At a glance.
- New adherents to the Clean Network initiative.
- What's Energetic Bear up to?
- Military support for election security.
- State agencies prepare to secure elections.
Four fresh Clean Network allies (and one sometime partner seems to stray).
Slovakia, Kosovo, Bulgaria, and North Macedonia have signed 5G security commitments aligned with the US Clean Network initiative, which concerns “carriers, app stores, cloud computing, and subsea cables,” ZDNet reports. A representative statement reads, “a rigorous evaluation of suppliers and supply chains should take into account the rule of law; the security environment; ethical supplier practices; and a supplier's compliance with security standards and best practices.” The US and Europe’s strengthening stance against Huawei, or what US Secretary of State Mike Pompeo calls “an arm of the PRC surveillance state,” contrasts with Saudi Arabia’s apparently increasing coziness with Shenzhen. The Saudi Data and AI Authority (SDAIA) recently contracted with Huawei and Alibaba Cloud on AI development projects.
Energetic Bear: circus player or patient predator?
Wired argues Energetic Bear, discussed in yesterday’s briefing, has yet to pounce despite clawing “deep inside infrastructure around the globe” either because it's preparing the battlefield or waging psychological warfare. FireEye’s John Hultquist thinks the group could be setting the stage for a dramatic denouement; CrowdStrike’s Adam Meyers suspects a “resource attack” is underway. "The more they can run these theatrics, the more they can make us go freaking nuts...They're burning our cycles,” he said, allowing that the logical reaction to critical hacks is alarm.
Militarized election security.
War on the Rocks cautions against involving the military, “the nation’s professional managers of violence,” in every domestic problem, notwithstanding their current well-earned reputation for neutrality and public support. Charging officers with election security puts them in the position of “determining what counts as acceptable and unacceptable political content,” an assignment that will eventually cause tension. There are, of course, ways of countering election interference that don't involve the military in potentially invidious content moderation: US Cyber Command's continuous forward engagement with hostile foreign services provides one good example.
There is also a comparable, if smaller, role for the National Guard at both state and Federal levels. The Louisiana National Guard was recently deployed to combat a spree of KimJongRat remote access Trojan attacks on state assets, according to Reuters. Neither the actor nor the motive—whether profit or election interference—were clear, but the countermeasures succeeded in blocking a ransomware infection. Twin Cities reports that up north, a thirty-five person Minnesota National Guard cyberunit, one of eleven such units in the Guard, headed to Fort Meade in Maryland for its first national mission. WJON says the 177th Cyber Protection Team, created three years ago, will assist US Cyber Command and the Cyber National Mission Force in defending against attacks as part of a scheduled rotation.
State civilian agencies also prepare for election security.
Meanwhile down in Florida, Governor DeSantis reassured voters that systems are a go despite leaked registration information, according to The Apopka Voice. After the GRU infiltrated county networks and voter rolls during the last presidential election, the state invested $60 million in cybersecurity and passed two cybersecurity bills requiring the Florida Department of Management Services to proactively protect data and disclose attacks. DeSantis commented that while Iran, Russia, and China pose ongoing threats, the recent Iranian Proud Boys hijinks—which the CyberWire covered—served more “to get things in the zeitgeist with voters” than directly compromise systems. Some local officials claim they’re not up to speed on developing threats, however, and think tank Brennan Center for Justice claims an additional $2 billion is needed to reinforce election systems nationwide.