Cyber Week in Review: June 17, 2016

Here is a quick round-up of this week’s technology headlines and related stories you may have missed:

1. Russian government hacked the DNC. The Democratic National Committee (DNC) confirmed last Tuesday that its computer network had been compromised by hackers who stole troves of research on presumptive Republican presidential nominee Donald Trump. Cybersecurity firm Crowdstrike identified the attackers as two hacking groups sponsored by the Russian government. According to their report, one group infiltrated the network last summer and had been monitoring DNC emails and online chats ever since.  Russian officials denied the accusations, however. Subsequently, an individual going by the moniker "Guccifer 2.0," after a Romanian hacker on trial in the United States, claimed credit for the hacks and released documents purportedly stolen from the DNC on a WordPress site and to Gawker. Security researchers were quick to point out holes in Guccifer 2.0’s claims, however, and suggested that it was simply an attempted false flag operation by the Russian government. Meanwhile, the Trump campaign claimed Wednesday that the DNC hacked itself to distract the public from its "deeply flawed candidate."

2. United States and China hold second cyber dialogue. Chinese and U.S. officials met Tuesday to further discuss bilateral action against cyber threats,  taking additional steps toward implementing the cybersecurity agreements brokered between Chinese President Xi Jinping and President Obama last September. While the U.S. attorney general and secretary of homeland security had to withdraw from the meetings to deal with the Orlando shooting, the meeting went ahead as planned with their deputies representing the Department of Justice and Department of Homeland Security. The meeting, the second U.S.-China Cybercrime and Related Issues High Level Joint Dialogue, yielded agreements on holding further joint tabletop exercises on cyber incidents, consensus on a hotline mechanism to be tested later this year, and promises to share more information related to investigation of online crime and cyberattacks. Progress is mixed. On the positive side, Chinese media reported this week that the two countries had worked together over the last several months to take down botnet command and control servers and catch individuals suspected of sharing child pornography online. But half a year after the working group first met, the U.S. government has only set up temporary email accounts for information sharing, and a report from a Dutch cybersecurity firm released this week claims to have identified a new advanced persistent threat group sponsored by the Chinese government.

3. NATO recognizes cyberspace as a domain of warfare. The North Atlantic Treaty Organization (NATO) announced this week that it officially recognizes cyberspace as a domain of warfare, on par with land, air, and sea. Despite reporting to the contrary, it wasn’t the first time NATO staked out a position on cyberspace: its cyber defense strategy update of 2014 stated that the alliance would respond to serious cyberattacks on its members. Explaining the shift, NATO Secretary General Jens Stoltenberg said that "developing capabilities to more quickly attribute responsibility for cyber intrusions and cyber attacks is a priority for the alliance." Stoltenberg clarified that it would take a "severe" attack to trigger Article 5 of the North Atlantic Treaty, which lays out the conditions in which alliance members would have to come to each other’s aid. The decision raises questions about whether NATO—a  defensive alliance—should develop offensive cyber weapons, although NATO officials made it clear that they had no plans to develop an offensive strategy for cyberspace.

4. U.S. government to defend Facebook data transfers. The United States government sought this week to file an amicus curiae brief in the court case between Facebook and privacy activist Max Schrems that’s being decided by the Irish High Court. Schrems has argued that Facebook’s transfer of EU users’ data to the United States under a legal justification known as "model clauses" are illegal following the decision last year of the European Court of Justice to invalidate the Safe Harbor framework governing transatlantic data transfers. The court delayed its decision in the case by two weeks to give the U.S. government time to make its arguments. Schrems called the U.S. government’s action "an unusual move." The government is not alone, however: a number of industry groups whose members also rely on model clauses to transfer data have petitioned to file amicus briefs, as well as a number of online privacy NGOs.