Cyber Scene #19 - The Russians: Vlad the Cyber Impaler
Cyber Scene #19
The Russians: Vlad the Cyber Impaler
LTG Paul Nakasone, the nominee to the position of Commander, Cyber Command and Director, NSA testified before two senate committees: the Senate Armed Services Committee (SASC) on 1 March 2018 and the Senate Select Committee on Intelligence (SSCI) on 15 March 2018. He enjoyed twice the fun, given the dual authorities (ODNI and Pentagon) of NSA and the overlapping and very high profile of the Cyber Command and its future. He pointed out to the SASC that "Ten,15, 20 years ago, we were concerned about what we said on phones. Today we’re concerned about what our soldiers wear, where they’re talking, where they’re able to be monitored,” and went on to say: “This is indicative of how we have to approach the future. We are technologically informed--we also have to be informed for operational security as well.” He noted that, facing the Russian election interference, plans were in place to strike back at Moscow but Russia took little heed of this cyber counteroffensive option. He stated, "I would say right now they do not think much will happen to them. They don't fear us." An executive summary of this hearing is also available, courtesy of the 5 March NYT and David Sanger and William Broad. Their article, "A Russian Threat on Two Fronts Meets an American Strategic Void", annotates the Pentagon's view that newly "re-elected" Vladimir Putin's cyber arsenal is stronger than his nuclear one. However, the article closes by citing ADM Rogers, whom LTG Nakasone will replace, the former stating that the U.S. was probably not doing enough, and that sanctions approved by Congress in 2017 were ineffective in changing the "calculus or the behavior of Mr. Putin."
Relatedly, the Economist 22 Feb 2018 clearly agrees with ADM Rogers in an series of articles entitled "How Putin Meddles in Western Democracies", “Russian Disinformation Distorts American and European Democracy” on the impact of Russian disinformation campaigns--both old-fashioned and cyber), and "How to be a Dadaist troll:" (not a Scandinavian folk tale) subtitled: "Inside the Internet Research Agency's Lie Machine." The trilogy reviews the 2014-present development of Russian attacks from Vladimir Putin to what his chef, Yevgeny Prigoshin, cooked up running the Internet Research Agency. This last article is prefaced with a quote from early 20th century French Dadaist Tristan Tzara who states: "Thought is made in the mouth," which speaks volumes about the modern day impact of cyber/social media "mouthpieces."
Two weeks after the SASC hearing, the SSCI conducted its own open nomination hearing of testimony of LTG Nakasone on 15 March prior to the full Senate confirmation process. In addition to the live video coverage, LTG Nakasone presented his statement for the record, answered questions prior to the hearing (he responded in writing to 46 of them!), and questions following the hearing from Senators Feinstein, Collins, Wyden and King. The latter were particularly insightful and informed, zeroing in on particular cyber threat issues, infrastructure threats, FISA, protection of U.S. persons if the U.S. engages in offensive cyber attacks, and how the current NSA/Cyber Command workforce would support Cyber Command upon its elevation to a unified command. General Nakasone's lifelong cyber career, annotated in his bio included in the transcript, allowed for credible responses to even very detailed and specific questions from the SSCI Members. Complete transcripts of the written testimony and his bio are available online. The Senate's video, however, is less friendly than CSPAN's linked above. LTG Nakasone is viewed as a shoe-in for confirmation, having "sailed through" the SSCI. The final, full Senate vote has not yet occurred, as of this submission. N.B.: please ignore the Senate's mistake: "Lieutenant General" is abbreviated LTG in the Army, Lt Gen in the Air Force, and LtGen in the Marine Corps. LTG Nakasone is an Army three-star, but his most probable confirmation as Commander, Cyber Command, would promote him to the rarified rank, particularly in Military Intelligence, of four stars. ADM Roger's predecessor, General Alexander, simply referred to himself as Gen A, which I presume was unrelated to his age in comparison with Gen X'ers.
SSCI, predictably, held another session, this one surprisingly open, on election interference on 21 March 2018.Testifying were Homeland Security Secretary Kirstjen Nielsen, former DHS Secretary Jeh Johnson, and Assistant Secretary (DHS) for National Protection and Programs Directorate for Cyber Security and Communications Jeanette Manfra. US Commissioner of Elections Thomas Hicks, Co-Director of Harvard's Kennedy School Belfer Center Eric Rosenbach, the Director of the National Association of State Election Directors Amy Cohen, and Vermont Secretary of State Jim Condos. DHS Secretary Nielsen opened with affirming the Department's role in providing cybersecurity assistance for election infrastructure similar to that which is provided to a range of other critical infrastructure entities such as financial institutions and electric utilities. In other words, it places cybersecurity election issues on a par with the U.S. financial or electric grid. She outlined DHS actions in establishing state and local partnerships, info and tech assistant sharing, risk and vulnerability assessments, and cyber hygiene for internet-facing systems. (Multiple U.S. press reports cite a clamor for a return to paper ballots!)
The SSCI also conducted closed hearings (no further information) on 20 and 22 March 2018,
Facebook and Cambridge Analytica: Which is the Mouthpiece?
Meanwhile, the borscht thickens. The flood of breaking news the week of 18 March 2018 highlights the role of Facebook in relation to collecting private information from 50 million (likely most of you, dear readers!) users for election related profiling. The company is registered in Delaware (yes, U.S.), American owned (Steve Bannon and Robert Mercer), with offices in New York City (co-located with another firm of Kellyanne Conway and Steve Bannon) and London. The publicity of this data analytics firm's relationship with Facebook has occasioned a precipitous drop in Facebook stock prices, the removal of the Cambridge Analytica's managing director, and a hue and cry from angry Congressmen calling for Facebook CEO Mark Zuckerberg's (head) appearance before Congress, first off the blocks being the Senate Judiciary Committee. (NYT, 19 March 2018, "Facebook Role in Data Misuse Sets off Storm.") Following six days of silence, Zuckerberg spoke out saying, wanly, "We let the community down, and I feel really bad and I am sorry about that." (NBC News, 22 March 2018). Facebook may be facing litigation from certain U.S. states and the UK. New York and Massachusetts are among four states leading the charge as well as the British national justice system, as this data gathering is considered to have breached both US and British law. It is more certain Mr. Zuckerberg will face grueling testimony from adamant members of Congress in sharp contrast to the generally smooth testimony of LTG Nakasone.
If you have somehow missed it, view the NBC Nightly News clip kindly provided by Lester Holt on 19 March showing a chilling hidden camera recording, courtesy of British Channel 4 journalists, with a Cambridge Analytica chief officer explaining how their product impacts elections worldwide.
For Hire
As a counterweight to the above, and as was highlighted in several earlier Cyber Scenes, the US Intelligence Community (IC) continues its search for cyber tech experts. The 3 March Economist, in Spooks for Hire," looks at how the IC is challenged to find, hire, and retain talent. The article cites an ODNI official, looks at the Pentagon's Central Command at MacDill AFB in Tampa, and includes an overview of a new public-private partnership created at the National Geospatial Intelligence Agency under Director Robert Cardillo. Recall that LTG Nakasone also talked about the public-private partnership in his SSCI testimony in his written responses to pre- and post-hearing transcripts. This theme familiar to regular SoS readers.