The Stroz Friedberg Cyber Brief

  FEATURED STORY            



President-Elect Donald Trump accepts the U.S. intelligence community's conclusion that Russian hackers interfered with the U.S. presidential election, said his incoming chief of staff Reince Priebus in a Sunday interview. It was reportedly the first acknowledgment from a senior member of Trump’s team that he accepted that Russia directed the hacking and disclosure of Democratic Party emails during the 2016 campaign. The comments came as senior GOP senators John McCain and Lindsey Graham said they were pushing forward with legislation to impose new sanctions on Russia, which would run against Trump’s desire for a rapprochement with the Kremlin.

On Friday, Trump received a briefing from senior intelligence officials who laid out the evidence linking Russia to the series of election season hacks. Hours later, intelligence agencies released a declassified report finding that President Vladimir Putin personally approved cyberattacks aimed at interfering with the election and helping Trump win. However, the report kept classified any technical data that demonstrates Russian culpability, which means its release is unlikely to persuade skeptics that U.S. intelligence agencies have made their case, analysts say. Nor does the report claim that Russian interference was decisive in the election. (Reuters, FT, NYT, WSJ, Guardian, Wired)


Breach Data: Nearly every U.S. state requires companies to disclose when a breach affects their citizens, and most track this data internally. But recently a small group of states--Massachusetts, California, Indiana, and Washington-- have decided to make breach information available to the public. (Wired)

U.S. Grid: The U.S. Energy Department says the electricity system "faces imminent danger" from cyberattacks, which are growing more frequent and sophisticated. Modified or new grid reliability requirements and increased data collection will be needed to address the risks, the Quadrennial Energy Review said. (Bloomberg)


Gov Hacker: A college student, Justin Liverman, pleaded guilty in Virginia federal court to taking part in a hacking ring that harassed a series of senior U.S. Government officials and broke into a personal email account of CIA Director John Brennan. He faces up to five years in prison. (Politico)

Taiwan Company: The U.S. Federal Trade Commission filed a lawsuit against D-Link Corp., accusing the Taiwan-based manufacturer of failing to take reasonable steps to protect its routers and internet-linked security cameras from hackers. The FTC reportedly brought the charges as part of a broader effort to improve security of web-connected devices. (Reuters)


  ON THE HILL                                    

Chinese Investment: An Obama administration advisory panel said that the government must bolster protection of the U.S. semiconductor industry against a Chinese plan to dominate the sector. The report could lead to much tougher restrictions on Chinese investments in the industry. (WSJ)


Cyber Policy: A Center for Strategic and International Studies’ task force issued a report advising the Trump Administration on how to proceed with cybersecurity policy. Among other things, authors say the 45th president should rely more on Washington bureaucrats to secure federal agencies and less on the private sector. (NextGov)

Privacy Rules: Some of the nation's largest Internet providers are asking the government to roll back a landmark set of privacy regulations approved last fall. Analysts say the move is likely the beginning of an effort to dismantle major Internet policies of the Obama years. (WaPo)

  PRIVATE SECTOR                             

Verizon Deal: A senior executive said that the company was unsure about its planned acquisition of Yahoo Inc's internet business. Yahoo came under renewed scrutiny by federal investigators last month after disclosing the largest known data breach in history. (Reuters)


SoftBank Vision Fund: Apple said it plans to invest $1 billion in the Japanese telecom giant’s fund, joining a list of investors that includes Qualcomm and Saudi Arabia’s government. SoftBank Chief Executive Masayoshi Son created the fund to put his company and investors at the forefront of emerging technologies such as artificial intelligence and the Internet of Things. (WSJ)

Anti-Drones: A boom in consumer drone sales has spawned a counter-industry of start-ups aiming to stop drones flying where they shouldn't, by disabling them or knocking them out of the sky. Clients, start-up companies say, range from intelligence agencies to hotels. (Reuters)

  THE WORLD                                     

EU: There was a significant rise in “more and more dangerous” cyberattacks on EU servers in the past year, as anxiety increases about potential Russian meddling in European politics. (FT)


Russia: Authorities required Apple and Google to remove Linkedin from their app stores after a court found the professional networking service ignored local laws that require firms to store data on Russian citizens within the country’s borders. (NYT)

China: Apple removed the New York Times app from its store in China, complying with a government request. Beijing began blocking The Times’s websites in 2012, but it had struggled in recent months to prevent readers from using the Chinese-language app. (NYT)


Cyberwar for Sale: “Hacking Team has fewer than 50 employees, but it has customers all over the world. According to internal documents, its espionage tool, which is called the Remote Control System, or R.C.S., can be licensed for as little as $200,000 a year — well within the budget of a provincial strongman. After it has been surreptitiously installed on a target’s computer or phone, the Remote Control System can invisibly eavesdrop on everything: text messages, emails, phone and Skype calls, location data and so on. Whereas the N.S.A.’s best-known programs grab data in transit from switching rooms and undersea cables, the R.C.S. acquires it at the source, right off a target’s device, before it can be encrypted. It carries out an invisible, digitized equivalent of a Watergate-style break-in,” writes Mattathias Schwartz for the New York Times Magazine.


A Warning About Tallin 2.0: “Despite the benefits of the Tallinn Manual—a proffer of increased certainty for States that international law does apply to cyber activities; a framework that adopts and applies international legal norms; the general utility of a ready reference for government officials, operators, and legal advisers; and the recording of a group of experts’ opinions that can be scrutinized by others in ways that might help to develop long-term legal consensus—the Tallinn Manual presents two dangers that we should hope Tallinn 2.0 avoids,” writes Michael J. Adams on the Lawfare blog.

Bonfire of the Intelligence Vanities: “Mr. Putin respects power, and nothing else. If Mr. Trump wants Russia to respect U.S. interests, he will have to show Mr. Putin that he will pay a price for damaging those interests. This means not covering up nuclear arms-control violations, as Mr. Obama did, and not dismissing or apologizing for Russian cyber attacks, as Mr. Trump has been too close to doing,” write editors of the Wall Street Journal.


Center on National Security
Fordham University School of Law
150 W. 62nd St. 7th Floor
New York, NY 10023 US
Copyright © 2016 Center on National Security, All rights reserved.