Cyber Scene #41 - Cybersecurity Yesterday, Today, and the Great Beyond

Image removed.Cyber Scene #41 -

Cybersecurity Yesterday, Today, and the Great Beyond


This issue of Cyber Scene will provide a study of the US process from the cybersecurity perspective of the executive, legislative and judicial branches of US government, anchored by strategic inflection points to highlight cybersecurity challenges. Cybersecurity voices will be heard from Europe and Australia as well to widen the aperture of this readership.

The electoral process established by US Founding Fathers has given birth to chaos of late. The Electoral College at the time of its creation 200+ years ago was controversial. That is still true today, as some worry that it is no longer representational of the masses, and some electors could in fact vote against the will of their party. The 26 January New York Times editorial discussed below explores this in depth. The electors are not necessarily impacted by cybersecurity any more than the rest of the population, but the issue of election interference is front and center. 

We will look first at the federal court system and state judiciaries. The Supreme Court of the United States (SCOTUS) justices (9), circuit judges (13), and district judges (94) are appointed by the executive branch and serve for life unless they retire first or are impeached.

There has lately been a significant turnover in judges at the federal level, and much interest in SCOTUS Justice Ruth Bader Ginsburg’s health. In the state judiciary system each state elects their judges for a term, not life. This division of effort would mean that non-criminal cases at the state level could be appealed and heard by federal judges or even by SCOTUS, in keeping with the Federalist structure. This division of legal authority supports SCOTUS dealing with constitutional issues or appealed cases (i.e., Is the Constitution at risk from federal election interference?), whereas the states have authority over, for example, how to protect the electoral process from cyber threats within their state and local purview. The Judicial Learning Center provides a handy chart that diagrams this as well as a reminder that the Federalist Papers second-most prolific contributor, James Madison, nailed the distinction between the two courts systems in his contribution. It has endured since then. So states are struggling to develop serious plans to be funded and implemented to ensure elections are “free and fair” even as the primaries are already occurring.

The 3 February 2020 Iowa caucuses—an atypical approach to selecting a presidential candidate—was rather chaotic. Election interference is unlikely in such a system which is technically party driven and not an “election,” but humans moving physically from place to place to be counted again can be messy. New Hampshire (11 February 2020) has a more traditional system. Las Vegas (22 February) has caucuses. South Carolina (29 February) has a complex open primary delegate system and voters do not need to publicly declare their party; one party can be asked to vote in the opposite party’s primary to influence the final choice. In Florida, one’s voter registration is publicly available online with name and address; one must vote along party lines in the primary (17 March). Most states use electronic systems vice physical caucuses to choose candidates. Whether paper ballots back up the bits and bytes or not varies from state to state. The federalist system believes that this is the state’s purview. So there is not one way of protecting all states from election interference, as those responsibilities devolve to the state. Some are funded and forward-leaning, and others are less so.

The US House of Representatives and the US Senate are concerned about cybersecurity election issues. The House Permanent Select Committee on Intelligence (HPSCI) and the Senate Select Committee on Intelligence (SSCI) have held many committee and subcommittee hearings—sometimes open but often closed—on this issue, particularly in the wake of 2016 issues regarding foreign interference and the run up to the 2020 presidential elections. The Mueller Report also investigated this.

Most recently (13 February), the HPSCI was reportedly provided a briefing on 2020 Russian interference even in the Democratic primaries, according to a New York Times intelligence beat reporting team. The briefer was the Acting DNI Joseph Maguire’s aide Shelby Pierson and first election interference czar—a position created by the latest DNI, Dan Coats. Mr. Maguire had stepped up as Acting DNI from his post as the DNI’s Director of the Intelligence Community’s (IC) National Counter Terrorism Center when DNI Coats, selected by the incumbent president, resigned in July 2019. According to the article penned by the New York Times team, the White House was unhappy with the briefing, which was conveyed as well to the President by Mr. Maguire. On 18 February the White House announced that Mr. Maguire would be replaced by the relatively new US Ambassador to Germany Richard Grenell as acting DNI. All previous DNIs, including Mr. Coats, have, to some extent at least, had an IC background. His resignation was reportedly linked to Russian interference issues. The present principal executive serving as Acting Principal Deputy DNI, Andrew Hallman, who is also a career IC professional, is leaving to give Ambassador Grenell an opportunity to establish his own leadership team. Ambassador Grenell is also acting, so does not need Senate confirmation. The President announced to the press on 19 February that he was considering the permanent nomination of Georgia House of Representatives Doug Collins, but Representative Collins, who serves on the House Judiciary Committee, told Fox News on 20 February that he was very honored to be asked, but that he was focused on promoting his party’s Georgia 2020 races. Russian election interference, even in the 2020 primaries, appears to continue to be a serious divide as these primaries progress.

The Hack’s Afoot

In a follow up to January 2020’s Cyber Scene discussion of the Saudi Prince hack of Jeff Bezos’s WhatsApp account, the Economist in “Alexa, define chutzpah,” offers a more detailed analysis, based on the 22 January UN investigation of the economic and political implications of the event which occurred when the CEO of Amazon and Prince Mohamed Bin Salman (MBS) exchanged WhatsApp numbers in Los Angeles. In addressing the reaction of the market to the hack, the Economist opines that big investors might be reluctant to work with Saudi firms that may be bugging them.

The article continues: “The same goes for foreign leaders. Intelligence officials in America and elsewhere will no doubt wonder if Mr. Bezos was the only target. The president’s son-in-law, Jared Kushner, is known to chat often with Prince Muhammad (sic) on WhatsApp.” Beyond Mr. Bezos’s status, he is the wealthiest person in the world and controls some giants in both the tech (Amazon) and news (The Washington Post) worlds; Mr. Kushner would be an attractive political target.

In another continuing saga from last month’s Cyber Scene discussion of UN Secretary General Guterres, Associated Press correspondents Jamey Keaten and Frank Bajak report on 29 Jan that the UN offices in Geneva and Vienna had been hacked. The extent of the damage and the level of sophistication varied depending on which UN office commented. Those assessing the hack also noted that the intruders “didn’t cover their tracks” like the pros. However, the UN’s Office of Information and Technology reported that 42 servers were compromised and 24 were “suspicious.” It determined that the hack was due to a vulnerability in Microsoft’s SharePoint software.

And thirdly, Barron’s Jason Sadowski noted on 17 February that indictments of Chinese military members responsible for the 2017 hack of Equifax are contributing to the “data bubble that is now bursting.” He likens the hack of 150 million Americans to the Exxon Valdez oil spill. Mr. Sadowski is a research fellow in the Emerging Technologies Research Lab at Australia’s Monash University and is wary of the power data companies now have. The Exxon Valdez was also bordering the Pacific. That data bubble is worldwide.

ARPA with British Characteristics: Looking Forward

Britain has launched a technology and research effort to draw insight from the US ARPA/DARPAand create a 21stCentury ARPA for the UK. The Economist in “Aping ARPA: How to invent the future" examines how Downing Street, spirited by the prime minister’s adviser Dominic Cummings, seeks to “make Britain the best place in the world…for those who can invent the future.” This would be a civilian organization, vice a DARPA military clone. The plan is to allow high-risk, high-reward creative thinking of a math and pure physical sciences nature to flourish, unfettered by micromanagement. Mr. Cummings is quite lavish in his praise of ARPA, and notes that ARPA’s budget was “trivial compared to the trillions of dollars of value” it created.

Strategic Planning Indeed: Digital Life after Death

As for the next world, in "Creating a digital estate plan,” Kiplinger’s’ Kaitlin Pitsker cautions we humans who do not believe in reincarnation to understand that our own, inevitable (like taxes) death does not mean that our digital life has ended for our beneficiaries. One must, in fact, allow access to one’s accounts for those who come after. Google, for example, will allow up to 10 “trusted contacts who can access your Gmail, photos or more.” So choose your Facebook photo wisely! It will outlive us all.

Submitted by Anonymous on