US Department of Justice Not Giving Up on Desire to Access Encrypted Devices
A long-standing, unresolved cybersecurity debate at the federal level is encryption. When do privacy rights supersede the need for law enforcement to access encrypted devices as part of an investigation? Should a “backdoor” tool exist to help law enforcement that may compromise cybersecurity standards and privacy? According to The Washington Post, “In a highly anticipated cyber task force report commissioned by Attorney General Jeff Sessions, the DOJ outlines a seven-point plan to tackle what it calls the ‘going dark’ problem posed by the spread of strong encryption. Among them: Considering whether to pursue legislation to give law enforcement a guaranteed way in to encrypted devices and software in criminal investigations. And holding service providers accountable if they do not provide all information in their possession when legally required.”
National Defense Authorization Act (NDAA) Strengthens US Cyber Deterrence
When the Department of Defense outlined a cyberspace “doctrine of restraint” in 2015, it probably did not anticipate today’s cyber warfare landscape with nation states such as Russia, China, North Korea, and Iran relentlessly threatening our critical infrastructure, elections, and economy. In the final version of the National Defense Authorization Act (NDAA), The Hill reports that the “…annual defense policy bill would set new authorities for the Department of Defense to deter and respond to attacks in cyberspace, including establishing the first U.S. policy on cyber warfare. Following House and Senate negotiations, a conference report on the National Defense Authorization Act (NDAA) released Monday says the United States should be able to use every option on the table, including offensive cyber capabilities.”
ODNI’s Tonya Ugoretz Explains How WannaCry Serves as Ideal Example of Public-Private Partnership
When WannaCry emerged last year as a serious global threat, the DHS’s cyber threat intelligence sharing programs between the public and private sectors worked to make DHS aware of this dangerous ransomware. According to CyberScoop, “[Tonya Ugoretz, director of ODNI’s Cyber Threat Intelligence Integration Center (CTIIC)] said that CTIIC learned of information about WannaCry that had been fed to Department of Homeland Security by its private sector partners. The information would play an important role in the attribution to North Korea months later, Ugoretz explained. […] ‘DHS had that [information] by virtue of their private sector relationships, and we asked “Could we share that with the intelligence community? Because we think it could be valuable,” she said. ‘DHS went back to the private sector partner, got their permission, we shared it with the intel community, and it helped give us a sense early on about how the infection did spread.’”
Cybersecurity Reports and Surveys Roundup
We’ve rounded up a few of the best cybersecurity reports and surveys released last week:
Gigamon Acquires Network Security Company ICEBRG
Last Tuesday, Gigamon announced the acquisition of ICEBRG, a Seattle-based security company. According to a press release, “The combination of network traffic visibility from the market-leading Gigamon platform and the next-generation approach that ICEBRG employs for the detection and triage of threats, will allow enterprises to reduce risk and keep pace with the rapidly evolving threat landscape. […] Offered as a SaaS solution, SOC and Incident Response teams can rapidly deploy new security technologies as ‘security applications’ and validate them with a robust data set built over time.”