Overnight Cybersecurity: Trump unveils cyber plans

Overnight Cybersecurity: Trump unveils cyber plans

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you...

 

THE BIG STORIES...

--TRUMP'S CYBER PLATFORM: Donald TrumpDonald John TrumpJustice says it will recommend Trump veto FISA bill Fauci: Nominating conventions may be able to go on as planned Poll: Biden leads Trump by 11 points nationally MORE proposed his cybersecurity agenda in a policy speech on Monday. The bulk of his agenda emphasized organizational changes to how the government handles cybersecurity concerns and how decisions are made. The focus was on effective management and reducing government inefficiency.

ADVERTISEMENT

--MEET MY SQUAD: More than a quarter of his speech -- 275 of the 987 prepared words -- was devoted to a newly created Cyber Review Team. "A team of the best military, civilian and private sector cyber security experts to comprehensively review all of our cyber security systems and technology," said Trump. That team will go from agency to agency and determine the appropriate cyber hygiene for each, effectively creating a central planning authority for cybersecurity issues. President Obama recently created a similar post, an office of the Federal Chief Information Security Officer, which oversees each agency's information security officers. Trump's proposal is different in putting a greater emphasis on private sector experts, more oversight authority and a more hands-on approach. Obama, by contrast, has created a separate panel of private sector experts.

Trump's proposal would also have a slightly narrower focus in some ways. The Federal CISO also has a national policy advisory role and a focus on bridging the anticipated cyber skills shortage the government -- like the private sector -- will face as experienced security workers become more in demand. That second issue wasn't addressed by Trump's plan though.

--TEAM UP: Comparing his approach to computer security law enforcement to wiping out the Mafia, Trump proposed the use of interagency task forces. "We can learn from this history that when the Department of Justice, the FBI, the DEA and state and local police and prosecutors were combined in Task Forces directed at the Mafia, they were able to have great success in prosecuting them, seizing their business interests and removing their infiltration from legitimate areas of society," he said. While federal and local law enforcement overlap on these investigations, there is not currently the same degree of coordination. The Obama administration has emphasized that on the federal end, the law enforcement effort against hackers falls on the FBI. Homeland Security is left with the work of cleaning up after a hack. Some liken Homeland Security to the first on the scene, "firefighters' so to speak, while the FBI are more akin to "arson investigators." The NSA and cyber command have their own niche, tasked with foreign government work.

--CYBER OFFENSE: Trump aims to increase the use of offensive cyber weapons. "As a deterrent against attacks on our critical resources, the United States must possess the unquestioned capacity to launch crippling cyber counter-attacks. This is the warfare of the future, America's dominance in this arena must be unquestioned. Cyber security is not only a question of developing defensive technologies but offensive technologies as well. For non-state terror actors, the United States must develop the ability -- no matter how difficult -- to track down and incapacitate those responsible." Trump is breaking with the U.S. tradition of not speaking publicly about offensive and surveillance capabilities, both to prevent potential targets from building up defenses and to avoid spurring nations to build their own programs. When malware that attacked Iranian nuclear reactors was attributed to the U.S. and Israel, Iran invested in a cyber offense of its own. Soon after, Iran is believed to have backed a series of successful attacks against U.S. banks and currently has a thriving military cyber capability. 

Click here for more on Trump's cybersecurity plan.

For Trump's remarks, click here.

 

A POLICY UPDATE:

--THE NEXT GREAT FRONTIER. Supporters of legislation that would dictate how and when companies have to notify customers of a data breach are seizing on the hack of 500 million Yahoo accounts to push their effort forward.

"We haven't hit that sweet spot quite yet, but we're close. I'm hoping this revelation about Yahoo will provide the needed impetus to get across the finish line," Sen. John ThuneJohn Randolph ThuneThe Hill's Morning Report - Presented by Facebook - US death toll nears 100,000 as country grapples with reopening GOP faces internal conflicts on fifth coronavirus bill On The Money: Jobless rate exceeds 20 percent in three states | Senate goes on break without passing small business loan fix | Biden pledges to not raise taxes on those making under 0K MORE (R-S.D.) told reporters this week.

Thune, the Commerce Committee chairman, is in talks with a handful of senators, some of whom have competing proposals to address data breach rules.

Data breach legislation generally is seen as the next cybersecurity frontier for Congress, but so far lawmakers have been unable to coalesce around a single proposal.

To read our full piece, click here.

 

A LIGHTER CLICK:

--THE WEALTHY ARE TRYING TO BUY THEIR WAY OUT OF THE MATRIX. Also worth noting: Silicon Valley bigwigs believe we are in the Matrix. How much does a red pill cost?

 

A REPORT IN FOCUS:

--PHISHING. Carnegie Mellon researchers found that users are great at detecting phishing schemes as long as they didn't have to consider actually clicking on them.

Researchers sent test subjects a host of emails, half of which were authentic phishing emails. When the subjects were asked "Is this a phishing e-mail?" they were extremely vigilant. But, when they were asked "What would you do if you received this e-mail?" the rate of opening attachments in the email skyrocketed.

The study, headed by Casey Inez Canfield of the Carnegie Mellon, CyLab Security and Privacy Institute appears in the journal Human Factors.

Canifield says that managers can learn from the study that employees are good at detecting phishing when they are forced to and that managers could increase employee's resistance to phishing by running continuous testing. In so-called embedding testing, people receive fake phishing emails throughout the day and sending scolding letters to those who actually click on them.

"They increase the cost of not being vigilant," said Canifield, "because they can be really annoying." Click here for the study.

 

WHO'S IN THE SPOTLIGHT:

--HILLARY'S EMAILS. (AGAIN.) (SORRY.) The chairman of the House Judiciary Committee is pressing Attorney General Loretta Lynch to explain the circumstances surrounding the immunity deals given to two of Hillary ClintonHillary Diane Rodham ClintonNew FBI document confirms the Trump campaign was investigated without justification California 25 and COVID-19 The Memo: Trump tweets cross into new territory MORE's lawyers.

Republicans have seized on the deals to question whether the FBI's investigation into Clinton's use of a private email server while secretary of State was mishandled.

"Like many things about this case, these new materials raise more questions than answers," Rep. Bob GoodlatteRobert (Bob) William GoodlatteUSCIS chief Cuccinelli blames Paul Ryan for immigration inaction Immigrant advocacy groups shouldn't be opposing Trump's raids Top Republican releases full transcript of Bruce Ohr interview MORE (R-Va.) wrote in a letter to Lynch.

Meanwhile, Donald Trump ripped the Department of Justice for not investigating Hillary Clinton, arguing he'd appoint a new attorney general to restore its integrity.

"My attorney general will restore the integrity of the DOJ which has been severely questioned," the GOP presidential nominee said during an off-script moment in a speech at a Retired American Warriors PAC event in Herndon, Va.

To read about Goodlatte's letter, click here. To read about Trump's comments, click here.

 

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

Silicon Valley powerhouses are trying to calm public fears about the rise of artificial intelligence. (The Hill)

The top Democrat on the House Intelligence Committee on Sunday dinged Republican presidential nominee Donald Trump's comments on Russian hacking as "the most tremendous gift to Russian propaganda." (The Hill)

A programmer claiming to have designed the tool behind a record-breaking cyberattack targeting journalist Brian Krebs has publicly released the source code to a hacker forum. (The Hill)

The Internet of Things is so bad, even 'amateurish' malware is enough. (Motherboard)