Cyber Scene - Against All Enemies, Foreign AND Domestic

By krahal

This Cyber Scene will discuss the complexity of defending against cyberattacks not only from domestic and foreign enemies, but also address current issues of how these cyber enemies--domestic AND foreign together--complicate the defense of the US from its cyber enemies.

The current decision-making process on Capitol Hill on this very issue of enemies, foreign or domestic or foreign and domestic, offers an opportunity to follow what the House and Senate are engaged in, why it is controversial, and why, over the last two decades, it is still in use.

In an instance of bipartisanship supported by House leader Mike Johnson, the House voted on 15 April 2024 to reconfirm the US FISA Section 702 Program. The House had worked across the aisle and adjusted the timeline for its continuation to 2 years only. The Senate passed the bill moments after the authorization expired and it was signed by the President.

For your further background information, the House passed the bill reauthorizing Section 702, also known as Reforming Intelligence and Securing America Act (RISAA) that fell into the Foreign Intelligence and Surveillance Act (FISA) in 2008. As Wired's Dell Cameron on 16 April explains, he and others take an anti-renewal approach, contesting that this is an incursion into Americans' individual emails and conversations, even though FISA Section 702 has been focused, since 9/11, on foreign cyber criminals.

In fact, the "other ends" of possible foreign cybercriminal communications are the realm of FBI and other intelligence agencies that have the mandate to protect domestic communications. This process is to clear this sort of decision-making under those judges hired for precisely that job--to approve or not--with the FISA Surveillance Court. It came into being because of the 9/11 success of local enemies attacking multiple targets successfully at a huge human cost.

For a look at the 273-147 vote in the House, you can view it yourself on C-Span12 April.

The White House National Security Advisor, Jake Sullivan, congratulated the House's bipartisan resolution in reauthorizing FISA Section 702. NSA Sullivan did not complain about the curtailment to 2 years of extension, but rather focused on the bipartisanship and thanked both Republicans and Democrats for their partnership.

The following cyber-attack issues in the US offer a view to how "domestic" and "foreign" can meld together.

On CBS's "60 Minutes" program aired on 14 April, several cyber experts both from outside as well as inside US governmental organizations began by discussing "Scattered Spider," a relatively new ransomware threat to the US. The non-governmental cyber experts explained that they thought things were getting worse in the US. The first attack discussed was about MGM in Las Vegas, shutting down not only the gambling games but across all aspects of hotel attacks…like "Oceans 12." Even more importantly, the attackers were both from Russia AND inside the US…both Russian and American. Notably, this underscores the "foreign and domestic" issues merging.

Beyond interviewees like Graham Messick--cyber experts in the cyber business world--60 Minutes also interviewed two cyber experts with extensive governmental backgrounds involved with this challenge. The first was Bryan Vorndran, FBI’s Assistant Director, Cyber Division, who discussed the Russian Blackcat malware et al. That included attacks on Americans through which the cyberattacks strengthened and multiplied the damage. Secondly, Rob Joyce, former Special Assistant to the President and Cyber Coordinator on the National Security Council, as well as former Director of Cybersecurity for the National Security Agency took viewers back to the enormous "wake up call" with the Colonial Pipeline cyberattacks. This also derived from Russian intrusions and American conduits. You likely remember the success that this foreign country—Russia—had while working through individuals in the US. Whether guilty or victim, foreign and domestic cyberattack issues converge.

According to Washington Post's Joseph Menn on 11 April, US federal officials alerted their agencies that their logins might have been breached by Russian government hackers. Microsoft corporate emails had been breached, and now passwords and other secretive items were included so that it "…might allow them to breach multiple US agencies." This was preceded by the US Cybersecurity and Infrastructure Security Agency (CISA), part of Homeland Security, issuing a "binding directive" to undisclosed agencies requiring changes to hacked logins and "…investigate what else might be at risk." CISA went on to underscore that "The successful compromise of Microsoft corporate email accounts and the exfiltration of correspondence between agencies and Microsoft present a grave and unacceptable risk to agencies."

The culpability of Microsoft is seriously blasted by Wired's Eric Geller on 15 April. He believes that Microsoft had not installed sufficient cybersecurity to hackable systems and feels that Microsoft has not been sufficiently chastised for it. The article notes that this was a fallout of a January breach, and repetitive hacks from Russia and China have continued. Geller ends this segment by saying: "Microsoft is overdue for oversight." Microsoft has told Wired that "…it's aggressively improving its security to address recent incidents."

A new twist in foreign enemy diplomacy now combines China and Russia against Ukraine, per Associated Press on 12 April, where NATO and the US have made significant deliveries of nearly all but feet-on-the-ground supplies. As the US has cut back on Sino imports and exports, China has moved to machine tools, microelectronics and other tech deliveries to Moscow for missiles, tanks, and more to bolster Russia's might in its invasion of Ukraine. The numbers are high: 90% of microelectronics to Russia have come from China; the last quarter of 2023 cost Russia $900M in machine tool imports. Other deliveries include unmanned aerial vehicles (UAVs), components for ammunition, military optics, and turbojet engines for cruise missiles. 

In turn, Russia bought $500M worth of semiconductors from China in 2022. Other joint issues include satellite improvements and "…other space-based capabilities for use in Ukraine." President Biden has already "raised his concerns" directly with President Xi. Secretary of State Antony Blinken will have met his Chinese foreign ministry counterpart following the G7 top diplomats conference by the time you are reading this.

Meanwhile, Treasury Secretary Janet Yellen returned last week from Beijing, and had told Chinese officials that the US was prepared to sanction banks, companies, and Beijing's leadership if they arm Russia for the ongoing invasion of Ukraine. She has authority to sanction Chinese financial institutions helping Russia re: Ukraine.

So even as the foreign enemy does continue to double up on the US and NATO (Happy 75th Birthday!) against Ukraine and individually, in each their way, against the US, the diplomatic door is still open, at least with China. Moreover, FISA Section 702 was reauthorized to protect the US from enemies, foreign and domestic. 

To see previous articles, please visit the Cyber Scene Archive.