Mediaboss Marketing

A senior Pentagon official on Thursday said the Biden administration will review the joint leadership structure that has long governed U.S. Cyber Command and the National Security Agency.

I believe that the dual-hat will be looked at again, just by this administration, just to ensure that we understand what the value added is, but also what the impacts are. And so that discussion is still ongoing within the department today, Ronald Moultrie, Under Secretary of Defense for Intelligence and Security testified during a House Armed Services Committee subpanel hearing.

We understand that there is sentiment on both sides to really not do any harm, he added. But I believe that it will be looked at. Itll be an objective look.

The two agencies, which are co-located at Fort Meade, Md., have shared leadership under a so-called dual-hat arrangement ever since the Defense Department stood up Cyber Command in 2009.

While there have been attempts to split up the two in the past most notably near the end of the Obama administration and an 11th-hour push in the final weeks of the Trump administration desire to do so has largely waned since Army Gen. Paul Nakasone assumed command of the militarys top digital warfighting unit and the federal governments largest intelligence agency nearly four years ago.

The four-star is admired by both Democrats and Republicans, especially after defending the 2018 and 2020 election from foreign interference, although Nakasonehas run afoul of GOP members of the House Intelligence Committee after a controversy surrounding a former panel staffers selection to be the NSAs top lawyer.

Testifying alongside Moultrie, Nakasone said the maintaining or ending the dual-hat is a policy decision that obviously will be made by others.

But my best military advice, as it was when I first came in the job is the fact that through elections, through problems with Iran, through ransomware, and now with Russia-Ukraine, what the dual-hat has allowed us to do is focus the efforts of both organizations in cyberspace.

We both operate there and being able to have action, being able to [have] unity effort and being able to have agility is what the dual-hats been able to allow me to do over the past three plus years, he told lawmakers, echoing comments he has made in other recent congressional hearings.

For now, Armed Services members seem content to keep the two together.

There seems to be a natural partnership between organizations, Rep. Ruben Gallego (D-Ariz.), chair of the committees Intelligence and Special Operations subpanel, said during the hearing the public portion of which lasted just over 30 minutes.

Rep. Don Bacon (R-Neb.) said he has always opposed the push to separate the leadership roles.

I know how important NSA is to the Cyber Command missions. Theyre very much integrated, he said. And if you had two four stars going different directions you have a dysfunctional situation.

Bacon vowed he would combat future attempts to divide the dual-hat and I hope the Congress does. You need unified direction. And I think your leadership of both of those organizations provide that unified direction.

Martin is a senior cybersecurity reporter for The Record. He spent the last five years at Politico, where he covered Congress, the Pentagon and the U.S. intelligence community and was a driving force behind the publication's cybersecurity newsletter.

More:
DoD official: Keeping Cyber Command, NSA leadership together will be looked at - The Record by Recorded Future

The zeros lined up on the scoreboard, but former Nansemond-Suffolk Academy softball standout and current freshman UNC Greensboro pitcher Reese Byrd had no idea she had pitched a no-hitter until she was mobbed by her teammates.

Byrd didnt allow a hit in a five-inning no-hitter in an 8-0 win March 13 over Delaware State.

I had no clue what was happening until my teammates ran up to me after the game, Byrd said.

Sophomore Brooklynn Maxwell scooped up a routine ground ball at shortstop in the top of the fifth with two outs, making a line-drive throw to senior Samantha Lagrama at first base to solidify the victory.

The team sprinted out from the dugout and surrounded Byrd, who was casually jogging out to left field following the out. Freshman Jessie Shipley was the first to Byrd, while the rest of the team had giant smiles on their faces.

I said (to Byrd) Hey, do you know what you just did, Shipley said. She seemed a little confused, and I said NO-NO. Then she smiled and got excited. It was really cool to watch her do that and Im super proud of her.

Byrd struck out five in the victory. She is 4-3 overall in nine appearances and starts with three complete games.

A no-hitter is a tough feat to accomplish for any pitcher, said coach Janelle Breneman. Reese being a freshman makes it very special and is a sign of good things to come. Our defense was solid behind Reeses ability to shut them down.

Reese faced 18 batters, tossing 65 pitches in the shutout.

This was the first shutout for the Spartans (16-8) since May 9, 2021 when they beat Western Carolina 5-0.

I didnt have my best performance in the previous game, so this outing was refreshing, Byrd said.

Byrd in 2021 helped NSA to Tidewater Conference of Independent Schools and the Virginia Independent Schools Athletic Association Division II championships while the Saints went undefeated. That season, she was also named the conference player of the year and selected first-team all-state.

With UNC Greensboro, Byrd has a 2.93 ERA, the lowest of the Spartans pitching staff. She has thrown 40.2 innings, allowed 35 hits and has 20 strikeouts.

I am so proud of Reese and her performance on the mound on Sunday, said pitching coach Kendra Kirkhoff. She took control and showed a lot of confidence with each batter.

This was the Suffolk, Virginia natives first collegiate no-hitter. It was also the first for UNCG since Feb. 24, 2018, when Stephanie Bryden, the schools current volunteer assistant coach, threw an 8-0 five-inning victory against Virginia.

This is the 13th no-hitter in program history.

My teammates and coaches made it so special and exciting, Byrd said. Everyone was really excited for me in the huddle after the game. Ive thrown a few no-hitters in high school and travel ball, but this one was definitely my favorite.

Originally posted here:
She didn't know about the no-no: Former NSA softball standout throws no-hitter - The Suffolk News-Herald - Suffolk News-Herald

The US National Security Agency is reportedly investigating a hack targeting Viasat that disrupted internet access in Ukraine as Russian forces prepared to invade the country.

Viasat told CNBC on Feb. 28 that it was "experiencing a partial network outage" said to be "impacting internet service for fixed broadband customers in Ukraine and elsewhere on our European KA-SAT network." The outage started on Feb. 24the day Russia invaded Ukraine.

Reuters now reports that the NSA is collaborating with ANSSI and Ukrainian intelligence to determine "whether the remote sabotage of a satellite internet provider's service was the work of Russian-state backed hackers preparing the battlefield by attempting to sever communications."

Viasat told Reuters the outage affected satellite modems owned by tens of thousands of customers in Europe. Some of those modems are still offline at time of writing, according to the report, and bringing them back online is going to be a fairly involved process.

Reuters reports that a Viasat official "said most of the affected devices would need to be reprogrammed either by a technician on site or at a repair depot and that some would have to be swapped out." Russia's ongoing attacks on Ukraine will likely complicate that process.

In the meantime, Ukraine has turned to services like Starlink to remain online, although SpaceX CEO Elon Musk has warned that Russia might attack its satellite internet service as well so it can sever Ukraine's connection to the outside world as it seeks international aid in this conflict.

Sign up for Security Watch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.

Originally posted here:
Report: NSA Investigates Viasat Hack That Coincided With Ukraine Invasion - PCMag

At the core of Prime Minister Narendra Modis style and direction for counter-terror and counter-strike operations is the ability to adapt and surprise the enemy by exhibiting risk-taking at the highest level, writes national security advisor Ajit Doval in a new book thats been brought out to celebrate 20 years of Prime Minister Narendra Modi in public office. The book titled Modi@20: Dreams meet Delivery. will be out next month and has chapters written by home Minister Amit Shah, minister of external affairs S. Jaishankar, national security advisor (NSA) Ajit Doval, Nandan Nilenkani, Arvind Panagariya, Ashok Gulati, Sudha Murthy, the late Lata Mangeshkar, PV Sindhu and Sadhguru Jaggi Vasudev. It has been edited by BlueKraft Digital Foundation and is being published by Rupa Publications.

The PM completed 20 years in public office last year.

In an excerpt reviewed by HT, Doval describes how the Prime Minister dealt with the Uri terror attack in September of 2016 where terrorists breached the defences of the armys 12 Infantry Brigade base and killed 19 personnel. 10 days later, India carried out what has now become known as a surgical strike, hitting targets across the Line of Control. In the response to Uri 2016, a few aspects stand out, writes Doval. One, it was a simultaneous operation by multiple strike teams at four disparate locations and extended across a vast geographical boundary.

The second aspect, according to the NSA, is that the strikes were a political call taken by the Prime Minister, which meant he was taking responsibility not only for success, but also for failure. This exhibited risk-taking at the highest level a quality shown by very few. Third, it generated chaos, panic and confusion by creating the enemy is everywhere syndrome, Doval writes.

Also Read | At Maldives meet, NSA Ajit Doval calls for roadmap for Colombo Security Conclave

According to Doval, the strike was so effective that the then Pakistan leadership castigated its ground formations for failing to block even one strike team, despite having a large number of forward deployed troops. The NSA then goes on to differentiate the incident from the aerial strike conducted post the attack in Pulwama in 2019. Nearly 40 Central Reserve Police Force (CRPF) personnel were killed in a terror attack in Pulwama in Jammu and Kashmir on February 14, 2019. The attack on the CRPF convoy prompted India to carry out an airstrike in Pakistans Balakot and brought the two countries to the verge of war.

When it comes to the response to Pulwana, 2019, the one aspect of the Balakot counter-strike was that it was very different from other counter-terror, counter strikes undertaken by India, he writes. We had been responding to terror strikes in the ground domain. It was the first time an aerial strike was conceived and implemented with finesse, in the bargain also blowing away the myth of Pakistan nuclear bargain.

Doval goes on to add that if any adversary attacks Indias core interests, there will be counters. Domain and level will not be limiting factors, he writes. That said, the post-Uri strikes were different, and Balakot was different from the post-Ur strike. Tomorrow it may be different from both. This remains at the core of the Prime Ministers style of thinking and directions.

Continue reading here:
Modi exhibits risk-taking at the highest level: NSA Doval in new book on PM - Hindustan Times

Fears of cyber warfare between the two former Cold War rivals have become a recurring concern amid Russias invasion of Ukraine, prompting Biden to warn that he would respond the same way to any hostile hacking from Moscow against the United States. But people with experience in U.S. cyber strategy say neither side is likely to leap to destructive attacks as a first move and any hard punch would be preceded by warnings and signals.

Theres gradations before you get to disrupting critical infrastructure, said Michael Daniel, who was the National Security Councils cybersecurity coordinator during the Obama administration.

Michael Daniel, former White House cybersecurity coordinator and special assistant to former President Barack Obama, testifies during a hearing before the Senate Intelligence Committee on June 20, 2018 in Washington, D.C.|Alex Wong/Getty Images

The U.S. also would most likely avoid going after civilian targets such as Russian citizens electricity, even in response to Russian cyberattacks on the United States or NATO. Instead, any U.S. action would be gradual, proportional and aimed at warning Russia to stop, said Robert M. Lee, who worked in cyber warfare operations with the National Security Agency until 2015.

Are they going to take down the power grid [in Moscow]? No, said Lee, who is now CEO of the cybersecurity firm Dragos. He added: Youre [just] trying to shape behavior and signal, Hey we see you, and were willing to escalate this. Please dont punch back or well go to the next phase.

At the moment, U.S. government hackers are probably avoiding taking any actions that Putins government could interpret as an escalation that would trigger a reprisal, Lee and two other former hackers said in interviews. Espionage will continue as usual, but burrowing deeper into critical infrastructure or going after new systems not already compromised would be discouraged.

For the same reason, they said, the U.S. would probably not assist Ukraines defense by launching offensive cyberattacks against Russias military or government to avoid being pulled into the conflict.

In interviews with POLITICO, Lee, two other former U.S. government hackers involved in cyber operations against foreign networks, and a former intelligence official who was involved in discussions about such operations, described the complications of wielding Washingtons formidable hacking arsenal. These include tools that intelligence agencies have implanted in foreign networks for espionage purposes, but which also could be repurposed to cripple a power plant serving a military installation, halt gas in a pipeline or cause a communication blackout for Russian command centers.

For decades, Russia was not a top hacking priority for the U.S., taking a backseat to countries such as Iran and China, three of the experts said. But that changed after Putins own hackers tried to interfere in the 2016 election, and the U.S. is deeply embedded in Russian infrastructure today.

The former government hackers and intelligence official, along with one former national security official, also discussed with POLITICO the extensive effort required to get into other countries core systems and the challenges of maintaining that secret access for years. And they described the difficulties a standoff with Putin brings, including the calculus of deciding when to launch destructive cyberattacks against an adversary that can respond in kind.

The U.S. has plenty of offensive hacking capability to do the things that we would need to do, to have the effects that we want to have, said the former U.S. intelligence official. But he expressed less certainty about how deeply Russia is embedded in American infrastructure, which could limit what the U.S. is willing to do.

Can they turn around and do it back to us? Can someone make some reasonable assertion that they cant? said the former official, who asked to remain anonymous because he is not authorized to speak on such matters. If people cant say that, then it gets very hard to summon, I think, the political will to execute [an] attack.

Its a conversation that senior U.S. leaders typically dont like to conduct in public details about Americas cyber capabilities and calculations about using them have long been closely held secrets.

The U.S. can only hope that Putins regime is exercising similar restraint, as both sides face the unpredictable dangers of a cyber conflict that could do lasting harm to both sides, Daniel said.

For as much damage as the [Western] sanctions are doing or might do to [Russias] economy, they are reversible, he said. The West can choose to turn them off. [But] you cant un-destruct something.

One huge caveat: If Putin gets to the point where he feels Russia has nothing left to lose, then he is more likely to order destructive attacks against the United States. But I dont think were all the way there yet, Daniel said.

Two intelligence agencies and one military division are the main arms of the U.S. government responsible for compromising foreign networks.

The National Security Agency and Central Intelligence Agency both have sophisticated hacking divisions with individual teams focused on specific countries or regions to collect intelligence. U.S. Cyber Command, launched in 2010 as part of the Defense Department, hacks networks for offensive operations related to battle, not intelligence collection. It also recently disrupted ransomware groups targeting the U.S.

The three entities operate under different legal authorities, generally limiting what each can do. But theres some overlap: In past years, if an NSA or CIA team needed to destroy or disrupt a system, it could get authorization from the White House, or a Cyber Command warrior could be tasked to work with them.

But in 2018, the leeway for the CIA to conduct such attacks expanded when then-President Donald Trump signed a secret finding that eliminated the need for the spy agency to get White House approval. Instead, the CIA could now give the go-ahead for cyberattacks against Russia, China, Iran and North Korea. This also potentially expanded the types of operations the CIA could conduct on its own authority, opening the door to attacks on banks and other financial institutions that previously had been off-limits for U.S. hackers, along with hack-and-leak operations similar to what Russia did with the Democratic National Committee in 2016.

The focus on Russia as a top priority for U.S. cyber intelligence efforts is a relatively recent phenomenon.

After the terrorist attacks on Sept. 11, 2001, intelligence agencies diverted resources and personnel to focus on counterterrorism and later on Iran and China, three of the experts told POLITICO. That remained the case for nearly 15 years. I wouldnt say Russia was a backwater, but it certainly wasnt heavily prioritized, said the former intelligence official who asked to remain anonymous.

Another of the sources that spoke to POLITICO, a former NSA intelligence analyst, confirmed that the NSAs Russia teams which included hackers, analysts who help determine targets and assess intelligence, and mission leaders lost a lot of their resources and people after 2001.

But the remaining people became more focused and disciplined as a result, the analyst said, and were no less effective. Unlike other teams, the ones focused on Russia had their own experts with special language and technical skills to help them understand the networks they targeted.

The analysts who worked on the Russian targets spoke Russian, he said. There were very few people in other groups who knew the national anthem of their target country, but all of the Russian team did.

Russian targets were harder to compromise and maintain than systems in many other countries, however.

Irans probably, from a technical perspective, [one of] the most compromised countries on earth, said the former intelligence official. There is nary a network inside that country that doesnt have an implant from the U.S. or some other countrys intelligence service sitting in it.

Russia is more challenging, both because of the size of the country and the number of networks worth targeting, and because of Russias own hacking and counterintelligence skills. Despite this, Lee said that theres not a world that exists where we are not deeply embedded in much of the Russian key infrastructure. I dont mean like power grid infrastructure. I just mean infrastructure, whether it be intelligence infrastructure or other. That should be pretty obvious with the extraordinary [information] weve been declassifying recently.

The hardest part often isnt gaining access to a system but maintaining it clandestinely, for months or years.

It is the thing that separates the most sophisticated cyber operators on the planet from the lesser ones, the former intelligence official said.

A software patch or upgrade to a new operating system can close a door to intruders. So NSA and CIA hackers will seek deeper access, such as planting spy tools at the core of a system where software upgrades wont affect them.

Even so, hardware containing spy implants can suddenly get taken offline, leaving the hackers to wonder if someone had discovered their backdoor. The Russian cybersecurity firm Kaspersky Lab has publicly exposed numerous espionage tools planted around the world by the U.S. and its allies over the years, including a six-year-long operation that had placed implants on routers in multiple countries to spy on ISIS and al-Qaeda terrorists. And sometimes rival spy agencies steal an agencys hacking tools, as reportedly occurred when a group known as the Shadow Brokers, believed to be a nation-state spy group from Russia, leaked pilfered NSA malware.

Theres the laypersons assumption that you just switch out the thing that has been compromised with the new thing that hasnt been compromised, said the former intelligence official. But the process of switching out tooling, in and of itself, can dramatically increase your chance of being [caught].

The NSA also has to watch out for other hackers nation-state and skilled cyber criminals who might be inside systems the agency wants to breach. Those hackers can potentially spy on the agencys activity inside an infected machine or grab their tools to study and reuse them.

Governments may not like it when foreign spies breach their networks to steal data, but its an acceptable and expected practice, even when it involves breaching critical infrastructure such as energy companies and electric grids for intelligence gathering. These targets can yield valuable information about how power is generated and distributed throughout the country, and how vulnerable parts of a grid might be to physical or digital harm. Both the U.S. and Russia and other countries compromise these networks.

We might like to scream and rant and rave about it when Russia hacks into those targets for spying purposes, but theyre perfectly valid targets, said the former intelligence official.

Gaining access to a power plant doesnt mean a foreign government is about to take it down, Lee said. Its quite literally their job to just develop access and maintain that for when people request it, he said.

But governments also contemplate more disruptive attacks on the electricity supply. This possibility gained new attention in 2019, when The New York Times reported that U.S. Cyber Command had planted potentially crippling malware in Russias grid systems on the chance that the U.S. might want to disrupt the grid in the future.

But Lee said the actions described in the article arent typically how the U.S. would carry out such an operation.

You dont place your offensive capabilities [in a network] before you leverage them, he said, because you risk having them discovered. Attackers will, however, leave implants for intelligence purposes that could later be leveraged to disrupt a system or plant destructive code.

Ideally, Cyber Commands offensive hackers wouldnt wage destructive attacks against a target using the same implants and compromised systems that the NSA and CIA employ for intelligence collection, so as not to burn their spying capabilities, Daniel said. But Lee said that during his time at the NSA, Cyber Command often piggybacked on the access that espionage teams had worked hard to obtain. We would have loved for Cyber Command to have their own capabilities and access, but that was not the reality of the situation.

Effective cyberattacks arent spontaneous, opportunistic events. It can take months or years to get access to some systems, and then may require extensive reconnaissance and research or even physical access to design and pull off an attack.

Flipping a relay is one thing. Understanding what happens when you flip the relay is something else, said Jake Williams, a former NSA hacker who was with the agency until 2013.

In the best-known destructive cyber operation, the covert Stuxnet attack that the U.S. and Israel launched between 2007 and 2010 to disrupt the Iranian nuclear program, the CIA and Mossad used a mole working for Dutch intelligence to carry spyware into the high-security facility and place it on computers that werent connected to the internet. After that spyware gathered intelligence about centrifuges used for enriching uranium gas, the mole planted destructive code onto the same systems. Researchers in Israel and the U.S. even built centrifuge test labs to study the potential effects various digital attacks might have on the devices. The operation successfully degraded between 1,000 and 2,000 centrifuges and caused temporary delays in Irans enrichment activities, though Iran recovered quickly from the setback.

Similarly, when Russian hackers took down parts of Ukraines electric grid for a few hours in 2015, they entered power plant networks by sending malware-laden emails to employees, then spent six months conducting reconnaissance, studying the various models of control systems at distribution plants and designing malware specific to each system.

For the U.S. to prepare to launch military cyberattacks against a foreign target in times of conflict, a Cyber Command team would make a list of systems they might need to access, then survey NSA and CIA hacking teams to see who already has access to them and whether additional networks need to be compromised.

But compromising new networks during the existing U.S.-Russian tension before conflict between the two countries has started is highly risky, and Lee said U.S. hackers would be exercising extra restraint right now. Russia could misinterpret new espionage intrusions as advance work for an attack, regardless of what the U.S. intends.

Lee said many people may assume that for a crisis like the Russian invasion, U.S. cyber warriors would be getting more aggressive inside Russian networks. But he said that my experience with U.S. intelligence is its quite the opposite. Now is not the time to go poking around. Unless you have a damn good need to be there, dont go doing something that could be perceived as escalatory.

Lee pointed to incidents his company uncovered in October when a Russian-based hacking group it calls Xenotime was found probing the networks of key electric and liquid natural gas sites in the United States. The hackers did nothing more than routine exploration for vulnerabilities the kind of activity that the U.S. also does but because of growing tensions with Russia and Xenotimes involvement in a previous disruptive attack, the information traveled up the ranks to senior officials in government. The episode occurred just months after Biden had warned Putin against offensive cyberattacks on U.S. critical infrastructure.

It turned into extraordinary concern, because its perceived as sort of signaling, Lee said. [The Russians were] showing they may have the intent to come after electric and natural gas sites.

No matter how dire the military invasion in Ukraine turns, the U.S. would not conduct disruptive or destructive cyberattacks against Russia, Lee believes. In the same way the U.S. has carefully avoided direct involvement in Ukraines defense, aside from supplying intelligence and equipment, it also would not want to enter into direct conflict with Russia in cyber space. This could change, however, if Russia attacks the U.S. or its NATO allies.

But Russia is probably making the same kinds of calculations about launching attacks against the U.S., said Daniel, the former NSC cyber coordinator. For example, to retaliate for the financial crisis that Western sanctions have introduced in Russia, Putins forces could launch sophisticated and potentially chaotic attacks against the integrity of U.S. or European financial data, but these kinds of attacks require extensive advance planning and its not clear Russia has done the work.

Daniel said Russia is also not likely to launch a destructive attack at the outset. Instead Russia might launch barrages of malicious online traffic to take down U.S. banking websites, as Iran has done in the past in retaliation for sanctions. Russia could also hijack banking traffic, redirecting it to Russian networks, or unleash cyber criminal gangs to conduct ransomware attacks on the financial sector.

Whatever Russia does, Daniel says the U.S. would want to be measured in any response it takes. Options could include leaking information about secret financial dealings of Putin and his cronies to further turn the Russian public against Putin, though the U.S. would have to be prepared for Russia to do the same.

The U.S. would be looking for actions that would impose some pain but wouldnt lead to physical destruction or loss of life or necessarily be permanent, so that if Russia backs off, the U.S. can as well, Daniel said.

And Daniel said any response from the United States would likely be targeted narrowly at the military or government contrary to a recent NBC News report, strongly disputed by the White House, that said U.S. cyber warriors had proposed to Biden options such as shutting off the power in Russia.

We would not want to take steps that would drive the Russian populace back towards a pro-Putin viewpoint, Daniel said.

Kim Zetter is the author of COUNTDOWN TO ZERO DAY: Stuxnet and the Launch of the Worlds First Digital Weapon.

CORRECTION: A previous version of this story incorrectly described the extent of the hacking group Xenotimes access to U.S. energy networks. The hackers were probing the networks for ways to get inside.

Continue reading here:
'Not the time to go poking around': How former U.S. hackers view dealing with Russia - POLITICO