Congressional Research Service: Law Enforcement Access to Overseas Data under the CLOUD Act

Below is a primer from the Congressional Research Service on the CLOUD Act. Earlier this week, a post on Lawfare set forth some suggestions for how to implement the legislation.

LSB10125

Tags:

Cyber Round Up: Congress Challenges FBI on Encryption; CTIIC’s Role in Cyber Security; Orangeworm Attacks Healthcare Sector

  • Congress wants answers on FBI’s ‘going dark’ problem in wake of DOJ IG report (CyberScoop):  Some members of Congress are challenging the FBI over its handling of the encryption battle with Apple, a recent article says.  Several lawmakers wrote a letter to FBI Director Chris Wray stating their concerns over both the San Bernardino incident and the director’s remarks that the FBI could not access 7,800 devices last year.  The letter seems to have been sparked by a recent report from the DOJ Inspector General. The full letter can be read below.

letter_to_fbi_dir_wray_re_going_dark

  • CTIIC’s Role in Keeping America Safe in Cyber (Cipher Brief):  An article earlier this month examined the role of the Cyber Threat Intelligence Integration Center (CTIIC) in relation to cyber security, focusing particularly on the WannaCry attack last May.  The article explains that the main focus of the Center during that time was to integrate and share information with the rest of the U.S. government.  The article draws parallels between the NCTC and the CTIIC, but note that one difference is that CTIIC’s success is largely due to information sharing with the private sector. The full article can be found here.

  • New Orangeworm attack group targets the healthcare sector in the U.S., Europe, and Asia (Symantec):  A new report from Symantec explains an emerging cyber threat in the global healthcare sector. The group called Orangeworm was first identified in 2015 and has been known to “conduct[] targeted attacks against organizations in related industries as part of a larger supply-chain attack in order to reach their intended victims. Known victims include healthcare providers, pharmaceuticals, IT solution providers for healthcare and equipment manufacturers that serve the healthcare industry . . . ” The article explains that the targets are not random and seem to be carefully chosen. The full report can be found here.

Tags: , , , , , ,

DOJ Inspector General: Special Inquiry Regarding iPhones and Encryption

A Special Inquiry Regarding the Accuracy of FBI Statements Concerning its Capabilities to Exploit an iPhone Seized During the San Bernardino Terror Attack Investigation

o1803

Tags:

Cyber Round Up: DHS to Provide Direct Cyber Services; Promise and Peril of Active Cyber Defense; Cyber Operations Stealing from Drone playbook

  • DHS Might Provide Cyber Services Directly To Industry Under New Strategy (Nextgov):  With a new DHS cyber strategy set to be released in the coming weeks, reports suggest that the agency could be taking on a new role in the cyber realm.  DHS Secretary Kirstjen Nielsen described the new system as “security as a service” and called it a “natural evolution.” The article says that Nielsen would not elaborate on the details of the new strategy but that it was consistent with ones from the Obama administration. The full article can be read here.

  • The promise and peril of active cyber defense (The Hill): A recent opinion piece on The Hill discusses the shortcomings of current cyber strategy in the U.S. and suggests adopting active cyber defense policies. The article makes clear that the options for this extend well beyond hackbacks that are illegal under U.S. law. The options “can include everything from honeynets and beacons to botnet takedowns and sanctions.” But the article also identifies the shortcomings of active cyber defense, including collateral damage to third parties. The full article and questions posed by the author can be read here.

  • How Obama’s drone playbook could influence future cyber operations (Fifth Domain):  The Department of Defense is considering utilizing cyber operations in places where the U.S. is not already engaged in conflict, according to a recent article.  Admiral Michael Rogers, head of U.S. Cyber Command, testified to Congress that the U.S. needs to adapt to better use its cyber capabilities “outside the designated areas of hostility.” The article explores how this new cyber policy parallels what happened in the Obama administration with drone strikes.  It also includes analysis from Bobby Chesney, who notes that cyber operations could inadvertently implicate a third nation’s sovereignty. The full article can be read here.

Tags: , ,

Advisory: Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices

Russian State Sponsored Actor Advisory

Tags:

Cyber Round Up: Encryption is About Crime, Not Terrorism; Fight over Control of Cyber Command; Pentagon Cloud Contract

  • The Encryption Debate Isn’t About Stopping Terrorists, It’s About Solving Crime (Lawfare): A post last week on Lawfare added to the ongoing debate over encryption but with a different focus. The author said that regardless of any flaws with third party (which means government, according to the author) access, the biggest problem remains traditional crime, not terrorism. Speaking from his experience as a federal prosecutor dealing with not so savvy criminals, the author said that a switch to making encryption the default setting on apps such as Whatsapp will have a devastating impact on “ordinary crime” beyond the typical national security issues we hear about.  The full article can be found here.

  • Command and control: A fight for the future of government hacking (CyberScoop):  While the nation finally has a fully operational cyber force, new challenges have quietly emerged behind the scenes, according to an article last week. Several federal agencies from law enforcement, military, and defense have all been vying to shape the answer to one big question: “If the U.S. is going to strike back at foreign targets in cyberspace, when should the soldiers or the spies lead the charge?”  The article gives a lengthy history of the debate and suggests that the scales have recently titled away from the IC and in favor of the military. The full article can be read here.

  • Google is Pursuing the Pentagon’s Giant Cloud Contract Quietly, Fearing An Employee Revolt (Defense One):  Last year, Secretary of Defense Mattis took a trip to the West Coast to meet with executives from Amazon and Google, an article last week said.  A trip that began with skepticism ended with Mattis “convinced that the U.S. military had to move much of its data to a commercial cloud provider — not just to manage files, email, and paperwork but to push mission-critical information to front-line operators.” Now, the article says, the shift to the cloud is happening in the form of a $10 billion contract.  The article lists Microsoft, Amazon, and Google as the front runners and discusses what exactly the winner might be tasked with doing. The full article can be read here.

Tags: , , ,

House Armed Services Committee Hearing on Cyber Operations 4/11/18

Video and prepared testimony of this week’s hearing, “Cyber Operations Today: Preparing for 21st Century Challenges in an Information-Enabled Society.”

 

GenKAlexander-HASC04112018

MChertoff-HASC04112018

JJohnson-HASC04112018

Tags:

Verizon’s 2018 Data Breach Investigations Report

rp_DBIR_2018_Report_en_xg

Tags: , ,

The Smart Grid: Status and Outlook

R45156

Tags: ,

Cybersecurity: Selected Issues for the 115th Congress

R45127

Tags:

Next Page »

Authors

Untitled Document
Professor William Snyder

Professor William C. Snyderis a member of the faculty of the Institute for National Security and Counter-terrorism at Syracuse University after fifteen years with the United States Department of Justice.

Ryan D. White

Ryan D. WhiteRyan is currently a third year law student at Syracuse University College of Law, and is also pursuing a Master of Public Administration degree from Syracuse’s Maxwell School of Citizenship and Public Affairs. Ryan spent time with Homeland Security Investigations while pursuing his undergraduate degree at Wesleyan University, and spent his first summer of law school as clerk for the U.S. Attorney’s Office in the Western District of New York. He is a member of Syracuse Law Review, the Journal on Terrorism and Security Analysis, and participates in the Veteran’s Legal Clinic. Full biography

Shelby E. Mann

Ryan D. WhiteShelby is a second year law student at the Syracuse University College of Law. She is the 2018-9 Editor in Chief of the Syracuse Law Review, as well as a member of the Journal on Terrorism and Security Analysis, and the senior editor for the Syrian Accountability Project. During her final year at the University of Missouri, she served as a full-time news producer for ABC 17 News. Shelby spent her first summer of law school at the Shelby County District Attorney General's Office in Memphis, Tenn., in the Public Corruption and Economic Crimes Unit. Full biography

Christopher w. FolkChristopher W. Folk

is a 2017 graduate of SU College of Law. A non-traditional student, Christopher returned to academia after spending nearly twenty years in the high tech industry. Christopher served in the Marine Corps, graduated from Cornell University with a B.S. In Applied Economics and Business Management, attended Northeastern University’s High-Tech MBA Program and received a M.S. In Computer Information Systems. Christopher previously worked in Software Engineering. Christopher is currently serving his second term as Town Justice for the Town of Waterloo. Christopher externed with a Cybersecurity firm in the Washington, D.C. area between his first and second year at SU College of Law. Full biography

Anna Maria Castillo

Anna Maria Castillois 2016 graduate of Syracuse College of Law. She also holds a Master of Arts in International Relations from Syracuse University's Maxwell School of Citizenship and Public Affairs. She has interned at a London-based think-tank that specializes in transnational terrorism and global security and at the legal department of a defense contractor. She served as an executive editor in the Syracuse Law Review. Full biography

Jennifer A. CamilloJennifer A. Camillo

is a 2015 graduate of Syracuse College of Law and is a prosecutor. She has served as a law clerk in the United States Attorney’s Office for the Northern District of New York and the Cayuga County District Attorney’s Office and as an extern in the Oneida County District Attorney’s Office. She was a member of the Syracuse National Trial Team and was awarded the Tiffany Cup by the New York Bar Association for her trial advocacy achievements.

Tara J. PistoreseTara J. Pistorese

holds Juris Doctor and Masters of Public Administration degrees from Syracuse University's Maxwell School of Citizenship and Public Affairs and its College of Law. She wrote for this blog when a student. She is now a member of the U.S. Army Judge Advocate General's Corps.

Benjamin Zaiser

is both a scholar and a Federal Agent of the Federal Criminal Police Office of Germany. (Opinions expressed here are his own and not any part of official duty.) Full biography

Categories