Was this forwarded to you? Sign up here.
Below: A Verizon subsidiary settles with the U.S. over allegations of an insecure internet product, and TikTok hires an auditor for its European data security plan. First:
As the chief of the National Security Agency and U.S. Cyber Command since 2018 who’s now waiting to hand over the reins to his successor, Gen. Paul Nakasone sits as a link between the past and future of cyber.
The threats of today look nothing like those of five years ago, he said at a conference on Tuesday. The organizations he’s helmed are grappling with the challenges of the future, Nakasone said, though there’s bound to be some overlap between now and what’s ahead.
“What’s changed is the security environment,” Nakasone said at the Billington Cybersecurity Summit. In 2018, everyone was focused on midterm election security and intellectual property theft. “Everything that we’ve seen since, we weren’t talking about in 2018.”
Pointing to some of the forthcoming challenges, NSA and Cyber Command have completed studies about how they will be using artificial intelligence going forward, Nakasone said.
Compared to now, prioritizing defenses for the 2018 midterms and the threat of cybertheft of trade secrets seem pretty distant, Nakasone pointed out. (The former of course seems that way because it was so specific to that point in time.)
The threat landscape has changed to a focus on China and Russia, he said. He called China “our pacing challenge,” and Russia an “acute threat.” However, he touted the United States’s work countering Russian information operations in Ukraine by declassifying sensitive information about those operations, making it harder for them to be effective.
And the policies and structures for dealing with those cyberthreats have changed a great deal, too. He mentioned some of the significant shifts:
- The Cybersecurity and Infrastructure Security Agency didn’t exist in its current form until near the end of 2018, and it now plays a much larger role for the feds on cyber.
- Likewise, the Cyberspace Solarium Commission didn’t issue its major report until 2020. Many of the congressionally established panel’s recommendations have since been enacted, such as creation of an Office of the National Cyber Director. The report has also inspired some related ideas, such as CISA’s Joint Cyber Defense Collaborative to hone cooperation between the government and private sector.
As for the NSA and Cyber Command, “What we do hasn’t changed,” Nakasone said — collecting electronic communications, say, and cyberspace operations, respectively. “But how we do it has changed dramatically.” Examples include expansion of operations into other countries for Cyber Command, and the creation of NSA’s Cybersecurity Collaboration Center.
A broader realization now is that “cybersecurity is national security,” as Nakasone and others have taken to saying. “If I had said that in 2018, it would’ve raised some eyebrows,” he said. But ransomware threats, supply-chain threats and other threats have risen to new heights.
One constant, Nakasone predicted, will be China — both as a cybersecurity threat and a general intelligence problem. The United States will have to reckon with Beijing for generations, Nakasone said.
Next biggest #cyber challenge for US – “intense competition with #China for a long time” per @CYBERCOM_DIRNSA
“This is what we will deal with. This is what our children will deal with & what our children’s children will deal with”
— Jeff Seldin (@jseldin)
For the near-term, Nakasone hammered home the Biden administration message that Congress needs to reauthorize a set of expiring surveillance authorities that the administration views as essential to intelligence collection, especially for cybersecurity. Many lawmakers from both parties are skeptical of the so-called Section 702 powers due to how the snooping indirectly affects Americans.
Like the rest of the United States and the private sector at large, the NSA and Cyber Command are dealing with cyber workforce shortages. Nakasone said their approach has to change on how they recruit, train and keep personnel.
Is the NSA challenged by the cyber workforce shortage?
“Of course we’re challenged,” Nakasone says. “Everyone is challenged.”
We have to “think differently” about recruiting and training, he says, noting that the NSA is trying to improve things like onboarding and wellbeing.
— Eric Geller (@ericgeller)
Cybersecurity also hasn’t avoided getting swept up into the broad debate over artificial intelligence.
- Even though Nakasone’s agencies have been dealing with AI for a long time, they recently completed studies on how they would use AI in the future, he said. Past NSA uses include harnessing AI for signals intelligence, and possible future uses include business processes, he said.
- Cyber Command also owes Congress a five-year plan on AI that it has ready, he said.
Nakasone is poised to leave the helm of the NSA and Cyber Command if and when Lt. Gen. Timothy Haugh, who was nominated by President Biden to succeed Nakasone, gets confirmed.
While it’s not clear when a Senate standoff over abortion and the military will clear the way for Haugh to take over for Nakasone, Nakasone is confident of a bright future for the agencies he’s due to depart.
“I’m very optimistic,” he said.
Verizon subsidiary Verizon Business Network Services (VBNS) will pay the U.S. government $4.1 million to settle allegations that the telecommunications giant failed to fully satisfy cybersecurity controls as part of a government effort to supply IT services to federal agencies, the Justice Department announced Tuesday.
The payment resolves allegations under the False Claims Act that the company did not completely comply with a trio of required cybersecurity controls needed for General Services Administration’s (GSA) internet contracts between 2017 and 2021. The VBNS product in question, its Managed Trusted Internet Protocol Service, seeks to provide secure internet connectivity for users on public-facing or other external networks.
- “When government contractors fail to follow required cybersecurity standards, they may jeopardize the security of sensitive government information and information systems,” Deputy Assistant Attorney General Michael Granston of the Justice Department’s Civil Division’s Commercial Litigation Branch said in a statement.
- VBNS cooperated with a government investigation and “prompt and substantial remedial measures,” the Justice Department said. “After learning of the issues, Verizon provided the government with a written self-disclosure, initiated an independent investigation and compliance review of the issues and provided the government with multiple detailed supplemental written disclosures,” the department said.
- VBNS said it “proactively identified and disclosed” a potential issue with a service to GSA in 2020, Reuters reports. The company said the potential issue didn’t lead to any data breaches, per Reuters.
- The settlement agreement signed by attorneys for VBNS and the U.S. government states that the agreement “is neither an admission of liability by Verizon nor a concession by the United States that its claims are not well founded.”
Analysts say that a surprise unveiling of a new Huawei smartphone last week could prompt Washington officials to tighten technology curbs against China, .
The Mate 60 Pro unveiling that timed with Commerce Secretary Gina Raimondo’s visit to China this past week has signaled Beijing has been able to circumvent several rounds of U.S. tech sanctions implemented over the past year.
- The phone “is powered by its proprietary chip Kirin 9000s and manufactured by the country’s top contract chipmaker SMIC using an advanced 7 nanometre (nm) technology,” according to the report which cites an analysis by Ottawa-based TechInsights.
- China has also announced a $40 billion state-backed investment fund to shore up its domestic chip production, Reuters reported Tuesday.
The Mate 60 “demonstrates the technical progress China’s semiconductor industry has been able to make without EUV tools,” said TechInsights analyst Dan Hutcheson, referring to extreme ultraviolet lithography tools that are used to craft integrated circuits.
While the new device signals China’s resilience to chipmaking curbs, “At the same time, it is a great geopolitical challenge to the countries who have sought to restrict its access to critical manufacturing technologies,” Hutcheson added. “The result may likely be even greater restrictions than what exist today.”
President Biden last month signed an executive order curbing U.S. investment flows to key tech sectors in China, a move that seeks to blunt Beijing’s military and intelligence capabilities in quantum computing, AI and advanced semiconductors. China has retaliated against what is widely believed to be previous U.S. export controls by limiting global markets’ access to its abundant supply of rare earth metals needed for chipmaking.
TikTok hired U.K. IT security firm NCC Group to oversee the company’s European data protection plan that seeks to ease Chinese spying fears, ’s Thomas Seal reports.
NCC will “assess security, audit flows of data in and out of the continent, and report incidents,” according to emailed remarks to Bloomberg from Theo Bertram, TikTok’s VP of public policy in Europe.
- TikTok is rolling out a European framework called Project Clover that aims to assuage concerns about Beijing’s access to European users’ data, which is now being ported over to a data center in Dublin.
- The company is also building out additional server farms in Ireland and Norway, according to the report.
- The move is similar to the U.S.-based Project Texas that would repackage TikTok’s U.S. operations into a new subsidiary overseen by the U.S. government. It has seen pushback from lawmakers on both sides of the aisle.
TikTok has come under scrutiny from the U.S. and other Western governments because of national security concerns and the company’s alleged ties to the Chinese central government. TikTok and the Committee on Foreign Investment in the United States are negotiating a potential agreement.
The Biden administration is supporting a bill that would allow the Commerce Department to evaluate the security risks of foreign technologies like TikTok and make recommendations about whether they should be banned. One senator is working on an alternative measure that she says takes a more balanced approach to foreign tech concerns.
- Jen Easterly, Bob Costello, Nathaniel Fick and other U.S. cyber officials speak at the Billington Cybersecurity Summit in D.C. throughout this week.
- DHS Undersecretary for Intelligence and Analysis Kenneth Wainstein speaks with the Atlantic Council at 11:30 a.m.
- The Institute of World Politics convenes a cyber intelligence seminar at 6 p.m.
A groundhog named Chunk has been stealing a farmer’s crop from Delaware for 4 years, and eats it right in front of a surveillance camera.
pic.twitter.com/jAMiwu0kh9
— BAY AREA STATE OF MIND (@YayAreaNews)
Thanks for reading. See you tomorrow.
This content was originally published here.