DHS and White House Cybersecurity Strategies Roughly Rolled Out
While the DHS released its Cybersecurity Strategy last Tuesday, the White House delayed its National Security Council cyber strategy over arguments related to active defense. According to CyberScoop, “[Several] National Security Council staffers are seeking edits that emphasize repercussions if an adversary attacks either the U.S. government or a U.S.-based company in cyberspace.” And while the DHS strategy has been released, some members of Congress have complained that it was delayed multiple times. The Hill summarizes the DHS report as “[hinging] on five ‘pillars’ to limit and address threats to digital systems in the United States. These involve gaining a better understanding of threats and vulnerabilities to critical U.S. assets in cyberspace; reducing ‘systemic vulnerabilities’ in U.S. networks; disrupting cyber crime; limiting the impact of potentially massive cyber incidents; and supporting policy to broadly bolster security of digital systems.”
White House Eliminates Cybersecurity Coordinator Position
Last Tuesday, Politico reported that the White House eliminated the Cybersecurity Coordinator position most recently held by Rob Joyce (who returned to the National Security Agency). Politico said, “According to an email sent to National Security Council staffers Tuesday, the decision is part of an effort to ‘streamline authority’ for the senior directors who lead most NSC teams. ‘The role of cyber coordinator will end,’ Christine Samuelian, an aide to Bolton, wrote in the email to NSC employees, which POLITICO obtained from a former U.S. official.” Efforts exist to keep this role in some form, according to The Week: “[Last] Tuesday, Reps. Jim Langevin (D-R.I.) and Ted Lieu (D-Calif.) introduced legislation to create a new White House National Office for Cyberspace, to be led by a Senate-confirmed presidential appointee who would fill the role that Bolton just cut and also advise federal agencies on cybersecurity tactics and resources and protect federal information technology in the event of an attack.”
Department of Energy Releases Cybersecurity Strategy Centered on Critical Infrastructure
Many cybersecurity experts believe US critical infrastructure is vulnerable to cyberattacks from nation states and other adversaries—and the Department of Energy noted that threat in its new cybersecurity strategy. Quoted in the Washington Examiner, the DOE report says, “The frequency, scale and sophistication of cyber threats have increased, and attacks have become easier to launch. Nation-states, criminals, and terrorists regularly probe energy systems to actively exploit cyber vulnerabilities in order to compromise, disrupt, or destroy energy systems. […] As nation-states and criminals increasingly target energy networks, the federal government must help reduce cyber risks that could trigger a large-scale or prolonged energy disruption.”
Former Intel Researcher Reports on Microprocessor Security Vulnerability
The Spectre vulnerability isn’t going away any time soon as it continues to cause havoc with cybersecurity. Bloomberg reported last week that Eclypsium CEO Yuriy Bulygin, a former researcher for Intel, says that microprocessors can be exploited through Spectre—a vulnerability that emerged in early 2018. According to Bloomberg, “Cloud computing services may be at the greatest risk, Bulygin says, because the glitch could be used to breach protections for keeping companies’ data separate on physical servers. The hackers who access those systems’ firmware can not only move between the databases and steal information but also look through the firmware’s own code to reveal some of the servers’ most heavily defended secrets, including encryption keys and administrative passwords.”
Cybersecurity Reports and Surveys Roundup
We’ve rounded up a few of the best cybersecurity reports and surveys released last week: