Section 230 revisions proposed. DPRK capabilities and intentions. Team Telecom says "no" to a Hong Kong cable.

More Signal. Less Noise.

Driving advanced cyber capabilities with the GDIT Cyber Stack

Increased complexity in hybrid and multi-cloud environments? Overwhelming amount of available cyber tools? Growing number of cyber incidents? Our solution to these growing needs is the GDIT Cyber Stack, a comprehensive modular ecosystem of cybersecurity capabilities. The GDIT Cyber Stack enables Zero Trust Strategy, provides enhanced visibility and situational awareness, and leverages cloud-enabled cybersecurity to deliver autonomous cyber detection and response capabilities. Secure your mission with the GDIT Cyber Stack. Learn more.

V2 | Issue 118 | 6.18.20

Section 230 revisions proposed. DPRK capabilities and intentions. Team Telecom says "no" to a Hong Kong cable.

Summary

By the CyberWire staff

At a glance.

US Justice Department recommendations on Section 230 of the Communications Decency Act.
The Limiting Section 230 Immunity to Good Samaritans Act.
DPRK cyber capabilities and intentions.
Calls for DHS cyber oversight of the US Intelligence Community.
Team Telecom recommends against a Hong Kong connection.

US Justice Department issues its recommendations on Section 230 of the Communications Decency Act.

The US Justice Department yesterday issued its review of Section 230 of the Communications Decency Act. Section 230 has generally served to shield Internet platforms from various forms of civil and criminal liability. The Department recommends four categories of reform that it says would bring the balance of various interests into line with the ways the Internet has evolved since the law was passed in 1996.

The revisions would “incentivize online platforms to address illicit content,” denying Section 230 protection to genuine bad actors, carving out exceptions for terrorism, child abuse, and cyber-stalking, and for “case-specific carve-outs” that would remove protection from platforms that knew, in a specific case, that third-party content was illicit.

The proposed revision would also clarify Federal civil enforcement capabilities, promote competition, and “promoting open discourse and greater transparency” by replacing “vague terminology” and defining “good faith.” As the Department's announcement puts it:

"The Department of Justice has concluded that the time is ripe to realign the scope of Section 230 with the realities of the modern internet. Reform is important now more than ever. Every year, more citizens—including young children—are relying on the internet for everyday activities, while online criminal activity continues to grow. We must ensure that the internet is both an open and safe space for our society. Based on engagement with experts, industry, thought-leaders, lawmakers, and the public, the Department has identified a set of concrete reform proposals to provide stronger incentives for online platforms to address illicit material on their services, while continuing to foster innovation and free speech."

The Wall Street Journal offers some historical context for the passage and effects of what the Journal calls "the defining law of the Internet age."

A bill to revise Section 230 is introduced in the US Senate.

Axios reports that Senator Josh Hawley (Republican of Missouri) has introduced a bill, the Limiting Section 230 Immunity to Good Samaritans Act, that would make Section 230 protections conditional upon a company's adopting terms of service that pledge to operate in good faith and that detail their content moderation policies. Gizmodo thinks the bill won't "make Silicon Valley sweat" because it simply requires companies to establish and adhere to standards.

North Korea's cyber capabilities and intentions.

Business Insider is running a long interview with Daniel Russel, vice president for international security and diplomacy at the Asia Society Policy Institute and a former assistant secretary of state for East Asian and Pacific Affairs. Russell outlines the development of Pyongyang's cyberwar organization, including some early assistance received from Russia and China, and describes its close connection with the country's nuclear forces. He also notes that international sanctions have been relatively ineffectual against the growth of the seven-thousand-strong cyber force, and asserts that it's preparing for attacks against Western (and particularly US) infrastructure.

CIA WikiLeaks Task Force report prompts calls for DHS cyber oversight of civilian intelligence agencies.

Or at least of the US civilian intelligence agencies, like CIA and FBI. Presumably the military intelligence agencies like DIA will continue to be looked after by NSA. Nextgov reports that Senator Wyden (Democrat of Oregon) has written the Director of National Intelligence to request an explanation of why the Intelligence Community hasn't implemented the kinds of security measures the Department of Homeland Security has brought to much of the rest of the Government. Technology Review has an account of the "lax security" the task force described.

Team Telecom recommends against a Hong Kong connection.

Team Telecom, the US Government interagency task force recently criticized as asleep at the switch with respect to Chinese companies' assumption of significant market share in the US, has weighed in on the Pacific Light Cable Network. The BBC reports that Team Telecom recommended approval of the sections that connect the US with Taiwan and the Philippines, but recommended against bringing the connection to Hong Kong online. That connection would involve working with a Chinese firm, the Dr Peng Group. According to the BBC, Team Telecom offered four reasons for not connecting to Hong Kong:

"China's "sustained efforts to acquire the sensitive personal data of millions of US persons'"
"China's "access to other countries' data through both digital infrastructure investments'"
"The Dr Peng Group's 'relationship with Chinese intelligence and security services, and its obligations under Chinese intelligence and cyber-security laws'"
"China's 'recent actions to remove Hong Kong's autonomy and allow for the possibility that Chinese intelligence and security services will operate openly in Hong Kong'"

A final decision now rests with the Federal Communications Commission.

Selected Reading

Amid border tensions, China targets Indian government websites and banking systems; attack foiled successfully (Times Now News) Amid border tensions with India, China launched cyber-attack on the country by targeting government websites and banking systems.

French watchdog warns against COVID-19 smart surveillance (Reuters) The use of a new range of surveillance cameras to check adherence to rules in the wake of the novel coronavirus outbreak risks undermining the fabric of democracy, France's data privacy watchdog CNIL said on Wednesday.

Labor asks for the whereabouts of Australia's overdue cybersecurity strategy (ZDNet) Shadow Assistant Minister for Cyber Security Tim Watts hopes the new strategy shows the 'substance and imagination that our national cyber-resilience deserves' and that it's accompanied by an accountable minister.

Kim Jong Un has quietly built a 7,000-man cyber army that gives North Korea an edge nuclear weapons don't (Business Insider) North Korea's cyber army is trained to find secrets, disrupt critical infrastructure, and steal money to help the isolated country avoid sanctions.

Iran Appears Poised to Go on the Cyber Offensive (Stratfor) The shift to trying to physically damage targets via cyberattacks threatens local and Western companies in the Mideast, and critical infrastructure worldwide.

US-China row moves underwater in cable tangle (BBC News) In another sign of growing tension, a high-speed internet cable looks set to be blocked by the US.

Federal agencies recommend blocking Hong Kong-US undersea cable over national security concerns (CyberScoop) Concerns about the cable have grown along with Beijing's influence over Hong Kong.

How the China vs US technology race is remapping the world (The Telegraph) Two hemispheres are emerging in the global technology race

U.S. or China: Who will end up winning the 5G Cold War? (CTECH) This Cold War is not about advanced weaponry or the pursuit of noble causes like social ideology or conquering outer space. This time it is about the long and tedious battle over advanced telecommunication technology

John Bolton: The Scandal of Trump’s China Policy (Wall Street Journal) The president pleaded with Chinese leader Xi Jinping for domestic political help, subordinated national-security issues to his own re-election prospects and ignored Beijing’s human-rights abuses.

Persistent Vulnerabilities: Strengthening Cybersecurity Requirements for the Department of Defense (Council on Foreign Relations) Cyber vulnerabilities in major weapons platforms pose a significant threat to U.S. national security. Developing a comprehensive evaluation process is essential to ensuring the security and resilience of the technologies that underpin U.S. deterrence and warfighting.

Justice Department reveals proposals to curb platforms' protections (Axios) DOJ plan would create more restrictions around tech content moderation.

Justice Department Proposes Limiting Internet Companies’ Protections (Wall Street Journal) The Justice Department proposed a rollback of legal protections that online platforms have enjoyed for more than two decades, in an effort to make tech companies more responsible in how they police their content.

Justice Department recommends new legislation holding Facebook, Google and Twitter liable for some online content (Washington Post) The Justice Department urged Congress to adopt new legislation that would punish Facebook, Google and Twitter for harmful content posted online, threatening to erode a long-cherished legal immunity that Silicon Valley says is critical to the future of the Internet.

The Defining Law of the Internet Age (Wall Street Journal) The Justice Department’s proposal to give online platforms less legal protection from lawsuits is the latest effort to revamp the defining law of the internet age.

Hawley unveils bill targeting Big Tech's shield (Axios) GOP senator's bill would give consumers grounds to sue over accusations of online censorship.

Senator Hawley's New 'Section 230' Bill Isn't Going to Make Silicon Valley Sweat (Gizmodo) Sen. Josh Hawley, one of Facebook’s most vocal critics on Capitol Hill, introduced new legislation on Wednesday that would purportedly chip away at the limited liability shield that protects social media giants from being sued for content moderation decisions.

New Legislation Could Signal Critical Mass On Section 230 (Law360) The U.S. Department of Justice and GOP senators unveiled two separate legislative plans Wednesday to hold web platforms more accountable for their content moderation practices, signaling broader backing for the White House's recent efforts to target online censorship.

CIA Report Prompts Call for DHS Cyber Authority Over Intelligence Agencies (Nextgov) Senator asks the director of national intelligence why his office hasn’t implemented a basic anti-phishing tool like the rest of the government.

Theft of CIA hacking tools spotlights the spy agency’s “lax” security (MIT Technology Review) American intelligence agencies are still falling short on security, years after high-profile data leaks from Edward Snowden, Chelsea Manning, and Joshua Schulte, according to a member of the US Senate Intelligence Committee. In a letter to Director of National Intelligence John Ratcliffe, Senator Ron Wyden uses a 2017 internal report from the CIA to detail…

Senator Raises Concerns About Ability of U.S. Intelligence to Protect Secrets (SecurityWeek) Sen. Ron Wyden has raised concerns about the ability of intelligence agencies to protect secrets and has asked the director of national intelligence about steps taken to improve cybersecurity

Executive Order Restraints on Sourcing of Power System Equipment Raise Challenges for Developers (JD Supra) On May 1, 2020, the President issued Executive Order 13920, “Securing the United States Bulk-Power System” (“E.O. 13920”) to address what the Trump...

Commissioners Urge Hiring Changes to Fill Government Jobs in Cyber, AI (Wall Street Journal) Streamlining security clearance and subsidizing college costs might help land candidates as the private sector beckons.

Analysis | The Cybersecurity 202: D.C., Georgia reflect divergent Democratic and Republican approaches to mail ballots (Washington Post) The District is embracing mail voting after a troubled primary, while Georgia is backing off.

Pentagon Wants to Scale Up Its Device Security Program (Nextgov) The Comply-to-Connect program ensures devices connecting to military networks have baseline security without needing to install endpoint management apps.

Retiring DOD deputy CIO reflects on a long career in federal service (Federal News Network) Essye Miller, DoD’s first black female principal deputy CIO talks about leadership and how to develop the next generation of leaders in the federal government.