Cyber Scene #16 - Holiday Gift: Nothing But Net
Cyber Scene #16
HOLIDAY GIFT: NOTHING BUT NET
The New National Security Strategy on Cybersecurity
On 19 December, the White House released its National Security Strategy (NSS) for 2017. In keeping with the tradition of former administrations, the NSS is a distillation of the major challenges and threats facing the US today and in the near future. This one seems quite balanced, in the absence of anything strident, while calling out the US's largest threats to our democracy: China and Russia. It is somewhat deficient in terms of any particular technology challenges, while yet weaving cybersecurity threats through the document. If you lack the time to analyze it yourself, read a very rational and apolitical "executive" assessment of the NSS by Dr. Michael Sulmeyer, Harvard Kennedy School's Cyber Security Project Director and former Pentagon Director of Plans and Operations for Cyber Policy. He observes that cybersecurity broadly permeating the NSS underscores the ubiquitous aspect of cyber challenges as opposed to a threat-specific issue, and exists as a front burner issue in three of the NSS's four "pillars." Professor Sulmeyer applauds the criticism of both Russia and China, although he notes the absence in the NSS of specific reference to cyber intrusion regarding US elections. The NSS also addresses what Sulmeyer calls "trickle-down cybersecurity" which describes how attacks are perpetrated with maximum dissemination processes in place, and the weak NSS discussion which neglects nipping this broadening of the threat in the bud rather than later when the damage is more difficult to mitigate. This article will also lead you to a treasure trove of other cyber issues addressed by some very bright minds at Lawfare, which have been neglected lately in Cyber Scene. For a more critical view of this NSS, see former National Security Adviser Susan Rice's op-ed in the 20 December New York Times.
Net Neutrality-the Death Knell
As the FCC's recent dictum impacts the future of the net in its entirety, many cyber network experts have been protesting (in vain in the near term) and demonstrating for hundreds of internet companies just how painful the expected, eventual slowdown for the small potato companies and individual users would be, per Cecilia Kang's expose in the 7 December New York Times. The "Fight for the Future" nonprofit out of Worchester MA, has at least for now lost that battle. The youngest internet junkies are also speaking up, well, the older ones (teens) as opposed to the babes, who have grown up with the expectation of an open net and are speaking up in protest now (NYT 20 December). Although major internet providers have stated that the status quo would be largely in place for the next year, you, gentle readers, will find out soon enough what the scope and pain level will be. Perhaps many of you have already anticipated and graphed the impact. The uninitiated among us can simply Google your graph, assuming that it is Google who ends up with the search monopoly.
Meanwhile, as the world continues to move from the tangible to the ether, Bitcoin surges ahead as a forward observer. The Bitcoin bubble has expanded in part, as reported in a 18 December NYT op-ed by Tim Wu (Columbia law professor), due to a growing distrust of human institutions. He believes that tech trust in Bitcoin soared in 2009 out of "...a carnival of human errors and malfeasance" leading to a crisis in confidence in governments and their central banking system. His discussion, In Code We Trust, posits that the popularity of Bitcoin is predicated upon an inherent distrust of government and the banking sector it spawns. But as Bitcoin is not backed by anything (and certainly not T-bills or gold) it is rather dependent on the "blockchain" technology that "...decentralized public ledger and rigorously tracks transfers. It is maintained by its users." Trusting in code seems to have replaced, at least in the Bitcoin world, the old adage: In God We Trust; All Others We Monitor. Bitcoin has been hacked, but its founders don't seem to mind: the Winklevoss twins, profiled in the December 20 New York Times, are already billionaires and investors are doing well. Goodbye Bretton Woods?? As the casino croupiers say, "place your bets; rien ne va plus" (or was that a commentary on an open internet?).
Electric Cars Stalling... Cyber downstream...It's Elementary
In Jack Ewing's NYT Business Day article also on 18 December, he analyzes why electric car sales are still stalling. Demand is lower than anticipated because prices are high due to...good ol' fashioned minerals. It isn't all in the ether quite yet. Cobalt (from the dicey southern end of the Democratic Republic of Congo/DRC) prices are up 114% and lithium (managed--see the NSS above-by our old friend China as well as Chile) is up 45%. Although projections point to a surge in customer support by 2024, right now it is (still) the (electric car) economy, stupid. Cobalt and lithium have a tech application as well, so electric car sales could drive more than just the individuals behind the wheel, but the big wheels ahead of the individuals. (N.B. Think about who runs China and the DRC.)
Congress NOT Stalling, at Least Not Now
The pre-holiday rush has had both House and Senate sprinting to the calendar year's finish with passage of an 11th hour tax reform with impact for a decade+, warding off yet another government shutdown for another month, starting to address senior political appointment nomination vetting (recently resorting to the customary grilling and often non-confirmation), and generally picking up the pace. Since multiple committees in both the House and Senate have been quite active, here are a few of the highlights that touch upon cybersecurity.
The House passed the Cybersecurity and Infrastructure Security Act of 2017, HR3359, on 11 December. It amends the Homeland Security Act of 2002 to create a new Agency under the Department of Homeland Security (DHS). It was introduced on 24 July 2017 and approved as amended after working its way through four House committees. It left the House on 12 December for the Senate. Its thrust is to better safeguard US infrastructure and cybersecurity by creating an agency under DHS to do so. The bill itself includes authorities, responsibilities, structures, and resourcing goals including DHS’s option of reallocating resources it has, and detailing cybersecurity experts from NSA, CIA, DIA, NGA, FBI, and other sector-specific Intelligence Community agencies, to the new Agency.
Open hearings on the Mueller investigations continued in early December with FBI Director Christopher Wray and Deputy Attorney General Rod Rosenstein in the hot seats, with agents of a foreign power issues on the front burner. These issues were more muted in the House Permanent Select Committee on Intelligence (HPSCI) bill HR4478 on 1 December 2017. The 1 December HPSCI markup to the Foreign Intelligence Surveillance Act (FISA) of 1978 touches, but does not focus, on a foreign power which “...engages in international malicious cyber activity that threatens the national defense or security of the United States." Rather, the HR4478's core deals with enhancements, external authority and other issues. The bulk of the amendments submitted by GOP Chair Nunes (vice Ranking Member Schiff's version) treated safeguards related to Section 702's connection to the Constitution's 4th Amendment (illegal search and seizure). It passed 13-8 and moves forward (four House committees have a hand in it) and to conference with the Senate before a floor vote. If the Congressional labyrinth created to pass a bill is a very distant memory, a refresher course is available in Schoolhouse Rock's "I'm Just a Bill.” More cynical readers among you may enjoy the SNL November version that addresses Executive Orders or the iconoclastic and "unconstitutional" November 2017 Simpsons version.
Cyber: Is it a Blast?
For those who read the "call for cybersecurity experts" in last month's Cyber Scene who have not already applied to the projected nascent agency at DHS, another cyber future may rise to meet you. Ben DiPietro, in 21 December's Wall Street Journal, discusses former NSA Director and former Director of National Intelligence Mike McConnell's call to cyber arms on the level of a Manhattan Project. ADM McConnell (ret) states:
"If a nation-state achieves quantum, it essentially could defeat all other nation-states in the digital world in terms of breaking cryptography, obtaining secrets, breaching access points, defeating security mechanisms. Quantum is very important and the U.S. needs to be in that pursuit, analogous to the Manhattan Project. We need to be there first." He and Patrick Gorman, former INFOSEC Director for Bank of America, have released a paper this week making recommendations on how to fill cybersecurity job shortages, starting with education and training.