Crossroads Blog | CYBER SECURITY LAW AND POLICY

Criticism, cyber attack, Cyber Exploitation, Legislation, regulation, White House, wikileaks

Cyber Roundup: Cyberattacks withhout “any sense of restraint,” a draft cybersecurity EO which we “have no need for,” and more Operation Aurora

A survey of today’s cyber news . . .

***

Lily Kuo reported for Reuters on comments made by Debora Plunkett, the head of the NSA’s Information Assurance Directorate.  According to the article, Ms. Plunkett said that other nations are acting “reckless[ly],” using cyberattacks without “any sense of restraint.”  Ms. Plunkett contrasted these cyberattacks with the Cold War, where there was at least some sense of restraint even though opposing nations worked against each other.

Of course, the U.S. can’t really act with righteous indignation: if you believe the reports, we’re behind a number of “sophisticated offensive cyber operations” that have already been deployed.  Then again, are we acting “recklessly” and without “any sense of restraint” if we employ highly tailored cyberweapons, designed to avoid collateral damage, to stop a rouge nation’s nuclear program?

***

Jason Miller wrote for FederalNewsRadio.com on the proposed Obama administration cybersecurity EO.  Remember, when cybersecurity legislation recently failed in the Senate, the Obama administration mulled over the prospect of an EO with substantially the same provisions.  Federal News Radio apparently got a hold of a draft of the EO.

Miller wrote that “[t]he draft EO includes eight sections, including the requirement to develop a way for industry to submit threat and vulnerability data to the government.”  The EO follows the second iteration of Sens. Liberman and Collin’s cybersecurity legislation.  Moreover, the EO requires a cybersecurity council, headed by DHS, to appoint agencies to regulate U.S. critical infrastructure.

Check out the FederalNewsRadio.com article for a more in-depth look.

***

In reaction to the news of the draft EO order, Richard Stiennon argued for Forbes that “there is no need for a cybersecurity executive order.”  Stiennon believes that the EO would create a static barrier that hackers and cybercriminals could easily navigate around.  Indeed, “[t]he last thing we need is another hastily designed and open-to-interpretation framework.”  Rather than using an EO, we should note that the IT security industry has adapted and made great gains in threat-based cybersecurity.  Essentially, we should preserve flexibility to ensure that we can respond to a dynamic threat.

Stiennon referenced a  Heritage Foundation blog post by Steven Bucci which made substantially the same argument.

***

Jim Finkle reported for Reuters on the group behind Operation Aurora, that infamous cyberattack on Google.  According to Finkle, the good folks behind Operation Aurora are back at it, “launch[ing] hundreds of other cyber assaults since [2009]” and “focusing on U.S. defense companies and human rights groups.”  It’s widely assumed that these are China-based hackers.

***

Politico’s Josh Gerstein explained how the  Court of Appeals for the Armed Forces (CAAF) is set to hear arguments on whether the press and public can get access to records on Bradley Manning’s court martial.

Leave a Reply