We'd like to hear from you.
As a valued subscriber, we would like to better understand your needs and challenges. Complete our 15 minute survey for a chance to win a $100 gift card and to allow us to learn how we can better serve you.
As a valued subscriber, we would like to better understand your needs and challenges. Complete our 15 minute survey for a chance to win a $100 gift card and to allow us to learn how we can better serve you.
The Office of the Director of National Intelligence (ODNI) released a declassified version of the National Intelligence Council’s assessment of Foreign Threats to the 2020 US Federal Elections. The Washington Post has an account of the findings, and Johns Hopkins Professor of Strategic Studies Thomas Rid tweeted some main takeaways:
The assessment also found that Iran undertook an aggressive influence campaign against the Trump Administration using “at least several thousand” social profiles and more than one-thousand posts targeting the pandemic response and “civil unrest,” likely at the behest of the country’s Supreme Leader.
As the Washington Examiner notes, the assessment mentions additional, smaller influence operations conducted by Cuba, Venezuela, Hezbollah, and China against President Trump. The majority view was that China considered joining the fun but ultimately stayed out of the fray, but a minority opinion maintained that “at least some” actions were taken. The report’s submission was held up by internal disagreements over this point.
The ODNI’s Analytic Ombudsman claimed anti-President Trump sentiment led analysts to minimize evidence of Chinese interference, while management engaged in “strong efforts to suppress” dissenting voices. (The Ombudsman’s report also identified perceptions of pro-President Trump pressures at play in intelligence products.) His analysis determined that key definitions were “applied inconsistently” across Chinese and Russian findings. (The Ombudsman’s remit is to find problems. Internal IC dissenting views are highlighted in the report itself.)
About the impact of the various efforts, Rid concludes, “Important to be cautious here. None of this influence activity was strategically significant or effective. Russian activity in 2020 was less impressive than in 2016. And a hard look at the data shows that—highly likely—not even 2016 moved the needle.”
Citing a complementary review from the Departments of Justice and Homeland Security, another Washington Post article affirms that voting infrastructure was secure. The piece recommends ramping up cybersecurity investments, locking arms across the political aisle against foreign influence, and implementing “auditable” ballots to defend the next election.
A Fortune editorial says Washington’s new national cyber director will need support from the President, similar to former President Bush’s wholehearted backing of the first Director of Homeland Security, in addition to assistance from the private sector. One way this industry assistance could manifest would be “a more rigorous set of security standards that, for example, would require the use of physical tokens to insert code and detailed logging at every stage of the build, development, and distribution process.”
We're pleased to share an op-ed from Jan Kallberg, of the US Army Cyber Institute at West Point. He'd like to introduce a note of skeptical caution about the historical metaphors that often inform thinking about cybersecurity policy and strategy. In his essay, he takes up one of them: concern about a "cyber Pearl Harbor." He thinks it's time to retire the metaphor. It's not that a damaging cyberattack couldn't achieve operational surprise, as the 1941 attack on Pearl Harbor did. (Consider, for example, the possibility of exploiting SolarWinds for more than espionage by using it to stage attacks that could have a kinetic effect on critical infrastructure.) Rather, it's that it's important to understand that the adversary has its own challenges to overcome, and any credible adversary will have its own strategic aims as well. And it's also worth remembering that the adversaries have their problems, too.
So it might be worth taking our metaphors seriously. They can be instructive. "Cyber 911" is used almost interchangeably with "cyber Pearl Harbor." Both suggest a bolt from the blue, but the reality of the original, literal events they allude to was more complex. Other metaphors worth thinking through include "cyber is a team sport," and "we need a moonshot for cybersecurity." They all have some point, and they also all warrant some critical scrutiny, lest they prompt naive picture-thinking about cyber policy and strategy.
Russia conducted operations 'denigrating' Biden while Iran schemed to 'undercut' Trump, US intelligence finds (Washington Examiner) Both Russia and Iran attempted to undermine a U.S. presidential candidate in the lead-up to last November’s presidential election, according to the intelligence community.
Intel report finds Russia, Iran tried to influence 2020 election (ABC News) The chief U.S. intelligence office has concluded that Russia and Iran sought to influence the election but China did not.
Russia attempted to influence 2020 election in Trump's favor, intelligence report says (CNET) But foreign actors didn't interfere with the voting process or attack election systems.
Foreign Threats to the 2020 US Federal Elections (Office of the Director of National Intelligence) This document is a declassified version of a classified report that the Intelligence Community provided to the President, senior Executive Branch officials, and Congressional leadership and intelligence oversight committees on 07 January 2021.
Russia Threatens to Block Twitter in a Month (SecurityWeek) Russian authorities threaten to block Twitter, saying that Twitter still wasn’t complying with the demands of the Russian authorities to remove banned content.
A Breakthrough for U.N. Governance of Cyberspace (World Politics Review) A working group within the U.N., comprising all 193 of its member states, just adopted a consensus report on norms for responsible state behavior in cyberspace. While the report itself represents fairly limited progress, in terms of its contents, the consensus is significant in a field wrought with division.
Open-ended working group on developments in the field of information and telecommunications in the context of international security: Final Substantive Report (United Nations General Assembly) Despite the radical transformations the world has experienced since the United Nations was founded 75 years ago, its purpose and timeless ideals retain foundational relevance. Alongside the reaffirmation of their faith in fundamental human rights, and their commitment to promote the economic and social advancement of all peoples and to establish conditions for justice and respect of international law, States resolved to unite their strength to maintain international peace and security.
Japan, U.S. to hold security talks in response to China's coercion (Kyodo News+) Japanese and U.S. foreign and defense ministers are set to closely coordinate on steps to strengthen the bilateral alliance at security talks in Tokyo as China puts forth increasingly coercive measures across the Indo-Pacific region.
America Will Only Win When China’s Regime Fails (Foreign Policy) There are two possible outcomes of U.S.-China competition—but Washington should prepare for the more turbulent one.
How to Craft a Durable China Strategy (Foreign Affairs) Washington Must Reconcile Interdependence and Conflict
Getting the Quad Right Is Biden’s Most Important Job (Foreign Policy) The Quadrilateral Security Dialogue is the best hope for standing up to China.
The UK Is Secretly Testing a Controversial Web Snooping Tool (Wired) The country passed its Investigatory Powers Act in 2016. Now, its building what could be the most powerful data collection system used by any democratic nation.
Bye bye, cyber Pearl Harbor. (The CyberWire) Some caution about historical metaphors that can inform cybersecurity policy and strategy, specifically "cyber Pearl Harbor." Maybe an 8-count, but not a KO.
The Cybersecurity 202: Foreign actors didn't successfully interfere in 2020. Here's how to make sure they don't in 2024 (Washington Post) Russia and Iran did attempt to influence the 2020 U.S. election, but American officials found no evidence that foreign nations prevented voting, changed votes or interrupted vote counting in any way, a pair of intelligence reports released yesterday confirm.
New Strategy Aims To Up DoD, IC Game To Counter Disinformation (Breaking Defense) "Adversary use of disinformation, misinformation and propaganda poses one of today's greatest challenges to the United States, not just to the Department of Defense," said Pentagon official Chris Maier.
How America Can Better Leverage the Private Sector Against Cyber Threats (The National Interest) It is time to build a strategy of shared cyber command and control, one that unleashes the private sector’s resources and innovation as an equal partner in national cyber defense.
Cybersecurity is more critical than Biden's rescue plan (TheHill) The U.S. has taught Russia that, when it comes to Russian cyberattacks, the U.S. is like a dog without teeth — rarely barking, never biting.
WSJ News Exclusive | GAO Calls for Protections to Prevent Retirement Savings From Online Theft (Wall Street Journal) Until the Labor Department takes such steps, participants’ data and assets will remain at risk, the report said.
In a cyberattack disaster, DoD needs backup squad to fix networks, restart critical systems (C4ISRNET) If the worst happens, cyber Guard and Reserve troops could help repair networks, fight intruders and get infrastructure running again. But not without changes.
California Passes New Regulation Banning 'Dark Patterns' Under Landmark Privacy Law (Gizmodo) Banning deceptive advertising tactics is another step towards ensuring that consumers are protected under the CCPA.
New director takes over at Pentagon’s top research office (C4ISRNET) An experienced veteran of DARPA is taking the helm.