The man responsible for leading the National Security Agency’s defensive mission says his team is fielding more calls than ever from agencies across the government.

Dangerous, highly capable hackers and a desire by agencies to adopt cloud technology have increased the workload for Information Assurance chief Paul Pitelli and his office, which he says is “sort of like the Geek Squad for defense” in government.

Pitelli is a career professional who has served in the NSA for more than 20 years as the secretive spy agency transformed into what it is today — a highly sophisticated technology behemoth with an array of federal responsibilities, including both signals intelligence and protecting sensitive government systems. With the recent retirement of former Information Assurance Directorate head Curtis Dukes, a renown computer scientist and intelligence community icon, Pitelli took on an increased role in an ever important effort to ensure that the Defense Department and broader government aren’t hacked.

“We’ll get a wide range of calls from ‘Hey we’re trying to set up a whole new [information technology] environment’ — and that could be the White House calling,” Pitelli said.

A big focus in recents years for Information Assurance, according to Pitelli, has been helping a variety of different federal agencies establish secure cloud data storage processes.

“I have never been more busy,” Pitelli told CyberScoop in an interview Thursday after he spoke at the McAfee Security Through Innovation Summit. “We are getting calls because they all need help. Everyone wants to take advantage of cloud services, that’s sort of one thing we’re getting called for, but it’s also traditional issues because our nation is being constantly attacked. We’re one of the few agencies that get to see when and how the adversary starts operating.”

Federal lawmakers have increasingly encouraged agencies in recent years to adopt cloud data storage technologies as a way to both save costs and phase out old on-premise servers.

“Because of the economics of cloud services there’s so much incentive [for agencies] to migrate many of their capabilities,” Pitelli said. “A lot of people in government want the NSA’s help.”

Nobody in government wants to be the next to suffer a hack like the 2015 data breach that exposed federal employee information held by the Office of Personnel Management, he said.

“So we’re getting a lot of calls where it’s basically, ‘Hey we want to make this move, but how do we do it well?’” Pitelli said.

Turnover at the White House also adds to the Information Assurance division’s current workload.

“With a change of administration, you know, they typically take a fresh look. And for us that’s an opportunity because it allows us to sometimes make an [IT] environment better,” Pitelli said. “The cyber dimension is adding, on one hand, what you can call issues or events, but I think can be opportunities.”

Historically, Fort Meade’s defensive efforts in cyberspace have been overshadowed by the spy agency’s more offensive-centric, intelligence gathering mission set. This is evident from a labor perspective, given that the NSA’s Signals Intelligence workforce remains much larger than the Information Assurance unit.

An overwhelming majority of budget dollars are allocated to offense rather than defense, former intelligence officials say, and that’s resulted in an agency that is known almost exclusively for digital espionage rather than cyberdefense.

Dukes, former IAD head Debora Plunkett and departing NSA Deputy Director Rick Ledgett recently voiced their concerns that the NSA should be focusing on defense more than it has in the past.

Roughly 90 percent of the U.S. government cybersecurity spending is used to fuel offensive operations, Ledgett told Reuters.

“I absolutely think we should be placing significantly more effort on the defense, particularly in light of where we are with exponential growth in threats and capabilities and intentions,” Plunkett, who oversaw the NSA’s defensive mission from 2010 to 2014, recently told Reuters.

Defense under NSA21

The trio’s comments come amid an expansive reorganization effort by the NSA, instituted by agency Director Michael Rogers, that works to combine what was once called the Information Assurance Directorate and Signals Intelligence Directorate into a single, joint entity.

Although Rogers’ plan, known as NSA21, is intended to streamline operations, it has also spurred new concerns that the spy agency’s defensive mission will receive even less resources in the future.

“When the NSA goes through a change a lot of that discussion goes on because there’s a big difference between offense and defense as far as the budget … and so that was one of the big concerns that some folks vocalized,” said Pitelli, “I see a need, a bigger need for cybersecurity not just at NSA but for everybody.

The dual impact of NSA21’s rollout and Dukes’ recent retirement has caused some confusion in government.

“I know Curt voiced concerns that as we make this move [towards NSA21] there can be this perception that ‘Oh well who do I call?’ And if they don’t know who to call the question is, ‘Well where did it go?’ Curt was really one of the great, visible icons of Information Assurance and he retired and so there is that time right now where we are waiting to find out whose going to be given the mantle next,” Pitelli said.

Pitelli declined to specifically discuss the NSA’s budget but said he would like to see Congress broadly allocate greater resources for cybersecurity writ large, across the entire government.

“I will go so far as to say I would hope that the government — not just at NSA, but the government — really tries to allocate additional funds for the cybersecurity information assurance mission,” Pitelli said. “A lot of times people have lumped in their information assurance budgets with their IT budgets and … the challenge I think you’re seeing now is that we haven’t kept up with the budgets of cybersecurity.”

The post NSA cyberdefense chief: ‘I have never been more busy’ appeared first on FedScoop.

Competing interests exist between two of the predominant federal agencies tasked with stopping hackers from attacking the U.S., officials say, and that dynamic shapes how and when the government notifies Americans if they’ve been breached.

The Homeland Security Department and FBI follow distinctly different missions, and this extends into cyberspace, according to John Felker, director of the National Cybersecurity and Communications Integration Center. NCCIC is DHS’s around-the-clock office for incident awareness and response.

Occasionally, DHS’s efforts to rapidly deploy software updates and immediately notify a victim when a cybersecurity incident occurs clashes with the FBI’s work to fully investigate and ultimately prosecute cybercriminals, Felker said Thursday.

“There’s always going to be some tension between our mission space at DHS, which is asset response, threat mitigation — stop the bleeding, if you will — and law enforcement’s threat response, which is to catch a bad guy and make a successful prosecution,” Felker said during McAfee’s Security through Innovation conference hosted by CyberScoop and FedScoop. “It’s not easy and it’s case-by-case. The challenge we have is to keep a relationship that is open and honest and transparent between us.”

“Even in the last couple weeks we’ve had a few knock-down, drag-outs about cases that are going on, but it is what it is,” Felker said. “We’ll work through it.”

Felker and others who spoke Thursday discussed the topic in general terms and did not refer to any specific cases. 

Because hackers commonly monitor activity on a victim’s network, a defense shift may tip off the attacker — letting them know that law enforcement may be aware of the intrusion.

Ongoing negotiations effectively determine when DHS will rapidly reach out to a victim or, on the other hand, if the FBI will be afforded a grace period to collect evidence and gain new insight. This collaborative although sometimes challenging balance underscores a larger cyberthreat information sharing partnership between the two agencies and broader federal government.

“The speed of trust is there,” said FBI Section Chief Trent Teyema. “By design we have that friction because we’re trying to get information to go after a case and they’re trying to stop the bleeding. We want that friction, we want that dialogue going forward. It’s a good process.”

A conflict of equities is most common, according to Josh Goldfoot, Deputy Chief of the Justice Department’s Computer Crime and Intellectual Property Section, when “you have a victim that for whatever reason hasn’t done some of the traditionally security practices like having a vigorous system of logging, like having a good system of authentication and checking your user credentials and all that stuff.”

“If you have that in place and we’re arriving then there’s no conflict, those logs will tell me who went in and out. That’s when the two sides I think get along,” Goldfoot said. “Where you have a problem is when you arrive at a victim that doesn’t have any of that stuff. And then questions come up like ‘is this the right moment to evict or do we want to watch a little long.”

Because a specific software vulnerability in any given popular product may allow an attacker to compromise not only one company but potentially an industry, getting information about a threat to the private sector can be imperative regardless of the status of an investigation, Felker said.

“I don’t want to flip your apple cart when it comes to a prosecution, but if there’s a vulnerability or a set of TTPs that can be useful to cyber-defenders somewhere else then we’d like to know that,” Felker said, “and we’ll try to get [the information] out there like a tree in the forest, so that it doesn’t look any different from patch Tuesday.”

The post Friction by design: FBI, DHS disagree on when to tell victims they’ve been hacked appeared first on FedScoop.

President Donald Trump’s budget blueprint for the federal government proposes a $61 million increase for the FBI and Justice Department in fiscal 2018 to better track terrorist communications and combat cybercriminals.

“The FBI would devote resources toward its world-class cadre of special agents and intelligence analysts, as well as invest $61 million more to fight terrorism and combat foreign intelligence and cyber threats and address public safety and national security risks that result from malicious actors’ use of encrypted products and services,” the blueprint states.

The FBI is one of the few agencies that would see significant increases under the budget, which emphasizes national security and law enforcement. The Environmental Protection Agency and State Department, for example, would see drastic cuts.

Trump’s proposed plan is designed to effectively increase the FBI’s overall funding by a total of $249 million, or 3 percent, above the current 2017 budget. Beyond cyber operations, a majority of the fresh funding would be provided to help law enforcement investigate and prosecute drug traffickers.

The fiscal 2018 plan broadly calls for greater cooperation between the public and private sectors when it comes to cyber-defenses and information-sharing of threat intelligence through the Homeland Security Department. A total of $1.5 billion is proposed for the Homeland Security Department to protect federal networks and critical infrastructure from hackers. Trump’s blueprint did not break down how that number would compare to current spending.

“Through a suite of advanced cybersecurity tools and more assertive defense of government networks, DHS would share more cybersecurity incident information with other federal agencies and the private sector, leading to faster responses to cybersecurity attacks directed at federal networks and critical infrastructure,” says the budget, which the White House sent to Capitol Hill on Thursday.

The budget does not include a specific, categorized, top-line spending figure for federal cybersecurity improvement programs. As with most budgets release at the beginning of a presidency, its primary function is to signal the White House’s policy priorities.

Under the plan, the Defense Department would receive a $50 billion boost to ensure U.S. military superiority in all major warfare domains, including cyberspace. Another $7.2 billion is allocated for operations and maintenance cost at the Pentagon, which would include supporting the deployment of unnamed cyber capabilities, according to a White House memo.

News of the budget, and more specifically its attempts to fund several cybersecurity-focused initiatives, follows just a day after White House homeland security adviser Thomas Bossert told a crowd of academics, journalists and diplomats that Trump planned to strengthen U.S. cybersecurity.

Bossert, who spoke Thursday at the Center for Strategic and International Studies in Washington, D.C., said “Federal networks at this point can no longer sustain themselves. We cannot tolerate indefensible technology, antiquated … hardware and software.”

“President Trump intends to put his money where his mouth is,” Bossert said.

The post FBI would get $61M to fight cybercrime, encryption in Trump budget proposal appeared first on FedScoop.

Rep. Tom Graves, R-Ga., recently proposed a bill that would allow companies victimized by cyber attacks to take “active cyber defense measures” is now gaining bipartisan support, according to the congressman.

Graves told CyberScoop he has received “positive feedback for the concept from both Republican and Democrat members” and “significant interest from the public, business community and academic researchers.”

Interest in the bill, Graves explained, reflects a “growing recognition that current federal law doesn’t provide an adequate deterrence for criminal hacking.”

“With less than 1 percent of criminal hackers being prosecuted, there is a growing consensus that we need to determine a better way to impose costs to deter their behavior. Self-defense is one method of imposing a higher cost,” Graves said.

The proposed bill, named the “Active Cyber Defense Certainty Act,” is currently a discussion draft. Graves’ office continues to receive feedback from industry, think tanks, academia and other members of Congress about the bill, which he plans to formally introduce for vote in the House of Representatives in the “next few months.”

Graves’ office declined to discuss which entities were providing advice.

“The conversations were private, so Rep. Graves doesn’t want to name names at this point,” a spokesperson said.

‘Active defense’

In practice, the bill would effectively edit rules and language used in the Computer Fraud and Abuse Act — a controversial law introduced in 1984 that defines criminal computer activity — enabling private sector organizations to hack back after being breached. Hacking back, in this case, allows victims to collect information about hackers.

There are limitations in the current version of bill for who can engage in this “active defense,” restricting action only to “victims” of a “persistent unauthorized intrusion of the individual entity’s computer.”

In this context, a distributed denial-of-service attack would more than likely not be categorized as an “intrusion.” DDoS attacks, as they are called, typically leverage a network of infected computers to flood a specific target with web traffic to the point that it becomes inaccessible for authentic visitors.

“The word ‘persistent’ seems to be intended to prevent invocation of [the bill] by someone who has experienced only a fleeting intrusion, presumably on the theory that fleeting equals insignificant,” Bobby Chesney, an Associate Dean for Academic Affairs at the University of Texas School of Law, wrote in a Lawfare blog post Tuesday. “It’s hard to say how tightly this element ought to be calibrated … The uncertainty — and the difficulty of resolving it — is enough to raise the question whether it is worth the candle to screen out insignificant intrusions in this manner.”

Under privileges granted by the bill, victims will hack back only to “gather information in order to establish attribution of criminal activity to share with law enforcement”
or “to disrupt continued unauthorized activity against the victim’s own network,” the bill reads.

Comey: The risks are too great

FBI Director James Comey discouraged hacking back earlier this week during the Boston Conference on Cyber Security, noting that the practice remains illegal and has the potential to disrupt the FBI’s own law enforcement efforts.

“It runs a risk of tremendous confusion in a crowded space,” Comey said. “Maybe someday our country will change the law, but the hacking back could cause all kinds of complications for things we’re trying to do to protect you.”

While there’s relatively few publicly known cases of companies having engaged in hack backs, a 2015 Financial Times article found that a Malaysian bank had asked several security researchers to breach the computer network of an aggressor. Those researchers reportedly declined the request.

Bloomberg also reported in 2014 that the FBI had investigated whether a U.S. financial institution hired hackers to take servers offline once used by Iranian hackers to DDoS several major American banks. The outcome of that investigation was never made public.

The post Proposed ‘hacking back’ bill is gaining traction, lawmaker says appeared first on FedScoop.

Lawmakers are searching for answers to how the U.S. government should counter cyber-enabled information warfare and other foreign propaganda efforts like those allegedly deployed by Russian intelligence services during the 2016 U.S. presidential election.

But the complexities associated with nearly any solution — underlined by protections afforded through the First Amendment and the rise of privately owned social media networks — have so far led to a surplus of questions.

“When you’re talking about ‘fake news,’ I am not so sure this is a problem that the government — that Congress, for that matter — can actually solve on its own. I think we’ve got to ask ourselves, ‘Where does it start?’ How can someone actually believe some of these things anyway,” Michael Bahar, counsel for Democrats on the House Intelligence Committee, told CyberScoop after speaking at a Hoover Institute event last week.

“That’s the larger question. And, quite frankly, probably where we should start here,” Bahar said.

While the issue of foreign propaganda affecting U.S. citizens is by no means a new phenomenon, experts say that the proliferation of these messages on online forums and social networks has noticeably amplified their impact on society writ large.

In January, a declassified intelligence report published by the Office of the Director of National Intelligence showed that Russian officials helped plan a sweeping disinformation campaign — using online social and state controlled media assets — to influence potential U.S. voters. Now, in the aftermath of these events, some in Washington are wondering to what degree the government should and can be involved in a solution.

Bringing back an oldie

During a House Armed Services Committee hearing Wednesday focused on cyber-warfare, members asked a panel of cybersecurity and policy experts what the best path forward should be. Peter Singer, a prominent academic and senior fellow at technology think tank New America, said that it may be time to reintroduce the Active Measures Working Group — a team with representatives from across government formed early on in the Reagan administration to counter what was then considered aggressive Soviet propaganda.

In the past, the Active Measures Working Group was led by the State Department and comprised by CIA, FBI, Defense Department, Defense Intelligence Agency and Justice Department officials. A proposed budget released by the White House earlier this week suggests that the State Department could face significant cuts under the Trump administration.

Congress, Singer urged, should not delay in its requests for briefings from the intelligence community to learn more about the propaganda capabilities of foreign nations. In response, Committee Chairman Rep. Mac Thornberry, R-Texas, told Singer that his committee will hold future hearings regarding hybrid warfare tactics and techniques. The discussion will broadly include a conversation about disinformation campaigns, Thornberry said.

“I agree with Dr. Singer, that we need to return to the Active Measures Working Group, which I think is an important step,” said Columbia University Professor and former cyber-warfighter Jason Healey. “I also think we can start refunding some information operations, projects that we had done in the 1990s — for example with Allied Force and what we had done against Slobodan Milosevic.”

He added, “There has been a lot done in the professional military universities, especially places like National Defense University and the doctrine centers, where hopefully some of those people still reside so that we can build back our [information warfare] capability quickly.”

Any step forward in this battle against disinformation will require a “whole of government” approach, Healey described in agreement with RAND scientist Martin Libicki, though it isn’t immediately clear who or what agency is currently responsible for defending U.S. citizens from these types of psychological attacks.

Whose job?

Rep. Marc Veasey, D-Texas, spoke to this jurisdictional ambiguity Wednesday when he asked the panel who in government is best equipped to deal with information operations.

“It’s a tough question,” Healey replied. “One reason I think we have turned to the Department of Defense to help us out on cyber issues has been that they were there with the capabilities when they were needed.”

Having the Defense Department involved in the censorship of information at any level, however, presents obvious concerns pertaining to freedom and privacy.

“I see the same problems are going to vex us here when we talk about influence operations. DoD should clearly not be the lead on such things, but we can easily imagine ways that the Department of Defense can bring their amazing capability to bear … there will be a role for Justice, for State and the Department of Homeland Security, but I think it will take them much longer to get their capabilities up to speed.”

Adding to the obscurity of this issue is the fact that national and international laws that cover cyber operations remain nascent, vague and therefore largely disagreed upon globally, said retired Navy Cmdr. Michael Adams, who served as a top legal adviser to the chairman of the Joint Chiefs of Staff and spoke to CyberScoop by phone Tuesday.

And it can be difficult to measure the impact of offensive cyber operations, Singer said.

“When you’re thinking about the offensive side, we’ve typically framed it in terms of classic military operations, where clearly many if not most of our adversaries are looking at them through the lens of influence operations,” he said. “It’s not how many websites did I take down, or access to GPS or the like, but how did I shape the overall environment?”

“How did I, to put it bluntly, hack your hearts and minds — that’s something we need to pay attention to both in adversary hands and ours,” Singer said.

At the moment, the State Department’s online counterterrorism unit, dubbed the Global Engagement Center, is among a short list of government agencies publicly known to disseminate pro-U.S. messaging in foreign countries.

Over the last year, the recently relaunched office has used software automation and data analytics technologies to combat and track terrorist groups’ online recruitment efforts on social media.

The post Lawmakers troubled by cyber-enabled information warfare appeared first on FedScoop.

Government lawyers say that from 1996 to August 2016, Martin repetitively stole information pertaining to NSA, U.S. Cyber Command, CIA and National Reconnaissance Office operations and capabilities.

Martin allegedly stored much of this information at his home in Glen Burnie, Maryland, and in his vehicle, court documents show. He was arrested in August and has been awaiting trail in a local detention center. Last fall, a federal judge declined Martin’s request to be released from jail pending trial or a resolution of the case. At the time, the judge ruled that Martin posed a flight risk.

“The FBI investigation and this indictment reveal a broken trust from a security clearance holder,” FBI Special Agent Gordon Johnson said in a written statement. “Willfully retaining highly classified national defense information in a vulnerable setting is a violation of the security policy and the law, which weakens our national security and cannot be tolerated.”

The indictment lists numerous sensitive documents that were allegedly stolen by Martin and found at his residency, including intelligence agency manuals, briefings and other reports. FBI investigators confiscated material from Martin’s home that showed what the U.S. intelligence community knew about the hacking capabilities of foreign powers.

“As a private contractor who worked on classified programs at various U.S. government agencies, the defendant was entrusted with access to sensitive government materials,” Maryland Assistant Attorney General Mary McCord said in a statement, “Martin allegedly violated the trust our nation put in him by stealing and retaining classified documents and other material relating to the national defense.”

Martin, a 55-year-old former Naval officer, was employed by at least seven different private technology contractors between 1993 and 2016. He worked at multiple federal agencies, including the NSA and Office of the Director of National Intelligence, where he was required and trained to hold security clearances up to Top Secret and Sensitive Compartmented Information.

The Washington Post, citing an unnamed U.S. official, previously reported that Martin had compromised more than 75 percent of the tools stored in a secretive library used by the agency’s elite hacking unit known as Tailored Access Operations, or TAO.

If convicted, Martin faces a maximum sentence of 10 years in prison for each of the 20 counts of willful retention of national defense information. He will appear in court next on Feb. 24.

The post Former NSA contractor indicted for stealing massive trove of classified documents appeared first on FedScoop.

Rep. Michael McCaul, R-Texas, said Wednesday during an event at the National Press Club that some of the malicious messages are coming from email addresses that appear spoofed, or altered in such a way that they look to have come from known contacts.

“I have had attachments coming to me from people I know but about subjects that are totally unrelated to that person and I know it’s phishing,” McCaul recalled, “I’d say almost on a daily basis.”

The chairman’s comments underscore the growing risk faced by elected officials — especially for those handling classified information — from cyberattacks. While lawmakers and their staffers are encouraged to attend cybersecurity training sessions hosted by their respective sergeant at arms’ offices, representatives are not typically required to individually participate.

“A lot of it is very basic stuff like ‘don’t click on that attachment,’” McCaul said of the educational seminars.

McCaul, who was the lead on cybersecurity legislation in the previous Congressional term, said he understands part of the problem is the old networks Congress and their staff relies upon.

“We have a company that basically provides pretty good firewalls. And actually I have opened up one or two of these and gone back to my IT guy and we had some redundancies to back it up, where that intrusion didn’t take place, but it really gets to the whole issue, the legacy issue. Our network system is so antiquated, the older it is the more vulnerable it is to attacks,” said McCaul.

Multiple U.S. political organizations and campaigns were recently the target of a sophisticated hacking operations levied by Russian intelligence, a declassified report published Friday and compiled by U.S. intelligence agencies notes. McCaul said reports coupled with the recent news have left those on Capitol Hill with heightened awareness of cybersecurity hygiene.

“It’s not just Congress, everyone in this room has a phone and everyone in this room is subject to being infiltrated. I think it’s in large part a privacy issue. It’s a security issue when it comes to Congress and the executive branch and agencies. I think there’s a greater sense of awareness about it [amongst members of Congress]. A greater sense of anxiety … of paranoia,” said McCaul.

“Phishing emails to USG officials are incredibly common,” said Area 1 Security co-founder Blake Darche, “the Senate and House especially face security challenges in that they are not directly part of the executive branch and often lack the level of expertise at NSA/FBI/CIA. They are also public and as a result often receive and send emails to and from constituents raising their exposure profiles.”

Last week, USA Today reported that Congress planned to increase its efforts to protect members from data breaches by providing better training resources.

“One of the biggest threats that we have here would be the security, in particular the cybersecurity threats, that we face,” said Rep. Gregg Harper, R-Miss., the new chairman of the House Administration Committee, which oversees operations in the lower chamber. “Every office, every committee, every part of Capitol Hill is subject for attack by foreign governments, by individuals, people in this county who mean us harm.”

The post House Homeland Security chairman: I’m targeted daily with phishing emails appeared first on FedScoop.

Trump’s proposal, originally announced in late November, would see the Homeland Security Department take a backseat with regard to the federal government’s private sector cybersecurity efforts. On Thursday, House Homeland Security Chairman Michael McCaul of Texas warned that shifting cyberdefense authorities from a civilian agency to the military would be a “grave mistake.”

“It has come up a lot in transition team discussions,” McCaul said. “I still think that the roles we set forth in the Cybersecurity Act [of 2015], that are in current law, should  remain very much in place. It would be a great mistake to change that. I don’t believe that the American people want to militarize our cyberdefenses, domestically, here in the U.S. We have civilian police officers, civilian FBI agency, here in the U.S. We don’t have the military walking through the streets. I think the same principal applies to cyber in terms of you need a civilian agency to defend the nation’s domestic critical infrastructures.”

Once considered a favorite to lead the Homeland Security Department under Trump, McCaul announced plans last month to pursue the creation of a new cybersecurity-focused agency within DHS. The office, McCaul says, would help consolidate the federal government’s disjoined cybersecurity efforts, streamlining existing federal initiatives like the cyberthreat information sharing program, which was introduced via the Cybersecurity Information Sharing Act of 2015.

During a news conference Thursday, McCaul and Sen. Sheldon Whitehouse, D-R.I., unveiled a  set of cybersecurity policy recommendations for Trump’s White House. The recommendations, published by the D.C. think tank the Center for International Strategic Studies, are the result of a  joint bipartisan working group that included representation from business executives and policy experts.

“I do think it would be a grave mistake to change the roles we currently have where DoD defends the nation from cyberwarfare attacks and the FBI investigates. It would be a mistake to turn over these authorities to agencies that can both spy, investigate and prosecute Americans. I think it is better to leave it to a civilian agency that protects privacy interests and civil liberties. And can share information with the private sector,” McCaul said. “Eighty percent of these threats reside in the private sector. And I think the private sector has a great responsibility to stand up to defend our domestic networks.”

McCaul’s comments regarding private sector accountability echo statements made by Director of National Intelligence James Clapper who testified Thursday in a Senate Armed Services Committee hearing on Russian hacking.

“I think the private sector needs to up its game on cybersecurity and not just wait for the government to provide perfect warning or a magic solution,” Clapper said.

In July, the White House rolled out Presidential Policy Directive 41, or PPD-41, a comprehensive policy framework that directly outlines the roles and responsibilities held by DHS, FBI and DoD as it pertained to cyberdefense and incident response. If Trump were to ultimately increase the DoD’s influence in this space it would counter not only McCaul’s recommendation but also that of the current White House.

McCaul said he plans to introduce legislation to reorganize the Homeland Security Department during Trump’s first year in office. The legislation would be packaged into the larger, pending House National Defense Authorization Act for fiscal year 2017, he said.

The post ‘A grave mistake’ — Rep. McCaul pushes back on Trump cyberdefense plan appeared first on FedScoop.

Rep. Will Hurd, R-Texas, worked in the CIA for 9 years, spending time as an undercover intelligence officer in both Afghanistan and Pakistan. He recently told CyberScoop that human intelligence — agents on the ground — would likely be necessary to make an accurate assessment concerning the motivation and intention of those individuals who ordered a digital break in at the Democratic National Committee.

“Having some of this evidence declassified, I think we need to be really careful because we’re talking about people’s lives. Whatever we decide, whatever we declassify, Russian intelligence will be studying it very closely,” Hurd said.

Evidence uncovered by the New York Times backs Hurd’s assumption, noting that “human and technical” sources in Russia aided the intelligence community’s conclusion that Russian intelligence forces were involved in the DNC data breach.

Hurd’s outreach comes as Congress is pressuring the White House to declassify additional material related to data breaches at multiple U.S. political organizations. The intelligence community’s analysis will be laden with information concerning the tactics, sources, tools and procedures used by U.S. spies to attribute cyberattacks, Hurd says. And that material must be handled with extreme caution.

On Friday, The White House revealed that President Barack Obama had recently commissioned U.S. intelligence agencies to compile a comprehensive report containing information about malicious cyber activity aimed at past presidential elections. Deputy press secretary Eric Schultz told journalists that that this report would be completed before inauguration day and shared with congress and potentially, in a redacted form, with the public.

In the scope of uncovering new evidence and having a more open discussion about the influence of Russian hacking — especially as it pertains to the presidential election — politicians will need to walk a tightrope between responsible disclosure and protecting valuable intelligence assets, former intelligence officials say.

There is also some doubt as to whether a high profile exposure of the alleged Russian hackers — known to cybersecurity experts as APT28 — will ultimately impact the group’s ability to conduct missions, according to FireEye Intelligence Analysis Manager Christopher Porter.

“There exists a common perception that exposure is always good or useful in degrading a cyber threat group’s operations … [but] Russia-based groups have shown notable resilience in continuing their operations in the face of exposure. APT28, for example, had its operations exposed more than 20 times between Oct. 2014 and Oct. 2015, and not only sustained operations but became increasingly bold,” explained Porter, a former CIA intelligence officer. “In many cases, operations were entirely uninterrupted because APT28 was able to tap into a seemingly endless armory of zero-days or to retool and shift its infrastructure within 24 hour.”

ATP28’s “resilience,” Porter told CyberScoop, is driven in part by the group’s ability to quickly adapt whenever new information about their targets becomes available.

The post Hurd to lawmakers on Russian hacking intel: ‘We need to be really careful’ appeared first on FedScoop.

House Homeland Security Committee Chairman Michael McCaul announced plans Wednesday to push for the creation of a new federal agency during the Trump administration that would consolidate the government’s disjoined cybersecurity efforts. He said the eventual launch of such an agency will be one of his highest priorities in 2017.

“Today we are fighting a silent war in cyberspace with unlimited fronts. A new frontier if you will. And this year was a watershed year. Nation states, criminals, hacktivisits and terrorists are infiltrating our networks,” McCaul, R-Texas, said at an event at The Heritage Foundation, a conservative D.C.-based think tank. “Some want to embarrass us, others seeks to copy our innovation, steal our nation’s secrets and even undermine the very foundations of our republic.”

McCaul has introduced more cybersecurity-focused legislation into the 114th Congress than any other House member.

“The enemy is winning in this war. Hackers have been making off with your financial data, your healthcare information and just weeks ago we saw them shutdown major websites like Paypal and Twitter,” said McCaul. “Such attacks are only a fraction of what is possible.”

The new agency would be housed within the Homeland Security Department; working in part to bridge an information sharing gap that currently exists between the private sphere and federal government.

McCaul, who was recently endorsed by current Homeland Security Secretary Jeh Johnson to become his successor, called the department “dysfunctional” — a “broken bureaucracy” plagued with low morale and a convoluted mission.

“We need to start treating network security as national security,” McCaul told the room full of policy experts, journalists, security consultants and Capitol Hill staffers. “I propose a major reorganization and consolidation of our domestic cyber efforts into a single strong cybersecurity agency at the Department of Homeland Security.”

A veteran lawmaker once believed to be a favorite for the secretary of Homeland Security position, it looked as if McCaul missed out on the selection just hours after appearing before cameras in Washington.

President-elect Donald Trump said he will nominate retired Marine Gen. John Kelly to head the department, according to multiple news outlets, including The Washington Post.

Referencing recent cyberattacks that have been attributed to Russia by DHS and the Office of the Director of National Intelligence, McCaul said the data breaches should be a “wake up call and call to action.” Though this statement appears to counter previous comments Trump has made about Russia’s activities in cyberspace, McCaul emphasized that more needs to be done to punish bad actors, and “there needs to be consequences for these actions.”

The post Influential Republican lawmaker proposes new cybersecurity-focused agency appeared first on FedScoop.