Post-summitry: good feelings, red lines, Internet sovereignty, and cyber doctrine.

Summary

By the CyberWire staff

At a glance.

Russian media give President Biden good press, post-summit.
A US red line for cyber operations.
Duma votes to restrict US company operations in Russia.
What an adequate cyber doctrine might look like.

TASS is authorized to disclose that Joe is a good Joe...

President Putin perceived President Biden as “professional” and attentive to detail, not mixed up, TASS is authorized to declare, contrary to rumors of senility the Russian media had been happily flacking during the run-up to the summit. “[O]ne should work very attentively with him,” President Putin told an audience. This coverage represents, the Washington Post observes, a striking volte-face with respect to earlier official and semi-official media presentations of Mr. Biden as a doddering threat to global stability. Now he's the leader of one great power working with the leader of another great power. The Atlantic Council offers some cross-cutting quick reaction commentary on what it calls the "staredown" between the two leaders.

…as Joe draws a “red line" in an approach to cyber deterrence...

SecurityWeek discusses President Biden’s critical infrastructure red line, and his call for “responsible countries” to combat native cybercriminals. The red line is drawn specifically around the sixteen officially designated critical infrastructure sectors: chemicals, commercial facilities, communications, critical manufacturing, dams, the Defense Industrial Base, emergency services, energy, financial services, food and agriculture, government facilities, healthcare and public health, information technology, nuclear activities, transportation systems, and water and wastewater systems.

...and, good Joe or not, the Duma voted to require US tech companies to establish offices in Russia.

Reuters reports that the Russian parliament voted yesterday to require US companies to set up offices in Russia or face stiff penalties. The avowed goal is "internet sovereignty;" the deadline is this coming January.

A consideration of what an adequate cyber doctrine might look like.

That's strategic doctrine, not religious doctrine. The American Legion considered the prospects for a cyber defense doctrine, in light of the 200 million ransomware attacks on US targets last year and other recent APT mischief, which amount to “economic warfare” (with China pilfering $200 to $600 billion in US IP annually) and undermine domestic security. The piece argues for treating “state-based” hackers as terrorists, and their host countries as accountable parties, using the following options:

“preemptively cut off hacker armies from cyberspace, destroy their software and hardware, arrest their footsoldiers…and seize their cryptocurrency assets”
“zero-out the off-shore accounts of Putin’s oligarch cronies”
“disable the banks and mobile-phone system in Crimea”
“implant bugs or backdoors in the intellectual property Beijing is stealing”
“disable network pathways used by Chinese nationals to deliver what they harvest”
“create cracks in the Great Firewall of China”

Since the Kremlin and Chinese Communist Party pose more of a threat than traditional terror incubators, however, they should be afforded “face-saving alternatives.” Harvard Law Professor Noah Feldman suggests clearly announcing that “ransomware-piracy could be considered an act of war.”

The American Legion’s draft doctrine would term “[a]ny use of cyberspace to interfere with, disable or attack U.S. critical infrastructure…a hostile act” that “will be met with a retaliatory response in a time, place, manner and domain of America’s choosing.”

Selected Reading

Russian lawmakers vote to force U.S. tech giants to open local offices (Reuters) Russian lawmakers passed legislation on Thursday that would oblige U.S. tech giants to open offices in Russia by January 2022 or face punitive measures, part of a push by Russia to beef up what it calls internet "sovereignty".

Takeaways From Biden-Putin 'Cyber Summit' (Voice of America) Cybersecurity experts have been poring over the transcripts from Wednesday's news conferences in Geneva to determine whether the U.S.-Russia summit will produce real progress in halting a wave of high-profile ransomware attacks.

Biden Sets Red Line for Putin Over Ransomware Attacks (SecurityWeek) US President Joe Biden delivered a stern warning Wednesday to Russian leader Vladimir Putin over ransomware attacks emanating from Russia, saying he was prepared to retaliate against any more cyber assaults on American infrastructure.

FAST THINKING: The Biden-Putin staredown - Atlantic Council (Atlantic Council) Did Biden or Putin come away with any wins? Can US-Russian relations ever be “stable and predictable,” as Biden desires?

Time for a doctrine on cyberspace defense? (The American Legion) As American citizens, businesses and government agencies come under increasingly disruptive attacks in cyberspace, a change in our approach to defending this relatively new domain is long overdue.

Putin praises kind atmosphere of summit talks with US President Biden in Switzerland (TASS) Vladimir Putin believes that they have managed to understand each other and to agree on their positions on key issues

Political Summits Signal International Focus on Ransomware (Wall Street Journal) The U.S. is discussing ransomware with its allies. “This is an issue that has been starving for political attention for a long time,” a former U.S. official said.

CYBERSECURITY: Ransomware is disrupting energy. It might get worse (E&E News) President Biden and Russian President Vladmir Putin engaged in crossfire yesterday over recent cyberattacks that shut down the Colonial pipeline and U.S. transportation infrastructure. But experts say new details about the incidents show how difficult it may be to protect the energy sector.

Lawmakers Urge Private Sector to Do More on Cybersecurity (Wall Street Journal) The private sector in the U.S. must do more to defend against cyberattacks, lawmakers from both major parties stressed Thursday as several senators introduced legislation designed to target hackers.

DoD Leaders Identify Cybersecurity as ‘Vulnerable’ Area for US (MeriTalk) The United States has some of the most significant cyber capabilities in the world, but Department of Defense (DoD) leaders today agreed that cybersecurity is an area where the United States is “vulnerable” and still has “a lot more work to do” when it comes to developing cyber capabilities.

CISA under pressure to put more teeth in cyber requirements following Colonial Pipeline attack (Federal News Network) Lawmakers are questioning whether CISA is involved enough in responding to cyber incidents and overseeing the security of critical infrastructure sectors.

Senate bill proposes requiring cyber incident notification to feds within 24 hours (CyberScoop) Senate Intelligence Chairman Mark Warner is sharing draft bipartisan legislation that would require critical infrastructure owners, cybersecurity incident response firms and federal contractors to report cyber intrusions to the Homeland Security Department within 24 hours.

Draft CISA breach notification bill (Washington Post) To ensure timely Federal Government awareness of cyber intrusions that pose a threat to national security, enable the development of a common operating picture of national-level cyber threats, and to make appropriate, actionable cyber threat information available to the relevant government and private sector entities, as well as the public, and for other purposes.

The Cybersecurity 202: The race is on to make hacked companies more accountable to government. (Washington Post) Lawmakers are taking their first stab at requiring far more companies to tell the government when they’re hacked.

Biden Cyber Plan Leaves Key Agency Underfunded, Lawmakers Say (Bloomberg Law) Cybersecurity emerged as an area of bipartisan concern Thursday as Homeland Security Secretary Alejandro Mayorkas defended the agency’s proposed budget before House lawmakers.

U.S. FCC votes to advance proposed ban on Huawei, ZTE gear (Reuters) The U.S. Federal Communications Commission voted unanimously on Thursday to advance a plan to ban approvals for equipment in U.S. telecommunications networks from Chinese companies deemed national security threats like Huawei (HWT.UL) and ZTE (000063.SZ).

EXCLUSIVE: Top cyber leader warns of ransomware 'scourge,' admits government 'needs to do more' (WYFF) CISA Acting Director Brandon Wales shares his top tips for preventing ransomware.

First White House ‘Cyber Czar’ Is Confirmed By Senate (Forbes) Chris Inglis, a former NSA official, has said the government “[may] need to step in” to regulate cybersecurity of vital industries.

After Russian cyber attack, Freeport looking to fix gaps in its computer network (Press Herald) The town manager said that officials will look into recommendations from an IT support company after a Russian ransomware attack shut down the town's network for about a week.