Pentagon’s next cyber policy guru predicts more collective responses in cyberspace

State-sponsored cyberattacks against just one victim nation at a time could soon provoke a global response, if a growing number of officials around the world have their way. As the Pentagon has experimented with new authorities allowing U.S. Cyber Command to be more offensive in cyberspace, key officials have suggested there is a groundswell of support for multi-nation countermeasures in the digital age. Thomas Wingfield, the incoming deputy assistant secretary of Defense for cyber policy, told CyberScoop that alliances could be a more successful way to deter hackers and strike back when they infiltrate sensitive networks. “I think that’s a more effective way to solve the problem, and I think that is the general [direction] of international law,” said Wingfield, who is still employed at National Defense University. “But I would also say we’re not there yet and states are in the process of moving international law in that direction.” For months now, the U.S. […]

The post Pentagon’s next cyber policy guru predicts more collective responses in cyberspace appeared first on CyberScoop.

Continue reading Pentagon’s next cyber policy guru predicts more collective responses in cyberspace

The U.N. passed a resolution that gives Russia greater influence over internet norms

A cybercrime-focused resolution backed by Russia was passed Monday in the United Nations in New York, despite calls from the U.S. that the measure would further hamper efforts to root out crime on the internet. The resolution, which passed 88-58 with 34 abstentions, aims to establish a group to examine cybercrime and set up a convention to prevent it. However, human rights groups have argued that the resolution is actually an effort by the Kremlin to expand its model of state-backed internet control. In particular, the resolution calls for a check on the “use of information and communications technologies for criminal purposes.” Which activities it aims to curb exactly is unclear. Thirty-six rights groups argue in a letter that the resolution is so vague that it could lead to the criminalization of ordinary online activities that journalists, human rights groups, and other members of civil society rely on, such as using encrypted chat […]

The post The U.N. passed a resolution that gives Russia greater influence over internet norms appeared first on CyberScoop.

Continue reading The U.N. passed a resolution that gives Russia greater influence over internet norms

Microsoft, Hewlett Foundation preparing to launch nonprofit that calls out cyberattacks

Microsoft and the Hewlett Foundation are preparing to launch a nonprofit organization dedicated to exposing the details of harmful cyberattacks and providing assistance to victims in an effort to highlight their costs, CyberScoop has learned. Known to its organizers as the “Cyber Peace Institute,” the nonprofit is expected to debut in the coming weeks, according to multiple sources who have discussed it with the organizers. The institute aims to investigate and provide analytical information on large-scale attacks against civilian targets, assess the costs of these attacks and give security tools to both individuals and organizations that will help them become more resilient, according to a description of the nonprofit provided during a session at the 2019 B-Sides Las Vegas cybersecurity conference. “We have a shared global responsibility to prevent the Internet from becoming ‘weaponized’ by increasing attacks by criminal groups and state actors alike,” the description reads. “We already have global organizations to tackle […]

The post Microsoft, Hewlett Foundation preparing to launch nonprofit that calls out cyberattacks appeared first on CyberScoop.

Continue reading Microsoft, Hewlett Foundation preparing to launch nonprofit that calls out cyberattacks

U.S. tech giants back French call for global cooperation in cyberspace

A multifaceted framework for lessening aggression in global cyberspace was unveiled by the French government on Monday, drawing support from tech giants and digital rights groups. Announced on the 100-year anniversary of the end of World War I, The Paris Call for Trust and Security in Cyberspace condemns “malicious cyber activities in peacetime,” affirms the applicability of international law to nation-state behavior in cyberspace, and aims to keep private companies from hacking back. The document pledges to strengthen the ability of government and private-sector organizations to combat interference in electoral processes through malicious cyber activities. Like the U.S. 2016 presidential election, France’s 2017 presidential election was reportedly the target of Russian hack-and-leak operations. Previous cyber norms initiatives have been confined to governments or industry, but the Paris Call aims to be the first multi-stakeholder initiative backed by governments, industry, academia, and civil society, according to Klara Jordan, head of the Atlantic […]

The post U.S. tech giants back French call for global cooperation in cyberspace appeared first on Cyberscoop.

Continue reading U.S. tech giants back French call for global cooperation in cyberspace

U.S. looks to restart talks on global cyber norms

Fresh off the release of its national cybersecurity strategy, the Trump administration gauged interest at the United Nations in restarting talks on global cybersecurity norms. The negotiations, which collapsed last year amid reported acrimony among the U.S., Russia and others, aim to set limits on government-backed hacking at a time when offensive operations are abundant. At a meeting Friday with representatives of more than 20 countries, Deputy Secretary of State John J. Sullivan raised the prospect of restarting the norms dialogue at the U.N. Group of Governmental Experts (GGE), according to a State Department statement.  Sullivan told reporters the department hopes to reconvene the GGE “to define norms of behavior that states will abide by and, if they don’t, to impose consequences.” “[N]onbinding norms of responsible behavior during peacetime provides important guidance to states, and we’re looking to develop those,” Sullivan said, echoing language in the administration’s new cyber strategy. Furthermore, he […]

The post U.S. looks to restart talks on global cyber norms appeared first on Cyberscoop.

Continue reading U.S. looks to restart talks on global cyber norms

Top State Department cyber official ‘optimistic’ of deal with Russia, China

The State Department’s top cybersecurity official says he is “optimistic” the United States can strike a deal on norms for government behavior in cyberspace with China and Russia, two of Washington’s biggest adversaries in the domain. Despite myriad grievances with the Russian and Chinese governments over their hacking operations, Robert Strayer said there is ample precedent for a new agreement involving the three cyber powers. “I think that it is possible because we have had three successful processes at the [United Nations] that have established that international law applies to cyberspace just like it does in the real world,” Strayer, a deputy assistant secretary of State, said in an interview. “All of those successful, consensus-based documents required that the U.S., China, and Russia came to agreement on the terms.” Despite that history, the latest round of talks at the UN forum, known as the Group of Governmental Experts, collapsed in […]

The post Top State Department cyber official ‘optimistic’ of deal with Russia, China appeared first on Cyberscoop.

Continue reading Top State Department cyber official ‘optimistic’ of deal with Russia, China

NDAA pushes U.S. Cyber Command to be more aggressive

By the Senate Armed Service Committee’s estimation, the United States has held back in cyberspace. The committee is angling to change that with the latest National Defense Authorization Act, proposing to free up the military on the front lines of cyber conflict, create a new strategic cyber entity and respond to Russian aggressions in-kind. The bill’s authors wrote that lawmakers have long-standing concerns about the lack of an effective U.S. strategy to deter and counter cyber threats. To counter foreign state actors bent on stealing, striking, spying or disrupting in cyberspace, the bill suggests boosting resilience, increasing attribution capabilities, emphasizing defense and enhancing the country’s ability to respond to attacks. “We’re letting episodes define strategy. It should be the other way around, where we clearly articulate our cyber deterrence strategy and rules of engagement,” said Frank Cilluffo, director of George Washington University’s Center for Cyber and Homeland Security. By offering […]

The post NDAA pushes U.S. Cyber Command to be more aggressive appeared first on Cyberscoop.

Continue reading NDAA pushes U.S. Cyber Command to be more aggressive

With White House coordinator gone, DHS official calls for U.S. leadership on cybersecurity

In the wake of the White House’s decision to eliminate its top cybersecurity position, a Department of Homeland Security official has called on the U.S. government to robustly engage on cyber policy issues on the world stage. The Trump administration should have a “strong voice” at internet standards bodies and other global forums, working with allies and non-allies alike, said Jeanette Manfra, assistant secretary for DHS’s Office of Cybersecurity and Communications. “We have to figure out a way to continue to work together to ensure that the stability of the global system is maintained,” Manfra said Tuesday at the Security Through Innovation Summit, presented by McAfee and produced by CyberScoop. Manfra did not mention the recently-nixed White House cybersecurity coordinator in her remarks, but that position has traditionally been key to the United States’ international cybersecurity work. At a February conference in Germany, for example, then-White House cybersecurity coordinator Rob […]

The post With White House coordinator gone, DHS official calls for U.S. leadership on cybersecurity appeared first on Cyberscoop.

Continue reading With White House coordinator gone, DHS official calls for U.S. leadership on cybersecurity

Possible Kaspersky sanctions meet resistance inside U.S. government

A White House plan to sanction Kaspersky Lab has met resistance from senior U.S. government officials who are worried that it could set a dangerous precedent for global behavior on the internet, according to two officials familiar with the matter. The plan to sanction the Moscow-based anti-virus maker has largely been pioneered by the National Security Council, CyberScoop previously reported. A source with knowledge of the effort recently said that Treasury Department head Steve Mnuchin has “OK’d” sanctions against Kaspersky, although several of his advisers are against it. A plan to make the sanctions official has no immediate timetable. The final decision rests with the executive branch; which is home to the NSC. When reached for comment, a spokesperson for the Treasury Department said the agency “does not telegraph sanctions or comment on prospective actions.” The NSC previously declined to comment on possible Kaspersky sanctions. Some in government worry about the impact such sanctions […]

The post Possible Kaspersky sanctions meet resistance inside U.S. government appeared first on Cyberscoop.

Continue reading Possible Kaspersky sanctions meet resistance inside U.S. government

The uphill battle to relaunch State Department’s cybersecurity policy office

Be it through legislation or some internal decree, restoring the State Department’s cybersecurity policy office to a prominent place in the agency can’t come soon enough for advocates of U.S. digital diplomacy. Analysts and former government officials say U.S. leadership in shaping international behavior in cyberspace has stalled at a time when nation-state hacking groups are flexing their muscles. “I worry about a gap that leaves allies wondering and adversaries savoring the chance to take advantage of the perceived lack of U.S. leadership,” Christopher Painter, State’s former cybersecurity coordinator, told CyberScoop. “When you have diminished resources [and] when you have uncertainty, inevitably that causes some loss of momentum.” In the eight months since former Secretary of State Rex Tillerson said he would downgrade the department’s cybersecurity office, the United States has blamed North Korea for the destructive WannaCry ransomware attack, indicted Iranian hackers for terabytes worth of intellectual property theft, and […]

The post The uphill battle to relaunch State Department’s cybersecurity policy office appeared first on Cyberscoop.

Continue reading The uphill battle to relaunch State Department’s cybersecurity policy office