Cyber Project

Three questions for four participants of the Richard C. Holbrooke Forum’s “Digital Diplomacy Project: Power, Innovation and Order in a Networked World,” which was held in Tallinn, Estonia, from November 5-7, 2017.

According to U.S. cybersecurity company Symantec, a hacking campaign dubbed Dragonfly 2.0 successfully infiltrated U.S. power plants over the past two years. The latest spate of incidents has been particularly alarming because the hackers appear to have accessed control systems at a handful of U.S. facilities. Symantec’s report speculates about the hack’s “potential for sabotage” and “disruptive purposes,” but doesn’t identify the hackers’ origins, saying only that they are “clearly an accomplished attack group.” Other researchers believe the culprits are linked to the Russian government, dovetailing with Ukraine’s allegations that Moscow was behind hacks against its power grids in 2015 and again in 2016.

In today's podcast, we hear that BadRabbit, still quiet, looks like a TeleBots product. Reaper is still locked and loaded, but is also still quiet. Maritime SATCOM system found to be buggy, and the worse news is that it's beyond its end-of-life. A look back at the annual ICS Cybersecurity Summit that wrapped yesterday in Atlanta. Moscow tells Twitter buying ads is a free speech issue. Justin Harvey from Accenture on monitoring cloud infrastructure. Guest is Michael Sulmeyer, Director of the Cyber Security Project at the Harvard Kennedy School’s Belfer Center for Science and International Affairs. Anonymous is back and poking at the Spanish government.

This paper presents a new dataset of more than 2,600 vulnerabilities, and estimates vulnerability rediscovery across different vendors and software types. It is an update to the original publication, from July 2017. 

Scholars have considered many analogies for cyber capabilities, grappling with how these capabilities may shape the future of conflict. One recurring theme in this literature is the comparison of cyber capabilities to powerful, strategic capabilities with the potential to cause significant death and destruction.

In March 2017, CIGI and the Belfer Center for Science and International Affairs at the Harvard Kennedy School brought together 28 academics, diplomats and other specialists for a one-day workshop in Cambridge, Massachusetts, to discuss and search for effective approaches to these and other international cyber security challenges. These essays provide a report on that workshop and the ideas that emerged.

Elevating Cyber Command is only one step on the road to turning it into something else: an institution less intertwined with the intelligence community and better integrated with the other elements of the military.

In the modern era, there is great convergence in the technologies used by friendly nations and by hostile ones. Signals intelligence agencies find themselves penetrating the technologies that they also at times must protect. To ease this tension, the United States and its partners have relied on an approach sometimes called Nobody But Us, or NOBUS: target communications mechanisms using unique methods accessible only to the United States. This paper examines how the NOBUS approach works, its limits, and the challenging matter of what comes next.

Section 702 of the Foreign Intelligence Surveillance Act (FISA) Amendments Act of 2008, a powerful surveillance tool that allows U.S. government agencies to spy on foreign persons to collect counter-terrorism intelligence, will expire on December 31, 2017 without Congressional reauthorization. This paper has two goals: to concisely describe how agencies obtain information under Section 702, and to provide guidance to legislators and their staffers by examining the core issues they will confront as they consider reauthorizing this legislation.