At a glance.
- International partnerships as a key to cyber deterrence.
- US agencies demonstrate solidarity at RSA.
- The FBI conducted fewer warrantless searches in 2022.
International partnerships as a key to cyber deterrence.
The Record reports that cyber deterrence was at top of mind for US officials attending last week’s RSA Conference. US Ambassador at Large for Cyberspace & Digital Policy Nathaniel Fick said some state-sponsored threat actors are taking advantage of the ongoing debate among NATO members over whether cyberattacks trigger Article 5 – the NATO principle that an attack on any one member would warrant a military response from them all. Fick said NATO’s adversaries “seek to do things to us using digital means that they would never do to us using kinetic means because of the clarity of the response policies.” While most members agree that a single cyberattack should not be enough to trigger Article 5, some feel that several attacks from one state could warrant a NATO response. Nathalie Jaarsma, the Netherlands’ ambassador at-large for security policy and cyber, stated, “It’s really a case-by-case situation and about the impact. [We need] to have internal discussions about what we do see as the thresholds for our potential range.” Fick noted that some attacks, like Iran’s alleged ransomware attack on Albania last year, fall into a gray area, and some NATO members felt the incident warranted a more aggressive deterrence response than the financial support Albania received. Fick said, “I think the implicit assumption is that we need to extend the full power of deterrence into the digital world, using not only cyber means but every ounce of economic, informational and diplomatic means necessary.”
Remaining on the topic of international partnerships, Eric Goldstein, executive assistant director for Cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA), spoke about the importance of international collaboration in US Cyber Command’s Cyber National Mission Force’s (CNMF) efforts to hold cybercriminals responsible for attacks. Goldstein stated, “As our nation’s cyber defense agency, CISA recognizes that we must leverage all tools and capabilities to increase costs against our adversaries. Our work with CNMF enables us to not only more effectively defend our nation’s critical infrastructure from cyberattacks but also clearly demonstrate to our adversaries that there is a price to pay if you decide to attack American infrastructure,” As ClearanceJobs explains, the US Cyber National Command Force has conducted forty-seven operations in twenty countries to help support these nations’ cyberdefenses. These “hunt forward” operations serve as a way to strengthen global cybersecurity partnerships and prevent threats from reaching the US. “Building capacity overseas helps us deal with the problem at its source,” said Adam Isles, principal and head of the cybersecurity practice at the Chertoff Group.
US agencies demonstrate solidarity at RSA.
In continued coverage of the RSA Conference, Axios notes that the Biden administration, despite reports of internal disagreement and the recent exit of the country’s first-ever national cyber director, presented more clarity than ever regarding interagency cybersecurity collaboration. Since Biden took office in 2020, his administration has created a slew of cyber offices which at first led to confusion among officials regarding the responsibilities of the various agencies. But at the conference, there were no signs of discord. Acting national cyber director Kemba Walden responded to rumors that she and National Security Council deputy national security adviser Anne Neuberger have been butting heads. "We're two grownups working in the White House on the same issue, and there's plenty to go around…I'm just grateful that we have smart leaders that are thinking about this thoughtfully and who are passionate." Also at the conference, CISA officials confirmed their role as the intermediary between private companies and the US government on cybersecurity matters, and Nathaniel Fick emphasized his position as a link between US entities and international allies.
The FBI conducted fewer warrantless searches in 2022.
An annual report from the US Office of the Director of National Intelligence shows that last year the Federal Bureau of Investigation conducted only about 120,000 warrantless searches of American citizen data, a steep drop from previous numbers, which were upwards of three million. When asked about the decrease, a senior FBI official said, “It’s because of the remedial measures that were put in place beginning in the summer of 2021. The most critical measure was the change in the FBI system to an affirmative opt-in.” The declining numbers are also due to advances in technology and changes in the way foreign spies communicate, and the numbers in 2021 were especially high due to the investigation of an unidentified Russian hacking campaign. As the Wall Street Journal notes, the report should be of much interest in the ongoing debate over whether Section 702 of the Foreign Intelligence Surveillance Act should be renewed, giving the National Security Agency the authority to continue to conduct warrantless searches of communications of foreigners living abroad. Despite the shrinking search numbers, some privacy advocates say they’re still too high. When asked if the new numbers were better than previous reports, Elizabeth Goitein, senior director of the Brennan Center for Justice's liberty and national security program, said “better” is merely a matter of relativity. Goitein told the Washington Post, “When you ask the question, you get a sense of how warped the universe we're in is — that somehow 200,000 warrantless searches a year are an acceptable number,” citing one calculation that said there were about 200,000 searches. “We're talking about surveillance on just a huge scale when you're talking about 200,000 warrantless searches.”