Policy Briefing, 1.8.20

More Signal. Less Noise.

MVISION Insights: Move Beyond Intelligence to Insights that Empower You to Change Your Environment.

Harnessing the power of one billion threat sensors worldwide, McAfee designs security fueled by Insights. MVISION Insights enables you to move beyond intelligence and empowers you to change your environment. Identify with Machine Learning. Defend and correct with Deep Learning. Anticipate with Artificial Intelligence. Move your security out of reactive mode to a proactive posture. McAfee, the device-to-cloud cybersecurity company. Go to McAfee.com/insights to learn more.

V2 | Issue 5 | 1.8.20

The CyberWire Pro Policy Briefing for 1.8.20

Summary

By the CyberWire staff

As expected by the Pentagon, US President Trump has backed off from his promise to hit Iranian cultural sites should Iran attack the US in response to the battlefield death of General Soleimani, the Washington Post reports. In a late morning press conference, he had harsh words for General Soleimani, whom the President denounced as a terror master responsible for widespread suffering, and he promised that the US could, and would, deal with other terror masters in the same fashion. He also urged alliance solidarity in confronting Iran in the Middle East, but extended Tehran an offer of negotiation and an invitation to rejoin "the civilized world" in friendship. Iran, for its part, after a limited volley of missile strikes against two US air bases in Iraq last night, also seemed disinclined, Foreign Policy reports, to pursue further retaliation, and Washington seems to be of a like mind.

Senators received a classified briefing today on the Iranian threat, particularly the Iranian cyber threat, the Hill says. But in any case, cyberspace has remained quieter than expected, with the only reported incidents so far being confined to low-grade website vandalism of state government sites in Texas and Alabama, Vice reports, but these, like the weekend incident involving a Government Printing Office site, are generally regarded as low-grade operations by sympathizers as opposed to attacks organized and controlled from Tehran. And as CNBC puts it, this sort of vandalism is “meaningless.” The US remains on alert for major Iranian attacks, especially against industrial control systems, but so far none have materialized.

The Cyber Solarium Commission offered a preview of the recommendations it's expected to make for US cyber strategy when it reports this March or April. FCW reports that the Commission intends to back formalizing CISA's role as the lead civilian cybersecurity agency. It will also recommend that the military be given the means and authority to recruit more cybersecurity specialists for both offensive and defensive operational capabilities, says Fifth Domain. And CyberScoop reports that among the Solarium's recommendations will be not only enhanced reporting guidelines for the private sector, but also a more prominent role for the insurance industry in setting standards and best practices for civilian cybersecurity. The commissioners also would like to see the recreation of a role for a White House cyber czar to ride herd on Federal efforts in the field.

The US Department of State will be required, by a rider attached to its appropriations, to report its criteria for approving the sale of US cybersecurity tools and services to foreign countries, MSSP Alert notes.

Selected Reading

Iran’s Next Move May Be No Move (Foreign Policy) There are sound reasons and precedents for why Tehran will not rush to retaliate.

Soleimani Was More Valuable in Politics Than in War (Foreign Affairs) The Islamic Republic takes stock of its loss.

Chertoff: Iran May Be ‘Signaling That They Are Ready to Stop’ Escalation with Non-‘Cataclysmic’ Strikes (Homeland Security Today) Former DHS secretary said Iran may have chosen to not strike harder in order to

Trump retreats from threat to attack Iranian cultural sites (Washington Post) President Donald Trump is backing away from his threats to target Iranian cultural sites if Tehran retaliates for the killing of a top Iranian general by the U.S. It is a war crime to target cultural sites

Iran Launches Attack on U.S. Bases in Iraq (Foreign Policy) Hours after the strike, both Washington and Tehran showed signs they wanted to de-escalate.

Britain puts Middle East forces on high alert as US, Iran trade threats (Defense News) “Urgent measures” are being taken to protect British nationals and interests in the wake of the killing of Iranian Revolutionary Guards General Qassim Soleimani in a U.S. drone strike, according to Defence Secretary Ben Wallace.

Netanyahu says anyone attacking Israel will be dealt 'strongest blow' (Reuters) Prime Minister Benjamin Netanyahu said on Wednesday, after an Iranian missile st...

Pakistan will not take sides in US-Iran row (Pakistan observer) Mirza Aslam Beg QASEM Soleimani was the top military leader of Iran, playing active role in the Middle East region, as well as Afghanistan. In fact, he was described as the “single most powerful operative in the Middle East today.” According to American intelligence, Soleimani was planning large scale assaults on American troops and interests …

Controversial Iraqi cleric goes full Monty Python, tries to insult his way into Trump-Iran fight (Military Times) Muqtada al-Sadr, whose militias killed numerous Americans in the Iraq War, ridiculed President Trump as the

Indonesian army wields internet 'news' as a weapon in Papua (Reuters) As Indonesia celebrated its National Heroes' Day last year, official milita...

Senators set for briefing on cyber threats from Iran (TheHill) Senators on the Homeland Security and Governmental Affairs Committee were set to receive a classified briefing Tuesday on threats from Iran, including the possibility of a retaliatory cyberattack in response to the killing of I

Lawmakers: Possible Iranian Cyberattack Highlights Need for Proactive Security - Air Force Magazine (Air Force Magazine) A leading congressional voice on cybersecurity said Jan. 7 the federal government is taking the right steps to prepare for a possible Iranian cyberattack.

Congressional commission mulls new private sector reporting requirements (CyberScoop) The Cyberspace Solarium Commission, a bipartisan group tasked last year with devising a strategy for defending the U.S. against cyberattacks, is almost ready to reveal its proposals to the world. The commission’s final report, expected to be issued in March or April, may include new reporting requirements for the private sector that would incentivize better security practices, the commission’s co-chairs, Sen. Angus King, I-Maine, and Rep. Mike Gallagher, R-Wis., said during a Council on Foreign Relations summit in Washington, D.C. Tuesday. While the final language is unclear, the report is expected to include a sweeping set of proposal ranging from an overhaul of Congressional oversight on cybersecurity issues to an assessment of the Pentagon’s offensive and defensive readiness. Whether there’s broader appetite outside of the 14-member commission to implement the recommendations, however, remains to be seen. One idea the commission has entertained is convincing insurance companies to offer better rates to clients who follow specific guidelines meant …

Cyber Solarium to back CISA as the lead response agency (FCW) Leveling up CISA and CyberCom and streamlining Congressional jurisdiction will be among the recommendations issued in an upcoming report from the Cyberspace Solarium Commission.

Congressional commission wants more cyberwarriors for the military (Fifth Domain) With rising threats, DoD might need to add more cyber teams to keep pace.

United States not prepared for cyberwar with Iran (Yahoo) If Iran decides to commit a retaliatory attack for the assassination of General Soleimani, the US is not prepared for a cyber war.

State Department Must Report Foreign Use of Hacking Tools, Services in New Law (MSSP Alert) A newly passed law will compel the U.S. State Department to report its criteria for sales of U.S. cybersecurity tools and services to foreign countries.

'Shot across the bow': U.S. increases pressure on UK ahead of key Huawei decision (Reuters) The United States is making a final pitch to Britain ahead of a U.K. decision on...

China Plays Powerful Hand As Trump’s ‘Political And Emotional’ Huawei Fight Heats Up (Forbes) A week into 2020 and the U.S. campaign against Huawei is back in full flow—and the stakes have never been higher or more personal for the embattled Chinese giant.

MP Says Austria Unprepared After Cyberattack on Foreign Ministry (BleepingComputer) The Austrian State Department' IT systems were under a 'serious attack' suspected to be carried out by a state-backed threat group according to a joint statement from the Foreign Ministry (BMEIA) and the Ministry of the Interior (BMI).

China's Password Law and What it Means for the Blockchain Industry (AiThority) In this article, we are providing a quick overview of China's Password Law and what it entails for the blockchain ecosystem globally.

Spanberger bill to build 5G strategy gets House vote Wednesday (Augusta Free Press) Legislation introduced by Rep. Abigail Spanberger to protect next-generation U.S. telecom and mobile infrastructure will come up for vote tomorrow.