from Net Politics and Digital and Cyberspace Policy Program

Cyber Week in Review: February 16, 2018

A Maersk ship in China in 2016 Aly Song/Reuters

This week: accusing Russia over NotPetya, cyber threats to the United States, gTLDs, and more on the Equifax breach. 

February 16, 2018

A Maersk ship in China in 2016 Aly Song/Reuters
Blog Post
Blog posts represent the views of CFR fellows and staff and not those of CFR, which takes no institutional positions.

Here is a quick round-up of this week’s technology headlines and related stories you may have missed:

1. J'accuse! The United States, United Kingdom, Australia, New Zealand, Canada, and Denmark publicly accused Russia of carrying out last year's NotPetya operation. In June 2017, Russia deployed NotPetya, which encrypted data and rendered it useless on infected machines in Ukraine. The malware spread to approximately 200,000 computers around the world due to a vulnerability in Microsoft software made public through a leak of U.S. National Security Agency tools. Particularly hard hit was Danish shipping giant Maersk, which spent roughly $300 million to recover from the incident. The White House called NotPetya “the most destructive and costly cyberattack in history.” Though the U.S. statement said it would be "met with international consequences," the statements from the other governments did not. Over the course of the last year, the United States signaled that it would work with allies to call out countries that don't follow internationally-agreed cyber norms and impose costs on them. This latest action demonstrates that the United States is following through on its strategy, though it remains to be seen what costs Washington and its allies will impose on Moscow.

More on:

Cybersecurity

Russia

Digital Policy

Privacy

Influence Campaigns and Disinformation

2. We're number one! In its annual worldwide threat briefing, the U.S. intelligence community once again named cyber threats as the biggest national security challenge facing the United States. Intelligence chiefs predicted that Russia will continue its efforts to “exacerbate social and political fissures” and diminish trust in democratic processes within the United States and European Union. CIA director Mike Pompeo suggested that the United States was retaliating to Russian efforts to influence U.S. elections, though in ways that would act as signals to Russia but might be unknown to the broader public. The U.S. threat assessment also specified a concern with China purchasing technology start-ups that would help it pursue its ambitious artificial intelligence strategy. Every assessment since 2013 has identified cyber attacks as the number one threat to the United States.

3. No need to work overtime. The Internet Corporation for Assigned Names and Numbers (ICANN), which manages the global domain name system, including top level domains like .com and .org, decided .home, .mail, and .corp will not be used on the internet. ICANN decided against making these domains available as part of their generic top level domain program because they are often used to manage private networks. Using .home, .mail, or .corp on a private network and the global internet could have created domain collisions, as computers looking to reach a .home domain would not know whether to connect to a computer on a private network or the internet. Havoc and confusion would have ensued. System administrators everywhere are breathing a sigh of relief. 

4. Remember Equifax? Yeah? Well it's worse than you thought. Equifax disclosed to the U.S. Senate Banking Committee that the network compromise it announced last year was worse than previously thought. In September 2017, Equifax disclosed that the names, addresses, and social security numbers of over 145 million U.S. customers could have been compromised. This week, the company said that tax identification numbers, email addresses, phone, and credit card expiration numbers could also have been compromised. Equifax became a poster child for how not to manage and disclose a cybersecurity compromise, and has become a data point for those in favor of stronger data protection laws in the United States. In a recent CFR brief, Nuala O'Connor of the Center of Democracy and Technology argues that the only way to prevent the next Equifax is to create the right incentives for companies to protect consumer data through comprehensive data protection legislation.

More on:

Cybersecurity

Russia

Digital Policy

Privacy

Influence Campaigns and Disinformation

Up
Creative Commons
Creative Commons: Some rights reserved.
Close
This work is licensed under Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0) License.
View License Detail
Close