NSA Forms Cybersecurity Directorate: The National Security Agency (NSA) announced it is creating a cybersecurity directorate that will unify the NSA’s foreign intelligence and cyber defense missions in defense of national security networks and the defense industrial base. The directorate is intended to enhance the NSA’s cyber portfolio by more actively using signals intelligence and sharing insights about specific cyber threats with the private sector and will work closely with the FBI, DHS, and Cyber Command. The directorate, which is expected to be up and running by October 1 and will be lead Anne Neuberger, is part of a multi-year effort to fuse offensive and defensive capabilities.
Microsoft Customers Targeted in State-Sponsored Cyber Attacks: Microsoft published a statement saying the company notified nearly 10,000 customers targeted or compromised by nation-state actors in 2018. Of the 10,000 total incidents, 781 targeted political campaigns, parties, and democracy-focused NGOs. U.S.-based systems comprised ninety-five percent of these attacks, of which eighty-four percent were enterprise accounts and sixteen percent individuals. While Microsoft did not disclose the number of successful attacks, the company said most attacks originated in Iran, North Korea, and Russia. For a list of the known state-backed cyber operations, check out the Digital and Cyberspace Policy Program's Cyber Operations Tracker.
Justice Department Opens Antitrust Review of Big Tech Companies: The Justice Department is opening a broad antitrust review of “market-leading online platforms” such as Amazon, Facebook, and Google to assess potentially anti-competitive business practices that create or maintain structural impediments to greater competition and user benefit. This inquiry, separate from investigations from the FTC’s task force on big tech and the Justice Department’s probe of anti-competitive Google search results, heightens the already-tense regulatory pressures U.S. tech companies are facing in both the United States and Europe.
Taiwan Conducting Cybersecurity Drills: Taiwan is conducting cybersecurity drills to test the security of government offices and increase cybersecurity awareness. These drills are in response to a massive cyber breach of government servers last month in which hackers doxed over 243,000 civil servants and published their names, national identification numbers, and employers. The drills included simulated attempts to gain access to confidential data, phishing tests, and a larger-scale exercise meant to uncover vulnerabilities in government networks.
U.S. Attorney General Reignites Debate on Law Enforcement Access to Encrypted Devices: Attorney General William Barr said increased use of encryption is a security risk that is “converting the internet and communications platforms into a law-free zone.” Aligned with the Justice Department’s effort to grant law enforcement agencies backdoor access to encrypted devices, Barr denounced claims from the tech companies that the security risks of lawful access to encrypted devices are too high. Privacy advocates argue that law enforcement can already access a wealth of user data, and that forcing technology companies to break into their own devices would infringe on the cybersecurity of millions of people. In addition, privacy advocates argue that technology companies could not safely give U.S. law enforcement access without the risk that other governments or malicious actors would exploit that access. Barr accepted those risks exist, but posed them against what he sees as larger criminal and national security threats: "with respect to encryption marketed to consumers, the significance of the risk should be assessed based on its practical effect on consumer cybersecurity, as well as its relation to the net risks that offering the product poses for society. "