The main U.S.-founded global cyber threat information sharing group for the financial services industry today launched a separate worldwide project focused on central banks and their overseers.
Those banks have become a prominent target: Last month, hackers made off with $15 million from Mexico’s central bank, and hackers famously victimized the Bangladesh Bank to the tune of $81 million in 2016. The Financial Services Information Sharing and Analysis Center, or FS-ISAC, calls its information sharing platform the CERES Forum, after CEntral banks, REgulators and Supervisory entities.
“Cyberthreats have become increasingly frequent, complex and sophisticated,” Bill Nelson, FS-ISAC president and chief executive officer, said in a statement. “Today, there is no dedicated forum or system for regulators, central banks and supervisors to share information on cyber and physical threats. The CERES Forum will bridge that gap with a platform that facilitates secure sharing of information about threats, vulnerabilities and incidences to stay ahead of crime.”
HAPPY MONDAY and welcome to Morning Cybersecurity! Your MC host has denied that he covers cyberpunk, but maybe there’s one exception. Send your thoughts, feedback and especially tips to firstname.lastname@example.org, and be sure to follow @POLITICOPro and @MorningCybersec. Full team info below.
NDAA AMENDMENTS MUSHROOM — Senators are introducing cybersecurity-related amendments to the fiscal 2019 defense policy bill (H.R. 5515)in droves. Russia sanctions, energy security and cybersecurity scholarships andeducation all have multiple offerings each. Some address specific threats or vulnerabilities, like the Signaling System No. 7 vulnerability, Internet of Things vulnerabilities and cell site simulators. Some tackle broad and specific policy questions, like overarching cybersecurity strategy, support to civilian authorities during an incident or cyber threat preparedness. And still others are institutional in nature, like an amendment on ground transportation to the Cyber Command/NSA headquarters at Fort Meade, another on cyber cooperation with Israel and yet another the structure of the Defense Information Systems Agency. MC went into detail on a number of other amendments here.
RUSSIAN ANTIVIRUS FIGHTER’S NEW MANEUVERS — Kaspersky Lab asked a U.S. court late last week for speedy consideration of its appeal of another court’s decision to uphold a federal agency ban on using its software. The company, which was founded in Moscow but has been trying to mitigate concerns about its ties to the Kremlin by moving some of its operations out of Russia, is seeking “expedited consideration” from the D.C. Court of Appeals. “This appeal should be expedited because the district court’s opinion is ‘subject to substantial challenge,’ delay will continue ‘to cause irreparable injury’ to Kaspersky Lab, and other ‘persons not before the Court have an unusual interest in prompt disposition,’” its motion read. Even as it combats the U.S. ban implemented by the Homeland Security Department and a broader pending ban ordered by Congress, the company faces fresh calls for a ban in Europe.
RUSSIA COZYING, CANADA CANING — Elsewhere on Moscow and cyber: President Donald Trump’s weekend hostilities with traditional allies while advocating Russia’s return to the G-7 to make it the G-8 again caught plenty of flack, and even appeared at odds with others in his administration. “Vladimir Putin chose to make Russia unworthy of membership in the G-8 by invading Ukraine and annexing Crimea. Nothing he has done since then has changed that most obvious fact,” said Sen. John McCain, one of a number of Republicans to offer a rebuke. “Every day, through assassinations, cyber-attacks, and malign influence, Russia is assaulting democratic institutions all over the world.”
Intelligence leaders past and present took a different tack. “The Russians are actively seeking to divide our alliance,” Director of National Intelligence Dan Coats said Friday at an overseas Atlantic Council speech, “and we must not allow that to happen.” Like others, he explicitly invoked Russia’s alleged election interference past and present. “It is 2018, and we continue to see Russian targeting of American society in ways that could affect our midterm elections,” Coats said. Michael Hayden, former NSA and CIA chief under President George W. Bush, respondedsimply to a tweet referencing Russia’s cyber posture toward the U.S. and Trump’s embrace of a Russia return to the G-8: “This is madness.”
BACK AT IT AGAIN — Chinese government hackers’ theft of data about the U.S. military’s experimental submarine weapons offers fresh evidence of China’s determination to thwart its adversaries by any means necessary. The Washington Post reported last week that hackers likely working for China’s Ministry of State Security stole “massive amounts of highly sensitive data related to undersea warfare” from a U.S. Navy contractor, saying the 614 gigabytes’ worth of files included “submarine radio room information relating to cryptographic systems” as well as data from sensors aboard Navy ships. China’s aggressive pursuit of secrets about U.S submarines reflects a key fact about the region: any confrontation taking place there between the U.S. and China would see the U.S. rely heavily on submarines, because China’s anti-submarine defenses are its least sophisticated measure.
Cyber research firms have seen Beijing’s hackers swipe secrets from a wide range of Western targets since Presidents Barack Obama and Xi Jinping agreed in late 2015 not to use their hackers to steal intellectual property to benefit their domestic industries. In March, FireEye flagged a group that concentrated on hacking “maritime-related targets across multiple verticals, including engineering firms, shipping and transportation, manufacturing, defense, government offices, and research universities.” The hacking team, which FireEye called TEMP.Periscope, also hit targets in the healthcare, technology, consulting and publishing industries.
The Navy declined to confirm the Post’s story in response to a request from POLITICO, telling Pro Defense’s Wesley Morgan, “there are measures in place that require companies to notify the government when a ‘cyber incident’ has occurred that has actual or potential adverse effects on their networks that contain controlled unclassified information.” The Navy said it would be “inappropriate to discuss further details at this time.”
A SIGNAL TO BE MORE CAREFUL — Journalists everywhere are evaluating digital security precautions after the Justice Department seized the communications records of a New York Times reporter and indicted one of her alleged sources after accessing their Signal communications. The DOJ charged James Wolfe, the former security director for the Senate Intelligence Committee, with lying to the FBI about his contacts with three reporters. The indictment was unsealed hours after news broke that authorities had obtained warrants to read the email and phone records of national security reporter Ali Watkins, with whom Wolfe had had a relationship. Significantly, the indictment cited Signal messages between Wolfe and an unidentified female reporter. In one exchange, Wolfe told the reporter that the intelligence panel had subpoenaed former Trump campaign adviser Carter Page.
“Using Signal does not guarantee that the government won’t be able to read conversations with your sources,” USA Today reporter Brad Heath warned his colleagues shortly after the news broke. Julian Sanchez of the Cato Institute followed up with advice for journalists and sources to avoid detection that doubled as a stark reminder of just how many breadcrumbs even the most cautious internet user leaves behind. “Not mentioning your source’s name isn’t good enough if you leave enough info for investigators to piece together a timeline in combination with other data,” he noted. “Did you say where you met? They can check cell logs and see that your source was there.”
There is no evidence that the government broke Signal’s encryption to read Wolfe’s messages, and cyber experts said the notion was extremely unlikely. The Washington Post, citing a person close to the Senate Intelligence Committee, reported that authorities “obtained so much material from Wolfe’s devices, they would not have needed to seize Watkins’s records to bring charges.” Many observers believe that authorities read the Signal messages on Wolfe’s devices, thus bypassing the encryption that shrouds the messages in transit. Experts urged journalists to use Signal’s disappearing messages feature in their chats with sources, though as Motherboard pointed out, that feature isn’t perfect.
KELLY ACKNOWLEDGES HACK — In a newly obtained email, former DHS secretary and current White House chief of staff John Kelly confirmed what POLITICO first reported last fall: He was hacked. “Then there is hacking which one of my own personal accounts has suffered recently,” he said in the email, which BuzzFeed got via a Freedom of Information Act lawsuit. “I do almost everything now by phone or face-to-face comms.” Ironically, Kelly was inveighing against FOIA and leaks. The email recipient’s name was redacted. Two DHS sources told the outlet it was another DHS official, which an agency spokesperson denied. POLITICO reported last October that Kelly’s phone may have been breached as far back as December of 2016, and that the breach was discovered in the summer of of 2017.
This article originally appeared on Politico.com