Increased cooperation between government cybersecurity officials and independent hacker communities can lead to streamlined and higher quality legislation for technology security measures, according to cybersecurity expert.

“We are seeing a change from a completely adversarial relationship between the government and the hacker community and it’s starting to thaw a bit where there is a lot more cooperation now. It hasn’t completely thawed, but it’s getting there,” said Cris Thomas, a strategist at Tenable Network Security.

“Now we have groups like [the Department of] Commerce…the [Federal Trade Commission] and the [Department of Defense] who are trying to bridge that gap and trying to access that knowledge and expertise to say ‘hey come help us out,’” he added.

Russian intelligence hacked the Democratic National Committee’s network, says Atlantic Council’s Dmitri Alperovitch

Russian intelligence services hacked the Democratic National Committee’s computer network and accessed opposition research on Donald Trump, according to the Atlantic Council’s Dmitri Alperovitch.

Two Russian groups—codenamed FancyBear and CozyBear—have been identified as spearheading the DNC breach.

“We have a very high-level of confidence that these are Russian intelligence services—both of them. We have a medium-level of confidence that FancyBear is GRU,” said Alperovitch, a senior fellow with the Council’s Cyber Statecraft Initiative, referring to Russia’s military intelligence agency. 

Alperovitch is chief technology officer at CrowdStrike, the cybersecurity firm that investigated the DNC breach. Senior DNC officials noticed suspicious network activity in April and called in CrowdStrike to identify the culprits and bolster the committee’s cyber defense.
There are “no certain links” between foreign nation states and the hackers who breached the Democratic National Committee’s computer network and accessed opposition research on Republican presidential candidate Donald Trump, according to an Atlantic Council cybersecurity expert.

“It’s possible that multiple groups independently initiated their own intrusion of the DNC network, for entirely separate reasons—that would not be uncommon,” Beau Woods, deputy director of the Council’s Cyber Statecraft Initiative, said in an interview with the New Atlanticist on June 14.

“Not all such attacks are state sponsored—it’s not hard to imagine many motivations for someone wanting to get access to the DNC network,” he added.

Cyber 9/12 contest participants present policy options to contain crisis

A cyberattack has brought nuclear-armed rivals India and Pakistan to the brink of war. An unknown adversary has hacked into a US defense contractor’s computer systems, stolen highly sensitive data, and potentially taken over Global Positioning System satellites. Fighter jets and military radios, along with commercial airlines and mobile phones, are all at risk.

As tensions escalate, non-state actors falsely claim responsibility for the cyberattack. Meanwhile, India and Pakistan inch toward full-scale war as a Pakistani missile shoots down an Indian commercial airliner that has mistakenly strayed into the airspace over the contested Kashmir region.

This was the fictional scenario laid out in a simulation at the fourth annual Cyber 9/12 Student Challenge held at American University on March 11-12. Who carried out the data breach? Were civilian GPS systems affected? Did Pakistan purposely fire the missile? These were among the many questions with which the participants from universities across the United States grappled.
The Food and Drug Administration has begun a push for good-faith hacking in order to anticipate and address cyber security issues, particularly in the realm of medical devices, according to a senior official in the agency. It is also trying to create incentives for manufacturers to take cyber security more seriously.

“This has been very much a journey, very much an evolving process,” said Susanne Schwartz, Associate Director for Science and Strategic Partnerships at the FDA.

The main challenge is one of cultural disconnect between the medical device and hacker communities, agreed Schwartz and Mara Tam, Director of Government Affairs at HackerOne, a cyber security firm.

ISIS intent on expanding online abilities to conduct cyber attacks, says US official

Extremist groups are using social media to “crowdsource” terrorism and are intent on developing the ability to conduct crippling cyber attacks on their enemies, a senior Justice Department official said at the Atlantic Council on Nov. 10.

“[Terrorist groups] have the intent [to conduct cyber attacks], and if they develop the capability they are going to use it… and they are not going to be deterrable,” said John P. Carlin, Assistant Attorney General for National Security at the US Department of Justice.

“If we don’t work to disrupt their ability to have that capability it is going to be a matter of time before they get the capability,” he added.
Data insecurity and the buildup of offensive cyber capabilities  are among the gravest threats to global economic prosperity in the modern era, according to a report by the Atlantic Council, in collaboration with Zurich Insurance Group and the University of Denver’s Frederick S. Pardee Center for International Futures.

The key message is that ICT drives global growth, but it doesn’t come for free.

World had similar feeling of being violated after Snowden’s revelations, says Atlantic Council’s Jason Healey

When the news broke earlier this summer that hackers had breached the Office of Personnel Management (OPM) and accessed the records of more than twenty million current and former federal employees, it prompted calls to punish China, which was believed to have orchestrated the cyber attacks.  

But what Chinese hackers allegedly did [China denies any involvement in the OPM hack and the US government has not officially blamed China for the attack] is no different from what spy agencies around the world, including in the United States, do all the time.

“That feeling that you are violated right now, that’s how everyone else feels after Snowden,” said Jason Healey, Nonresident Senior Fellow in the Brent Scowcroft Center on International Security’s Cyber Statecraft Initiative at the Atlantic Council.
If the Chinese government is in fact behind the cyber attack on the Office of Personnel Management (OPM) it would be a “disaster” in terms of counterespionage, says the Atlantic Council’s Jason Healey.

The kind of information that OPM has is a goldmine for intelligence agencies,” Healey, a Nonresident Senior Fellow in the Atlantic Council’s Cyber Statecraft Initiative, said in an interview.

“For senior government officials, this is particularly worrying on the counterterrorism side,” he said, adding that hackers could use the information they glean from their attack to pinpoint targets at top levels of the US government.

Cyber attack on Iran served as an ‘awakening’ for Tehran

Iran has vastly ramped up its cyber capabilities transforming itself from a “Tier 3” country to one that poses a significant global threat in the years following a massive cyber attack on its nuclear facilities, panelists said at the Atlantic Council April 8.

“Iran is definitely not a Tier 3 country any more,” said Andretta Towner, Senior Intelligence Analyst at CrowdStrike, a provider of security technology.