Mediaboss Marketing

The United States, along with much of the world, finds itself battling two pandemics: the COVID-19 crisis, of course, but also the cyber pandemic that has also proliferated across the globe.

In the healthcare industry, some hospitals have been hobbled for weeks at a time and at least one patient has died because of the scourge of ransomware.

The cyberattacks have become so frequent and commonplace that it's worth asking whether ransomware, like many suspect is already happening with SARS-CoV-2, is already moving from pandemic to endemic status.

"Ransomware, I think, has become the greatest challenge for most organizations," said retired Admiral Michael Rogers, former director of the National Security Agency and the former commander of U.S. Cyber Command in a recent interview with Healthcare IT News.

"Healthcare [is] an incredibly attractive target in the middle of a pandemic," said Rogers, who will be speaking next month at HIMSS21 in Las Vegas. "And criminals are aware. That's one reason why you've seen a massive uptick, particularly focused on healthcare in the past 18 months from a ransomware activity perspective."

Indeed, since the early days of the pandemic not counting the vanishingly small window when the prospect of a hacker "ceasefire" was dangled the bad guys have been hard at work, targeting the World Health Organization and COVID-19 testing sites, academic research facilities and vaccine distribution supply chains.

Their targets have also included hospitals and health systems of all shapes and sizes. Meanwhile, the size of the ransom demands is climbing skyward.

"It's gotten worse," said Rogers, who served under Presidents Barack Obama and Donald Trump. Rogers served at NSA and U.S. Cyber Command concurrently for four years before retiring in 2018.

"For a couple of reasons. Number one, the criminal segment has become much more aggressive," he said. "Why? There's a lot of money. There's a lot of money for criminal groups to be made. I may not want to pay the ransom, but I can't afford interruption or degradation of my services or operating ability to help in the middle of a pandemic. I've got to keep going."

Number two? "In the last three years since I left, nation states' risk calculus has become even more aggressive. They are willing to take even greater risks."

That's not just with ransomware. Recent headlines have shown just how far foreign cyber crooks have been willing and able to intrude upon U.S.-based information networks not just the DNC and the RNC, or Sony, but a wide array of federal agencies and private companies large and small.

Rogers points specifically to the SolarWinds and Microsoft Exchange server exploits, which stunned even seasoned cybersecurity professionals in their sheer size, scope and brazenness.

Meanwhile, ransomware seizures such as the Colonial Pipeline hack have helped bring the threat into sharp focus.

Finally, the president and Congress are paying attention, and federal security agencies seem willing to give as good as they get.

"On the positive side, there is clearly a sense that we are not where we need to be,and that it's going in the wrong direction," said Rogers.

But he says he is frustrated that the cybersecurity problems are not only persisting, but worsening.

A big reason for that is the current state of incident prevention and response especially when it comes to interrelation of the public and private sectors "has failed to deliver for over a decade," said Rogers. "I only speak for myself. But my frustration is: Why do we keep doing the same things and expect a different result?"

Sure, there are valuable organizations such as H-ISAC, the Health Information Sharing and Analysis Center, which specializes in "crowdsourced" cybersecurity, sharing threat intelligence and other best practices for protection and risk mitigation. And yes, the CISA, FBI, HHS and other agencies are good about getting out alerts and warnings to the healthcare stakeholders that need to hear them.

But too often, "the government will do its thing, the private sector will do its thing," said Rogers. "As we see things we think might be of interest to the other, as we have the time, and as we have the inclination, we'll share those insights.

"Everyone is so busy, quite frankly. Most organizations don't have time to think about it. They are just trying to defend their own systems, their own intellectual property, their own data."

To truly measure up against the scope of the cyber threatto healthcare and all industries, "I just think we've got to have a different model," he said.

"It's not about collaboration," Rogers explained. "To me, it's about integration. We've got the government and the private sector. We've got to team together 24 hours a day, seven days a week."

He acknowledged, "You can't do this at scale across every business within the private sector. But can't we start with a few sectors where the risks to our economy, to the safety and wellbeing of our citizens, to the security of our nation?Let's pick a few areas,and do some test cases, and see if a different model might produce a different result."

There are some "great examples out there where we have applied a government and private-sector model and achieved some amazing results," said Rogers.

For instance,he said, "We decided as a society that the potential loss of literally hundreds of people in an aviation accident represented such a risk that we needed to do something different," he said.

"So we created mechanisms: Every time there is an aviation accident, the federal government steps in. It partners with the airplane manufacturer, the airline that operated the aircraft, the union, et cetera. It pores over all the maintenance records. It pores over the production history of the aircraft. It looks at all the software and the hardware. It looks at how it was operated. It determines the cause of the crash.

"And then it goes a step further," he added. "It mandates that we're going to change maintenance. Sometimes we're going to change production. We're going to change the way we do software, we're going to change how the aircraft is operating.

"The net impact is we are flying more aircraftwith more people than we ever have, and yet aviation safety has actually been very strong. While we have aviation accidents, they tend not to be recurring patterns, the same cause over and over."

Compare that with cybersecurity, where we've been seeing the same techniques used by the bad guys "working over and over and over," he said.

"We have got to get to a point where the pain of one leads to the benefit of the many," said Rogers. "And yet what is happening now? The pain of the one is not shared. We don't learn from it. And so it is repeated over and over and over again. We have got to change that dynamic."

Admiral Michael S. Rogers will offer more insights at HIMSS21 as a participant in the keynote panel discussion, Healthcare Cybersecurity Resilience in the Face of Adversity. Its scheduled for Tuesday, August 10 from 8:30-9:30 a.m. in Venetian, Palazzo Ballroom.

Twitter:@MikeMiliardHITNEmail the writer:mike.miliard@himssmedia.comHealthcare IT News is a HIMSS publication.

See original here:
Former NSA director: U.S. needs a new approach to ransomware response - Healthcare IT News

By Taylor Barnes. Originally published on July 10, 2021. Republished with permission from The Intercept, an award-winning nonprofit news organization dedicated to holding the powerful accountable through fearless, adversarial journalism. Sign up for The Intercepts Newsletter.

In the latest phase of her record sentence for whistleblowing, former National Security Agency linguist Reality Winner is a short drive to the blazing hot summertime beaches on Texass Gulf coast. But she cant get near them. She cant even go into the yard of a neighbor who invited her to aid in his beekeeping project.

Convicted under the Espionage Act for having shared a classified document on threats to election security with the media, Winner has been released to home confinement but wears an unwieldy ankle bracelet. It beeps even if she strays too far within her familys yard.

Not wanting her to miss out, a high school friend showed up on a recent day with a kiddie swimming pool and some sand. Mom, Im going to the beach today, Winner said, her mother Billie Winner-Davis recalled. The pair filled the kids toy and Winner waded in.

Winners family and friends are thrilled to have her home after four years behind bars a stint that took miserable turns as her release date neared. Shecontracted COVID-19as part of a mass infection in her prison, filed asexual assault complaintagainst a guard, and wentthirsty and cold when her facility lost heat and water in February during Texass deadly winter storm.

Despite their elation that she is out of prison, though, Winners family and friends say she is far from free. Every day is still marked by intrusions, like the app carceral authorities require her to put on her phone to monitor her and needing prior approval to go to Walmart with her mother for errands. Winner is projected to be transferred from home confinement to supervised release in November.

Thats why they are continuing theiryear-and-a-half-long campaignfor a presidentialpardon or clemency, saying the whistleblower is being gagged from telling her own story.

I really want the public to know that theyre not seeing Reality Winner, theyre not hearing from Reality Winner, because she is under some serious restrictions, Winner-Davis said.

Winner-Davis added that Reality, who is under a gag order, is also banned from using social media, a condition her attorney, Alison Grinter, said is normal and up to the discretion of halfway house authorities.

Grinter,speakingrecently on Democracy Now, said a pardon for Winner is both something she and her country deserve.

Reality released a document that gave us information that we needed to know at a time that we absolutely needed to know it, Grinter said. And she was in prison not because the information was a danger or put anyone in danger. She was in prison to salve the insecurities of one man who was concerned about the validity of his election win.

*

Winner is currentlyserving thelongestprison sentence of its kind under the Espionage Act, a World War I-era law used in recent years to send journalists sources to prison, even as comparable defendants have simply gotten probation for charges of mishandling classified information.

The government itself acknowledges that Winners intent was to send the document she leaked to journalists and therefore warn the American public, rather than use it for personal gain. The NSA report detailed phishing attacks by Russian military intelligence against local U.S. election officials and was published in a June 2017articleby The Intercept. (The Press Freedom Defense Fund which is part of The Intercepts parent company, First Look Institute supportedWinners legal defense.)

Released from a Fort Worth, Texas, federal prison one day shy of the four-year anniversary of her June 3 arrest, Winners path to her parents remote southern Texas home was a bumpy one. The journey began with a 23-day quarantine with five other women in a hospital patient-sized room. After that, her family picked her up for a long drive down through Texas in which they had a matter of hours to deliver her to a halfway house, where she stayed for a week before being released toher rural childhood home. There, paper labels with Arabic vocabulary words are still taped to household items early remnants from the series of events that would lead her to prison when, as a teenager eager to learn foreign languages, she signed up for the military.

Taking advantage of the window of time they had with her as they drove her to the halfway house, her family and close friends planned a series of surprises. Winner met her infant niece, whom the whistleblower had only seen on video chats and Shutterfly-printed postcards, due to visitation bans at prisonamid the pandemic.

While sitting in her parents car and sorting through her belongings, she saw the blond hair of her sister, Brittany Winner, in the distance in a park and tried to jump out of the moving vehicle. She dropped everything on her lap and just ran, her mother said. She ran to Brittany and the baby.

Her sister said the whistleblower was trembling, still unnerved by a guard who had told her that morning that she would not be released. Just the look in her eyes, she almost looked, like, dead, so traumatized and not really believing that everything was happening, Brittany Winner said. And, at some point, I was talking to her, she just reached up in the middle of my sentence to touch my face, and she said, Youre real, right?

At the southernmost point in their trip toward home, two other loved ones were waiting for her: Wendy Collins, a family friend from Philadelphia who spearheads a social media campaign calling for her pardon, and Collinss partner.

They ate at a Thai restaurant as they counted down the minutes to her report time to the halfway house. Collins hugged the whistleblower for the first time since their friendship and Collinss tireless advocacy began.

Collins said, I flew for the hug.

*

At her familysquiet home, Winner schedules her days in an orderly way, similar to her life before the arrest time slots for online yoga courses, cycling exercise routines, and a new part-time job as a researcher for a documentary filmmaker. She relishes spending time with her family dog, Domino, and cat, Fiona, since Winner lost ownership of her own pets, a dog named Mickey and cat named Mina, in the chaos after her arrest. In her down time, she sorts through books supporters have sent her and boxes of belongings from her Augusta, Georgia, home, which was raided by a fleet of armed federal agents whoseinterrogationof Winner would later be characterized by the government as a voluntary interview one in which she wasnever read her Miranda rights.

When the heat breaks in the evenings, her mother says Reality prefers to not watch TV, opting instead to breathe in fresh air on the back patio.

Looking toward the future, when she can speak publicly and take more control over her life, her sister said she expects the whistleblower to advocate for incarcerated people. Shes seen people from all walks of life just be completely taken advantage of by the system, especially people of color, Brittany Winner said. And that is something that she just cant tune out. She cant just live her quiet life.

When shes free to go to the water the Gulf of Mexico, not the kiddie pool out back the whistleblower hopes to go the Texas shoreline to plant mangroves, something Winner, long an environmental advocate, told her sister she wants to do in order to heal coastal ecosystems.

Grateful for even this incomplete freedom, the sisters send each other a near-constant flurry of updates. Not a day goes by when she and her sister dont exchange50 or more text messages and phone calls, including baby photos and videos of Reality practicing yoga with her ankle bracelet in her parents garage. I feel lucky to have my sister back, Brittany Winner said. And one of the things that I was scared of was that she was going to be changed you know, like damaged, like she wasnt going to be the same person because of four years in prison.

How can that not mess you up? But despite the trauma, I feel like shes the same,she said. At least with me. Shes the same person.

By Taylor Barnes. Originally published on July 10, 2021. Republished with permission from The Intercept, an award-winning nonprofit news organization dedicated to holding the powerful accountable through fearless, adversarial journalism. Sign up for The Intercepts Newsletter.

More here:
Home, But Not Free: NSA Whistleblower Reality Winner Adjusts to Her Release From Prison - The Texas Observer

During a June 28 show, Fox Newss Tucker Carlson told his viewers that a whistleblower within the U.S. government had warned him that the National Security Agency (NSA) was monitoring his electronic communications and was planning to leak them in an attempt to take his show off the air. This week, a group of House Republicans led by Rep. Louie Gohmert sent a letter to the NSA demanding more information.

Carlsons accusation prompted the NSA to make a rare public statement denying that Carlson had been personally targetedbut the statement didnt deny that any of Carlsons communications had been collected by the agency.

Axios later reported that Carlson was communicating with Kremlin intermediaries in the United States about setting up an interview with Vladimir Putin, which potentially could have created a scenario in which the NSA incidentally collected Carlson's communications.

The NSAs mission is to support national security and foreign policy by protecting classified national security information and collecting information about foreign adversaries' secret communications. It typically carries out its mission through three separate operations: hacking operations, overseas collection, and domestic collection.

The Office of Tailored Access Operations is the cyber-warfare intelligence gathering unit of the NSA that runs its hacking operations. Consisting of more than 1,000 hackers, analysts, and engineers, the TAO infiltrates and gathers data from computer systems of foreign entities.

The TAO has been confirmed to have targeted the systems of the Chinese government, OPEC, and Mexicos Secretariat of Public Securityand has reportedly enjoyed reasonable success, thanks to cooperation from American telecom companies.

The NSA uses various tools and programs to collect data from foreign citizens, leaders, and organizations to carry out its overseas collection operation.

Data is collected from unsecured communications like radio broadcasts, the internet, and telephone calls, and secure communications such as military, diplomatic, or secret government communications. The NSA then uses this information to build a database that helps the agency determine potential national security threats.

To obtain approval to conduct targeted surveillance of foreign entities located outside the United States, the NSA must abide by the Section 702 provision in the FISA Amendment Act of 2008.

Under Section 702, the attorney general and director of national intelligence must submit targeted areas of foreign intelligence to the Foreign Intelligence Surveillance Court (FISC) that the NSA can use Section 702 to collect. They must also submit rules designed to protect any U.S. persons information incidentally acquired during foreign surveillance, known as minimization procedures.

The FISC reviews the certifications and procedures to ensure they comply with both FISA protocols and the Fourth Amendment, then issues a written opinion. If the FISC approves the targeted areas of foreign intelligence and the minimization procedures, the attorney general and DNI can order the intelligence community to begin surveillance.

While the NSA operates under a cloud of secrecy, it appears to have a fairly robust overseas collection operationas they have intercepted the communications of European Union leaders, the United Nations, and German Chancellor Angela Merkel.

Since the NSA is a foreign-directed agency, it is supposed to restrict its surveillance programs to foreign entities, but sometimes, the agency ends up with collection the information of U.S. citizens. There are two ways in which the NSA can end up collecting such information: incidental collection or targeted collection.

Julian Sanchez, a senior fellow at the Cato Institute, explains how the NSA could incidentally collect U.S. citizens information.

Incidental collection is when the NSA is targeting a foreign person, usually outside of the United States, and that person is in contact with a U.S. citizen. And in the process of surveilling the foreign person, the U.S. persons communications get swept up, Sanchez told The Dispatch. If you call or email someone overseas who happens to be on a list of intelligence targets, your communication could get swept up.

Targeted collection of U.S. citizens communications is not a directive of the NSA. To obtain a surveillance warrant against a person inside of the United States, the Department of Justice must present evidence to the FISC that justifies the warrant. If the court approves the warrant, then intelligence agencies may begin surveilling communications of individual in question.

The NSA itself is not supposed to target any person inside of the United States, but on occasion, the FBI or DOJ may target a person inside of the United States and ask for the NSAs help in executing that surveillance, Sanchez explained to The Dispatch.

Even if a persons communications are incidentally collected, the NSA likely knows his or her identity when it initially collects communication data. It isnt difficult to figure out if the agency has collected an email address or phone number.

However, after the NSA has collected the foreign intelligence that an individuals communication was swept up in, unless knowing his or her name is essential to understand the intelligence, the agency will mask the persons name and describe him or her in a way that doesnt reveal the individuals identity when the intelligence is shared with other agencies.

Once other agencies like the FBI or CIA receive the intelligence, they can request the name to be unmasked if they believe knowing it is essential to understanding the intelligence.

Unmasking is a fairly common occurrence; last year the NSA distributed 2,648 reports containing masked U.S. person identities and 1,351 reports in which at least one U.S. persons identity was included. In 2020, after a specific request from another agency, the NSA unmasked the identities of 9,354 U.S. persons.

Its not unthinkable that an intelligence agency might collect a journalists communicationsthe Obama administration famously seized two months of telephone records of reporters and editors at the Associated Press, citing investigations into leaks of sensitive national security information, and the Trump Justice Department obtained three Washington Post journalists phone records.

Because the NSA itself does not target Americans, Carlsons claim that the NSA was spying on him would mean that the Biden Justice Department presented enough evidence to the FISA court that showed Carlson to be a national security threat, thereby justifying a surveillance warrant.

A much more likely scenario is that the intermediaries Carlson was in communication with were under foreign surveillance and Carlsons communications were swept up through incidental collection as a result.

See the article here:
How the NSA Ends Up With Information on Americans Without Targeting Them - The Dispatch

(Disclosure: I have worked with nearly everyone mentioned in this article at the Aspen Institute, where most were engaged in the public-private Aspen Cybersecurity Group. I also coauthored a 2018 book on the US governments approach to cybersecurity with John Carlin.)

With the exception of the Justice Departments team, the key cyber players share a special background as veterans of Fort Meade, the base of the National Security Agency and US Cyber Command. Beyond Nakasone, Inglis spent nearly 30 years with the civilian side of the NSA, rising to be its deputy director. Before her appointment earlier this year, Neuberger founded and led the NSAs Cybersecurity Directorate and previously served as its chief risk officer, carving out a unique public voice for an agency not normally known for its public engagement. Easterly, who worked in the NSAs elite hacking team known as the Tailored Access Operations, in 2009 helped design, along with Nakasone and others, what later became US Cyber Command.

That shared NSA DNA is a belated admission, of sorts, of how long cybersecurity took a back seat in the governments wider bureaucracy. When the Biden administration went looking post-election for senior, respected leaders who had worked and thought about these issues for years, it really only had one talent pool to draw from.

The NSA and Cyber Command, for its part, moved rapidly during the Trump administration to regularize more aggressive offensive cyber operations. Nakasone, as WIRED reported last fall, has carried out more offensive operations online in his nearly three years heading the dual-hat arrangement than the US government had ever done prior to his tenurecombined. In recent months, US Cyber Command has begun to focus its attention not just on nation-state adversaries but also on transnational organized crime, which US officials increasingly point to as having risen to a scale and sophistication that equals the threat from established online adversaries like Iran and China.

The Biden White House, though, is still very much sorting out its own approach to cyber issues, from Chinese tech companies to ransomware. While Inglis, Neuberger, Monaco, Easterly, and Nakasone are friendly and collegial, they have differing philosophies, and they now find themselves arrayed across government with very different equities, tools, and capabilities.

How Inglis and Neuberger work together and share power inside the White House going forward will be one of the biggest questions of the Biden administrations approach to the internet, as will the question of how Easterly and Nakasone balance the governments civilian and military approach online. The answers will have a bearing not just on current technology and security policy but the future of US cyberdefense. If the NSA and Cyber Command split in two at the conclusion of Paul Nakasones tenure, then Neuberger, Inglis, and Easterly are among the obvious candidatesalong with current NSA director of cybersecurity Rob Joyceto take the reins of the intelligence agency.

Theyll also need to navigate long-simmering tensions between their respective agencies and their relative funding. CISA was formed only in 2018, out of what had long been a convoluted and shape-shifting DHS component known most recently as the National Protection and Programs Directorate. Its been on a hiring spree this spring, bringing on hundreds of new cyber professionals, but it's still only a quarter to a third the size of Cyber Command, and not even a tenth the size of the NSA. It has few true authorities to compel cooperation across the private sector, or even sometimes inside government.

And these are hardly the only complications facing anyone seeking to make a coherent government response to still-growing threats online. Beyond the big five outlined above, the US Secret Service and Immigration and Customs Enforcement both also share online enforcement duties, and many Americans were surprised to find this spring amid the Colonial Pipeline incident that the Transportation Security Administration, best known for its blue-uniformed airport security screeners, actually oversees the cybersecurity of the nations pipelines, among other odd corners and jurisdictions.

Continue reading here:
Bidens Cybersecurity Team Gets Crowded at the Top - WIRED

Jen Easterly

After an eight-month void in official leadership, the U.S. Senate this week confirmed former Obama-era senior National Security Agency official Jen Easterly to lead the Cybersecurity and Infrastructure Security Agency (CISA) amid increasingly frequent digital attacks.

Easterly, who formerly served on the National Security Council as Special Assistant to President Barack Obama and as Senior Director for Counterterrorism, among other roles, takes the reins from Brandon Wales, who has served as acting director of the agency since November. Her approval was unanimous, following delays caused by U.S. Sen. Rick Scott (R-FL), who sought to slow the appointment of Department of Homeland Security (DHS) officials to force President Joe Biden to visit the U.S.-Mexican border.

It is unfortunate that political games delayed her confirmation, but we are pleased the Senate has finally acted to confirm Jen Easterly as CISA Director, House Chairs Bennie Thompson (D-MS) and Yvette Clarke (D-NY), of the Committee on Homeland Security and the Subcommittee on Cybersecurity, Infrastructure Protection & Innovations, respectively, said of Easterlys appointment. At a time when cyber threats are increasing and evolving, Jen Easterly brings the experience and leadership needed to strengthen our nations cybersecurity. We look forward to working with her to ensure CISA is best positioned to fulfill its mission of protecting Federal networks and critical infrastructure.

CISA is in charge of improving cybersecurity in the government, coordinating cybersecurity efforts with states, and countering private and nation-state hackers. Recent days, however, have stressed the current limits of such capabilities. Formed in 2018 out of DHSs cyber operations, CISA has struggled to protect the nations physical and digital infrastructure against a mounting slew of attacks, even as new legislation heaps new duties on its roughly 2,500 personnel.

Today, CISA finds itself at the forefront of several major cyber incidents impacting both federal networks and the private sector, U.S. Rep. John Katko (R-NY), Ranking Member of the House Committee on Homeland Security, said. Now more than ever, our nations lead civilian cybersecurity agency needs strong leadership. Jen Easterly has a proven record of success in government and industry alike, and I applaud her confirmation by the Senate. Our nation is at a crossroads when it comes to our cybersecurity posture, and I look forward to working with Ms. Easterly to ensure CISA has the resources, workforce, and authorities it needs to effectively carry out its mission.

This year has seen an increase of high-profile cyberattacks, including the Colonial Pipeline ransomware attack in May by an alleged Russian cybercrime gang, which crippled the energy infrastructure and supplies for nearly half of the East Coasts liquid fuels. Kaseya, an IT solutions developer, was also hit in July in a ransomware attack that exploited authentication controls to hit hundreds of small to medium-sized companies throughout the United States.

Additionally, the national security infrastructure is still reeling from the SolarWinds hack at the end of last year, which has been declared one of the most devastating in history. Global software supply chains were proven to be highly vulnerable, and the U.S. Departments of Homeland Security, Agriculture, and Commerce were all among those compromised. Officials later alleged the hackers involved in that attack were linked to Russia.

Amid an uncertain time for both the public and private sectors security, many seem to be lauding an old and steady hand added for the fight. While thanking the outgoing director for his efforts in an acting capacity, Secretary of Homeland Security Alejandro Mayorkas, in particular, applauded the addition of Easterly as the second-ever Senate-confirmed director to head CISA.

Jen is a brilliant cybersecurity expert and a proven leader with a career spanning military service, civil service, and the private sector, Mayorkas said. I am proud to welcome her to the DHS team and look forward to working together to protect our country from urgent cybersecurity and physical threats.

Read more here:
Former NSA official Jen Easterly confirmed as director of CISA - Homeland Preparedness News