Malicious cyber activity has dramatically increased over the last few weeks as bad actors rush to exploit the COVID-19 crisis. Criminal groups have wasted no time, publishing fake websites and apps riddled with ransomware to steal personal information from individuals seeking updates on the pandemic. U.S. decision-makers, rightfully prioritizing the global health emergency, may get the urge to treat this spike in cyberattacks as run-of-the-mill activity surrounding a crisis. Inconvenient, but an unavoidable side-effect of operating in a 21st century ecosystem. However, now is not the time for cyber amnesia.
Last week, the security community was in a flurry around the disclosure of a severe vulnerability (known as CVE-2020-0601) in Microsoft’s Windows operating system. Notably, it was because the National Security Agency (NSA) tipped off Microsoft, helping the tech giant patch the flaw instead of exploiting it for national security missions. NSA was praised for its cultural shift from offense to defense, however, in my opinion, not all that glitters is gold.
The Olympic Games remain one of the most-watched events in the world, with billions tuning in across digital platforms and traditional broadcasting channels. Its high-profile nature makes it a target for malicious activity, but with the games’ increased digitization and with nation-state propaganda motives at play, cyberattacks are on the rise. As we approach the 2020 Tokyo Summer Games, it is essential to understand the risks and likely actors that will attempt to jeopardize the security and integrity of the upcoming Olympics.
The establishment of the Space Information Sharing and Analysis Center (ISAC) was announced earlier this year with the mission to enhance the space community’s ability to prepare for and respond to cyber vulnerabilities, incidents, and threats. Although the Space ISAC won’t be fully up and running until early 2020, the industry group is already pursuing a hefty agenda item: lobby the federal government to designate commercial space systems as critical infrastructure (CI). While a partnership with federal agencies provides undeniable value, I do not believe the establishment of a new CI sector will result in the prioritized government action that industry is seeking.
The conduct of U.S. military cyber operations has significantly shifted—particularly in the last year. The Department of Defense’s newest cyber strategy, issued in September 2018, emphasizes a “persistent engagement” approach that moves the Department from a reactive state into a more proactive, assertive stance against national security threats in the
Humans are more connected now than ever before. However, half the global population is behind on the digital revolution and there is great regional disparity in the availability of affordable Internet. While reports show a growth rate of one million new users a day from 2018-2019, approximately 3 billion people are still not connected. SpaceX, Softbank, Amazon, Google, Virgin, and Facebook are competing to close the gap and are racing to provide worldwide Internet infrastructure to rural and low-income areas. Harvard Business Review anticipates that within the next 3-5 years, “most of the planet will have some access to reliable, if somewhat expensive, broadband.”
A recent RAND report looks at the role of information warfare and how targeted social media campaigns and similar approaches are deployed to cause damage to a state. RAND has coined the term “hostile social manipulation” to capture this phenomenon, which builds on familiar influence techniques including propaganda and disinformation. Hostile social manipulation is used to gain a competitive advantage by manipulating the political, social, and economic conditions in target countries through information channels. It targets beliefs and attitudes, not physical assets or military forces, allowing the activity to operate in a gray space that exists below the threshold of war.
The space domain is transforming into an increasingly contested and congested environment. The President has referred to it as a critical warfighting domain and in response, the Department of Defense has recently established U.S. Space Command as a unified combatant command to employ space capabilities and lead space operations. In the private sector, we have seen investments in commercial space grow exponentially as advances in technology have sparked a renewed global interest in the final frontier. In the last decade alone an estimated 500 venture capital firms have invested in space, with approximately 20% making their first investments in 2018. A recent report by Morgan Stanley also cites, “the revenue generated by the global space industry may increase to more than $1 trillion by 2040.”
Lt.-Gen Vincent Stewart, former deputy chief of U.S. Cyber Command and director of the Pentagon’s Defense Intelligence Agency, warns that the West continues to underestimate al-Qaeda or ISIS’ cyberattack capabilities. He says that while much of the cyber threat has rightly been focused on Russia, China, North Korea, and Iran,
The 5G Supply Chain Blind Spot: A more concerted effort to assess risk from the services supplied by our adversaries is required
Winning the worldwide “race to 5G” is a top priority for the United States. As the global competition unfolds, we have continued to hear about the technological and economic benefits associated with leadership in the wireless domain. Earlier this year, CTIA, a trade association representing the wireless communications industry, released a report that said, “America’s telecommunications operators plan to invest $275 billion to deploy 5G networks, creating 3 million new jobs and adding $500 billion to our economy.” Even though the benefits are undeniable, the U.S. has not relented on the critical security risks that must also be accounted for prior to large-scale nationwide investments in 5G infrastructure.