Hunting forward. Getting the "big things" right. Singapore's data protection law.

Summary

By the CyberWire staff

At a glance.

US Cyber Command defends elections by "hunting forward."
Germany's defense minister calls out Huawei's security issues as "a big thing."
Singapore updates data protection laws.

Hunting forward.

For two years prior to yesterday’s presidential election, US Cyber Command deployed “the whole spectrum of offensive and defensive measures” against threat actors in Moscow, Tehran, and Beijing, CNN reports. The New York Times says Cybercom sent squads to Europe, Asia, and the Middle East to investigate tactics, techniques, and procedures. Deputy Commander Lt. Gen. Charles Moore explained, “We want to find the bad guys in red space, in their own operating environment. We want to take down the archer rather than dodge the arrows.”

So far election interference has been minimal, but some concern remains about unpredicted “black swan” occurrences or renewed attacks in the event of a contested result. Americans are urged to “remain calm and vigilant” throughout this period of heightened vulnerability. Cybercom will continue its efforts indefinitely, with General Moore calling election defense a “persistent and ongoing campaign.”

Not all the action in the post-election phase will be political or foreign. The criminals will be out and about, too. We received some reflections on the form post-election cyerbattacks are likely to assume from Jerry Ray, COO of SecureAge, who wrote:

“The election results are already in dispute is the message being championed by the party more in fear of losing. And while domestic and foreign actors alike are trying to sow further discord thereafter by spreading falsehoods about the election results, cyber criminals are already relishing in the madness. The higher the temperature of those defending or defaming the election results, the lower their awareness of multitude of attacks awaiting them through phishing emails, fraudulent websites, and all of the well known forms by which the highly distracted may be exploited online.

As the votes continue to be counted, the most inevitable and effective cyber attacks will be subtle, unnoticed, unattributable, and masked within the culture of doubt and suspicion cast upon the election for the sake of either plausible deniability by the victors or grounds for dispute by the vanquished. With only a fraction of a percent of the voting population determining the outcome, the attackers need only work in the margins and against those least able to defend themselves or least likely to notice.”

German defense minister backs US on Huawei.

As the CyberWire noted last month, Berlin has indicated that it will join the growing coalition of countries planning to exclude Chinese telecom tech from their infrastructure. The Washington Examiner reports on Defense Minister Annegret Kramp-Karrenbauer’s tough posture. “If the technology offered to us is not beyond reproach, it cannot be used," she remarked to the Sydney Morning Herald. (The Herald observed that Kramp-Karrenbauer “is the first German minister to confirm publicly” that new regulations would block Huawei from the country’s 5G rollout.)

Canberra sounded an alarm over Huawei and ZTE in 2018, expressing unease about “extrajudicial directions from a foreign government." Last year US Secretary of State Mike Pompeo began putting allies on notice that they might need to choose between Huawei and US military collaboration. Kramp-Karrenbauer commented that despite “tiffs across the Atlantic,” the important thing is to “get the big stuff right. China is big stuff.”

Singapore’s updated data protection law.

Singapore’s Monday amendment of its Personal Data Protection Act brought two main revisions, according to The Business Times. The maximum fine for breaches was increased, and organizations were given additional leeway over data usage, in an attempt to harmonize competing interests of consumers and companies. The bill highlights four primary goals: augmenting individuals’ autonomy, businesses’ responsibility, the bases for data handling, and the Personal Data Protection Commission’s (PDPC’s) enforcement capabilities. Some worry that the higher penalties might drive away business.

After performing a risk assessment, organizations can process data without consent for “legitimate” purposes like fighting crime. This means, for example, IoT data can be used in investigations without consumers’ permission. Companies are required to provide an opt-out interval for other novel applications, and must inform victims and the PDPC about serious breaches.

Selected Reading

Pentagon research office wants innovative tools to spot influence campaigns (C4ISRNET) A new solicitation wants automated tools to help analysts track influence campaigns as they evolve.

Japan Times Indicates Japan considers using AI for speedy policy decisions (CTOvision.com) The government is considering introducing an artificial intelligence-based big data analysis system developed by an American firm in order to enable speedier policy decisions, according to government sources. It has started […]

A Trump win and cybersecurity: Potential for CISA expansion? (SC Media) As Americans go to the polls in record numbers and Trump vies for re-election, his uneven cybersecurity policy offers a few clues into what he might, or should, prioritize during a second term.

Californians Consider Expanding Landmark Data Privacy Law (SecurityWeek) Two years ago, California became the first state to pass a sweeping digital privacy law seen as the strongest of its kind in the United States. Voters are now deciding whether to refine and expand that law, or leave it as is.

Maj. Gen. Robert Skinner Now Senate-Confirmed for DISA Leadership Role (Executive Gov) Maj. Gen. Robert Skinner has received Senate confirmation to lead the Defense Information Systems Ag

“It’s halftime, America:" watching election security with CISA (The CyberWire) “It looks like any other Election Day, even any other Tuesday,” a senior CISA official said yesterday, as the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) executed a long-prepared national effort to secure the vote.

Today is only "halftime" say top cybersecurity officials (Roll Call) In the days ahead, foreign or domestic adversaries could try to interfere with, and undermine confidence in, the election, officials say.

Polls close on Election Day with no apparent cyber interference (NBC News) While there is still plenty of time for hackers to harass elections as states count and certify results, Election Day itself was fairly smooth sailing.

The Cybersecurity 202: U.S. officials see no evidence of hacking of American voting systems (Washington Post) The federal government's top cybersecurity authority said there was no evidence of a major cyberattack on the U.S. elections. But without a result in the presidential race, there is still time for Russia, Iran or another adversary to interfere in the contest.

Officials: No apparent signs of US malicious cyber activity (Fox 11) The cybersecurity agency at the Department of Homeland Security says the U.S. election so far has featured the usual technical glitches and routine issues but no apparent signs of any malicious cyber activity — at least not yet.

NSA Chief Sees Minimal Foreign Interference, Warns of Risks Until Vote Certified (Wall Street Journal) The head of the National Security Agency and U.S. Cyber Command said the level of foreign interference in the 2020 election appeared less significant than what officials witnessed during the largely quiet 2018 midterms, but said his agencies would be on high alert until votes are certified next mont

CISA’s Elections Operations Center to Remain Open for Another 45 Days (Nextgov.com) Officials acknowledged reports of misleading robocalls and suspicious traffic around a Florida system, but said neither were out of the ordinary.

Cyber Command's Hunt Forward Teams Bolster Election Security, CISA Officials Say (Defense Daily) U.S. military cyber operators scoping out cyber threat actors on overseas networks have proven helpful in protecting U.S. election systems ahead of the 202

US Cyber Command expands operations against Russia, China and Iran (CNN) US Cyber Command expanded its operations aimed at identifying malicious foreign cyber actors before Tuesday's presidential election, using missions to not only seek out Russian hackers, but those from Iran and China as well, a US official confirmed to CNN.

U.S. undertook cyber operation against Iran as part of effort to secure the 2020 election (Washington Post) U.S. Cyber Command and the National Security Agency have taken recent actions to ensure that foreign actors do not interfere in the 2020 election, including an operation in the past two weeks against Iran, U.S. officials said.

Suspicious robocall campaign warning people to ‘stay home’ spooks voters nationwide (Washington Post) The call -- along with new robotexts surfaced Tuesday in Michigan -- have fueled fresh fears that misinformation might spread on Election Day over Americans’ smartphones.

FBI investigating robocalls urging people to 'stay home' on Election Day (Reuters) The FBI is looking into a spate of mysterious robocalls urging people to stay home on Election Day as the nation remains on high alert to ensure voting is not compromised, a Department of Homeland Security official said Tuesday.

Robocalls urging voters to skip Election Day are subject of FBI investigation, DHS official says (CyberScoop) The FBI is investigating apparent voter suppression robocalls across the nation, a senior Department of Homeland Security official said Tuesday. An estimated 10 million calls have gone out urging people to “stay safe and stay home.”

Pennsylvania National Guard cyber branch supports 2020 election (DVIDS) Approximately 10 members of the Pennsylvania National Guard provided routine cybersecurity support to state and local partners to help ensure the integrity of the Nov. 3 general election.

Florida Invests in Security Controls Ahead of #Election2020 (Infosecurity Magazine) Florida invests in cyber-controls after 2016 hacking efforts

Cybersecurity specialist Robert Herjavec says he's confident U.S. can safeguard voting from hackers (CNBC) "People are ready. I'm confident that Americans can trust the votes they see," cybersecurity expert Robert Herjavec told CNBC.