The United States needs a Department of Cybersecurity

This week over 40,000 security professionals will attend RSA in San Francisco to see the latest cyber technologies on display and discuss key issues. No topic will be higher on the agenda than the Russian sponsored hack of the American 2016 election with debate about why the country has done so little to respond and what measures should be taken to deter future attempts at subverting our democracy.

For good reason. There is now clear evidence of Russian interference in the election with Special Counsel Mueller’s 37-page indictment of 13 Russians yet the attack on US sovereignty and stability has gone largely unanswered.  The $120 million set aside by Congress to address the Russian attacks remains unspent. We expelled Russian diplomats but only under international pressure after the poisoning of a former Russian spy and his daughter.

Recent sanctions are unlikely to change the behavior of the Putin administration. To put it bluntly, we have done nothing of substance to address our vulnerability to foreign cyberattacks. Meanwhile, our enemies gain in technological capability, sophistication and impact.

Along with the Russians, the Chinese, North Koreans, Iranians and newly derived nation states use cyber techniques on a daily basis to further their efforts to gain advantage on the geopolitical stage. It is a conscious decision by these governments that a proactive cyber program advances their goals while limiting the United States.

Krisztian Bocsi/Bloomberg via Getty Images

We were once dominant in this realm both technically and with our knowledge and skillsets. That playing field has been leveled and we sit idly by without the will or focus to try and regain the advantage. This is unacceptable, untenable and will ultimately lead to potentially dire consequences.

In March of this year, the US CyberCommand released  a vision paper called “Achieve and Maintain Cyberspace Superiority.” It is a call to action to unleash the country’s cyber warriors to fight  for our national security in concert with all other diplomatic and economic powers available to the United States.

It’s a start but a vision statement is not enough.  Without a proper organizational structure, the United States will never achieve operational excellence in its cyber endeavors.  Today we are organized to fail.  Our capabilities are distributed across so many different parts of the government that they are overwhelmed with bureaucracy, inefficiency and dilution of talent.

The Department of Homeland Security is responsible for national protection including prevention, mitigation and recovery from cyber attacks. The FBI, under the umbrella of the Department of Justice,  has lead responsibility for investigation and enforcement. The Department of Defense, including US CyberCommand, is in charge of national defense.  In addition, each of the various military branches  have their own cyber units. No one who wanted to win would organize a critical  capability in such a distributed and disbursed manner.

How could our law makers know what policy to pass? How do we recruit and train the best of the best in an organization, when it might just be a rotation through a military branch? How can we instantly share knowledge that benefits all when these groups don’t even talk to one another? Our current approach does not and cannot work.

Image courtesy of Colin Anderson

What is needed is a sixteenth branch of the Executive — a Department of Cybersecurity — that  would assemble the country’s best talent and resources to operate under a single umbrella and a single coherent policy.  By uniting our cyber efforts we would make the best use of limited resources and ensure seamless communications across all elements dealing in cyberspace. The department would  act on behalf of the government and the private sector to protect against cyberthreats and, when needed, go on offense.

As with physical defense, sometimes that means diplomacy or sanctions, and sometimes it means executing missions to cripple an enemy’s cyber-operations. We  have the technological capabilities, we have the talent, we know what to do but unless all of this firepower is unified and aimed at the enemy we might as well have nothing.

When a Department of Cybersecurity is discussed in Washington, it is usually rejected because of the number of agencies and departments affected. This is code for loss of budget and personnel. We must rise above turf battles if we are to have a shot at waging an effective cyber war. There are some who have raised concerns about coordination on offensive actions but they can be addressed by a clear chain of command with the Defense Department to avoid the potential of a larger conflict.

We must also not be thrown by comparisons to the Department of Homeland Security and conclude a Cybersecurity department would face the same challenges. DHS was 22 different agencies thrust into one. A Department of Cybersecurity would be built around a common set of skills, people and know-how all working on a common issue and goal. Very different.

Strengthening our cyberdefense is as vital as having a powerful standing army to defend ourselves and our allies. Russia, China and others have invested in their cyberwar capabilities to exploit our systems almost at will.

Counterpunching those efforts requires our own national mandate executed with Cabinet level authority. If we don’t bestow this level of importance to the fight and set ourselves up to win, interference in US elections will not only be repeated …  such acts will seem trivial in comparison to what could and is likely to happen.

DHS defends media-monitoring database, calls critics “conspiracy theorists”

Earlier this week, Bloomberg Law uncovered a Department of Homeland Security job listing for a “media monitoring services” request to keep tabs on over 290,000 “global news sources” and develop an extensive database for an unconfirmed number of “media influencers.” After news outlets reported about the amount of data sought by this job listing, DHS press secretary Tyler Houlton issued a response on Friday to verify its legitimacy and allege that the data project’s aims will be “standard practice.”

What’s more, Houlton added, “Any suggestion otherwise is fit for tinfoil hat-wearing, black helicopter conspiracy theorists.”

DHS’s contract listing, posted on Tuesday, seeks a firm to deliver “media comparison tools, design and rebranding tools, communication tools, and the ability to identify top media influencers,” for a span ranging from one to five years, all with the aim of tracking “any and all media coverage related to the Department of Homeland Security or a particular event.” Part of that data-combing effort would include the development of a “database” that gathers intel about “journalists, editors, correspondents, social media influencers, bloggers, etc.,” including locations, beats, reporter “types,” contact details, overviews of each “influencer’s” previous coverage, current publications, and “any other information that could be relevant.”

Read 3 remaining paragraphs | Comments

To protect election systems from hacking, states are getting cozier with Homeland Security

It might be a snow day in Washington, but the Senate Intelligence Committee hearing on election system security continued as planned. During Wednesday’s hearing, Homeland Security Secretary Kirstjen Nielsen and her predecessor Jeh Johnson appeared with a panel of state election officials to hash out the recommendations issued by the committee on Tuesday.

“This issue is urgent,” said Senate Intel Chairman Richard Burr in his opening statements. “If we start to fix these problems tomorrow, we still might not be in time to save the system for [2018] and 2020.”

The hearing often turned to what broke down during the 2016 election, describing the kind of measures and policies that need to be put in place to allow federal and state officials to communicate smoothly around future threats, including the established threat from Russia. We learned last year that Russia targeted election systems in at least 21 states. Many members of the committee expect other U.S. adversaries to adopt that same model around known vulnerabilities.

“Despite evidence of interference, the federal government and the states had barely communicated about strengthening our defenses,” said Senate Intel Vice Chair Mark Warner. “It was not until the fall of 2017 that DHS even fully notified the states they had been potential targets.”

So what’s changing?

For one, Homeland Security won’t let coordinating the security clearances for as many as 150 relevant state election officials get in the way of handing down important election system intelligence. Only 20 officials out of that 150 number have that clearance now.

“We’ve worked out the processes whereby if we have actionable information we will provide it to the state and local officials on a day read-in so we are not letting the lack of clearance hold us back,” Nielsen said. “If we have information to share with them in respect to a real threat, we will do so.”

According to Amy Cohen, Executive Director of the National Association of State Election Directors, an organization that brings together election officials in all 50 states, states have made “great strides” since the former DHS secretary designated all election systems as critical infrastructure in January of 2017.

States that may have been nervous about federal overreach after the critical infrastructure designation (which applied to all aspects of federal state and local elections including polling places, storage facilities, voter registration databases, and the voting machines themselves) seem to be warming up to and opting into the “technical resources” that Homeland Security has on offer. As of today, more than half of the states have signed up for Homeland Security’s optional cybersecurity audits. That program helps states identify potential system vulnerabilities and makes recommendations based on its findings.

“To be clear there has been a learning curve on the sharing of information,” Nielsen said. One challenge is understanding how states vary in operating and organizing their elections. For example, an election that would be run by a county in one state might be the domain of the governor or the secretary of state’s office in another.

“Today I can say with confidence that we know whom to contact in every state to share threat information,” Nielsen said. “That did not exist in 2016.”

While Homeland Security and the states have made progress since the 2016 election, those improvements are incremental and uneven. State budgets vary and some rely more heavily on federal funds for required steps for securing their elections, like purging insecure election machines and purchasing new machines that leave an auditable paper trail. Many states are currently undertaking the steps necessary to get their election systems up to Homeland Security’s recommended standards, even as U.S. adversaries likely continue to probe existing systems for cyber weaknesses.

“The threat of interference remains,” Nielsen admitted. “We recognize that the 2018 midterm and future elections are clearly potential targets for Russian hacking attempts.”

New Homeland Security Secretary Kirstjen Nielsen brings her cybersecurity focus to domestic defense

 After a Senate vote on Tuesday, Kirstjen Nielsen has been confirmed as John Kelly’s replacement to lead the Department of Homeland Security. The top position at the DHS has remained open since Kelly left to join the White House as chief of staff in late July. Nielsen previously served on the Homeland Security Council in the George W. Bush administration. Read More

U.S. government issues alerts about malware and IP addresses linked to North Korean cyber attacks

 US-CERT, the Department of Homeland Security team responsible for analyzing cybersecurity threats, has posted a warning about cyber attacks by the North Korean government, which it collectively refers to as “Hidden Cobra.” The technical alert from the FBI and Department of Homeland Security says a remote administration tool (RAT) called FALLCHILL has been deployed by Hidden Cobra… Read More

Russia targeted election systems in 21 states, successfully hacking some

 On Friday, the Department of Homeland Security notified nearly half of the U.S. states that their election systems were targeted by Russia-affiliated hackers in an attempt to influence the 2016 election. In most of the states targeted, the hackers were engaged in preliminary activities like scanning. In other states hackers attempted to infiltrate systems and failed, but in a small selection… Read More

U.S. government bans Kaspersky software citing fears about Russian intelligence

 Three months after the General Services Administration removed Kaspersky Lab from a list of approved federal vendors, Homeland Security is banning the Russian security software maker outright. In a statement on Wednesday, DHS Acting Secretary Elaine Duke directed all Executive Branch agencies and departments to identify any Kaspersky products being used over the next 30 days, to make a plan… Read More

Trump administration sued over warrantless smartphone searches at U.S. borders

 With the border wall fight looming large in Congress, another kind of battle at the border is heating up. On Wednesday, the Electronic Frontier Foundation (EFF) and the American Civil Liberties Union (ACLU) filed a lawsuit with the Department of Homeland Security over warrantless border searches. In the case, Alasaad v. Duke, two organizations will represent 11 individuals who had U.S.… Read More