from Net Politics and Digital and Cyberspace Policy Program

Cyber Week in Review: February 19, 2016

CFR Cyber Net Politics

February 19, 2016

CFR Cyber Net Politics
Blog Post
Blog posts represent the views of CFR fellows and staff and not those of CFR, which takes no institutional positions.

Here is a quick round-up of this week’s technology headlines and related stories you may have missed:

1. Clash between Apple and FBI over access to San Bernardino iPhone. A federal magistrate in California ordered Apple to build a new software that, once installed on one of the perpetrators of the San Bernardino attack’s iPhone 5C, will allow the FBI to unlock the phone and access the data on it. The FBI argues that access to the phone is essential to learn who the assailants were communicating with. Although the FBI intends for the new software to only be installed on the one iPhone, Apple is unwilling comply because, “once created, the technique could be used over and over again, on any number of devices.” In making its case to the federal court, the Department of Justice relied on the All Writs Act of 1789, which has previously been used to compel telephone companies to install wiretaps and call records. Apple will appeal the order on the grounds that it is “unreasonably burdensome.” For its part, the Department of Justice filed a brief today requesting the court compel Apple to build the software now, arguing that Apple is delaying for “its concern for its business model and public brand marketing strategy,” not legal reasons. If you want to get into the weeds of the issue—and we suggest you do—Net Politics has a useful guide to the reactions from the tech community to the 2016 campaign.

2. The United States laid the groundwork for a complex cyberattack against Iran. The New York Times reports that the Obama administration developed an elaborate cyberattack plan on Iran, code-named Nitro Zeus, in the event that the diplomatic effort to limit its nuclear program failed. The plan, which targeted Iran’s air defenses, communication systems and essential parts of its power grid, involved thousands of U.S. military and intelligence officials and the placement of electronic implants in Iranian computer networks to disable them. The creation of a contingency plan is not unusual for the U.S. military and the Obama administration, in a policy directive, required the U.S. government to identify areas where offensive cyber activity could promote U.S. interests. It’s unclear why the contingency plan is surfacing now. Martin Libicki at RAND thinks that someone in the S. government may be trying to show off. Peter Signer at New America thinks that, among other things, the United States may be signaling what’s in store should Iran backslide on the deal reached in June 2015.

3. Los Angeles hospital pays ransom to regain access to its hacked computer system. Hollywood Presbyterian Medical Center paid a ransom of $17,000 to regain access to its compromised computers. The hospital was hit by a particularly nasty kind of malware known as ransomware, which encrypts data on infected systems and can only be decrypted if the victim pays a ransom. Although patient care was not affected by the compromise, the hospital had to revert to paper registration and medical records, which slowed work at the hospital for over a week. The hackers demanded to be paid in bitcoin.

4. New appointments to government panels. President Obama named Tom Donilon, former national security advisor and Council on Foreign Relations fellow, to lead the federal Commission on Enhancing National Cybersecurity created last week as part of the president’s Cybersecurity National Action Plan. Donilon will work alongside former IBM CEO and CFR Internet task force Co-Chair Sam Palmisano, who will take on the role of chief executive of the commission. Separately, the Privacy and Civil Liberties Oversight Board (PCLOB) announced Columbia University professor Steve Bellovin will be its newest member and the board’s first technologist. Many in the tech community praised the announcement given that someone on the board will now have the technical knowledge required to oversee complex NSA programs.