TYB
Five myths about cyberwar
It’s not all about crashing power grids and airplanes.
The U.S. indictment of four Chinese hackers in the massive Equifax breach, The Washington Post’s recent revelations about CIA encryption back doors, President Trump’s desire to rewrite the Russiagate findings and swirling worries about Huawei’s cybersecurity have all put cyberwar back into the national lexicon. It’s a topic fueled by decades of dramatic movies, blue-ribbon commissions and academic theorizing, to say nothing of the devastating cyberattacks that have occurred. But as recent events show, many long-held ideas about cyberwars aren’t always borne out.
Myth No. 1
Cyberwar is overhyped and impossible.
One of the most common myths in cybersecurity is that destructive hacking is a wildly overblown threat, or nearly impossible, or incapable of shaping geopolitical conflicts. The cybersecurity expert Bruce Schneier, for example, has argued that we should eschew the vocabulary of statecraft for “the more measured language of cybercrime” when talking about such attacks. Others love to point out that squirrels cause more blackouts than hackers, suggesting, as the Guardian put it, that “cyberwarfare remains a slightly overblown fear.”
But while some may overstate the risks, careful investigation shows that cyberattacks can be very damaging and are only becoming more so. The Rubicon of cyberattack-caused blackouts was crossed in 2015 and 2016 when Russian hackers turned off the power in parts of Ukraine, with both incidents showcasing code that could do still more extensive harm in future operations. NotPetya, another Russian cyberattack, ricocheted around the world in June 2017, bringing major corporations like Maersk to their knees and causing more than $10 billion in damage.
The list of harmful cyberattacks waged for geopolitical reasons goes on and on, from the Stuxnet operation that helped the United States and Israel slow the Iranian nuclear program to North Korea’s attack on Sony Pictures in retaliation for the movie “The Interview,” which damaged 70 percent of Sony’s computing infrastructure, according to one estimate. The majority of major destructive cyberattacks have taken place in the past few years, and with many militaries — led by the United States — racing to develop and integrate their own offensive hacking tools, the trend of geopolitical aggression seems set to grow.
Myth No. 2
Cyberwar is about big hacks that crash power grids and airplanes.
Even as some question the very feasibility of cyberwarfare, others insist that it will lead to spectacular catastrophes, an idea that has been around almost as long as the concept of cyberwar itself, with movies like “WarGames” depicting hackers taking the planet to the brink of nuclear conflict. In his book “Cyber War,” former State Department official Richard Clarke depicts a nationwide emergency in which refineries catch fire, classified networks go down, planes plummet from the sky, the financial system dissolves, 157 cities plunge into darkness and thousands of Americans die. Because of scenarios like these, terms like “Cyber Pearl Harbor” and “Cyber 9/11” have been widely used by lawmakers such as then-Sen. Joe Lieberman and top government officials such as then-Defense Secretary Leon Panetta.
In reality, looking for theatrical cyberattacks means missing the ones that matter most. Cyber-engagements between nations are daily competitions in which the United States, Russia, China and others continually struggle for advantage. Much more often than not, they take the form of espionage or information operations. Consider, for example, the extensive Chinese economic and military espionage campaign that has hit thousands of American firms and government agencies, prompting the Defense Science Board to warn that more than two dozen U.S. weapons systems have been compromised. Or take Russia’s activities in 2016, hacks that did not do physical damage to a single computer yet injected themselves into the core of the American political debate.
(Abridged . . . )
Myth No. 3
Cyberspace is borderless, with no geography.
…
Myth No. 4
The purpose of cyberattacks is readily apparent.
…
Myth No. 5
It's impossible to know who conducted a cyberattack.
…
https://www.washingtonpost.com/outlook/five-myths/five-myths-about-cyberwar/2020/02/20/54d89458-5289-11ea-b119-4faabac6674f_story.html
https://archive.is/pS9sD
Q&A: CIA’s Juliane Gallina Drives Innovation at Langley
The spy agency’s CIO brings a wealth of public and private sector experience to keep tech for spies current.
In April 2019, Juliane Gallina stepped into the role of CIO at the CIA, the nation’s premier intelligence agency. Gallina served for 21 years in the Navy, held a variety of positions at the National Reconnaissance Office, and was most recently a partner and vice president at IBM U.S. Federal.
Her blended public/private sector background provides a solid foundation for an agency that has been using more commercial technology to achieve its mission.
In a recent interview at CIA headquarters, Gallina spoke with FedTech Senior Editor Phil Goldstein about her experience, the use of AI in the intelligence community and the agency’s unique “franchise” model for IT innovation.
(Cont.)
https://fedtechmagazine.com/article/2020/02/qa-cias-juliane-gallina-drives-innovation-langley
https://archive.ph/MmJmO
Accused CIA leaker Joshua Schulte’s lawyers say prosecutors withheld evidence
One side is accused of leaks — the other of being too tight-lipped.
Lawyers for accused CIA leaker Joshua Schulte say prosecutors withheld crucial evidence there could be a second suspect in the infamous WikiLeaks case — and they want a federal judge to declare a mistrial because of it, court filings show.
Prosecutors failed to turn over “bombshell” documents related to one of their key witnesses, a CIA staffer known as “Michael,” who was placed on administrative leave over suspicions he was involved with the “Vault 7 and Vault 8” dumps that Schulte is accused of, which became the largest loss of top secret data the spy agency has ever endured, his lawyers wrote in the Wednesday filing.
The evening before “Michael” was set to testify in the trial on Feb. 11, prosecutors told Schulte’s lawyers for the first time about the staffer “being a security risk,” telling them he lost his badge back in August after CIA staff found he might be withholding information about the leak, the filing shows.
“Michael” had also failed two polygraph tests about the theft and showed a general “lack of concern” about the CIA’s devastating loss, the “bombshell” documents show, according to the filing.
“This information and any related documents should have been disclosed to the defense pursuant to Brady v. Maryland Fed. R. Crim. P. 16 promptly in August 2019 — not in the middle of Michael’s cross-examination six months later,” Schulte’s lawyers railed in the filing.
The court granted the defense’s request to suspend testimony from “Michael” indefinitely and then reprimanded the government for failing to turn over the information in August when the information came to light.
“The basis [for suspending the examination] is the late production of this information. I believe it should have been turned over at or about the time that the decision was made,” Judge Paul Crotty told prosecutors on his reason to suspend the testimony.
“I think it was not accurate and not correct for you to withhold that information until the witness took the stand.”
Schulte’s lawyers said this “misconduct” has “severely prejudiced the defense.”
“If the withheld information had been timely disclosed, it would have materially affected every aspect of the trial preparation and defense, including counsel’s overall strategy. The improperly withheld information would have substantially strengthened the defense’s ability to cross-examine the government’s witnesses, and buttressed the defense’s argument that someone other than Mr. Schulte copied and disclosed the Vault 7 and Vault 8 information,” Schulte’s lawyers argued.
“At this point in the trial, this prejudice cannot be remedied merely by granting a continuance, striking or reopening testimony, or issuing curative instructions. A mistrial is necessary.”
The lawyers also argued prosecutors didn’t let them review “mirror images of the CIA Servers” because they were purportedly too sensitive even for the attorneys, but then allowed the government’s computer expert “unfettered access” to the data, the filing shows.
Prosecutors declined to comment.
https://nypost.com/2020/02/20/accused-cia-leaker-joshua-schultes-lawyers-say-prosecutors-withheld-evidence/
‘Ghost ship’ washes ashore in Ireland without a crew
Ghost ships are typically little more than fare for horror movies and video games these days, but every once in a while a real, actual ghost ship washes up. That’s what just happened in the village of Ballycotton in Ireland, where the MV Alta, a 250-foot cargo ship, slammed into the rocky shore after over a year drifting crewless at sea.
The ship is completely abandoned, making for a spooky scene as it sits grounded near the shore. But how does a vessel like this meet such a fate? It’s a wild, twisting story, so kick back and take it all in.
As the Guardian reports, the ship first experienced issues in late 2018. Disabled and unable to push on, the ship was abandoned and its crew was rescued by the US Coast Guard. The owners planned to tow it to a port for service, but it was actually hijacked along the way.
It disappeared for several months and was only rediscovered in mid-2019 when the Royal Navy came upon it with no crew aboard. In the time since that last spotting, the ship is thought to have drifted up from Africa, around Spain, and has now found itself grounded on the shores of Ireland. Now it’s up to local officials to decide what to do with the ship while preventing any environmental damage.
“Cork County Council, which has responsibility for land based oil pollution risk, is continuing to monitor this ship in relation to any possible oil spillage or risk arising from cargo,” the Cork County Council said in a statement. “The Council understands that the vessel was most likely diesel fuelled which poses less risk of pollution than heavy fuel oil. The exact risk level cannot be confirmed at this time. The ship will be inspected tomorrow in day light and from a land vantage point in order to [assess] this further.”
https://nypost.com/2020/02/19/ghost-ship-washes-ashore-in-ireland-without-a-crew/
>http://www.loc.gov/law/foreign-news/article/china-vaccine-law-passed/
China: Vaccine Law Passed
(Aug. 27, 2019) On June 29, 2019, the National People’s Congress Standing Committee of the People’s Republic of China (PRC or China) adopted the PRC Law on Vaccine Administration (Vaccine Law). The official Xinhua news agency states that the Law provides for the “strictest” vaccine management with tough penalties in order to ensure the country’s vaccine safety.
Before the passage of this 100-article Law, provisions governing vaccines were contained in the PRC Drug Administration Law, PRC Law on the Prevention and Treatment of Infectious Diseases, and a few relevant administrative regulations and rules.
The new Law provides for regulatory requirements for researching, producing, distributing, and using vaccines. Such requirements, according to one legal commentator, are much more stringent than those for other drugs (art. 2). It also contains a chapter specifying penalties for violating the Vaccine Law, which are also stricter than those for violating other drug laws (ch. 10). According to the Law, if any violation of this Law constitutes a crime, a “heavier punishment” within the range of punishments provided by the Criminal Law on the relevant crimes is to be imposed (art. 79).
The Law mandates the launching of a national vaccine electronic tracking platform that integrates tracking information throughout the whole process of vaccine production, distribution, and use to ensure all vaccine products can be tracked and verified (art. 10).
According to the Law, China is to implement a state immunization program, and residents living within the territory of China are legally obligated to be vaccinated with immunization program vaccines, which are provided by the government free of charge. Local governments and parents or other guardians of children must ensure that children be vaccinated with the immunization program vaccines (art. 6).
The Law establishes a compensation system for abnormal reactions to vaccination. A recipient of an immunization program vaccine who dies or suffers significant disability or organ and tissue damage is to be paid from the vaccination funds of the provincial level government if the damage falls within the scope of abnormal reactions associated with a vaccine or cannot be prevented (art. 56).
The Law will take effect on December 1, 2019 (art. 100).