Cyber Week in Review: July 29, 2016

Here is a quick round-up of this week’s technology headlines and related stories you may have missed:

1. Wikileaks publishes DNC emails, surrealism ensues. All eyes were on Russia this week as the political and national security worlds tried to make sense of the allegation that Russian intelligence services had hacked the Democratic National Committee (DNC) and then provided a trove of emails to Wikileaks, which then published them to damage the Clinton campaign. According to the New York Times, the U.S. intelligence committee has "high confidence" that Russia was behind the hack but is unsure whether Russian intelligence passed the emails along to Wikileaks. Thomas Rid over at Vice lays out the case for Russian state-sponsorship, pointing out that some of the command and control infrastructure the attackers used are the same as that used in the cyber incident against the Bundestag, which German intelligence attributed to Russia. Not everyone, however, is convinced. A number of commentators have suggested that the U.S. should respond forcefully if it eventually emerges that Russia deliberately tried to influence the election. Determining Russia’s intent is a challenging task and will be critical to shaping a U.S. response.

2. If there’s something strange in your computer network, who you gonna call? In a strange coincidence given the DNC hack, the White House issued a Presidential Policy Directive clarifying the responsibilities of various U.S. departments and agencies when responding to cyber incidents. In essence, the Federal Bureau of Investigation is tasked with investigating a cyber incident and the Department of Homeland Security (DHS) is responsible for provided mitigation measures to remedy and recover from a breach. The White House also published a “cyber incident severity schema” which ranks the potential impact of cyber incidents, ranging on a color-coded scale of 1 (unlikely to have an impact) to 5 (poses an imminent threat). CFR Senior Fellow Rob Knake assesses the directive and shoots back at critics who have argued that the schema is a repeat of the heavily criticised color-coded terrorism threat chart DHS managed during the George W. Bush administration.

3. EU privacy regulators: lets see how Privacy Shield works before we challenge it. The new EU-U.S. Privacy Shield will remain legally unchallenged for its first year, according to EU privacy regulators. Isabelle Falque-Perrotin, head of the French data protection office--who last week issued a formal notice against Microsoft’s data collection procedures--told Reuters that she still wanted evidence that the United States would "not conduct mass and indiscriminate surveillance" before challenging it. Next year, data protection agencies argue they will have sufficient evidence to determine whether a challenge is necessary. Privacy Shield will go into effect on August 1, 2016.