At a glance.
- Intelligence and Security Committee of Parliament reports on Russian cyber threat to the UK.
- Russia denies any involvement in hacking.
- UK consumer IoT security standards out for comment.
- US NSA Director says election security is priority one.
- India's Department of Telecommunications requests security and compliance audits.
UK Committee reports on the Russian cyber threat.
The UK's Intelligence and Security Committee of Parliament rendered its long-anticipated report on Russian espionage and cyber operations at Westminster this morning. The redacted report concludes that Russia's aims are primarily negative ("paranoid," also "fundamentally nihilistic"), seeking to disrupt and damage rivals. Moscow's subsidiary positive ("substantive") goals include sustaining its prestige as a great power and preserving its rulers' privileged positions. The Committee outlines extensive Russian disinformation operations against the UK. These have pursued goals observed elsewhere, including the opportunistic exploitation of existing social fissures to erode trust in civil society and the institutions that serve it.
Russia is assessed, unsurprisingly, as "a highly capable cyber actor with a proven capability to carry out operations which can deliver a range of impacts across any sector." A striking feature of Russia's cyber capability is the close and "symbiotic" relationship its intelligence and security services enjoy with Russian organized crime. This relationship, which includes corrupt business operations, is seen as so close as to render the gangs, the contractors, and the state operators effectively indistinguishable. But the security and intelligence services are the ones calling the shots. The criminals are compromised, suborned, and controlled. They understand that they operate at the sufferance of the organs.
The Committee's recommendations include closer cooperation with allies and new authorities for the Intelligence Community.
In many respects the report covers similar ground to that surveyed by the US Cyberspace Solarium Commission. The report’s title is the single word “Russia,” but the Committee’s discussion of Russian activities makes frequent reference to the cyber threats posed by China, Iran, and North Korea as well. It expresses a recognition of the difficulty of properly and effectively balancing defensive resources across the four familiar adversaries.
The report also makes note of the United Kingdom’s development of an effective offensive capability, suitable for deterrence and, when necessary, retaliation.
The Committee appreciates that Russia is a “hard target” for intelligence collection. It also notes that both collection and active cyber offensive measures against Russia carry a distinct risk. “ In the case of Russia, the potential for escalation is particularly potent: the Russian regime is paranoid about Western intelligence activities and ‘is not able to treat objectively’ international condemnation of its actions.109 It views any such moves as Western efforts to encourage internal protest and regime change. The risk is compounded by limitations on UK engagement with the Russian government at official and political levels, making deciphering Russian leadership intent even more difficult.” And Moscow’s centralized decision-making, seen as distinctively shaped by President Putin’s personality and style of government, has given Russia a surprising agility in cyber conflict.
Russia responds to the Intelligence and Security Committee of Parliament.
TASS is authorized to disclose that all that stuff in the Intelligence and Security Committee of Parliament’s report on Russia is a bunch of hooey, that there are no Russian hackers. "There are no hackers working for the Russian government, so our government does not consider any actions by hackers, nor does it coordinate them,” Russia’s finance minister Anton Siluanov [sil-oo-WAHN-off] said. He added that Russia was developing its own COVID-19 vaccine, and therefore had no need to steal anyone else's, which in any case it didn’t do.
Proposed British security standards for consumer IoT.
The British Government is soliciting comment on a proposal to improve the security of the Internet-of-things, particularly consumer smart devices. The highlights of the proposed new measures are, as conveniently summarized by IoT Australia:
- First, “temporarily ban the supply or sale of the product while tests are undertaken.”
- Second, “permanently ban insecure products, if a breach of the regulations is identified.”
- Third, “serve a recall notice, compelling manufacturers or retailers to take steps to organise the return of the insecure product from consumers.”
- And, finally, “apply to the court for an order for the confiscation or destruction of a dangerous product; Issue a penalty notice imposing a fine directly on a business.”
Comments are due by September 6th.
US Cyber Command and NSA see election security as top priority.
General Paul Nakasone, Director NSA and commander, US Cyber Command, told a virtual meeting of the Association of the United States Army yesterday that securing the 2020 US elections was "our number one goal, our number one objective." According to FCW General Nakasone said that they've been building on lessons learned from the 2018 midterm elections, the organizations intend to "know our adversaries better than they know themselves."
India's Department of Telecommunications asks for security audits and compliance certifications.
Business Today reports that India's Department of Telecommunications has contacted portals and websites used by departmental personnel and requested that they conduct security audits and submit certificates of compliance. The Department's concerns are about China; the request was prompted by recent spikes in cyberattacks against Indian targets.