At a glance.
- CISA announces an Industrial Control System Security Strategy.
- Sabotage, cyberattack, strategic ambiguity, and deterrence.
- Coordinated inauthenticity following an Emirati line.
- Moves in the Crypto Wars.
CISA's ICS security strategy.
The US Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) today announced publication of "Securing Industrial Control Systems: A Unified Initiative," which the agency describes as "a multi-year, focused approach to improve CISA’s ability to anticipate, prioritize, and manage national-level ICS risk." The strategy's goals are:
- "Empower the ICS community to defend itself;
- "Inform ICS investments and proactive risk management of NCFs;
- "Unify capabilities and resources of the Federal Government;
- "Move to proactive ICS security; and
- "Drive positive, sustainable, and measurable change to the ICS risk environment."
Sabotage, cyberattack, strategic ambiguity, and deterrence.
The BBC reports that Tehran says it knows what caused the fire at Natanz, but that Tehran isn’t saying. It looks, however, more like physical sabotage than either an accident or the “kinetic cyberattack” that was the subject of weekend speculation. And whoever’s speaking for the self-described Iranian dissident group, the “Homeland Cheetahs,” appears to have had advance knowledge of the incident, but the putative group materialized from nowhere and increasingly looks like a false flag.
The Washington Post quotes an anonymous “Middle Eastern security official” who spoke on condition that both his identity and nationality be concealed to the effect that the damage was caused by a bomb placed inside the facility. The operation, that source says, was an Israeli effort to “send a message” that would deter Iran from accelerating its pursuit of nuclear weapons.
Assuming that the explosions were the work of a foreign service, the incident shows an apparent desire on the part of both parties, Iran and its adversary, to keep the fight down in the grey zone, at the lower reaches of the spectrum of conflict.
An apparent influence operation (in the apparent interest of the UAE).
An investigation by the Daily Beast has exposed a journalistic persona, one “Raphael Badani,” represented as an international affairs expert whose bylines have appeared in the Washington Examiner, RealClear Markets, American Thinker, and the National Interest.
There is, however, no such person. Raphael Badani’s online pictures were scraped from the unknowing site of a San Diego entrepreneur who had no idea his image was being appropriated. And Raphael Badani’s profile claimed degrees from George Washington and Georgetown Universities, but no such person attended either.
The Badani persona also figured in a network of at least nineteen other policy catphish whose general line was to praise the United Arab Emirates and advocate a harder line toward Qatar, Turkey, and Iran, and toward those nations’ proxies in the Levant. Their work appeared in Human Events, the Post Millennial, the Jerusalem Post, Al Arabiya, and the South China Morning Post. The catphish were often linked to the Arab Eye and Persia Now, which served as central sites for sourcing their work. Some of the news outlets, notably the Washington Times, have taken down the contributed content with a brief notice. Others still have it up.
Twitter yesterday took down a number of accounts associated with the coordinated inauthenticity.
Reaction to US Congressional moves in the Crypto Wars.
The EARN IT Act has advanced in the US Senate, but with amendments designed to make it less threatening to privacy, and to encrypted communications in particular. The amendments do indeed appear to rule out the possibility of punishment under the provisions of the bill for simple refusal to backdoor products, but as the Register notes, privacy advocates remain skeptical of the EARN IT Act even in amended form.
More controversial, the Washington Post reports, is the Lawful Access to Encrypted Data Act, which today attracted a strong open letter of disagreement from the Global Encryption Coalition, a large coalition of advocacy organizations, individual experts, and tech companies. Their arguments are familiar ones: any easy access to encrypted communications for police means the same for criminals. They write, "[T]he bill’s requirements are so broad that it would effectively force recipients to build and maintain encryption backdoors to provide the data when requested." The signatories say they share the Act's goal of promoting public safety, "but the Lawful Access to Encrypted Data Act would have the opposite effect, and it would compromise Americans’ security."