The Pentagon’s decision to restrict the sales of certain Chinese-produced cellphones at U.S. military bases shows government leaders are increasingly worried about potential gateways for cyberattacks or digital surveillance on U.S. citizens and assets, Martin reports.
Removing Huawei and ZTE phones from bases follows Homeland Security’s mandate that federal agencies strip software developed by Moscow-based Kaspersky Lab from government computers. President Donald Trump is reportedly weighing an executive order that would further hamper Huawei, ZTE and other Chinese technology companies from selling equipment inside the U.S.
Worries about exposing sensitive personal information via technology is bubbling up for a variety of reasons, including concerns “over subversion on a whole new level,” according to Peter Singer, a senior fellow at the New America Foundation. “Cybersecurity concerns have been tough enough … but they’ve all been about adversaries attempting to hack or manipulate an already created system,” he said. “But there’s growing concerns about the underlying DNA of the digital systems themselves and how they might be compromised.”
Regardless of what action the administration takes, it’s clear Trump will have the backing of congressional Republicans, as several members offered statements backing the Pentagon’s directive. Rep. Robert Pittenger, who included an amendment in last year’s defense policy bill that bars the Pentagon from doing business with telecommunications firms that have provided services to North Korea or aided the regime’s cyber program, said he was “grateful to have a president who will stand up against blatant Chinese surveillance efforts through these corporations.” Pros can read the full story here.
HAPPY FRIDAY and welcome to Morning Cybersecurity! WikiLeaks founder Julian Assange and former Baywatch star Pamela Anderson are buds who talk about … the Bible. In the same interview, she also ducked questions about whether she dated Russian President Vladimir Putin. Hmmmm. Send your thoughts, feedback and especially tips to firstname.lastname@example.org, and be sure to follow @POLITICOPro and @MorningCybersec. Full team info below.
FAIR WINDS AND FOLLOWING (CYBER) SEAS — Army Lt. Gen. Paul Nakasone officially takes over today as U.S. Cyber Command head and NSA director. Last month the Senate unanimously confirmed the current Army Cyber Command chief to take the reins from retiring Navy Adm. Mike Rogers, who served as the “dual-hat” leader of both organizations for about four years. Nakasone, who possesses a deep background in cyberwarfare and is widely liked in military and cybersecurity circles, sailed through his confirmation hearings. In particular, he told the Senate Armed Services Committee that the U.S. must “impose costs” on its digital adversaries and said countries that launch cyberattacks on the U.S. aren’t afraid of retaliation.
Nakasone “will play a critical role in everything from training our cyber warriors, and advocating for more cybersecurity resources, to planning and conducting cyber operations,” DoD spokeswoman Dana White said Thursday at a press conference. “The cyber domain will define the next century of warfare. Just as our military must be prepared to defend our nation against hostile acts from land, air and sea, we must also be prepared to deter, and if necessary, respond to hostile acts in cyberspace.”
Nakasone succeeds Rogers, who took over the NSA in the wake of Edward Snowden’s shocking disclosures about the agency’s secret spying tools. The revelations sparked an ongoing debate about the scope of government surveillance, while leaks have continued to rattle the clandestine agency. Cyber Command, which is co-located with NSA at Fort Meade, is undergoing an upheaval of its own as officials work to elevate it to a “unified combatant command” and potentially separate it from the NSA. Nakasone promised lawmakers he would make a recommendation about splitting the two organizations to Defense Secretary Jim Mattis and Director of National Intelligence Dan Coats within 90 days of his confirmation.
MCCAIN UPS THE ANTE — In his new book, Senate Armed Services Chairman John McCain advocates for the U.S. to “seriously consider” a cyberattack on Russia. As Defense News first reported Thursday, McCain believes it’s the best way to retaliate against Russia’s alleged 2016 election meddling, and to dissuade Russian President Vladimir Putin from doing it again. “To make Putin deeply regret his assault on the foundation of our democracy — free and fair elections — we should seriously consider retaliating with the kinds of weapons he used,” McCain writes. “We have cyber capabilities too. They should be used to expose the epic scale of his regime’s corruption or to embarrass [Putin] in other ways.”
McCain has long pressed both the Obama and Trump administrations to formulate a cyberwar strategy and pushed for additional sanctions against Russia. He called Moscow’s alleged 2016 digital interference an “act of war.”
CLEANUP ON AISLE TWO — Trump fired former FBI Director James Comey because Comey wouldn’t tell the president that he wasn’t a target of the Russia investigation, according to former New York City Mayor Rudy Giuliani. “He fired Comey because Comey would not, among other things, say that he wasn’t a target of the investigation,” Giuliani, who is now part of Trump’s legal team handling the Russia probe, told Fox News’ Sean Hannity on Wednesday night. “He’s entitled to that.” He went on to say that Comey “had no answer for why he didn’t say this, even though he had done the same thing for Hillary.” The comments mirror Trump’s own explanation for the firing last May. “When I decided to just do it, I said to myself … you know, this Russia thing with Trump and Russia is a made-up story,” Trump told NBC’s Lester Holt.
LOCKING ARMS, ARMING LOCKS — The Trump administration is giving Ukraine an additional $5 million to help it fend off cyberattacks, the State Department announced Wednesday. The U.S. gave the same amount for the country’s cyber defense last year. Ukraine has faced an onslaught of digital attacks on its power grid from the Russian government, and bore the brunt of last year’s highly destructive NotPetya malware attack, for which the Trump administration and its allies blamed Russia. The U.S. and Ukraine have recently stepped up their cyber engagement, holding the first bilateral dialogue on the subject last September. And lawmakers have pushed bills to increase cooperation. “The threat from #Russia is real,” State Department spokeswoman Heather Nauert tweeted. “Our commitment to #Ukraine is unbending.”
PLEASANT NAME, UNPLEASANT SPYING TOOL — Kaspersky Lab on Thursday revealed what it called a sophisticated cyber espionage campaign targeting Android users in the Middle East. “Using legitimate websites as sources of infection, the campaign appears to be a nation-state backed operation aimed at political organizations, activists and other targets based in the region,” the company wrote in a blog post. Dubbed “ZooPark,” the campaign has been active for “several years,” according to the company. A spokesperson for Kaspersky told MC that the company could not confirm who specifically was behind the malware.
A LITTLE BIRD TOLD ME (TO CHANGE MY PASSWORD) — A bug exposed Twitter users’ login credentials Thursday, the company said, promptingthe social media giant to warn its more than 300 million users to change their passwords. “When you set a password for your Twitter account, we use technology that masks it so no one at the company can see it,” the company said in a blog post. “We recently identified a bug that stored passwords unmasked in an internal log. We have fixed the bug, and our investigation shows no indication of breach or misuse by anyone.” As many an email in your MC host’s inbox noted, Thursday was “World Password Day.”
ADVANCED PROTECTION ADVANCEMENTS — A Google security program aimed at safeguarding high-profile hacking targets like journalists and political campaign teams now supports Apple applications, too. “To protect you from accidentally sharing your most sensitive data with fraudulent apps or web services, Advanced Protection places automatic limits on which apps can gain access to your Google data,” Dario Salice, the product’s manager, wrote in a blog post Thursday. “Before today, this meant that only Google applications were able to access your data if you were enrolled in the program.” Now, iOS users can enroll without having to adjust how they use Google services on their devices, Salice wrote.
This article originally appeared on Politico.com