Skip to content Skip to navigation

Friday Cyber News, September 21 2018

Cyber technology-related news and links from around the web, for the week of 9/15 - 9/21:

1. The White House released its new National Cyber Strategy, and while it doesn't explicitly start out "be! Aggressive! B-E aggressive!" it does introduce the nomenclature of "defending forward", to replace "active defense," and it has national security advisor John Bolton's fingerprints all over it, particularly singling out Russia and China as adversaries, highlighting the removal of PPD-20, and describing halting malicious cyber activity at its source, via a "lethal force" that can operate against activity that falls below the level of armed conflict. Good thing we got rid of our only national cyber diplomat, because it looks like diplomacy is taking a backseat here! One trickle-down effect of the new strategy is the prediction that increased Pentagon spending on electronic warfare equipment will lead to supply-chain consolidation among cybersecurity vendors. [Whitehouse.gov; War on the Rocks; Cyberscoop; CNN; Fifth Domain]

2. The EU parliament approved amendments to their Copyright Directive this week that aim to ensure journalists and artists are paid when their work is aggregated on platforms like Google and Facebook, while protecting smaller platforms with less ability to pay or monitor content, but every platform potentially affected is worrying about the details, as the Directive is implemented by individual nations, of finding a way for aggregators to pay publishers for an essentially promotional function (e.g., search result presentation) that the publishers have been generally happily accepting in its current form. [EU Business; Stratechery]

3. Three times as many malware samples attacking IoT devices were detected in the first half of 2018 than in the entirety of 2017, showing increased interest in the vulnerabilities of smart things. California's SB 327, currently on the Governor's desk, would require that IoT devices sold in the state come with unique pre-programmed passwords--no more 'admin/motorola'--a small step, but a welcome one. [Securelist; Statescoop] 

4. The NY Times has a deep dive this week into Russian interference in the 2016 election, which pairs well with their light piece on Facebook's elections 'war room'. "The best outcome for us is that nothing happens in the war room," says Facebook's lead of elections and civic engagement, putting a light gloss on Kubrick's line. [NY Times x2]

5. ...Facebook's measures have been enjoying some success, though; Cyber Initiative researcher Matthew Gentzkow and colleagues have published preliminary results this week showing that efforts to limit the spread of misinformation are working. Facebook user interactions with content from sites flagged as producers of false stories fell 65 percent over the same 18-month period in which engagement with the same stories on Twitter rose. [Stanford SIEPR]

6.​ ...And because it wouldn't be this newsletter if we reported on only positive Facebook news, the ACLU has filed a complaint with the EEOC accusing Facebook of allowing gender-based discrimination in the visibility settings for job ads. [The Hill]

7. The Center for Election Innovation and Research found that, of 26 states surveyed this summer, most have improved their cybersecurity training and audit procedures, but are lagging at implementing multifactor authentication and password requirements. Georgia, the largest of five states using exclusively paperless voting machines, was chided for the security risk of not producing an auditable paper trail, but was not required to change the machines it plans to use in November. [The Hill; Cyberscoop]

8. Bitcoin Core patched a major vulnerability this week that would have allowed a malicious miner to send a fake block containing a double-spend transaction that would crash any node that received it, pushing them offline temporarily and disrupting the network. [Motherboard]

9. In conjunction with the upcoming sentencing of an NSA TAO employee who removed classified information and tools over a period of five years, ostensibly to help prepare for a performance review, Admiral Rogers has released a letter explaining the effect of the disclosure of these tools--not necessarily the Shadowbrokers material, but not *not* the Shadowbrokers material--and of signals intelligence more generally. [Politico]

10. This newsletter joins the Middlebury Institute in mourning the passing of Dr. Ray Zilinskas, a leader in chemical and biological weapons policy research, a deeply thoughtful security scholar, and someone who I am saddened to know will not see the resolution of the Skripal case with the rest of us, as he would have had uniquely valuable insight therein. [Middlebury]

Thanks for reading,

Allison
Stanford Cyber Initiative
fsi.stanford.edu/cyber

(To suggest an item for this list, please email aberke@stanford.edu. You can view news from past weeks, subscribe, and unsubscribe at https://tinyletter.com/CyberNewsBytes)