At a glance.
- More an insidious threat than a bolt from the blue?
- The challenge of deterring non-state actors.
- The US Senate looks at app stores.
- The Cyberspace Solarium Commission's annual report card on its recommendations.
A plea to go easy on the Pearl Harbor metaphor.
Quartz wants talking heads to lay off the well-worn notion of “a single, disastrous hack that…immediately creates widespread physical damage and catalyzes a massive mobilization.” Most attacks are quiet and protracted, targeting data and money, and organizations should calibrate their defenses to this reality. US Cybersecurity and Infrastructure Security Agency tips and UK Minimum Cyber Security Standard guidance are helpful in this regard. The resources recommend some simple measures like regular patching, MFA, access inventories, and employee training.
Quartz doesn't say this, but we will. The threat the US Army in Hawaii was prepared for was the quiet, protracted threat of sabotage, which is why all its P-40s were parked in the middle of the airstrips, where it would be easy to spot people creeping up with infernal machines, sugar for the fuel tanks, and so forth. Of course, that's also where they were easiest to destroy by strafing. How far should these metaphors be pushed, when they become analogies?
Combating non-state actors, and the complexities of fighting privateers.
Foreign Affairs applies lessons learned from Washington’s “marginally effective” anti-ISIS cyber campaign to the present cybercrime context. Shaming and sanctions are largely unproductive against non-state actors, while offensive operations, then and now, struggle with intelligence, weapons development, and legal issues. Cybercriminals hide well, often in locations where US authorities are nebulous. Collection and design efforts require months, and a poorly crafted tool can wreak collateral havoc. Historical overemphasis on Pearl Harbor scenarios has left the Government ill-prepared for more slippery non-state threats.
To further post-ISIS advances and successfully counter ransomware gangs, Foreign Affairs argues, the US needs to designate Chinese and Russian gangs as top intelligence targets, strengthen weapons development initiatives, and work with allies to hammer out the legal framework for managing non-state threats.
The Senate goes to the app stores.
The Wall Street Journal says the US Senate’s Open App Markets Act, introduced Wednesday, tackles Google and Apple’s app store dominance. The bill would curb store practices in an effort to enhance competition and buyer safeguards. Search self-preferencing, for example, and restrictions on competitive pricing, would be out of bounds. In response, Apple called its store “an unprecedented engine of economic growth and innovation.” Google has in the past noted Android’s compatibility with alternative stores.
As we’ve seen, Capitol Hill is increasingly interested in Big Tech’s reign over markets like search and social networking. Co-sponsoring Senator Richard Blumenthal (Democrat of Connecticut) observes that “Mobile devices are central to consumers’ economic, social, and civic lives.”
The Cyberspace Solarium Commission takes its annual looks at how its recommendations are doing.
The US Cybersecurity Solarium Commission has issued its 2021 Annual Report on Implementation. The report is broadly encouraging. “Last year we concluded that attaining meaningful security in cyberspace requires action across many coordinated fronts,” the Commission wrote. “We have seen a great deal of progress in implementing the original 82 recommendations from that report, as well as the recommendations we added in white papers along the way.”
Some of the recommendations remain works in progress, notably “Codifying the concept of Systemically Important Critical Infrastructure... and establishing a Joint Collaborative Environment.” These are complex and challenging goals, the Commission says. Others are being addressed in legislation that remains pending in Congress. ”The Cyber Diplomacy Act..., which has yet to pass the Senate, would implement the Commission’s recommendation for a cyber-focused bureau at the State Department.”
And some face significant headwinds, specifically the establishment of permanent Select Committees on Cybersecurity in the House and Senate and the passage of a National Data Security and Privacy Protection Law, “are unlikely to move forward in the near future.” But the Commission says it remains hopeful, and that it intends to ensure that its recommendations “are ready when the time comes.”