Water treatment cyberattack. New BlackTech malware. TEARDROP and SUNBURST. A bad barcode scanner. Huawei would like a call.

Special Section

Florida town's water system briefly attacked.

Late yesterday the Sheriff of Pinellas County, Florida, said that his office was investigating an attempt on Friday to alter chemicals introduced into the city of Oldsmar’s water supply. An unknown party had remotely accessed the water utility’s control systems and directed that the amount of sodium hydroxide be increased by a factor of a hundred, from the safe, intended concentration of 100 parts per million to a dangerous 11,100 parts per million. A treatment plant operator noticed the change and immediately corrected it. The Tampa Bay Times says the authorities have some leads, but that no arrests have been made.

Water-treatment chemistry and sodium hydroxide.

Sodium hydroxide, familiarly known as lye, or caustic soda, is a strong base that's the principal ingredient in many paint-stripping and drain-opening products, and (less scarily) in many soaps. It's used in small quantities to regulate the acidity of drinking water (and in even smaller quantities it's used in cooking—curing olives, preparing lutefisk, baking German pretzels, u.s.w.). But it's a highly caustic and dangerous chemical in high concentrations, and so this is a serious attack that could have had lethal consequences. Pinellas County officials stressed that there was no danger, that it would have taken twenty-four to thirty-six hours before the sodium hydroxide concentration reached dangerous levels, but the incident is nonetheless a frightening one.

No attribution of the Oldsmar cyberattack, yet.

Despite a fair amount of tweeting and woofing about acts of war and so on, there's been no attribution of the attack. The operator who stopped the attack noticed something was amiss when his mouse cursor began moving. Jorge Orchilles tweeted a lesson from the world of penetration testing: "The easiest way to get caught as a red teamer is to move someone’s mouse. Nothing freaks people out more than their mouse moving when they aren’t touching it. It is a psychological thing." Kevin Collier thinks this suggests that the attacker is probably more skid than mastermind, tweeting "We know almost nothing about who they are, but here's a strong indication this wasn't a masterminded plan." That's not necessarily reassuring, he added, "Is it comforting to know this probably wasn't some Russian master plan to poison some Floridians? Or more disturbing to think this is how close an amateur could get?"

It is, however, important to emphasize that nothing is publicly known so far about who may have attempted the attack. It's also worth remembering that the simplicity of an attack, its ease of execution, says little more than that there's a broad range of threat actors who could have accomplished it. In this case that ranges from a failed-to-launch skid in the parents' basement all the way to a nation-state's espionage or military services, from a chump down the block doing something for the lulz up to one of Huggy Bear's brood.

Vulnerabilities and incident response in the water treatment hack.

The attacker is believed to have obtained access to the water treatment plant's TeamViewer software, WIRED reports, adding that the city disenabled TeamViewer shortly after it noticed the attack. TeamViewer is also relatively easy to use (and it can be accessed with stolen credentials) and some have seen this as another indication that the attack was not a sophisticated one. Bryson Bort, founder and CEO of SCYTHE, commented in an email that, “TeamViewer is a common remote desktop protocol (RDP) solution in ICS and the water attack was most likely simple access with stolen credentials. Using the software means everything is visible to the user (hence, the operator saw the mouse move and settings changed). Who and why is still the question.”

Niamh Muldoon, global data protection officer at OneLogin, in emailed comments gave Oldsmar's water utility relatively good marks for its response: “After the event has happened, crisis management is critical for successfully managing the attack response to reduce business impact and consequences, and it appears the Florida agency has done that."

Recent historical precedents: wastewater in Israel, a small dam in downstate New York.

What have other control system attacks looked like? Last spring Israeli authorities warned that Iranian operators made an attempt on water treatment and wastewater facilities in two rural districts in Israel. They weren't fully successful: the Council on Foreign Relations has a summary of that incident on its site.

There was another incident in which the controls of a small flood-control dam in Rye, New York, were remotely accessed. In 2013 the Bowman Street Dam's controls were accessed. The US would ultimately indict an Iranian cyber operator for that action.

Austin Berglas, former head of FBI NY Cyber and currently Global Head of Professional Services at BlueVoyant, led the investigation into the Rye incident, and he offered us some perspective:

"Along with energy production and manufacturing, water supply facilities are part of the United State’s critical infrastructure and have long been targets for cyber attack from both criminal and state sponsored entities. Water facilities rely on systems control and data acquisition (SCADA) systems to manage the automated process or water distribution and treatment. Many of these industrial control systems (ICS) are outdated, unpatched, and available for review on the Internet, leaving them incredibly vulnerable to compromise. In addition, many ICS solutions were designed for non-internet facing environments and therefore did not incorporate certain basic security controls - this offers additional vulnerabilities as more and more operational technology environments are allowing access to their ICS systems from the Internet. In 2013, the FBI investigated a compromise of the Bowman Avenue Dam in Rye Brook NY and found that members of the Iranian Revolutionary Guard had gained access through Internet facing controls. Although the Dam was not functioning at the time and was most likely not the Iranian’s main target, it demonstrates the vulnerability of certain critical infrastructure when their ICS systems are allowed to be exposed to the Internet and not isolated. (See the New York Times on the Bowman Street Dam hack.)"

Many have commented that leaving the supervisory controls of a water treatment system open to remote access is extraordinarily risky. (See, for example, comments to that effect by TechCrunch's Zach Whittaker.) Such systems had long been relatively immune to cyberattack because their age and the legacy control systems they employed effectively air-gapped them. Berglas, however, sees such connectivity as a foreseeable aspect of modernizing systems. "Digitization and IoT expansion have allowed for previously isolated infrastructure to be accessed remotely," he wrote. "For example, water and utilities need to balance security while allowing operators the ability to remotely access treatment plant SCADA systems from phones, work, and computers—in order to react to alarms and respond to incidents without having to be physically onsite."

As was the case with the Florida incident, no real harm was done by the Bowman Street Dam hack. Berglas thinks it likely that the attack on the small sluice gate in Rye just afforded a "proving ground to test capability and techniques." And, again, when asked about possible attribution of the Oldsmar attack, he sensibly said, simply, "Too early to tell."

A cyberattack as an act of war?

This wasn't obviously a financially motivated crime, nor was it, assuming a nation-state was behind it, mere espionage. It's best to regard it as an unsuccessful (and in some ways pretty casual, since the attackers were only in the system, it's believed, for about five minutes) attempt at sabotage. Sabotage, especially unsuccessful sabotage, seldom amounts to a casus belli, and Dragos CEO Rob Lee tweeted much the same conclusion.

Responding to a control system cyberattack.

Dragos's Lee also cautioned against both premature speculation about attribution and thinking that a challenge like this could be addressed with any single, simple solution. It's a systemic problem with many interdependent aspects. "Hiring, workforce development, culture shifts, working within national priorities and regulations, state and local regulations, resourcing other areas that are organizational challenges, modernizing infrastructure beyond "cyber", etc. There's not 1 easy answer tech or not."

It's troubling, for example, to think that in this case the safety of a water supply depended upon one watchstander happening to notice that something was briefly unusual on his screen. Dragos has published a set of considerations and recommendations other utilities might well consider.

Reaction in Congress.

US Representative Jim Langevin (Democrat, Rhode Island 2nd District), a member of the House Committee on Homeland Security's Subcommittee on Cybersecurity and Infrastructure Protection, tweeted that the incident is another reminder that the Internet wasn't created with security in mind. US Senator Marco Rubio (Republican, Florida) tweeted that the incident should be treated as a "matter of national security," and that he's requested an FBI investigation, which is surely already in progress.

Summary

By the CyberWire staff

Palo Alto Network's Unit 42 published this morning an account of polymorphic malicious shellcode they're calling "BendyBear." They associate the code with the activities of BlackTech, a threat actor widely believed to be run by Chinese intelligence services. BendyBear has some similarities with the WaterBear family of malware, in use since 2009.

The US Cybersecurity and Infrastructure Security Agency (CISA) yesterday afternoon issued two Malware Analysis Reports on code associated with exploitation of SolarWinds' Orion platform. One report deals with "TEARDROP," the other with "SUNBURST."

Control Global asks the US Department of Energy what it found in the suspicious Chinese transformer it seized last year.

Malwarebytes reported Friday that a free barcode scanner—“Barcode Scanner," obviously—available for some time in Google Play, had been compromised and converted into a form of adware. Google has ejected the problematic app from the play store. Malwarebytes says this Barcode Scanner was the one produced by LavaBird LTD, to distinguish it from other, similarly named apps The adware behavior apparently dates, Malwarebytes thinks, from early December. Users found that, as the researchers put, that “ads were opening in their default browser out of nowhere.” Some users had used the app for years; the malicious behavior was either dormant or installed in a December update.

Huawei CEO Ren Zhengfei has said, CNBC reports, that he would “welcome” a phone call from US President Biden. One sovereign to another. And, just as it is with handshakes, the junior sovereign would call upon the senior sovereign.

Get your message out to leaders in cyber by sponsoring the CyberWire!

Notes.

Today's issue includes events affecting Australia, China, the European Union, France, Iran, the Netherlands, Russia, Sweden, the United Kingdom, and the United States.

In the clear: what it’s like working as a woman in the cleared community.

This special edition podcast highlights three women, Priyanka, Ashley and Lauren, who chose to focus their careers in cybersecurity for the mission-based organization Northrop Grumman. Kathleen Smith from ClearedJobs.Net joins us as our panel moderator. The CyberWire's Jennifer Eiben hosts the event. We are excited to share this look into the world of women in cybersecurity. Listen here!

Sponsored Events

Virtual Cyber Security Summits - Upcoming Events February 11 & March 18 (Virtual, February 11 - March 18, 2021) Senior Level Executives are invited to the upcoming Virtual Cyber Security Summits! Learn from Industry Experts from The U.S. DHS, DOJ, Verizon, ExtraHop, Darktrace & more as they discuss the latest security challenges & develop cyber security battle plans in today’s unprecedented times. You will receive CPE / CEU credits by attending. Register for the upcoming event in your region! Free to register with code: CyberWire21 at CyberSecuritySummit.com

The Healthcare Cyber Security Summit - February 18, 2021, 12pm EST (Virtual, February 18, 2021) HUB Security is thrilled to invite you to the next Healthcare Cyber Security Summit. Join the discussion on IoMT, phishing, AI and confidential computing in healthcare. Keynote speakers from Intel, GE, ICON, H-ISAC, FN Bulovka, MedCrypt and NetApp. Free registration.

Try Harder: Penetration Testing, Web App Security, and Exploit Development (Virtual, February 25, 2021) What does it mean to Try Harder? Join Offensive Security’s Chief Content and Strategy Officer, Jim O’Gorman, as he discusses how to be at the top of your game in penetration testing, web app security, and exploit development. Register today!

Selected Reading

Dateline

A Hacker Tried to Poison a Florida City's Water Supply (Wired) The attacker upped sodium hydroxide levels in the Oldsmar, Florida, water supply to extremely dangerous levels.

Someone tried to poison Oldsmar’s water supply during hack, sheriff says (Tampa Bay Times) Pinellas Sheriff Bob Gualtieri said the attacker tried to raise levels of sodium hydroxide, also known as lye, by a factor of more than 100.

Sheriff: Hacker tried to taint Florida city's water with lye (AP) A hacker gained unauthorized into a remote access software system shared by workers at a Florida city’s water treatment plant in an unsuccessful attempt to fill the water...

Hacker Boosts Toxic Chemical Level 100-Fold at Water Plant (Bloomberg) Sodium hydroxide increased at Florida facility near Tampa. Operator responded immediately to prevent public harm.

‘Dangerous Stuff’: Hackers Tried to Poison Water Supply of Florida Town (New York Times) For years, cybersecurity experts have warned of attacks on small municipal systems. In Oldsmar, Fla., the levels of lye were changed and could have sickened residents.

Sheriff: Investigation underway after hacker attempts to poison Florida town’s water supply (My Sun Coast) Authorities in Pinellas County are investigating after an unknown individual attempted to hack the City of Oldsmar’s water treatment plant system.

Hacker Tried to Poison Florida City's Water Supply, Police Say (Vice) The hacker tried to drastically increase sodium hydroxide levels in the water, Pinellas County, Florida, officials said on Monday.

Hacker breached Florida water facility to alter sodium hydroxide level, police say (CyberScoop) An unidentified hacker on Feb. 5 broke into the computer system of a water treatment plant for a town outside of Tampa, Florida, and temporarily changed the plant’s sodium hydroxide setting to a potentially dangerous level, local authorities said Monday.

Hacker Changed Chemical Level in Florida City’s Water System (Wall Street Journal) While the Pinellas County sheriff said the public was never in danger, a criminal investigation has been launched.

Recommendations Following the Oldsmar Water Treatment Facility Cyber Attack | Dragos (Dragos | Industrial (ICS/OT) Cyber Security) Today a press conference was held by the City of Oldsmar where they disclosed ‘the unlawful intrusion of the City of Oldsmar’s water treatment system.’ The City of Oldsmar should be commended on their transparent briefing and level of detail. The case is evolving and details are ongoing but this blog is intended to share what’s known currently with some defensive recommendations. Details of What Happened It has been publicly acknowledged...

Cyber Attacks, Threats, and Vulnerabilities

MAR-10318845-1.v1 - SUNBURST (CISA) This report provides detailed analysis of several malicious artifacts associated with a sophisticated supply chain compromise of SolarWinds Orion network management software, identified by the security company FireEye as SUNBURST.

MAR-10320115-1.v1 - TEARDROP (CISA) This report provides detailed analysis of malicious artifacts associated with a sophisticated supply chain compromise of Solar Winds Orion network management software, identified by the security company FireEye as TEARDROP.

Installed Chinese-made transformers can impact the grid today (Control Global) Presidential Executive Order (EO) 13920 was issued not as a whim but because the Chinese effectively did a “Stuxnet” to a large electric transformer installed at a US utility.

BendyBear: Novel Chinese Shellcode Linked With Cyber Espionage Group BlackTech (Unit42) The novel Chinese shellcode "BendyBear" is one of the most sophisticated, well-engineered and difficult-to-detect samples employed by an APT.

Attackers Leverage Locally-Loaded Chrome Extension for Data Exfiltration (SecurityWeek) A malicious extension was being loaded in Chrome locally, after Developer mode had been enabled.

Over 1,200 Iranians Targeted in Domestic Surveillance Campaign (SecurityWeek) Domestic Kitten, backed by the Iranian government, launches extensive surveillance operations against Iranian citizens.

After Lightning Comes Thunder: The Most Persistent Iranian APT Rumbling Agai (Check Point and SafeBreach Labs) Cyber warfare has long become a common practice in the arsenal of governments, armies, and intelligence agencies around the world.

Billions of Passwords Offered for $2 in Cyber-Underground (Threatpost) About 3.27 billion stolen account logins have been posted to the RaidForums English-language cybercrime community in a 'COMB' collection.

SitePoint discloses data breach after stolen info used in attacks (BleepingComputer) The SitePoint web professional community has disclosed a data breach after their user database was sold and eventually leaked for free on a hacker forum.

Barcode Scanner app on Google Play infects 10 million users with one update (Malwarebytes Labs) In a single update, a popular barcode scanner app that had been on Google Play for years turned into malware.

Web Developer Hub SitePoint Discloses Data Breach (SecurityWeek) Web development resources provider SitePoint has notified users of a data breach that resulted in some of their information being stolen.

Data of thousands of Dutch citizens leaked from government Covid-19 systems (ComputerWeekly.com) Weak access controls and outdated systems blamed for leaking of the personal details of thousands of Dutch citizens tested for Covid-19.

Security breach may have exposed 36,000 UPMC patients' info (Becker's Hospital Review) UPMC began notifying patients Feb. 5 that their protected health information may have been exposed through a data breach at the Pittsburgh-based health system's billing and legal services provider last year.

Hackers leak thousands of incidents in Austin surveillance, Statesman reports (KVUE) The list was leaked by a hacker group last summer in the wake of protests against police brutality.

Tokyo Gas discloses data breach impacting anime-style dating simulation game (The Daily Swig) Developed by Japan’s largest gas utility, ‘Furo Koi’ was created to offer bathing advice to users

Medical cannabis company Cann Group loses $3.6 million in cyber attack (SmartCompany) Medicinal cannabis company Cann Group has been hit with a cyber attack, losing $3.6 million in transactions to an unknown third party.

Cyberpunk 2077 maker suffers ransomware attack (Computing) Attackers claim that they accessed source code for Cyberpunk 2077, Gwent, Witcher 3 and an 'unreleased version of Witcher 3'

Hackers behind British Mensa breach publish private messages of forum members on dark web (Computing) Some messages include email addresses and contact numbers of Mensa forum members

Vulnerability Summary for the Week of February 1, 2021 (CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week.

Cyber Trends

Data breaches are increasing people’s exposure to cyber crime (News Powered by Cision) 7 out of 10 parents using online services breached by attackers experience cyber crime, according

Mobile Health Apps Systematically Expose PII and PHI Through APIs, New Findings from Knight Ink and Approov Show (BusinessWire) Mobile Health Apps Systematically Expose PII and PHI Through APIs, New Findings from Knight Ink and Approov Show #Approov #Cybersecurity #APIsecurity

MetricStream Global Survey Reveals Chasm Between IT Cyber Risk Management Strategy and Actual Practice (PR Newswire) /PRNewswire/ -- MetricStream, the market leader in governance, risk, and compliance (GRC), and integrated risk management products and solutions, today...

Delta Web: Established security firms war with disruptive AI rivals (Computing) Computing is the leading information resource for UK technology decision makers, providing the latest market news and hard-hitting opinion.

Security Software Revenues to Hit $45.5B in 2021, a 20% Jump in Two Years (StockApps) The digital transformation accelerated by the pandemic and the growing number of data breaches and cyberattacks has forced online users, companies, and organizations to increase...Read more

TransUnion Analysis Finds Synthetic Fraud Dropping During Pandemic, But New Research Forecasts Future Rise (TransUnion) New TransUnion (NYSE: TRU) research finds instances of synthetic fraud and outstanding balances for suspected synthetic accounts at U.S. financial institutions have declined significantly after the World Health Organization (WHO) declared COVID-19 a global pandemic on March 11, 2020. However, new analysis by technology analyst firm Aite Group fi...

Spirent Report: 5G Activity Accelerates as Operators Look to Differentiate (Spirent) Insights from over 600 global 5G engagements in 2020 reveal roll-outs continue to gather pace, despite the challenges of the global pandemic

Marketplace

Appgate, a Leading Cybersecurity Company, to Merge With Public Company Newtown Lane Marketing (Appgate) Appgate provides secure access to your network and for your consumers using leading Zero Trust network security and fraud protection solutions

SentinelOne to acquire high-speed logging startup Scalyr for $155M (TechCrunch) SentinelOne, a late-stage security startup that helps customers make sense of security data using AI and machine learning, announced today that it is acquiring Scalyr, the high-speed logging startup for $155 million in stock and cash. SentinelOne sorts through oodles of data to help customers under…

We are going fulltime (ProjectDiscovery) Most of you probably don't know, but ProjectDiscovery has been maintained in free-time, and we have been doing it so for the past 2 years. It was initially started when we met through the subfinder repository where we exchanged our ideas and started creating solutions out of a passion for

Air Force Awards $95M For Cyber Intelligence (Breaking Defense) The investment is a sign of the Air Force’s commitment to fighting war effectively across all domains, including cyber and its electronic warfare cousin.

Palantir Surges on Deal to Offer Software Through IBM (Bloomberg) IBM gains tools to make own AI software easier for customers. Palantir sales crew, now at 30, gains access to force of 2,500.

Facebook says it plans to remove posts with false vaccine claims. (New York Times) The move, which applies to anti-vaccine posts unrelated to Covid as well, targets unpaid posts to the site and particularly Facebook pages and groups.

Nixu renews its operating model to increase client centricity and transfers to international business units (News Powered by Cision) Nixu Corporation, Stock Exchange release, February 9, 2021 at 10:00 AM EET Nixu renews its

Avast Joins Coalition Against Stalkerware (PR Newswire) Avast (LSE:AVST), a global leader in digital security and privacy products, today announced that it has joined the Coalition Against...

Proofpoint: Mixed Guidance But Great Long-Term Play (Seeking Alpha) Proofpoint reported Q4 revenue and EPS that came in above expectations despite continued challenges with the economic environment.

CloudSphere’s New CEO Puts VMware, Rapid7 on Notice (SDxCentral) When CloudSphere’s new CEO Jane Gilson takes the reins, she’ll join the exclusive club of female tech chief executives.

TrueFort Adds Lane Bess to Board of Directors (Yahoo) Lane Bess, former CEO of Palo Alto Networks will be an invaluable asset to the Board.

VMware ANZ channel chief Neels Du Plooy departs (CRN Australia) Neels Du Plooy leaves after nearly nine years with the vendor.

Former DHS CIO John Zangardi Joins LookingGlass Advisory Board (Homeland Security Today) LookingGlass Cyber Solutions, a leader in operationalizing threat intelligence, announced the appointment today of Dr. John Zangardi to its Advisory Board.

Castellum, Inc. Announces Hiring of Glen Ives to Build Navy and Marine Corps Division of Company (StreetInsider.com) Castellum, Inc. (OTC: ONOV) announces that Glen Ives has joined the Company as Chief Growth Officer and Divisional...

Cambridge Quantum Computing Welcomes Dr. Stefano Pironio as Scientific Advisor for Quantum Cryptography (HPCwire) Cambridge Quantum Computing (CQC) is pleased to announce the addition of Dr. Stefano Pironio as Scientific Advisor on

Products, Services, and Solutions

Google Launches Database for Open Source Vulnerabilities (SecurityWeek) Google announces OSV (Open Source Vulnerabilities), a database for triaging vulnerabilities in open source projects.

Radical New Training Bolsters Weakest Link in Cybersecurity (PRWeb) The cost of a data breach, in terms of revenue, reputation, legal exposure, and operational disruption, can be devastating; 60% of small-and medium-sized

Axon and Cellebrite Partner to Help Manage and Safeguard Digital Intelligence (Cellebrite) Data collected and reviewed with Cellebrite Solutions now seamlessly unified in Axon Evidence, allowing investigators to reshape how digital evidence is managed

Technologies, Techniques, and Standards

French military orders first sigint suite to work across all services (C4ISRNET) Early capabilities of the new system will be delivered in 2023, and full capabilities by 2025, officials said.

Why Are Remote Access Policies Important? (Reciprocity) When the COVID-19 pandemic arrived and forced the closure of offices around the world, many companies that hadn’t previously allowed remote access to servers and various IP addresses in their corporate network had to do so—and quickly. Trying to maintain business operations in that new manner, while also protecting data against unauthorized access, put many …

Security Compass Releases “The 2021 State of DevSecOps” Study Highlighting the Need for Automation in Secure Software Development (BusinessWire) Security Compass today published the results of its 2021 State of DevSecOps report, highlighting the need for automation in software development.

12 Best Donor Management Software Comparison (The Lead Pastor) Donor management software is critical for non-profit orgs and churches to keep track of donors and fundraising. Here's the best options on the market for 2021.

Cryptography: The art of keeping the data safe (mint) Keeping information secure is paramount in today’s connected world. Towards this end governments and businesses worldwide view cryptography as a key protective tool to secure critical data and networks

Preparing for the Google Partner Program Security Test (Bishop Fox) This Self-Assessment covers common threats to prep for the Google Partner Program assessment, that validates the security of Google partners’ applications.

Design and Innovation

Google Moves Away From Diet of 'Cookies' to Track Users (SecurityWeek) Federated Learning of Cohorts (FLoC) will allow improve online privacy while still enabling advertisers to serve up relevant messages and replace third-party cookies in it's Chrome web browser

Creating an Ethical Artificial Intelligence System: The Key Role of Counsel | New York Law Journal (New York Law Journal) This article will review the key steps to follow for a successful implementation of an ethical AI system. The critical role of lawyers in this process will be highlighted.

Research and Development

Army Creates Quantum Sensor That Detects Entire Radio-Frequency Spectrum (Defense One) Breakthrough could help the military fight in the electronic spectrum.

Researchers Say Machine Learning Boosts Defense Against Multi-Stage Cyber Attacks (Insurance Journal) A machine learning algorithm may give organizations a powerful and cost-effective tool for defending against attacks on vulnerable computer networks and

Legislation, Policy and Regulation

The Cybersecurity 202: 'This Is How They Tell Me The World Ends' sheds new light on a global cyberweapons arms race (Washington Post) The U.S. government is paying hackers for vulnerabilities it finds in software and hardware used by corporations and governments. Once they've bought those vulnerabilities, they're turning them into cyberweapons employed in attacking or spying on adversaries.

The New Never-Ending War (The Cipher Brief) Walter Pincus is a contributing senior national security columnist for The Cipher Brief. He spent forty years at The Washington Post, writing on topics from nuclear weapons to politics. In 2002, he and a team of Post reporters won the Pulitzer Prize for national reporting. OPINION — The worldwide cyber war was on full display last … Continue reading "The New Never-Ending War"

Big Data Is Booming in the U.S., but Other Countries Are Making the Rules (Wall Street Journal) Lawmakers and regulators in some of the world’s largest countries are ramping up enforcement of privacy laws, revising statutes or debating new rules.

Biden Admin. To Weigh Risk Of Unleashing Cyberweapons (Law360) President Joe Biden has pledged to respond with force to hacking campaigns carried out by the country's enemies, but his administration may want to proceed with caution given the risks of launching weapons into the digital ecosystem, ex-government lawyers say.

The Right Response to SolarWinds (Council on Foreign Relations) A strongly worded message has been sent to Moscow, but a forcible response that changes minds is elusive.

A Key Step in Preventing a Future SolarWinds (Just Security) Federal action is needed to establish a cloud security certification that can applies across the ecosystem of information and communications technology.

Sweden to establish national cyber security centre (ComputerWeekly) Sweden becomes latest Nordic state to establish a national cyber security centre as the threat landscape grows.

China Ends the Clubhouse Spring (Foreign Policy) Beijing has blocked the social app after a brief flowering of open discussion.

China Appears to Block Social-Media Platform Clubhouse After Brief Flourishing of Debate (Wall Street Journal) The Silicon Valley audio-chat app had attracted thousands of users in China, who used it to discuss taboo topics including Xinjiang and human rights.

Clubhouse is now blocked in China after a brief uncensored period (TechCrunch) Thousands of Chinese users suddenly found themselves unable to access Clubhouse on early Monday evening as the country prepared to start the week-long Lunar New Year holiday. Inside WeChat groups, Clubhouse users rushed to report the situation and help each other with ways to get back onto the red …

Clubhouse’s moment of free speech in China is over (Quartz) On the Chinese messaging app WeChat, many shared their regret at seeing the app being blocked, and said they now need to use virtual private networks—a tool for circumventing China's great firewall—to access it.

The Kremlin May Make Foreign Internet Companies Open Offices in Russia (Slate Magazine) Having personnel on the ground would make it easier for Russia to pressure companies.

5G : French constitutional court backs provisions of 'anti-Huawei law' (Euractiv) France's highest court ruled on Friday (5 February) that the law introduced by the government on the security of 5G networks - dubbed 'anti-Huawei law' - is consistent with the Constitution. EURACTIV France reports.

Huawei ban timeline: Follow the saga of the Chinese telecommunications giant (CNET) Here's a breakdown of the controversy surrounding Huawei.

Huawei CEO says he'd welcome phone call from Biden in first remarks on new U.S. president (CNBC) Huawei CEO Ren Zhengfei is hoping for a softer approach from President Joe Biden after the company was labeled a national security threat under Trump.

Biden officials believe China to be 'greatest long-term national security threat' to the US, McCaul says (Fox News) President Biden’s Secretary of State Tony Blinken and White House national security adviser Jake Sullivan believe that China poses the "greatest long-term national security threat to the United States," Republican Rep. Michael McCaul told Fox News after speaking with the officials, but McCaul said they will have a "different approach" to China than the Trump administration.

Proposal gives incentives for electric companies to improve cybersecurity (Washington Technology) The new rule, proposed by the Federal Energy Regulatory Commission, would subsidize electric companies that upgrade their cybersecurity infrastructure beyond the minimum requirements.

EU ready to follow Australia’s lead on making Big Tech pay for news (Financial Times) Move by lawmakers would strengthen hand of publishers against Google and Facebook

House Armed Services Adds Cybersecurity-focused Panel for Technology Oversight (MSSP Alert) House Armed Services Committee forms cybersecurity-focused subcommittee to oversee the Department of Defense’s use of cyber, emerging tech & information systems.

How Will the DOTGOV Act Strengthen Government Website Security? (StateTech) The new law makes it easier for state and local agencies to migrate to secure and trusted .gov domains.

Senate confirms Hicks as DoD’s No. 2 (Defense News) The Senate confirmed Kathleen Hicks as deputy defense secretary on Monday evening, making her the first woman to be confirmed by the Senate to the position.

Litigation, Investigation, and Enforcement

Jammu and Kashmir Police looking to recruit 'cyber volunteers' who'll report 'anti national' content to govt (MediaNama) The Jammu and Kashmir Police is looking for “cyber volunteers”, who can flag content on social media that is “anti national”, or promotes “radicalisation”, among other things, and report those to the government.

Can The FBI Hack Into Private Signal Messages On A Locked iPhone? Evidence Indicates Yes (Forbes) Signal is one of the most secure apps in the world. But if FBI agents have access to a device, they can still access supposedly-encrypted messages, even on a locked iPhone.

Biden’s Justice Department Drops Legal Challenge to California Net Neutrality Law (Variety) In a signal of things to come from the Biden administration, the Justice Department on Monday dropped out of a lawsuit that seeks to block California from enacting its own net neutrality law. The a…

BREAKING: DOJ Drops Challenge To Calif. Net Neutrality Law (Law360) The U.S. Department of Justice on Monday ended its Trump-era challenge to California's net neutrality statute, which bars internet service providers from speeding up, slowing down or showing priority to web traffic.

DOJ Accelerates Enforcement Efforts Against Cybercriminals Who Engage in Ransomware Attacks (JD Supra) On successive days last week, the Department of Justice (DOJ) unveiled enforcement actions against international cybercriminal organizations that...

Chubb Beats Target's Data Hack Coverage Bid (Law360) A Minnesota federal judge freed two Chubb Ltd. units from paying for Target Corp.'s losses from $138 million in bank settlements over a 2013 data breach, holding Monday that the retail giant failed to allege "loss of use damages" covered under the policy.

Exclusive: EU's Vestager warns Apple to treat all apps equally amid privacy dispute (Reuters) Europe's antitrust chief, Margrethe Vestager, has warned Apple Inc to give equal treatment to all apps on its platform amid the iPhone maker's privacy changes that have drawn charges of anti-competitive practices from rival Facebook Inc.

Army Cyber Command major gets 30 years on child porn charge (Army Times) An Army officer in Georgia who held a top-secret security clearance has been sentenced to serve three decades in federal prison for producing child pornography, authorities said Monday.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

The Healthcare Cyber Security Summit - February 18, 2021, 12pm EST (Virtual, February 9 - 17, 2021) HUB Security is thrilled to invite you to the next Healthcare Cyber Security Summit. Join the discussion on IoMT, phishing, AI and confidential computing in healthcare. Keynote speakers from Intel, GE, ICON, H-ISAC, FN Bulovka, MedCrypt and NetApp. Free registration.

M3AAWG 51st General Meeting (Virtual, February 15 - 18, 2021) The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG), the largest global industry association working against online exploitation, will host its 51st General Meeting from February 15-18, 2021. In M3AAWG's third virtual event, representatives from over 200 member companies, including Google, Verizon, Twitter, Comcast, AT&T and Microsoft, will discuss prominent cybersecurity issues and establish approaches to combat major threats. M3AAWG's 51st General Meeting will bring together industry experts and leaders from internet service providers, email service providers, social networking companies, software and hardware vendors to advance knowledge around evolving online abuse. Sessions explore timely topics, including NIST's new method to combat phishing, the adoption of TLS 1.3, fighting smishing in the UK, DDoS attack backtracking strategies and much more.

CSO's Cybersecurity Summit (Virtual, March 16 - February 18, 2021) As cyber threats grow in scope and sophistication (as evidenced by the devastating and long undetected, SolarWinds breach), so do the stakes for corporations and government to stay alert and on guard. CSO, the tech industry’s premier voice on cybersecurity, presents a summit where top executives and leaders will provide up-to-the-minute insights on how to successfully safeguard your organization. Over three days, IT professionals will learn, contribute to the conversation and source new solutions providers.

Cybersecurity Festival (Day 0ne) (Virtual, June 16, 2021) Hosted by Computing , the CyberSecurity Festival will provide a combination of presentations, panel sessions, fireside chats, workshops and networking to help you answer all of these questions and more. Attendees will hear from the industry's top experts, some of the biggest and most successful brands, and have their opportunity to put their questions to them directly.

Cybersecurity Festival (Day Two) (Virtual, June 23, 2021) Hosted by Computing , the CyberSecurity Festival will provide a combination of presentations, panel sessions, fireside chats, workshops and networking to help you answer all of these questions and more. Attendees will hear from the industry's top experts, some of the biggest and most successful brands, and have their opportunity to put their questions to them directly.

Cybersecurity Festival (Day Three) (Virtual, June 30, 2021) Hosted by Computing , the CyberSecurity Festival will provide a combination of presentations, panel sessions, fireside chats, workshops and networking to help you answer all of these questions and more. Attendees will hear from the industry's top experts, some of the biggest and most successful brands, and have their opportunity to put their questions to them directly.

upcoming Events

Secureworks Connect (Virtual, February 9, 2021) Secureworks Connect is a one-day virtual cybersecurity conference designed for all types of security professionals, including executives, front-line analysts, and business leaders, and will bring together more than 1200 security professionals to explore the transformative effects of data sciences and security analytics software in building a proactive security posture.

Women Unite Over CTF 3.0 (Virtual, February 13, 2021) Registration and sponsorship opportunities for “Women Unite Over CTF 3.0,” the popular Capture the Flag (CTF) for women and non-binary persons, is now open. On-going, live instruction helps beginners successfully complete their first CTF. Advanced infosec professionals can earn points through challenges on Point3 Security’s award-winning ESCALATE platform.

Battling the Infodemic: Covid-19 Mis- and Disinformation (Virtual, February 16, 2021) Please join Pitt Cyber for a timely conversation about how mis- and disinformation could jeopardize control of the pandemic. Disinformation and medical experts will discuss what’s happening, what to expect, and what we can do.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.