Category Archives: Cybersecurity

Obama Levels Sanctions at Russia in Response to Interfering in Election, Harassing Diplomats

Russian President Vladimir Putin, at the 2014 Olympics in Sochi. The US has evidence that Putin was directly involved in orchestrating cyber attacks and information dissemination intended to tilt the US election toward Donald Trump’s victory. Trump has dismissed the unified analysis of more than a dozen US intelligence agencies and has indicated he would be a close ally of Putin or as Hillary Clinton put it during the campaign, “Putin’s Puppet.”© 2016 Karen Rubin/news-photos-features.com
Russian President Vladimir Putin, at the 2014 Olympics in Sochi. The US has evidence that Putin was directly involved in orchestrating cyber attacks and information dissemination intended to tilt the US election toward Donald Trump’s victory. Trump has dismissed the unified analysis of more than a dozen US intelligence agencies and has indicated he would be a close ally of Putin or as Hillary Clinton put it during the campaign, “Putin’s Puppet.”© 2016 Karen Rubin/news-photos-features.com

By Karen Rubin, News & Photo Features

Today, President Obama authorized a number of actions in response to the Russian government’s aggressive harassment of U.S. officials and cyber operations aimed at the U.S. election in 2016.  “Russia’s cyber activities were intended to influence the election, erode faith in U.S. democratic institutions, sow doubt about the integrity of our electoral process, and undermine confidence in the institutions of the U.S. government.  These actions are unacceptable and will not be tolerated,” the White House stated.

“Today, I have ordered a number of actions in response to the Russian government’s aggressive harassment of U.S. officials and cyber operations aimed at the U.S. election,” President Obama stated . These actions follow repeated private and public warnings that we have issued to the Russian government, and are a necessary and appropriate response to efforts to harm U.S. interests in violation of established international norms of behavior.

“All Americans should be alarmed by Russia’s actions. In October, my Administration publicized our assessment that Russia took actions intended to interfere with the U.S. election process.  These data theft and disclosure activities could only have been directed by the highest levels of the Russian government. Moreover, our diplomats have experienced an unacceptable level of harassment in Moscow by Russian security services and police over the last year.  Such activities have consequences.  Today, I have ordered a number of actions in response.”

The President issued an executive order that expands upon his authority to respond to certain cyber activity that seeks to interfere with or undermine our election processes and institutions, or those of our allies or partners.

Using this new authority, Obama sanctioned nine entities and individuals:  the GRU and the FSB, two Russian intelligence services; four individual officers of the GRU; and three companies that provided material support to the GRU’s cyber operations.  In addition, the Secretary of the Treasury is designating two Russian individuals for using cyber-enabled means to cause misappropriation of funds and personal identifying information.  The State Department is also shutting down two Russian compounds, in Maryland and New York, that the government charges were being used by Russian personnel for intelligence-related purposes. Also, the State Department is declaring “persona non grata” 35 Russian intelligence operatives who will have to leave the US within 72 hours.

Finally, the Department of Homeland Security and the Federal Bureau of Investigation are releasing declassified technical information on Russian civilian and military intelligence service cyber activity –including the codes and IP addresses – to help network defenders in the United States and abroad identify, detect, and disrupt Russia’s global campaign of malicious cyber activities.

“These actions are not the sum total of our response to Russia’s aggressive activities,” the President added. “We will continue to take a variety of actions at a time and place of our choosing, some of which will not be publicized. In addition to holding Russia accountable for what it has done, the United States and friends and allies around the world must work together to oppose Russia’s efforts to undermine established international norms of behavior, and interfere with democratic governance. To that end, my Administration will be providing a report to Congress in the coming days about Russia’s efforts to interfere in our election, as well as malicious cyber activity related to our election cycle in previous elections.”

As for the timeline, senior administration officials, answering journalists’ questions, stated:

“Our first priority was publicly disclosing the information – it was most important to make public what we knew – and we did that October 7. That was a unique if not unprecedented step to come out with the common view of US intelligence agencies that a foreign power was influencing our election. We also wanted to give warning directly to the Russians, in public and in private, numerous times, that we knew what they were doing and were preparing a response. We wanted them to absorb that message and have that affect their behavior. We were concerned about securing the election – and there is no evidence that the Russians tampered with the vote. The priority for our cybersecurity efforts was to make sure our election was secure. But the material that had been hacked and was being released – it was not like that genie could be put back in the bottle. We were putting this together in context with [hacked] information being shared, publicly released and reported on by the news media. We wanted to do [respond] as methodically as possible: what we could do with sanctions, with diplomats, with the Joint Analysis Report (JAR), and preparing other elements.”

They added that it takes considerable time to put together a package of sanctions – you need to have the evidence sufficient to stand up in court to justify the actions.

“Sanctions packages are time consuming – establishing the basis, then finding the target list. JAR itself is complex procedure as putting together info we can share publicly that provides the best possible guidance about what we know – and response to harassment [of our diplomats] is something focusing on for some time.”

The incoming administration, under Donald Trump, has dismissed the allegations. Trump stated that “we should just get on with our lives,” and signaled he would undo sanctions leveled against Putin, including the sanctions that were put into place after Russia annexed Crimea and engaged in hostilities intended to overthrow the Ukrainian government.

But the Administration officials, pointing to “flagrant violation of norms” that have also seen in interference in our election as well as a level of harassment of US diplomats in Russia – one even being assaulted by a Russian police officer – along with malicious cyber attacks that have been leveled against critical American infrastructure and American companies. to a level that is unprecedented during in the post-Cold War era and has been developing over a period of years,” threaten national security and democratic regimes.

“There is no debate in the US administration: it is a fact that Russia interfered in our democratic election. We have established that to our satisfaction. We would never expect Russia to acknowledge what they did, don’t do it; still deny they are interfering in Ukraine. We say to journalists, look at what they say and what they do. This is a country that has intervened in sovereign country even though can see – bombed civilians, but they deny it. It is not a ‘he said/she said’ situation.  There are facts.”

“We have one president at a time. President Obama will execute the duties of his office until January 20. He’s acting on what he believes is in best interest of the United States.”

There are any number of actions that we’re taking that will [fall to next administration]. .When a new administration takes office, entirely in their judgment a to whether to continue the course we set in number of areas.

“But Russian actions have been sustained over an extended period of time, and by any definition, are against our national interest, not just the interests of this president – harassment of our diplomats is a direct threat of ability of US to conduct diplomacy. Interference with our election is a pattern we see in other western democracies, including some of our closest allies. Malicious cyber targeting of American critical infrastructure would be of concern to future administrations.

“We know from our own consultations this is of concern to American business, and we would expect future administrations to be concerned about the impact on the American economy of Russian cyber activity.  We are taking these actions because of pattern of behavior of period of time, replicated in other countries. We believe is the right approach to take.

“We’re taking these actions consistent with our assessment of what Russia has done – they have been interfering in both the American democratic process and in the conduct of American diplomacy. That should concern all Americans and members of both parties – a sustained effort to both harass our diplomatic personnel and interfere in our democratic process. We have no reason to believe that Russia’s activities will cease – they have been engaged in malicious cyber activity not just here in the United States but in other democratic countries. One reason to sustain [these] activities is that there is every reason that Russia will continue to interfere… These are executive actions. If a future president decided to allow in Russian intelligence agents, reopen those diplomatic compounds that are being used for intelligence, that compromises US national security.”

Here are the details from the White House:

Sanctioning Malicious Russian Cyber Activity

In response to the threat to U.S. national security posed by Russian interference in our elections, the President has approved an amendment to Executive Order 13964.  As originally issued in April 2015, this Executive Order created a new, targeted authority for the U.S. government to respond more effectively to the most significant of cyber threats, particularly in situations where malicious cyber actors operate beyond the reach of existing authorities.  The original Executive Order focused on cyber-enabled malicious activities that:

  • Harm or significantly compromise the provision of services by entities in a critical infrastructure sector;
  • Significantly disrupt the availability of a computer or network of computers (for example, through a distributed denial-of-service attack); or
  • Cause a significant misappropriation of funds or economic resources, trade secrets, personal identifiers, or financial information for commercial or competitive advantage or private financial gain (for example, by stealing large quantities of credit card information, trade secrets, or sensitive information).

The increasing use of cyber-enabled means to undermine democratic processes at home and abroad, as exemplified by Russia’s recent activities, has made clear that a tool explicitly targeting attempts to interfere with elections is also warranted.  As such, the President has approved amending Executive Order 13964 to authorize sanctions on those who:

  • Tamper with, alter, or cause a misappropriation of information with the purpose or effect of interfering with or undermining election processes or institutions.

Using this new authority, the President has sanctioned nine entities and individuals:  two Russian intelligence services (the GRU and the FSB); four individual officers of the GRU; and three companies that provided material support to the GRU’s cyber operations.

  • The Main Intelligence Directorate (a.k.a. Glavnoe Razvedyvatel’noe Upravlenie) (a.k.a. GRU) is involved in external collection using human intelligence officers and a variety of technical tools, and is designated for tampering, altering, or causing a misappropriation of information with the purpose or effect of interfering with the 2016 U.S. election processes.
  • The Federal Security Service (a.k.a. Federalnaya Sluzhba Bezopasnosti) (a.k.a FSB) assisted the GRU in conducting the activities described above.
  • The three other entities include the Special Technology Center (a.k.a. STLC, Ltd. Special Technology Center St. Petersburg) assisted the GRU in conducting signals intelligence operations; Zorsecurity (a.k.a. Esage Lab) provided the GRU with technical research and development; and the Autonomous Noncommercial Organization “Professional Association of Designers of Data Processing Systems” (a.k.a. ANO PO KSI) provided specialized training to the GRU. 
  • Sanctioned individuals include Igor Valentinovich Korobov, the current Chief of the GRU; Sergey Aleksandrovich Gizunov, Deputy Chief of the GRU; Igor Olegovich Kostyukov, a First Deputy Chief of the GRU; and Vladimir Stepanovich Alexseyev, also a First Deputy Chief of the GRU.

In addition, the Department of the Treasury is designating two Russian individuals,Evgeniy Bogachev and Aleksey Belan, under a pre-existing portion of the Executive Order for using cyber-enabled means to cause misappropriation of funds and personal identifying information.

  • Evgeniy Mikhailovich Bogachev is designated today for having engaged in significant malicious cyber-enabled misappropriation of financial information for private financial gain.  Bogachev and his cybercriminal associates are responsible for the theft of over $100 million from U.S. financial institutions, Fortune 500 firms, universities, and government agencies.
  • Aleksey Alekseyevich Belan engaged in the significant malicious cyber-enabled misappropriation of personal identifiers for private financial gain.  Belan compromised the computer networks of at least three major United States-based e-commerce companies.

Responding to Russian Harassment of U.S. Personnel 

Over the past two years, harassment of our diplomatic personnel in Russia by security personnel and police has increased significantly and gone far beyond international diplomatic norms of behavior.  Other Western Embassies have reported similar concerns.  In response to this harassment, the President has authorized the following actions:

  • Today the State Department declared 35 Russian government officials from the Russian Embassy in Washington and the Russian Consulate in San Francisco “persona non grata.”  They were acting in a manner inconsistent with their diplomatic status. Those individuals and their families were given 72 hours to leave the United States.
  • In addition to this action, the Department of State has provided notice that as of noon on Friday, December 30, Russian access will be denied to two Russian government-owned compounds, one in Maryland and one in New York.

Raising Awareness About Russian Malicious Cyber Activity

The Department of Homeland Security and Federal Bureau of Investigation are releasing a Joint Analysis Report (JAR) that contains declassified technical information on Russian civilian and military intelligence services’ malicious cyber activity, to better help network defenders in the United States and abroad identify, detect, and disrupt Russia’s global campaign of malicious cyber activities.

  • The JAR includes information on computers around the world that Russian intelligence services have co-opted without the knowledge of their owners in order to conduct their malicious activity in a way that makes it difficult to trace back to Russia. In some cases, the cybersecurity community was aware of this infrastructure, in other cases, this information is newly declassified by the U.S. government.
  • The report also includes data that enables cybersecurity firms and other network defenders to identify certain malware that the Russian intelligence services use.  Network defenders can use this information to identify and block Russian malware, forcing the Russian intelligence services to re-engineer their malware.  This information is newly de-classified.
  • Finally, the JAR includes information on how Russian intelligence services typically conduct their activities.  This information can help network defenders better identify new tactics or techniques that a malicious actor might deploy or detect and disrupt an ongoing intrusion.

This information will allow network defenders to take specific steps that can often block new activity or disrupt on-going intrusions by Russian intelligence services.  DHS and FBI are encouraging security companies and private sector owners and operators to use this JAR and look back within their network traffic for signs of malicious activity. DHS and FBI are also encouraging security companies and private sector owners and operators to leverage these indicators in proactive defense efforts to block malicious cyber activity before it occurs. DHS has already added these indicators to their Automated Indicator Sharing service.

“Cyber threats pose one of the most serious economic and national security challenges the United States faces today.  For the last eight years, this Administration has pursued a comprehensive strategy to confront these threats.  And as we have demonstrated by these actions today, we intend to continue to employ the full range of authorities and tools, including diplomatic engagement, trade policy tools, and law enforcement mechanisms, to counter the threat posed by malicious cyber actors, regardless of their country of origin, to protect the national security of the United States,” the White House stated.

______________

© 2016 News & Photo Features Syndicate, a division of Workstyles, Inc. All rights reserved. For editorial feature and photo information, go to www.news-photos-features.com, email editor@news-photos-features.com. Blogging at  www.dailykos.com/blogs/NewsPhotosFeatures.  ‘Like’ us on facebook.com/NewsPhotoFeatures, Tweet @KarenBRubin

 

Obama: ‘Cybersecurity is One of the Greatest Challenges We Face as a Nation’

What role did Russia play in affecting the outcome of the 2016 Presidential Election?  President Obama is launching an investigation © 2016 Karen Rubin/news-photos-features.com
What role did Russia play in affecting the outcome of the 2016 Presidential Election? President Obama is launching an investigation © 2016 Karen Rubin/news-photos-features.com

President Barack Obama has just ordered intelligence agencies to review cyber attacks and foreign intervention into the 2016 election and deliver a report before he leaves office on Jan. 20, homeland security adviser Lisa Monaco said on Friday. Monaco told reporters the results of the report would be shared with lawmakers and others.

National intelligence agencies have indicated strong evidence that Russian state-actors, already implicated in the hacking of the Democratic National Committee and in election rolls in some states, intruded into the presidential election – a horrifying attack on American independence and democracy. Donald Trump, the beneficiary of the interference, has dismissed any notion that Russia was involved – particularly since it would have acknowledged that Russia preferred Trump to win – saying in one of the debates that it could just have easily have been a fat lady sitting on her bed. Trump has also refused to sit in on national security briefings. Cybersecurity has been a concern for this administration. Obama issued this statement on the Report of the Commission on Enhancing National Cybersecurity – Karen Rubin, News & Photo Features

In February of this year, I directed the creation of a nonpartisan Commission on Enhancing National Cybersecurity, charging it with assessing the current state of cybersecurity in our country and recommending bold, actionable steps that the government, private sector, and the nation as a whole can take to bolster cybersecurity in today’s digital world.  Yesterday, the members of the Commission – leaders from industry and academia, many with experience in government – provided their findings and recommendations to me.  And earlier today I met with the Commission’s Chair, Tom Donilon, to discuss how we as a country can build on the Commission’s work and enhance our cybersecurity over the coming years.  I want to thank the Commission members for their hard work and for their thoughtful and detailed recommendations.  I am confident that if we implement the Commission’s recommendations, our economy, critical infrastructure, and national security will be better equipped to thrive in the coming years.

The Commission’s report makes clear that cybersecurity is one of the greatest challenges we face as a nation.  That is why I have consistently made cybersecurity a top national security and economic security priority, reflected most recently by the Cybersecurity National Action Plan I announced in February and my 2017 Budget, which called for a more than 35 percent  increase in Federal cybersecurity resources.

During my Administration, we have executed a consistent strategy focused on three priorities:

  1. Raising the level of cybersecurity defenses in the public and private sectors;
  2. Deterring and disrupting malicious cyber activity aimed at the United States or its allies; and
  3. Effectively responding to and recovering from cybersecurity incidents when they occur.

To strengthen our cybersecurity defenses across the country, in 2013 we convened experts from industry, academia and civil society to create the National Institute of Standards and Technology (NIST) Cybersecurity Framework.  As the Commission notes, the Framework has become the gold standard for cybersecurity risk management, and I wholeheartedly support the Commission’s recommendations to expand its usage in the Federal government, the private sector, and abroad.  We encouraged the formation of information sharing and analysis organizations, worked with Congress to enact tailored liability protections for private sector entities that share threat information with the government, and took steps to automate information sharing.  As the Commission calls for, we launched public campaigns to promote cybersecurity awareness among consumers, including the “Lock Down Your Login” campaign encouraging consumers to better secure their identities online.  We have given consumers more tools to secure their financial future by assisting victims of identity theft, improved the government’s payment security, and accelerated the transition to next-generation payment security.  We have invested in cybersecurity research and development to lay the groundwork for stronger cyber defenses in the future.  And I have clarified the roles and responsibilities of Federal agencies in responding to significant cyber incidents by issuing a new directive codifying eight years of lessons learned from incident response.

To strengthen government cybersecurity, we created the first-ever federal Chief Information Security Officer and drove dramatic improvements in Federal agencies’ use of strong authentication and in critical vulnerability patching.  We have pushed to reduce the Federal government’s reliance on legacy technologies, proposing an innovative $3.1 billion fund to modernize costly and vulnerable information technology (IT) systems – a fund that the Commission proposes to expand.  We updated the guidance for Federal agency IT management, cybersecurity, and privacy, introducing the kind of coordination that the Commission calls for.  Agencies are increasingly centralizing their cybersecurity efforts and relying on the Department of Homeland Security (DHS) for shared services like vulnerability detection, network discovery and monitoring, intrusion detection and prevention, and cybersecurity assessments of high priority IT systems.  Consolidating DHS’ cybersecurity and infrastructure protection missions within a single DHS line agency – as my Administration has proposed, and as the Commission recommends – would further strengthen DHS’ ability to support Federal and critical infrastructure cybersecurity.  Finally, consistent with the Commission’s emphasis on improving the Nation’s cybersecurity workforce, my Administration has issued a comprehensive workforce strategy and has hired more than 6,000 new cybersecurity professionals in the Federal government in 2016 alone.

As the Commission recognizes, we have championed the application of international law to cyberspace; promoted voluntary international norms of state behavior during peacetime, securing over 30 countries’ commitment to these norms in the G20 and other international fora; and committed to confidence building measures to reduce escalation risk.  We have secured commitments from China and other nations to oppose cyber-enabled theft of intellectual property and business secrets for commercial gain, sought to modernize the Mutual Legal Assistance process, and submitted legislation to enable greater cross-border data sharing between law enforcement agencies – another effort the Commission strongly supports.  We have developed additional tools and cyber capabilities to deter and disrupt malicious cyber activity aimed at the United States.  Finally, we created the Cyber Threat Intelligence Integration Center to ensure that there is a single government-wide source for integrated intelligence assessments on cyber threats.

In total, the Commission’s recommendations affirm the course that this Administration has laid out, but make clear that there is much more to do and the next Administration, Congress, the private sector, and the general public need to build on this progress.  Deepening public-private cooperation will help us better protect critical infrastructure and respond to cyber incidents when they occur.  Expanding the use of strong authentication to improve identity management will make all of us more secure online.  Increasing investments in research and development will improve the security of products and technologies.  Investing in human capital, education, and the productivity of the cybersecurity workforce will ensure that this country’s best and brightest are helping us stay ahead of the cybersecurity curve.  Continuing to prioritize and coordinate cybersecurity efforts across the Federal government will ensure that this critical challenge remains a top national security priority.  And furthering the promotion of international norms of responsible state behavior will ensure that the global community is able to confront the ever-evolving threats we face.

The Commission’s recommendations are thoughtful and pragmatic. Accordingly, my Administration strongly supports the Commission’s work, and we will take additional action wherever possible to build on the work my Administration has already undertaken and to make progress on its new recommendations before the end of my term.  Importantly though, I believe that the next Administration and the next Congress can benefit from the Commission’s insights and should use the Commission’s recommendations as a guide.  I have asked the Commission to brief the President-Elect’s Transition Team at their earliest opportunity.  Further, we must provide sufficient resources to meet the critical cybersecurity challenges called out in the Commission’s report.  Before Congress adjourns for the year, it must act to fully fund the urgent cybersecurity needs that my Administration has identified in my 2017 Budget and elsewhere, investing in areas such as securing Federal information technology systems, protecting critical infrastructure, and investing in our cybersecurity workforce.

As the Commission’s report counsels, we have the opportunity to change the balance further in our favor in cyberspace – but only if we take additional bold action to do so.  My Administration has made considerable progress in this regard over the last eight years.  Now it is time for the next Administration to take up this charge and ensure that cyberspace can continue to be the driver for prosperity, innovation, and change – both in the United States and around the world.