Mediaboss Marketing

The latest Senate report on Russian interference in the 2016 election, released Feb. 6, contained several broad recommendations for how the government can improve effectiveness in securing American elections.

While the Senate Select Committee on Intelligences third volume lists seven recommendations for correcting shortfalls made by the Obama administration in responding to Russian election interference, the federal government has already made progress in several of the recommended areas since the committee started its report.

The committee recommends that the executive branch bolster partnerships with countries considered near abroad to Russia. The bipartisan report states that Russia has been using these countries as a laboratory for perfecting information and cyber warfare. For example, in the military conflict between Ukraine and Russian, Russian-backed hackers have targeted the government and shut down the countrys power grid.

Expanding partnerships with such countries will help to prepare defenses for the eventual expansion of interference techniques targeting the West," the report read.

U.S. Cyber Command has taken similar measures in recent years, partnering with the Montenegrin government for the last two years to search for malicious actors in networks in the lead up to both nations elections in 2020. The U.S. Secret Service also engages with foreign states on cybersecurity issues, like in 2017 when it trained local officials in Estonia.

Having U.S. cyber personnel near the Russian cyber hot spots will help the United States learn more about Russian behavior. Tom Kellermann, a former commissioner on the Commission on Cyber Security for the 44th President of the United States, said that partnerships will help the United States determine the root cause of Russian intrusions.

How did they get in in the first place and how did they stay in? How did they maintain persistence?" said Kellermann, now head of cybersecurity strategy at VMware. These are the critical lessons we should learn from assisting our allies in order to protect our democracy."

The committee also recommended that the United States lead the way on establishing international cyber norms, writing that U.S. leadership is needed to balance any formalized international agreement on acceptable uses of cyber capabilities.

Get the top Cyber headlines in your inbox every weekday morning.

(please select a country) United States United Kingdom Afghanistan Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos (Keeling) Islands Colombia Comoros Congo Congo, The Democratic Republic of The Cook Islands Costa Rica Cote D'ivoire Croatia Cuba Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands (Malvinas) Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guinea Guinea-bissau Guyana Haiti Heard Island and Mcdonald Islands Holy See (Vatican City State) Honduras Hong Kong Hungary Iceland India Indonesia Iran, Islamic Republic of Iraq Ireland Israel Italy Jamaica Japan Jordan Kazakhstan Kenya Kiribati Korea, Democratic People's Republic of Korea, Republic of Kuwait Kyrgyzstan Lao People's Democratic Republic Latvia Lebanon Lesotho Liberia Libyan Arab Jamahiriya Liechtenstein Lithuania Luxembourg Macao Macedonia, The Former Yugoslav Republic of Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia, Federated States of Moldova, Republic of Monaco Mongolia Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands Netherlands Antilles New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestinian Territory, Occupied Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Reunion Romania Russian Federation Rwanda Saint Helena Saint Kitts and Nevis Saint Lucia Saint Pierre and Miquelon Saint Vincent and The Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia and Montenegro Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and The South Sandwich Islands Spain Sri Lanka Sudan Suriname Svalbard and Jan Mayen Swaziland Sweden Switzerland Syrian Arab Republic Taiwan, Province of China Tajikistan Tanzania, United Republic of Thailand Timor-leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates United Kingdom United States United States Minor Outlying Islands Uruguay Uzbekistan Vanuatu Venezuela Viet Nam Virgin Islands, British Virgin Islands, U.S. Wallis and Futuna Western Sahara Yemen Zambia Zimbabwe

Subscribe

By giving us your email, you are opting in to the Daily Brief.

This is another area where the U.S. government has already made progress. At the United Nations, the United States has worked to establish international cyber norms and proposed creating a group to study how to enforce cyber norms, all while butting heads with the Russian and Chinese representatives.

According to Chris Painter, a former top cyber official at the Department of State, while the United States has led on establishing some norms, like critical infrastructure shouldnt be targeted outside of wartime, there is still outstanding work to be done on enforcing those norms.

We have to make sure that those norms are just not paper tigers, Painter said. They have to be accepted by countries around the world and there has to be accountability when people break them."

Another recommendation from the committee suggests that credible information about foreign information or cyber operations be shared as broadly as appropriate within government, Congress and, when appropriate, private-sector partners. The committee also adds that the federal government must have substantive and timely outreach with state and local governments when election infrastructure is targeted.

The federal government has made strides in this area, particularly with its outreach to state and local governments, an effort spearheaded by the Cybersecurity and Infrastructure Security Agency within the Department of Homeland Security. Top election officials in states have security clearances to gain access to more threat intelligence and CISA frequently holds phone calls with state operators of critical infrastructure, which includes election officials.

Within the intelligence community, NSAs new Cybersecurity Directorate is also making an effort to share contextualized threat intelligence with the defense industrial base.

As part of the recommendation, the committee also said that feds needed to create a mechanism for notifying the public of operations.

Delaying the release of information allows inaccurate narratives to spread, which makes the task of informing the public significantly harder, the committee wrote.

Both the IC and civilian government have partnered together to establish a process for public notification of cyberthreats. Back in November, the Office of the Director of National Intelligence, NSA, DHS, State, CIA, NSA and FBI agreed to a framework in which they would discuss potentially exposing an interference operation after convening leaders from all the agencies.

The committees other recommendations were that the executive branch prepare for the next attack, integrate responses to cyber incidents, prioritize collection on information warfare, and clarification of roles and authorities within the IC.

Read the original:
The progress the government has made on election security - fifthdomain.com

The National Security Agencys chief information officer may be unsure of what theyre supposed to be doing with attention being pulled disproportionately toward cybersecurity issues, according to the agencys inspector general.

The Agencys CIO role is ambiguous, without clearly defined authorities and responsibilities, the OIG wrote in the semi-annual report released Thursday, which otherwise gives NSA a pat on the back for implementing its recommendations.

The IG audited the agency for compliance with Clinger-Cohen Act of 1996 and an Office of Management and Budget memorandum, documents that describe the CIO role and responsibilities for budget, program and workforce management as well as overseeing information security.

Examining the implementation of an enterprise IT architecture program and the CIOs placement within the NSAs management structure, the IG said the agency and the CIO made substantial progress, but there were a few attention-grabbing reasons they noted as contributing to shortfalls.

These were dual hatting the functions of the CIO with those of an NSA Directorate, a lack of documentation for the delegation of authorities, failure to include the CIO role in agencyorganization charts, and agency communications that reinforced the CIOs authorities primarily for the information security component.

The CIO has the requisite oversight of and decision rights for all Agency IT, the IG explains, noting, The issues identified in this audit increase the risk that the agency ...may not be maximizing its effectiveness and efficiency in designing, investing in, acquiring, managing, and maintaining the full range of its IT.

The report said the IG made four recommendations to address the issue, and that the NSA has sufficiently addressed one of those, with actions planned to implement the other three.

In general, though, the IG reports the NSAs overdue recommendations for the period of April through September represented 59% of the total number of open recommendations, which was the lowest percentage of open recommendations that were overdue over the past four semi-annual reports.

This reflects significant progress, but there is still substantial work to be done, according to the latest report.

The OIG is now evaluating NSAs implementation of the Federal Information Security Modernization Act of 2014. That audit will focus specifically on assessing the agencys information security practices.

Link:
Unclear NSA CIO Role Puts the Agency's IT at Risk, IG Says - Nextgov

FT. MEADE, Md. The University of Illinois at Urbana-Champaign (Illinois) is one of the first universities to partner with NSA on researching the science of security and has been working on cybersecurity problems with NSA for more than 19 years.

As one of the initial schools to be designated to host an NSA Science of Security (SoS) Lablet, Illinois has been instrumental in stimulating basic research to create scientific underpinnings for security and advocating for scientific rigor in security research, said NSA Deputy Director George Barnes. The Illinois SoS Lablet builds on a long history in developing science upon which systems might be engineered.

To celebrate this partnership, NSA has named Illinois as a featured schooland ishighlighting the collaboration on NSA.gov, IntelligenceCareers.gov, and on social media beginning January 23, 2020.

As a public comprehensive research university, the University of Illinois at Urbana-Champaign has an opportunity and responsibility to advance our society, said Illinois Chancellor Robert Jones. We are honored to be named a National Security Agency Featured School, and we look forward to continuing to partner to develop the talent and tools needed for our national security challenges.

The partnership began in 2000 when Illinois was designated as a Center of Academic Excellence in Cyber Defense(CAE-CD), a program now jointly sponsored by NSA and the Department of Homeland Security. That program, along with a CAE-Research designation, which Illinois received in 2008, promotes higher education and research in the critical area of cybersecurity.

At about the same time NSA researchers began collaborating with Illinois faculty and students in support of broad cybersecurity and assurance goals, to include research in programming languages and system verification in support of systems analysis.

This early work with Illinois led to valued capability developments that are still in use within NSA and partner federal agencies today, said Mr. Brad Martin, Illinois Academic Liaison.

In 2011, Illinois became one of just three universities to host a SoS Lablet. Dr. David Nicol, a professor at Illinois, has been involved in the lablet since the beginning and appreciates the fact that NSA has been investing in research at the early conceptual stages.

I was pleased that the problem of viewing the scientific basis for security was being taken seriously, he said. Its commendable that NSA recognized this issue and invested resources in studying it.

NSA has also awarded Illinois more than $600,000 in grants over the last five years and has hosted a number of summer interns from the university. Currently, two students at Illinois are in the Stokes Educational Scholarship Program, which recruits students, particularly minorities, who have demonstrated skills critical to NSA. The students receive up to $30,000 a year toward their college education and commit to summer internships and six years of agency employment following graduation.

Currently 115 Illinois graduates with degrees at all levels in areas from mathematics to Russian work at NSA.We have many talented employees at NSA who have come from Illinois, said Ms. Kathy Hutson, NSAs Senior Strategist for Academic Engagement. We are so pleased with the partnership we have forged with the university and what it has yielded for NSA.

Illinois is the fifth university to be named an NSA Featured School. The series highlights schools designated as CAEs that have a depth and breadth of engagement with the Agency.

The rest is here:
NSA and University of Illinois: Partnering to Secure Networks and Cyber Systems - Illinois Computer Science News

But a newfound appetite for curtailing U.S. surveillance practices has emerged among Republicans who have criticized the FBIs eavesdropping of former Trump campaign adviser Carter Page, making them willing to buck the Trump administrations demands that the program be permanently extended.

And intelligence officials arent making the case to keep to phone records program, either. Theyve previously admitted it has become too technically complex a burden to maintain.

Longtime privacy advocates on the Hill are seizing on this momentum to kill the program theyve argued is ineffective and violates Americans rights before the statute authorizing it expires on March 15.

This is a big moment for reformers, Sen. Ron Wyden (D-Ore.), a senior member of the Senate Intelligence Committee, who is looking to push for greater surveillance changes given this new climate in Congress, told POLITICO this month.

Intelligence Chairman Richard Burr (R-N.C.) and Virginia Sen. Mark Warner, the panels top Democrat, introduced legislation that would render the program essentially inoperable while renewing the laws other surveillance authorities predominantly used by the FBI for another eight years.

I plan to propose to leadership that we move, in some fashion, [our] bill, Burr said.

Senate Judiciary Chairman Lindsey Graham (R-S.C.), whose panel held a contentious public hearing with an NSA official who couldnt offer examples of the program helping in terror probes, said the proposed legislation works for him.

Meanwhile, in the Democrat-controlled House, the Judiciary and Intelligence committees have been working together for months on a bill that would pull the plug on the surveillance tool once and for all.

The panels are writing a proposal that will both renew authorities necessary to the protection of national security, while also bolstering additional privacy and transparency safeguards where appropriate, a senior Democratic House Intelligence Committee official told POLITICO.

Obviously, time is of the essence, and we hope to come to [a] consensus in the coming month or so, the official added.

A House Democratic aide said the program was built to address an adversary and a technological gap that existed 25 years ago, but times have changed. Bad guys don't use landlines to talk to each other anymore The technology is different. It is less valuable to us today than it was than it would have been in 2001 when they needed it.

But a critical player is Senate Majority Leader Mitch McConnell (R-Ky.), who has yet to indicate he would buck the White House over the intelligence tool. A McConnell spokesperson declined to comment, and a spokesperson for the National Security Council did not respond to a request for comment from POLITICO about the broad resistance from Congress.

The NSA gained the ability to access and analyze Americans domestic calling records shortly after 9/11. Established in secret, the program was designed to vacuum up metadata the numbers and time stamps for calls or text messages but not the actual content so the agency could sift for links among possible associates of terror suspects.

The Snowden leaks eventually forced the Obama administration and Congress to settle on a new law, the USA Freedom Act, that ended NSAs bulk phone collection but allowed the records to be retained by telephone companies and accessed by the federal government with court approval.

Problems with the revised system began to emerge publicly in 2018 when the NSA announced it had uncovered technical irregularities that caused it to collect more phone records than it had legal authority to gather. The agency dumped its entire collection of phone records. However, the problem soon resurfaced, according to an inspector general report.

The recurring compliance headaches around the program, its negative association with Snowden and an inability by intelligence leaders to offer concrete examples of its value in fighting terrorism led a spectrum of observers including former and current intelligence officials to question if the scaled down system was worth keeping at all.

The administration had been quiet about its intentions for the future of the program. Thats a contrast to 2017 when the White House and the intelligence community successfully pressed lawmakers to renew a separate set of warrantless programs that intercept digital traffic of foreign targets while collecting personal information on Americans.

In March, a senior congressional aide revealed that the NSA had deactivated the domestic surveillance program. Then-Director of National Intelligence Dan Coats confirmed that fact in a letter to Congress in August, which acknowledged that the system has been indefinitely shut down but still asked lawmakers to extend its legal basis.

On Capitol Hill, the urge to strike the program from the books only grew. But in December, lawmakers were forced to include language in a stopgap government funding bill that punted the deadline for the surveillance programs by 90 days, until March 15.

The move was made, in part, because the House impeachment inquiry dominated much of the congressional calendar and to wait for potentially consider additional surveillance reforms, some of which were highlighted by Justice Department Inspector General Michael Horowitzs review of the FBIs handling of its investigation of the Trump campaign in 2016.

A lot of very smart people had a notion that it would be a bad idea for us to pass a bill the first week of December and to have an IG report detailing the inner depths of the FISA process come out the second week of December and then look foolish, the House Democratic aide told POLITICO.

The aide said that on big ticket questions there isnt a lot of daylight between the existing Senate bill and the one that will be produced by the House Judiciary and Intelligence panels, though an eight-year extension of the other authorities isnt likely to pass the lower chamber.

Other issues could also complicate the short window left for lawmakers to take up the surveillance law.

This week, Wyden and a bipartisan group of House and Senate lawmakers introduced a bill that would end the program, codify an intelligence community decision to stop location-tracking surveillance activities, and change the process for obtaining court approval for surveillance, while proposing additional transparency measures.

To pass a bill where everybody says the thing doesn't work and we're just going to write into law what they're already doing and then call it a day, I think, would be very unfortunate because there's a lot more to do, Wyden said.

But additional changes appear to be a non-starter for Burr, who advised Wyden and others to introduce legislation if they want to see them enacted.

Elizabeth Goitein, a privacy advocate and co-director of the Liberty & National Security Program at the Brennan Center for Justice, said offing the program should be the bare minimum lawmakers try to achieve.

When you have a surveillance program that has collected more than a billion records of Americans some of them without legal authorization, and all of them without any significant benefit its a no-brainer that the program should be terminated, she said.

The House aide said the expectation is for legislation to be introduced and voted on, at least by the Judiciary Committee, before going to the full chamber before the March 15 deadline. An overwhelmingly bipartisan House vote could send a message to the Senate to get on board with its bill.

Burr suggested that any extension would have to be hitched to another must-pass bill something in short supply this time of year. Such a move would prevent the legislation from being jammed on the floor by privacy hawks like Wyden and Republican Sens. Rand Paul (Ky.) and Mike Lee (Utah).

Burr didnt rule out another short-term extension, either.

Im not going to rule out that we may have an effort by leadership to extend the authorization another 90 days or 60 days or something, Burr said.

We still have to do it. This is a must do.

See the article here:
Powerful lawmakers join effort to kill surveillance program protected by Trump administration - POLITICO

Putting AI to its broadest use in national defense will mean hardening it against attack.

Americas intelligence collectors are already using AI in ways big and small, to scan the news for dangerous developments, send alerts to ships about rapidly changing conditions, and speed up the NSAs regulatory compliance efforts. But before the IC can use AI to its full potential, it must be hardened against attack. The humans who use it analysts, policy-makers and leaders must better understand how advanced AI systems reach theirconclusions.

Dean Souleles is working to put AI into practice at different points across the U.S. intelligence community, in line with the ODNIs year-old strategy. The chief technology advisor to the principal deputy to the Director of National Intelligence wasnt allowed to discusseverything that hes doing, but he could talk about a fewexamples.

At the Intelligence Communitys Open Source Enterprise, AI is performing a role that used to belong to human readers and translators at CIAs Open Source Center: combing through news articles from around the world to monitor trends, geopolitical developments, and potential crises inreal-time.

Imagine that your job is to read every newspaper in the world, in every language; watch every television news show in every language around the world. You dont know whats important, but you need to keep up with all the trends and events, Souleles said. Thats the job of the Open Source Enterprise, and they are using technology tools and tradecraft to keep pace. They leverage partnerships with AI machine-learning industry leaders, and they deploy these cutting-edgetools.

Subscribe

Receive daily email updates:

Subscribe to the Defense One daily.

Be the first to receive updates.

AI is also helping the National Geospatial-Intelligence Agency, or NGA, notify sailors and mariners around the world about new threats, like pirates, or new navigation information that might change naval charts. Its a mix of open source and classified information. That demands that we leverage all available sources to accurately, and completely, and correctly give timely notice to mariners. We use techniques like natural language processing and other AI tools to reduce the timelines reporting, and increase the volume of data. And that allows us to leverage and increase the accuracy and completeness of our reporting, Souleles said.

The NSA has begun to use AI to better understand and see patterns in the vast amount of signals intelligence data it collects, screening for anomalies in web traffic patterns or other data that could portend an attack. Gen. Paul Nakasone, the head of NSA and U.S. Cyber Command, has said that he wants AI to find vulnerabilities in systems that the NSA may need to access for foreignintelligence.

NSA analysts and operators are also using AI to make sure they are following the many rules and guidelines that govern how the NSA collects intelligence on foreigntargets.

We do a lot of queries, NSA-speak for accessing signals intelligence data on an individual, Souleles said. Queries require audits to make sure that NSA is complying with thelaw.

But NSA technicians realized that audited queries can be used to train AI to get a jump on the considerable paperwork this entails, by learning to predict whether a query is reportable with pretty high accuracy, Souleles said. That could help the auditors and compliance officers do perform their oversight roles faster. He said the goal isnt to replace human oversight, just speed up and improve it. The goal for them is to get ahead of query review, to be able to make predictions about compliance, and the end result is greater privacy production foreveryone.

In the future, Souleles expects AI to ease analysts burdens, proving instantaneous machine translation and speech recognition that allows analysts to pour through different types of collected data, corroborate intelligence, and reach firmer conclusions, said Jason Matheny, a former director at the Intelligence Advanced Research Projects Activity and founding director of the new Center for Security and Emerging Technology at GeorgetownUniversity.

One roadblock is the labor of collecting and labeling training data, said Souleles. While that same challenge exists in the commercial AI space, the secretive intelligence community cannot generally turn to, say, crowdsourcing platforms like Amazons Mechanical Turk.

The reason that image recognition works so well is that Stanford University and Princeton published Imagenet. Which is 14 million images of the regular things of the world taken from the internet, classified by people into about 200,000 categories of things, everyday things of the world; toasters, and TVs, and basketballs. Thats training data, says Souleles. We need to do the same thing with our classified collections and we cant, obviously, rely on the worlds Mechanical Turks to go classify our data inside our data source. So, weve got a big job in getting ourdata.

But the bigger problem is making AI models more secure, says Matheny. He says that todays flashy examples of AI, such as beating humans at complex games like Go and rapidly identifying faces, werent designed to ward off adversaries spending billions to try and defeat them. Current methods are brittle, says Methany. He described them as vulnerable to simple attacks like model inversion, where you reveal data a system was trained on, or trojans, data to mislead asystem,

In the commercial world, this isnt a big problem, or at least it isnt seen as one yet, because theresno adversary trying to spoof the system. But concern is rising, in 2017, researchers at MIT showed how easy it was to fool neural networks with 3D-printed objects by just slightly changing the texture. Its an issue that some in the intelligence community are beginning to talk about as well with the rise of new tools such as general adversarialnetworks.

The National Institute of Standards and Technology has proposed an AI security program. Matheny said national labs should also play a leading role. To date, this is piecemeal work that an individual has done as part of a research project, hesaid.

Even a bigger problem is that humans generally dont understand the processes by which very complex algorithms like deep learning systems and neural nets reach the determinations that they do. That may be a small concern for the commercial world, where the most important thing is the ultimate output, not how it was reached, but national security leaders who must defend their decisions to lawmakers, say opaque functioning isnt good enough to make war or peacedecisions.

Most neural nets with a high rate of accuracy are not easily interpretable, says Matheny. There have been individual research programs at places like DARPA to make neural nets more explainable. But it remains a keychallenge.

New forms of advanced AI are slowly replacing some neural nets. Jana Eggers, CEO of Nara Logics, an AI company partnered with Raytheon, says she switched from traditional neural nets to genetic algorithms in some of her national security work. Unlike neural nets, where the system sets its own statistical weights, genetic algorithms evolve sequentially, just like organisms, and are thus more traceable. Look at a tool like Fiddler, a web debugging proxy that helps users debug and analyze web traffic patterns, she said. Theyre doing sensitivity analysis with what I would consider neural nets to figure out the why, what is the machine seeing that didntnecessarily.

But Eggers notes that making neural nets transparent also takes a lot of computing power, For all the different laws that intelligence analysts have to follow, the laws of physics present their own challenges aswell.

Read this article:
Spies Like AI: The Future of Artificial Intelligence for the US Intelligence Community - Defense One