Sunday, December 30, 2018

America crashing - Part 2

In the past three days, Huge electrical explosions in New York and Louisiana, emergency 911 system outages in 37 states, and ...
A suspected malware computer virus from outside the United States prevented the Los Angeles Times from publishing many of its Saturday print editions, in an attack that similarly crippled other newspapers across the country, the Times said.

The newspaper reported in its online edition at 4:55 p.m. that the cyberattack “appears to have originated from outside the United States.”

[...]

The San Diego Union-Tribune was unable to make Saturday delivery of its print addition, and the Southern California editions of the Wall Street Journal and The New York Times were affected as well.

[...]

In an update Saturday afternoon, the paper said that all publications within The Times’ former parent company, Tribune Publishing, had problems with print production Saturday. Tribune Publishing sold The Times and the San Diego Union-Tribune to Los Angeles biotech billionaire Dr. Patrick Soon-Shiong in June, but the companies continue to share various systems, including software.

The LA Times said that readers could access the Saturday edition online via the digital edition.

  CBS
Are we crashing due to degrading infrastructure, or are we being crashed via cyber attacks?
May 15, 2018

The White House eliminated the position of cybersecurity coordinator on the National Security Council on Tuesday, doing away with a post central to developing policy to defend against increasingly sophisticated digital attacks and the use of offensive cyber weapons.

A memorandum circulated by an aide to the new national security adviser, John R. Bolton, said the post was no longer considered necessary because lower-level officials had already made cybersecurity issues a “core function” of the president’s national security team.

Cybersecurity experts and members of Congress said they were mystified by the move, though some suggested Mr. Bolton did not want any competitive power centers emerging inside the national security apparatus.

[...]

Trump began his administration with two respected veterans of cyber policy. He appointed Thomas P. Bossert, a lawyer in the administration of President George W. Bush, as the homeland security adviser.

The cybersecurity coordinator who reported to him, Rob Joyce, had run the Tailored Access Operations unit of the N.S.A. — the unit that, until it was reorganized and renamed, was responsible for breaking into foreign computer systems as part of United States covert operations.

Mr. Bossert and Mr. Joyce said Russia and North Korea were the culprits in major cyberattacks over the last year.

[...]

Mr. Bossert was forced out on Mr. Bolton’s second day on the job, and Mr. Joyce returned to the N.S.A. on Friday.

[...]

The elimination of the cybersecurity role is likely to increase concern that the Trump administration is short-handed and unprepared to deal with increasing cybersecurity threats.

[...]

Security experts are also worried that hackers operating out of Iran or Russia could renew their efforts to penetrate computer systems in the United States, including machines that operate critical infrastructure like the electric power grid.

[...]

Joshua Steinman, who had little cybersecurity policy experience before joining the N.S.C., will assume responsibility for offensive policy, including responses to cyberthreats from foreign adversaries. The defensive and homeland security responsibilities will fall to Grant Schneider, who already serves in a dual role as acting United States chief information security officer and senior director for cybersecurity at the N.S.C.

  NYT
President Donald J. Trump is committed to protecting the cybersecurity of our Nation, and has made it clear that this Administration will do what it takes to make America cyber secure.

Since the beginning of President Trump’s Administration, he has taken action to protect the American people in cyber space. Building on these strong efforts, today, the President signed the National Cyber Strategy—the first fully articulated cyber strategy for the United States since 2003.

The National Cyber Strategy identifies decisive priority actions to protect the American people.

[...]

This Administration will not treat cyberspace as a separate arena. Instead, we are integrating cyber into all elements of national power.

[...]

We will manage cybersecurity risks to increase the security and resilience of the Nation’s information and information systems. We will do this by taking specific steps to secure Federal networks and information, secure critical infrastructure, combat cybercrime, and improve incident reporting.

[...]

We will preserve America’s influence in the technological ecosystem and pursue development of cyberspace as an open engine of economic growth, innovation, and efficiency. To do this, we will support a vibrant and resilient digital economy, foster and protect American ingenuity, and develop a superior cybersecurity workforce.

  Whitehoues.gov
All this without a cybersecurity coordinator.
We will identify, counter, disrupt, degrade, and deter behavior in cyberspace that is destabilizing and contrary to our national interests, while preserving America’s overmatch in and through cyberspace.
It seems pretty obvious we're failing on this one.
To achieve this, we will do our part to enhance cyber stability through norms of responsible state behavior, attribution of unacceptable behavior in cyberspace, and the imposition of costs on malicious cyber actors.
Russia, if you're listening.
We have a lot of work to do, and there is no time to waste. We will Make America Cyber Secure.
Better pick up the speed.

Here's the entire strategy paper.

No comments: