The Stroz Friedberg Cyber Brief


*|MC:SUBJECT|*
  FEATURED STORY            

MONDAY, NOVEMBER 20, 2017

WHITE HOUSE DISCLOSES KEY CYBERSECURITY PROCESS

For the first time, the Trump administration has publicized the rules the federal government uses to decide which cybersecurity flaws it should keep secret for intelligence reasons and which it should disclose to the public. Analysts say the move toward transparency is intended to mitigate criticism that the government too often chooses to keep vulnerabilities confidential to boost its own cyber offenses while leaving the public in the dark and at risk.

The Obama administration created an interagency review, known as the Vulnerabilities Equities Process, to decide what to do with flaws discovered by agencies like the National Security Agency. The Trump administration has mostly preserved the process: a review board of at least a dozen national security and civilian agencies meet monthly to discuss new vulnerabilities. Their priority is on disclosure, the policy states, to protect core internet systems, the U.S. economy, and critical infrastructure, unless there is “a demonstrable, overriding interest” in using the flaw for intelligence or law enforcement purposes. (Reuters, WaPo, Wired)

  HACKERS                                          

Face ID: A researcher in Vietnam, Ngo Tuan Anh, demonstrated how he fooled Apple facial recognition software on its new iPhone X using a mask made with a 3D printer. Apple declined to comment, referring journalists to a page on its website that explains how Face ID works. (Reuters)

Quantum Computing: Google, IBM, and Intel are using a method pioneered by a Yale University professor, Robert Schoelkopf, and a handful of other physicists, as they race to build a quantum computer. (NYT)


  COURTS                                          

Phone Search: A New York State Supreme Court judge in Brooklyn has ruled that the police need an eavesdropping warrant to covertly track the cellphones of suspects using a so-called Stingray, a device that spoofs mobile phone towers. The ruling, made earlier this month but published this week, could complicate a number of ongoing investigations in New York. (NYT)

 
  ON THE HILL                                    

Russia Probe: There is considerable disagreement over how much longer Robert Mueller’s investigation into potential collusion between Russia and the Trump election campaign will continue. Some, like White House lawyer Ty Cobb, expect the probe to wrap up soon, while other legal analysts believe the investigation is still in its early stages. (WaPo)

 

Election Ads: The Federal Election Commission kicked off a process that analysts say could result in mandatory disclaimers on paid election ads that appear on social media. The commission had previously declined to require such labels after Facebook and Google complained they would be impractical. (Reuters)

Kaspersky: A DHS official told Congress that about 15 percent of U.S. government agencies detected some trace of Kaspersky Lab’s software on their systems in a review prompted by concerns the Russian antivirus firm is subject to Kremlin influence. In related news, the Defense Department reportedly flagged Kaspersky Lab as a potential security threat to the United States as early as 2004. (Reuters, WSJ)


  DOD                                                

Cyberwar Powers: Defense analysts say that a showdown is afoot between U.S military commanders, who want more authority to launch cyber operations, and Congress, which is considering new restrictions and reporting requirements. (Defense One)

Cloud Data: A cybersecurity researcher says that anyone with a free Amazon Web Services account could have looked at a trove of information stored in the cloud by the U.S. Defense Department. The Pentagon reportedly secured the data by October 1 after the researcher alerted officials of the problem. (CNN)


  PRIVATE SECTOR                             

Volvo-Uber: Volvo said it has agreed to supply the ride-hailing company with a fleet of 24,000 self-driving taxis beginning in 2019. The deal is one of the first and biggest commercial orders for such vehicles. (WSJ)

Tesla: The company unveiled a prototype for a battery-powered, nearly self-driving semi truck that it said would prove more efficient and less costly to operate than the diesel trucks that currently haul goods across the country. (NYT)


  THE WORLD                                     

China: Authorities in Beijing rejected a recent report from Freedom House ranking China last out of 65 countries for press freedom, saying the internet must be “orderly” and the international community should join it in addressing fake news and other internet issues. (Reuters)

UK: The British government is to double the number of visas available to exceptional workers in areas like digital technology and science to 2,000 to help retain an edge after Brexit. (Reuters)

MUST READS

We’re at Cyberwar. And the Enemy is Us: “We’ve been worried about a massive frontal assault, a work of Internet sabotage that would shut down commerce or choke off the power grid. And with good reason. The recent exploratory raid by Russian hackers on American nuclear facilities reminds us that such threats are real. But we failed to prepare for an attack of great subtlety and strategic nuance. Enemies of the West have hacked our cultural advantages, turning the very things that have made us strong — technological leadership, free speech, the market economy and multi-party government — against us. The attack is ongoing,” writes David Von Drehle in the Washington Post.

 

Digitization and the American Workforce: “This report presents a detailed analysis of changes in the digital content of 545 occupations covering 90 percent of the U.S. workforce in all industries since 2001. The analysis categorizes U.S. occupations into jobs that require high, medium or low digital skills and tracks the impacts of rapid change,” write multiple authors for the Brookings Institution.

How One Woman’s Digital Life Was Weaponized: “Courtney was beginning to feel trapped in a world of anonymous abuse. She didn’t know if she would be able to convince anyone that what she believed to be happening was real. It began, as relationships often do these days, online. From the start it was a strange and tangled story of exposure and distrust in the internet era,” writes Brooke Jarvis in Wired.

 






 

Center on National Security
Fordham University School of Law
150 W. 62nd St. 7th Floor
New York, NY 10023 US
Copyright © 2016 Center on National Security, All rights reserved.