President Trump on Thursday signed a long-delayed executive order on cybersecurity that “makes clear that agency heads will be held accountable for protecting their networks, and calls on government and industry to reduce the threat from automated attacks on the internet, ” reports The Washington Post. From the report: Picking up on themes advanced by the Obama administration, Trump’s order also requires agency heads to use Commerce Department guidelines to manage risk to their systems. It commissions reports to assess the country’s ability to withstand an attack on the electric grid and to spell out the strategic options for deterring adversaries in cyberspace. [Thomas Bossert, Trump’s homeland security adviser] said the order was not, however, prompted by Russia’s targeting of electoral systems last year. In fact, the order is silent on addressing the security of electoral systems or cyber-enabled operations to influence elections, which became a significant area of concern during last year’s presidential campaign. The Department of Homeland Security in January declared election systems “critical infrastructure.” The executive order also does not address offensive cyber operations, which are generally classified. This is an area in which the Trump administration is expected to be more forward-leaning than its predecessor. Nor does it spell out what type of cyberattack would constitute an “act of war” or what response the attack would invite. “We’re not going to draw a red line, ” Bossert said, adding that the White House does not “want to telegraph our punches.” The order places the defense secretary and the head of the intelligence community in charge of protecting “national security” systems that operate classified and military networks. But the secretary of homeland security will continue to be at the center of the national plan for protecting critical infrastructure, such as the electric grid and financial sector. Read more of this story at Slashdot.
Visit link:
Trump Signs Executive Order On Cybersecurity
According to The New York Times, Former Secretary of State Colin Powell has been hacked and a password-protected archive of his personal emails has been published by DC Leaks. The Verge reports: DC Leaks is the same site that first published emails stolen from the Democratic National Committee, which many took as an explicit effort to influence the U.S. election process. Many experts in the U.S. intelligence apparatus have attributed that attack to the Russian government, although no public attribution has been made. Thus far, there’s no evidence tying Powell’s hack to Russia, and similar hacks have been carried out by mischievous teens without government affiliation. The immediate result of the hack has been political fallout for Powell himself. Last night, BuzzFeed News reported on an email in which Powell called Republican nominee Donald Trump a “national disgrace, ” and another in which he said the candidate was “in the process of destroying himself.” Read more of this story at Slashdot. 
Justin Ling and Jordan Pearson, reporting for Vice News: A high-level surveillance probe of Montreal’s criminal underworld shows that Canada’s federal policing agency has had a global encryption key for BlackBerry devices since 2010. The revelations are contained in a stack of court documents that were made public after members of a Montreal crime syndicate pleaded guilty to their role in a 2011 gangland murder. The documents shed light on the extent to which the smartphone manufacturer, as well as telecommunications giant Rogers, cooperated with investigators. According to technical reports by the Royal Canadian Mounted Police that were filed in court, law enforcement intercepted and decrypted roughly one million PIN-to-PIN BlackBerry messages in connection with the probe. The report doesn’t disclose exactly where the key — effectively a piece of code that could break the encryption on virtually any BlackBerry message sent from one device to another — came from. But, as one police officer put it, it was a key that could unlock millions of doors. Government lawyers spent almost two years fighting in a Montreal courtroom to keep this information out of the public record. Motherboard has published another article in which it details how Canadian police intercept and read encrypted BlackBerry messages. “BlackBerry to Canadian court: Please don’t reveal the fact that we backdoored our encryption, ” privacy and security activist Christopher Soghoian wittily summarizes the report. “Canadian gov: If you use Blackberry consumer encryption, you’re a “dead chicken”. Read more of this story at Slashdot. 
erier2003 writes: President Obama on Tuesday unveiled an expansive plan to bolster government and private-sector cybersecurity by establishing a federal coordinator for cyber efforts, proposing a commission to study future work, and asking Congress for funds to overhaul dangerously obsolete computer systems. His newly signed executive orders contain initiatives to better prepare college students for cybersecurity careers, streamline federal computer networks, and certify Internet-connected devices as secure. The Cybersecurity National Action Plan also establishes a Federal Privacy Council (to review how the government stores Americans’ personal information), creates the post of Chief Information Security Officer, and establishes a Commission on Enhancing National Cybersecurity. Read more of this story at Slashdot.