university collaborative GeoTech Center.
Teyema called for a safe harbor framework, a law that provides protection against legal liability when other conditions are met. Such a provision would decrease the risk of companies being held liable for cyberattacks from regulators, investors, and the public.
He also called for shield laws that would protect against revealing certain information to the government as a requirement for receiving law enforcement assistance.
The government needs to make it easy for the private sector to share information with law enforcement, said Teyema.
“Information sharing between the government and the private sector, while integral to tackling ransomware, is inconsistent,” read a report written by Teyema and David Bray, fellow at GeoTech Center. Information sharing across sectors allows cybersecurity experts in both sectors to learn about new vulnerabilities in software and new attack vectors. It strengthens collective resiliency and can influence the processes used to anticipate and respond to threats, continued the report.
Ransomware on the rise
Ransomware attacks in which bad actors demand money to release encrypted data are increasing dramatically, reported the White House last year. Ransomware incidents often disrupt critical services, such as banks, hospitals and schools that require constant access to data. In 2021, there was approximately $20 billion in damages from ransomware attacks in the United States, with $11 billion in 2020 and $5 billion the year before, said Bray.
This follows on the heels of the 2021 Colonial Pipeline hack that targeted the billing system and led to the shutdown of the largest fuel pipeline in the United States. The Russian-speaking cybercrime group responsible, DarkSide, received $4.4 million in ransom from Colonial, part of which was later recovered by the United States law enforcement.
Research firm Cybersecurity Ventures predicts that there will be a ransomware attack every two seconds by the year 2031 with global costs exceeding $265 billion.
U.S. Must Go on Offensive to Address Cybersecurity Issues
A former Commerce Department official said the nation is ‘so far behind in addressing these threats.’
WASHINGTON, July 25, 2022 – The United States needs to adopt a more offensive cybersecurity posture to survive in an evolving digital world by enacting sanctions against malicious states, developing artificial intelligence capabilities to identify possible cyberthreats, and engaging in diplomacy to deter cyberattacks before they initiate, said experts at an Internet Governance Forum event on Thursday.
“The U.S. absolutely needs to bolster its response to malicious cyberactivity,” said Nazak Nikakhtar, a former assistant secretary for industry and analysis in the Commerce Department and current partner at law firm Wiley. “The United States is so far behind in addressing these threats.”
The United States is taking a defensive posture on cybersecurity by responding to threats as they come, said Nikakhtar. No one is talking about bettering our offensive capabilities in deterrence for malicious cyberattacks, she said.
Nikakhtar suggested enacting sanctions and penalties for violating privacy restrictions against hostile nation-states to deter cyber-attacks. She also suggested collaborating with allies to aggregate data to develop artificial intelligence that would identify possible cyberthreats. She called for think tanks and strategists around the world to come up with an offensive international strategy.
“I don’t think enough Americans are concerned about who has access to their data,” said Nikakhtar. “The aggregation of data by our adversaries, like China… is terrifying.” Our adversaries are finding out how they can weaponize our data and it should cause us to consider the risks and what we need to do to protect our data, she said. This follows Russian cyberattacks on Ukraine and an increase in cyberattack threats to the United States.
For example, experts say popular video-sharing application TikTok, which is owned by Chinese company ByteDance, is required by Chinese law to comply with the Communist government’s surveillance demands. Nikakhtar — who was nominated for her Commerce role by former President Donald Trump, who himself wanted to ban TikTok over national security concerns — argued that there is “no alternative” to banning TikTok.
But John Morris of the Internet Society expressed concern that banning specific apps would encourage hostile nations to respond in kind by banning American apps, eliminating free exchange of information.
Meanwhile Eric Burger, research director at Commonwealth Cyber Initiative, suggested that the United States levy its diplomatic power by gaining political support from other countries to deter hostile nation-states from initiating cyberattacks. It is powerful to get a whole chunk of the world on our side regarding cyber war are, he said.
Google executives have previously called for the Department of Defense to continue making investments in AI to protect the cyberspace. “One of AI’s critical uses is finding anomalies in activity that would indicate a new threat vector,” said Andrew Moore, vice president and director of Google Cloud in a Senate subcommittee meeting on cybersecurity in May.
- Doug Lodder: How to Prevent the Economic Climate from Worsening the Digital Divide
- Affordable Connectivity Outreach Program, Amazon’s SpaceX Satellite Concerns, Axios Acquired
- National Broadband Plan Legislation Introduced in Senate
- FCC Should Not Increase Rural Program Obligations in Light of New Federal Funding: Meeting Notes
- Craig Settles: If You Can’t Give Away Free Internet, Consider Telehealth
- Lumen’s Multi-Gig Service, Dish Continues Drop in Wireless Subs, Wu Not Leaving White House Yet
Signup for Broadband Breakfast
Broadband Roundup2 months ago
Crypto Regulation Bill, Ziply Fiber Acquires EONI, AT&T Tests 5G via Drone
Fiber2 months ago
AT&T Says Gigabit Download Speed Demand Continues to Grow
Broadband Roundup1 month ago
Broadband Prices Decline, AT&T’s Fiber Build in Texas, Conexon Partners for Build in Georgia
Broadband Roundup1 month ago
TikTok Data Practices, FCC’s Mandate on Wireless Outages, AT&T First Responder Network
Broadband Roundup3 months ago
AT&T and DISH Agreement, FCC Adds More States in Robocall Fight, $50M from Emergency Connectivity Fund
Broadband Roundup2 months ago
Global Tech Competition Bill, AT&T Hits 20 Gbps Symmetrical, Hargray Fiber in Georgia
Broadband Roundup1 month ago
FiberLight Buy, T-Mobile Shuts Down Older Networks, AT&T and Dish Lead US O-RAN Alliance
Broadband Roundup3 months ago
AT&T’s 911 Tech, Russia Cyberattacks, Musk’s Twitter Would Reinstate Trump