The #DataInsecurity Digest | Issue 33

/by

Issue 33 | November 14, 2016

#DataInsecurity Digest: Will Russian hacking undermine results?

By John Breyault (@jammingecono, johnb@nclnet.org)
NCL Vice President of Public Policy, Telecommunications and Fraud

Subscribe here. Tell us what you think.

Editor’s Note: Welcome to this special post-election edition of The #DataInsecurity Digest. Along with pretty much everyone else, we were shocked by Donald Trump’s victory. While it’s only been a few days since the campaign season’s conclusion, we’re starting to get some idea of how data security could shape up in the Trump Administration. We expect cyber defenses will get a top-to-bottom review by the new Administration but, beyond that, it’s anyone’s guess what the Trump White House has in store for data security. What’s clearer is that with Republicans remaining in control of both houses of Congress, many of the GOP priorities with regards to cyber have a good chance of becoming law. In particular, weakening encryption protections is one area likely to get another look, which will raise the ire of many public interest and civil liberties groups. Worryingly, many experts think a Trump Administration will only embolden Russian hackers’ meddling, as post-election spear-phishing attacks on U.S. think tanks make clear.

On a programming note, we will be back to our regularly scheduled bi-weekly digest on Wednesday, November 23.

And now, on to the clips!

—————–

Trump won; What does this mean for data security? @SaraSorcher penned an insightful reflection on what a Trump victory means for #DataInsecurity. On one hand, Trump made encouraging statements on the campaign trail, such as: “To truly make America safe, we truly have to make cybersecurity a major priority” and made promises “to create task forces to respond to digital threats throughout the country.” On the other hand, the Christian Science Monitor notes, “there are also lingering questions about what Trump’s election means for the U.S. quest to forge international norms for cyberspace in the Digital Age. Trump drew outrage from critics when he went so far as to encourage Russia–if its intelligence services had indeed hacked his opponent Hillary Clinton’s email server–to publish the data it might have stolen.” (Source: Christian Science Monitor)

Quick hit: The official Trump cyber agenda is long on reviews, short on specifics. For example, it recommends an “immediate review of all U.S. cyber defenses and vulnerabilities, including critical infrastructure.” DOJ will also be expected to “create Joint Task Forces throughout the U.S. to coordinate Federal, State, and local law enforcement responses to cyber threats.” (Source: DonaldJTrump.com

Will David Clarke be the new DHS Secretary? The Department of Homeland Security (DHS) plays a leading role in defending the nation’s critical infrastructure from cyber threats. That’s one reason Politico raised a few eyebrows this week when it suggested the possibility of David Clarke, the firebrand sheriff of Milwaukee County and Black Lives Matter detractor as the leading candidate for DHS Secretary. @BuzzFeed is also reporting that Governor Chris Christie is on the short list for the position. (Source: Politico and Buzzfeed)

On the Hill, tech leaders will remain largely the same. With the Senate remaining in Republican hands, there’s not much turnover expected on the leadership of committees with a hand in data security. @morningconsult reports that “Sen. John Thune (R-SD) will remain at the helm of the Senate Commerce Committee…The House Judiciary Committee will continue to be chaired by Rep. Bob Goodlatte (R-VA)” and “Sen. Chuck Grassley (R-IA) will continue to chair the Senate Judiciary Committee.” The only area of uncertainty is who will lead the House Energy and Commerce Committee, as  Reps. John Shimkus (R-IL), Greg Walden (R-OR), and former Chairman Joe Barton (R-TX) are each said to be eyeing the position. (Source: Morning Consult)

Russian political hacking doesn’t end with the election. The Russian hacking outfit variously known as Cozy Bear, APT29, and The Dukes launched at least five spear phishing campaigns just hours after the election against prominent think tanks and NGOs. Volexicty CEO @stevenadair states: “two of the attacks purported to be messages forwarded on from the Clinton Foundation giving insight and perhaps a postmortem analysis into the elections …Two of the other attacks purported to be eFax links or documents pertaining to the election’s outcome being revised or rigged. The last attack claimed to be a link to a PDF download on ‘Why American Elections Are Flawed.’” (Source: Krebs on Security)

Civil liberties champion loses Senate bid. Incumbent Sen. Ron Johnson (R-WI) handed Former Sen. Russ Feingold (D-WI) a surprising defeat Tuesday. @rsingel reports that the loss is particularly devastating for civil liberties advocates as “Feingold was one of the few—and sometimes the only—voice in the Senate skeptical of the government’s increasing demands for domestic surveillance power and control of the internet. He was one of 16 senators who voted against the Communications Decency Act of 1996, an internet censorship bill later struck down by the Supreme Court, was the only Senator in 2001 to vote against the USA Patriot Act, and he introduced a measure to censure President Bush for his illegal warrantless wiretapping program.” (Source: Wired)

Hearing on Dyn DDoS attack Wednesday. The House Energy and Commerce subcommittees on Communications and Technology and Commerce and Manufacturing and Trade will be holding a joint hearing titled “Understanding the Role of Connected Devices in Recent Cyber Attacks,” the morning of Nov. 16. In announcing the hearing, Rep. Michael C. Burgess (R-TX) stated, “Americans should not have to worry that the convenience and connectivity of the Internet of Things comes at the expense of the resiliency and reliability of the larger Internet.” (Source: The Hill)

Upcoming events

January 12, 2017 – PrivacyCon – Washington, DC
The FTC will host its second PrivacyCon conference “to continue and expand collaboration among leading whitehat researchers, academics, industry representatives, consumer advocates, and the government to address the privacy and security implications of emerging technologies.”

May 24, 2017 – Planning for the Future: A Conference About Identity Theft – Washington, DC
The FTC will host an all-day conference to take a comprehensive look at how identity theft has evolved over the last decade and what can be done to address this challenge in the future. The conference will be used to gather input from academics, business and industry representatives, government experts and consumer advocates. Participants will look at the current state of identity theft, examine potential future challenges, and discuss how to address these issues.

National Consumers League
Published November 14, 2016