2 janvier 2019 | International, C4ISR

Four big questions for cybersecurity in 2019

By:

How will cybersecurity experts remember 2018?

In the past year, the Trump administration announced it would take more offensive hacking operations against foreign countries, the Department of Justice announcedsweeping indictments against Chinese hackers and the U.S. intelligence community reported that foreign countries continued to interfere in American elections.

So what comes next? Here are four overarching questions for the cybersecurity community in 2019:

What will the new Pentagon chief do with expanded cyber powers?

In August, the president gave the secretary of Defense the ability to conduct cyberattacks against foreign countries so long as they do not interfere with the national interest of the United States, according to four current and former White House and intelligence officials. But the resignation of Jim Mattis, the Defense secretary, means the next Pentagon chief will have a broad arsenal of cyber authorities.

For the cyber community, Patrick Shanahan, the current acting secretary, is a relative unknown. He has not given significant insight into how he views the role of offensive cyberattacks for the Pentagon, and his scheduled Jan. 1 elevation comes as some in the Trump administration and U.S. Cyber Command have pushed for even more authorities. However, he has spoken at length about the need for the defense industry to bolster its own cyber practices.

Although the appointment of Shanahan as acting Pentagon chief is temporary, he is on the short list of officials who may take on the job full time.

The new Pentagon chief may also have to decide when the National Security Agency and U.S. Cyber Command should split.

Both bodies are led by Gen. Paul Nakasone, but that may change. Cyber Command is in the process of gaining its own infrastructure to conduct offensive cyberattacks, and a Pentagon official told Fifth Domain in November that it appeared the split was all but certain to happen in the coming years, although no formal decision as been made.

What comes next in the U.S.-China cyber relationship?

The Department of Justice released a flurry of indictments against Chinese hackers in 2018, accusing Beijing's cyber sleuths of infiltrating American government agencies and defense contractors.

The most recent round of allegations came Dec. 18, and the legal action could continue in 2019. While announcing the most recent indictments, Deputy Attorney General Rod Rosenstein accused China of breaking an agreement not to use hacked materials for commercial use, although he did not offer evidence.

The hacking allegations come amid a broader trade war between the United States and China. Experts have told Fifth Domain a trade war could increase digital tension between the two nations. If the trade war continues, experts say they see little incentive for China to limit its cyberattacks.

Will America suffer blowback for more offensive cyber operations?

When the Trump administration announced the United States would take more offensive actions in cyberspace, some in the federal cybersecurity community criticized the plan as faulty.

“The side effects of the strategy of ‘persistent engagement' and ‘defend forward' are still ill-understood,” Max Smeets and Herb Lin, experts at Stanford University wrote for Lawfare. “A United States that is more powerful in cyberspace does not necessarily mean one that is more stable or secure.”

Experts also warn of making any rush judgments about the effectiveness of these offensive cyberattacks. Current and former intelligence officials worry that uncovering and attributing a hack can take more than a year, and, even then, that process is not perfect.

One former official pointed to the leaked documents about Russian targeting of American election infrastructure in 2016 that was sent to the news organization the Intercept. It took months for the intelligence community to understand the full extent of the hack, the official said, an example of how long it takes to detect a cyberattack.

However, all of that means it is reasonable to expect that the merits of the new offensive cyber operations may not be known publicly for years.

Will Congress take action to streamline cybersecurity contracting and research?

Yes, changing the way government does business is ambitious. But experts argue that if the United States wants to keep up with digital innovations from China and other countries it is necessary to change the American government's relationship with the private sector and academia. The effort to streamline cybersecurity funding and research will fall to the new Congress, in which Democrats will take over the House of Representatives.

But when it comes to the U.S. government's relationship with the cyber industry, structural barriers to innovation remain.

On average, it takes roughly seven years for an idea to get a contract inside the U.S. government. In that length of time, a product is already two generations old. Former Pentagon officials have used the digital fight against the Islamic State as an example of how long the process takes. It took roughly two years for Cyber Command to receive the proper equipment and training after the order to digitally defeat the Islamic State, officials told Fifth Domain.

In addition, the cybersecurity industry is watching a series of bills in Congress. Sen. Mark Warner, D-Va., has pushed for a streamlined security clearance process, and industry officials told Fifth Domain they expect him to continue the effort in the new year. The bill could make it easier and cheaper to get a security clearance.

And many in the federal cybersecurity community have called for a change in academia's relationship with cybersecurity.

The universities and research institutions in the United States focusing on quantum computing are “subpar,” George Barnes, deputy director at the NSA said in June.

Experts say that quantum computers will make traditional cybersecurity methods obsolete because of the expansive computing power.

However, new investments in artificial intelligence and a new Solarium Commission, which was created to help contextualize cyber in the broader national and economic security discussion, may provide solutions to these problems.

https://www.fifthdomain.com/industry/2018/12/31/four-big-questions-for-cybersecurity-in-2019

Sur le même sujet

  • Airbus threatens to leave Britain over Brexit trade relations

    26 juin 2018 | International, Aérospatial

    Airbus threatens to leave Britain over Brexit trade relations

    By: Danica Kirka, The Associated Press LONDON — Aviation giant Airbus is threatening to leave Britain if the country exits the European Union without an agreement on trade relations, underscoring the concerns of business leaders who say the government is moving too slowly. Airbus, which employs about 14,000 people at 25 sites in the U.K., said it needs to know by the end of the summer what rules will govern its operations, or the company will “reconsider its long-term footprint in the country.” Airbus also says a proposed transition deal that runs through December 2020 is too short for the company to reorganize its supply chain. “While Airbus understands that the political process must go on, as a responsible business we require immediate details on the pragmatic steps that should be taken to operate competitively,” Tom Williams, CEO of Airbus Commercial Aircraft, said in a statement. “This is a dawning reality for Airbus. Put simply, a no-deal scenario directly threatens Airbus' future in the U.K.” While many business leaders have demanded clarity about the future with Britain set to leave the EU in nine months, Airbus' sheer size and role in the economy make it an influential voice in the Brexit debate. Airbus is the U.K.'s largest commercial aerospace company, a leading provider of military satellite communications and the biggest supplier of large aircraft to the Royal Air Force. It also has a significant impact on other companies, funneling an estimated £5 billion (U.S. $6.6 billion) to 4,000 U.K. suppliers, including big names like Rolls-Royce, as well as many smaller businesses. Darren Jones, the member of Parliament for the community where Airbus makes wings, attacked the government for listening to those who want the most hard-line form of Brexit and “not to the businesses that employ thousands of British workers, including Airbus.” “Thousands of skilled, well-paid jobs are now on the line because of the shambolic mess the government have created over the Brexit negotiations,” he said. Airbus, the biggest rival to U.S.-based aircraft-maker Boeing, has been a prime example of how European cooperation could lead to success in business. The German, French and Spanish governments own 26.4 percent of Airbus, which was created through the merger of German, French and Spanish aerospace companies. Prime Minister Theresa May's government reacted quickly to the Airbus statement, saying it was confident of getting a good deal and “we do not expect a no-deal scenario to arise.” But Williams said Airbus is frustrated after it tried to discuss its concerns with the government for 12 months and made little progress. “We've got to get clarity,” he said in an interview with the BBC. “We've got to be able to protect our employees, our customers and our shareholders, and we can't do that in the current situation.” The comments came as Airbus published an assessment of the risks Brexit poses to the company. The report shows that Airbus, like many modern companies, is particularly vulnerable to Brexit because of its international supply chain. Plants in several countries make specialized components, which are shipped back and forth across international borders as aircraft are assembled. Britain's membership in the EU makes this easy because goods move freely between the 28 member states, with no tariffs or other trade barriers. That will change after Brexit because Britain will not be a member of the EU's single market and customs union. While the U.K. government says it wants trade to be as frictionless as possible after Brexit, manufacturers are running out of time to plan for the future. Airbus said it is facing a variety of decisions, including whether to invest in future manufacturing capacity, the need to build up stocks of components in the event of border delays and how to ensure parts are certified by aircraft regulators in the future. Delays caused by a no-deal scenario could cost Airbus as much as €1 billion euros (U.S. $1.2 billion) of revenue a week, according to the risk assessment. “This scenario would force Airbus to reconsider its investments in the U.K., and its long-term footprint in the country, severely undermining U.K. efforts to keep a competitive and innovative aerospace industry, developing high-value jobs and competences,” Williams said. https://www.defensenews.com/industry/2018/06/22/airbus-threatens-to-leave-britain-over-brexit-trade-relations/

  • Cloud Atlas Deploys VBCloud Malware: Over 80% of Targets Found in Russia

    29 décembre 2024 | International, C4ISR, Sécurité

    Cloud Atlas Deploys VBCloud Malware: Over 80% of Targets Found in Russia

    Cloud Atlas exploits CVE-2018-0802 to deploy VBCloud malware, targeting 80% of victims in Russia for data theft, system probing, and Telegram data ext

  • Air Force to send bomber task force to Europe

    4 novembre 2024 | International, Aérospatial

    Air Force to send bomber task force to Europe

    The Air Force has rotated bombers through overseas deployments as part of task forces since 2018.

Toutes les nouvelles