Moscow cracks down on content. US cyber EO reaches a milestone. Cyber conflict and international law. Hack the Capitol.

Summary

By the CyberWire staff

At a glance.

Russia cracks down on Google, Twitter, Facebook, and TikTok.
President Biden's EO on cyber reaches its first milestone.
Cyber conflict and international law.
Observations from Hack the Capitol.

Russia’s crackdown on Big Tech.

The New York Times has an account of Russia’s clampdown on tech giants like Google, Facebook, Twitter, and TikTok. Mirroring recent moves in India, Myanmar, Turkey, and Belarus, Moscow is requiring platforms to remove ‘illegal’ material and preserve content favorable to the Government, or face service interruptions and fines of up to ten percent of annual revenue. “All of these policies will have the effect of creating a fractured internet, where people have different access to different content,” commented Electronic Frontier Foundation Director Jillian York.

The Kremlin’s crackdown has intensified since January’s pro-Navalny protests. Just this week, the country’s internet controller fined Google roughly $80 thousand, ordered the company to block thousands of additional items, and warned Twitter and Facebook that they have until July to relocate domestic user data in-country.

US Executive Order reaches its first milestone.

The first deadline from the Biden Administration’s cyber Executive Order passed this Wednesday, as FCW reports. The Department of Homeland Security was to deliver recommendations on logging best practices to the Office of Management and Budget, which will in turn consult with the Justice Department, Pentagon, and Director of National Intelligence en route to making the guidelines public.

Some estimates place the cost of updating logging standards in the “millions upon millions of dollars,” but it’s possible funding could be scraped together from current areas of waste. While industry onlookers note that guidelines won’t immediately effect change, cybersecurity experts say standardized logging procedures are critical to prevention, detection, and forensics efforts. Practices currently vary widely across the Federal Government.

Observations on cyberwar, geopolitics, and international law.

An opinion in the Tennessean outlines the steps for analyzing cyberattacks under international laws of armed conflict. The following questions must be addressed:

Did a state power direct, support, or enable the attack?
If so, did the attack cause something in the realm of injury, damage, or disruption meeting the definition of use or threat of force and producing a right of self-defense?
If so, what response makes sense from a political and tactical standpoint?

The author concludes that the Colonial Pipeline attack met the criteria for use of force, given its economic and security impact, but determining the degree to which we should hold foreign powers responsible for providing safe haven is a question for another day.

Turning to the Mid-East, ODA Loop argues that Washington’s tepid support of Israel and interest in wooing Tehran has emboldened Iranian threat actor Agrius to ramp up its cyber assaults on Jerusalem. The author concludes that Governments should recognize “the non-cyber factors” that “preempt cyber strikes.”

A Defense News opinion cautions against the “habit of overreacting” to cyber incidents. Overreactions and “tit-for-tat games” can give away too much about tolerance levels and capabilities, revealing techniques, upskilling enemies, and deflating strategic uncertainty and the element of surprise.

Observations from Hack the Capitol.

With much going on in US cyber policy this week, it's worth taking a look at how some in both Government and the private sector view the threat and regulatory landscape. Here's what we heard during the panel sessions of Hack the Capitol.

Notes.

A note to our readers: Memorial Day observance.

Monday is the Memorial Day holiday in the US, and we won't be publishing. We'll be back, however, on Tuesday, and in the meantime we'll be remembering those who've fallen in the nation's defense.

Selected Reading

Hack the Capitol: views from the panelists (The CyberWire) 2021 Hack the Capitol panelists discussed IT-OT convergence and divergence, legislative solutions, supply chain security, China, Defend Forward, compliance, risk management, the Mideast landscape, the role of the press, and human nature—with frequent reference to Oldsmar, Florida.

How international law applies to the Colonial Pipeline cyberattack| Opinion (The Tennessean) At least as far back as the turn of the century, U.S. national security and defense officials contemplated cyberattacks on our infrastructure.

Another Nobelium Cyberattack - Microsoft On the Issues (Microsoft On the Issues) This week, Microsoft observed cyberattacks by the threat actor Nobelium targeting government agencies, think tanks, consultants and non-governmental organizations. These attacks appear to be a continuation of Nobelium's intelligence gathering efforts.

Suspected APT29 Operation Launches Election Fraud Themed Phishing Campaigns (Volexity) On May 25, 2021, Volexity identified a phishing campaign targeting multiple organizations based in the United States and Europe.

FBI to share compromised passwords with Have I Been Pwned (BleepingComputer) The FBI will soon begin to share compromised passwords with Have I Been Pwned's 'Password Pwned' service that were discovered during law enforcement investigations.

The long-term cost of cyber overreaction (Defense News) A reactive culture triggered by cyberattacks provides significant information to a probing adversary, the author argues.

U.S. Cyber Command Hunts Forward (SIGNAL Magazine) The nation’s cyber force, when called upon, deploys to other nations to protect against nefrarious adversarial behavior in the digital realm.

Recent Iranian Cyber Attacks Show How Geopolitics Drive Cyber Activity (OODA Loop) A recent report has revealed that an Iranian threat actor group dubbed “Agrius” has been operating in Israel since 2020. The group has been linked to cyber espionage activity and has quickly evolved into conducting destructive wiper malware attacks against Israeli targets. What’ more, these attacks have been posing as ransomware attacks in order to mask their true intent. This is not the group’s first foray into executing destructive attacks.

Beijing Is Trolling Biden Over Gaza (Foreign Policy) China’s wolf warrior diplomacy has discovered the Middle East, catching Washington unprepared.

Twitter Calls on Indian Government to Respect Free Speech (New York Times) After the government targeted posts criticizing its response to the coronavirus spread, Twitter said it would push back on what it called “intimidation tactics.”

Government of Canada expands work to address economic-based threats to national security (Yahoo Finance) The Government of Canada is committed to addressing new and emerging threats to national security, including those posing risks to intellectual property intensive businesses, access to innovative technologies and sensitive research, and any other economic-based threats to the safety and prosperity of Canadians.

Shock cuts at Data61 put jobs, research at risk - InnovationAus (InnovationAus) The loss of up to 70 jobs and seven research capabilities at CSIRO's Data61 is a "shock" and particularly concerning in light of the science agency's increased funding and importance to the government's digital agenda, the CSIRO Staff Association says.

Biden, Congress Face Test on Cyber Spending After Colonial Hack (Bloomberg) U.S. spending hasn’t matched rhetoric following major attacks. Recent breaches have exposed glaring holes in cyber defenses.

Tech Liability Shield Has No Place in Trade Deals, Groups Say (Bloomberg) Coalition asks Biden to eschew Section 230 language in accords. Provision in trade deals could limit U.S. policymaker options.

New FCC Rule Could Block Chinese-Made Tech From US Sales (Law360) The Federal Communications Commission will launch a proceeding next month that could result in Chinese-made telecom equipment losing access to domestic markets as part of the agency's efforts to fortify U.S. networks against foreign security threats.

DHS Cyber Order Signals Shift To ‘Mandatory Measures’ (Breaking Defense) Today's pipeline directive is likely just the next in a series of actions to shore up national cybersecurity across the private sector, especially those deemed critical infrastructure. "I know there are a number of discussions on the Hill... of a broader data breach notification," Deputy National Security Advisor Anne Neuberger said today.

U.S. pipeline operators may face fines for unreported cyberattacks (World Oil) Pipeline operators who fail to report cybersecurity attacks to the Department of Homeland Security could face fines of $7,000 a day or more under regulations being released Thursday in response to the ransomware attack that temporarily paralyzed the nation’s biggest fuel pipeline.

TSA cyber security requirements are still not addressing control system-unique issues (Control Global) The new TSA cyber security requirements developed based on the Colonial Pipeline event will require timely identification and notification of cyberattacks.

New TSA security directive is a needed shock to the system (Help Net Security) The TSA announced a Security Directive that will enable the Department to better identify, protect against, and respond to threats.

Coast Guard releases ransomware prevention, recovery and reporting requirements (Work Boat) Among the many threats and vulnerabilities that come to mind when discussing cybersecurity and risk management, one that immediately comes to mind is ransomware. Recent events have highlighted the rap

The Army is nearly tripling electronic warfare personnel (Defense News) To prepare for organizational changes, the Army plans large growth with its electronic warfare force.

An open letter to the new US cyber czar (MENAFN) To: Chris Inglis From: William J Holstein and Stephen M Soble Re: The national cyber security crisis Congratulations on your appointment as America's first national cyber security director. We concur it was a wise choice. Your first step should be to acknowledge the scope of the challenge you face: Cybersecurity must be improved for bot

Industry urges DCSA to accelerate security clearance transformation efforts (Federal News Network) Industry and Congress say the executive branch has made real progress on the security clearance backlog in recent years, but they want to see the Defense Counterintelligence and Security Agency and…

The Cybersecurity 202: DHS nominees say they'll prioritize cybersecurity (Washington Post) Top nominees for President Biden’s Department of Homeland Security vowed to prioritize protecting critical infrastructure after SolarWinds and Colonial Pipeline cyberattacks.

GOP senators oppose Biden intelligence nominee who did legal work for Huawei (CNBC) "You can't work for Huawei and then work for the Director of National Intelligence," said Senator Ben Sasse of Nebraska.

Defense Department gets new cyber adviser (C4ISRNET) The flag officer will oversee policy implementation and personnel matters for cyber issues across the department.