Tyler Pager – Medill National Security Zone http://nationalsecurityzone.medill.northwestern.edu A resource for covering national security issues Tue, 15 Mar 2016 22:20:28 +0000 en-US hourly 1 Private sector remains wary of government efforts to increase cybersecurity collaboration http://nationalsecurityzone.medill.northwestern.edu/blog/2015/03/19/private-sector-remains-wary-of-government-efforts-to-increase-cybersecurity-collaboration/ Thu, 19 Mar 2015 14:49:28 +0000 http://nationalsecurityzone.medill.northwestern.edu/site/?p=21085 Continue reading ]]> WASHINGTON– President Barack Obama and lawmakers have announced plans to increase information sharing between the government and the private sector following data breaches at major companies. But companies are hesitant to join these initiatives because of liability and privacy concerns – and sharing information could put them at a competitive disadvantage.

Experts agree information sharing is essential in preventing and responding to cyber attacks, but the government and private sector bring different perspectives and strategies to mitigating the threats.

Companies need to take the approach that there is “strength in numbers,” said Greg Garcia, executive director of the Financial Services Sector Coordinating Council.

“To the extent that we can have what amounts to a neighborhood watch at a national scale, then were going to be better aware of the adversaries and what they’re up to and what they’re trying to do,” Garcia said.

One area where progress has been made is in the sharing of cybersecurity threat indicators, which identify the source of cyber attacks, said Mary Ellen Callahan, former chief privacy officer at the Department of Homeland Security. These indicators can include bad IP addresses, malware that’s embedded in emails or specific coding in software, she said.

DHS and the Mitre Corporation have developed programming languages to improve communication about cyber threat information between the government and the private sector. Structured Threat Information Expression and Trusted Automated Exchange of Indicator Information, known as STIX and TAXII respectively, are used in tandem to quickly share the information.

“It’s one thing to have these executive orders and things, but it’s another to have the technical enablers to make it easy for these companies to do it,” said John Wunder, lead cybersecurity engineer at Mitre. “You want to make it easy to share threat information in a way that you share exactly what you want.”

Yet, these programs haven’t fully developed and more participation is needed to make them effective, said Judith Germano, a senior fellow at New York University School of Law’s Center on Law and Security.

“I hear from companies that they are often less concerned about where the threat is coming from, but what is the threat and what can they do to stop it,” she said. “That’s the valuable information. Some of that is being shared and is very helpful, but it needs to be expanded.”

Last month, Obama announced an executive order promoting cybersecurity information sharing. The order encouraged the development of information sharing and analysis organizations to spearhead collaboration between the private sector and government. He tasked DHS with creating create a nonprofit organization to develop a set of standards for ISAOs.

Despite these efforts, robust information sharing is still lacking.

“Everyone wants information. Nobody wants to give information,” said Mark Seward, vice president of marketing at Exabeam, a big data security analytics company.

Companies fear sharing information with the government could reveal corporate secrets or consumers’ private information, said Martin Libicki, a senior management scientist at the RAND Corporation. He added sharing information with the government could also pose legal risks if the information shows companies did not follow federal regulations.

Germano, who also runs a law firm focused on cybersecurity issues, says cybersecurity collaboration comes down to a matter of trust. The private sector, she said, is weary of the government.

“On one hand [the government is] reaching out as a friend and collaborator to work with companies,” she said. “On the other hand, the same government has an enforcement arm outstretched with the FTC, the SEC that if you do not comply, there can be repercussions, possible lawsuits and other regulatory action taken against you.”

Therefore, only information that is directly related to a threat should be shared and stored, said Callahan, now a partner at Jenner & Block. Further, she said when companies share a large amount of information at once it slows down the process of assessing the threat and they often share more information than is necessary.

The U.S. also lacks “an intelligent and forceful deterrence strategy” for cyber attacks, said Matthew Eggers, senior director of the U.S. Chamber of Commerce’s national security and emergency preparedness department, at a Congressional hearing earlier this month. He also said the government needs to provide more assistance to companies who have suffered from hacks.

“U.S. policymakers need to focus on pushing back against illicit actors and not on blaming the victims of cybersecurity incidents,” Eggers said. 

To address some of these concerns, Sen. Tom Carper, D-Del., introduced in February the Cyber Threat Sharing Act of 2015, which looks to provide liability protections for companies when they share cyber information with the government.

The bill would prohibit the government from using shared cyber threat data as evidence in a regulatory action against the company that shared the information. It also strengthens privacy protections and limits how shared data could be used. The bill has been referred to the Committee on Homeland Security and Governmental Affairs.

In February, Obama also called on the Director of National Intelligence to create the Cyber Threat Intelligence Integration Center, a national intelligence center aimed at “connecting the dots” on cyber threats. The center will “collect intelligence, manage incident response efforts, direct investigations” among other responsibilities.

However, experts remain skeptical about the center.

“What concerns me about that is if you read the president’s memoranda on [the Cyber Threat Intelligence Integration Center], it says that it’s consistent with privacy and civil liberties protections as relevant to that agency,” said Callahan, the Jenner & Block lawyer. “Well, the intelligence community, as you know, has reduced private protections.”

The center’s framework will be similar to that of the National Counterterrorism Center, which is a concern for Libicki, of the RAND Corporation.

“The last cyber attack had elements of terrorism in it. Does that mean we should look at this entire problem purely through the lens of counterterrorism?” Libicki said. “Why are you duplicating a methodological framework that culminates in a set of actions, like predator drones, which are totally inappropriate for cyber?”

Kathleen Butler, a spokesperson for the Office of the Director of National Intelligence, did not have any additional comment beyond the president’s announcement of the center as she said initial planning is still underway.

While experts say it will take time for the private sector to fully engage in the information sharing initiatives, the government’s efforts have been mostly positive.

“This is about enabling people to share what they know and get access to what others know such that protection can be more pervasive,” said Bobbie Stempfley, Mitre’s director of cybersecurity implementation. “That’s really a powerful concept.”

]]>
Hostages’ families call for better communication from government http://nationalsecurityzone.medill.northwestern.edu/blog/2015/02/10/hostages-families-call-for-better-communication-from-government/ Tue, 10 Feb 2015 15:16:32 +0000 http://nationalsecurityzone.medill.northwestern.edu/site/?p=20857 Continue reading ]]> WASHINGTON – The U.S. government should provide more intelligence information to families of hostages taken by terrorists and other enemies, and news organizations should be mindful of the dangers to freelancers in conflict zones, experts and two mothers of captured journalists said at an event Wednesday at the Newseum.

With the rise of journalists being killed and imprisoned in conflict zones, the panelists focused on steps the government and media organizations need to take to better protect journalists and how the U.S. should reform its current policy toward hostages.

“Our government needs to find a way to empower the families so that they feel some element of control in an environment in which they’ve effectively lost control,” said Joel Simon, executive director of the Committee to Protect Journalists.

Diane Foley, the mother of the late James Foley, spoke of the challenges she faced when she tried to get information about her son. James, a freelance journalist, was first captured in 2011 while reporting in Libya. After 44 days in jail, James was released and returned to America.

However, his time in captivity did not deter his passion for war reporting. Shortly after, he returned to Libya and covered the death of Muammar Gaddafi, the deposed leader of Libya.

He then began to cover the Syrian civil war, where he was captured in 2012. James’ captors demanded $132 million for his release; the America government refused to pay it as part of its no-ransom policy. In August 2014, James was killed by Islamic State militants and his execution was videotaped by the group and distributed on social media.

Diane Foley (left), the mother of the late James Foley, discusses the challenges she faced when trying to get information about her son while he was missing. Foley, along with  Debra Tice (Center), the mother of Austin Tice, a missing journalist, at the Newseum on Wednesday said the government must improve their communication with hostages' families. (Photo by Madeline Fox)

Diane Foley (left), the mother of the late James Foley, discusses the challenges she faced when trying to get information about her son while he was missing. Foley and Debra Tice (center), the mother of Austin Tice, a missing journalist, said the government must improve their communication with hostages’ families at the Newseum on Wednesday. (Photo by Madeline Fox)

Foley said she was first notified of her son’s death after she was called by an Associated Press reporter. The government did not contact her on the day the video was released and she only knew the video was authentic after she saw President Barack Obama speak on CNN that night, she said.

“Our bureaucracy didn’t work for us. They didn’t work for Jim,” Foley said.

She said in the aftermath of James’ death she met with British and French leaders where she learned their hostage families are privy to much more intelligence information.

The U.S. also needs to better communicate with other countries in efforts to secure the release of captured journalists, said Debra Tice, whose son has been missing since he was captured in Syria in 2012 while reporting as a freelance journalist.

Austin Tice, a former U.S. Marine, decided to spend a summer reporting in Syria while he was completing a law degree at Georgetown University. He was one of the few foreign journalists to remain in Syria as the war intensified.

In August 2012, he was kidnapped and a video released in September 2012 purportedly shows Tice blindfolded and being held by a group of masked men with guns. His whereabouts are unknown. CPJ estimates about 90 journalists have gone missing since the Syrian conflict began.

Tice said the U.S. and Syrian governments have told her family that they are working to help bring Austin home, but she said the governments are not discussing their efforts with each other.

The National Counterterrorism Center is conducting a review of the U.S. hostage policy and both the Foley and Tice families have been involved in the process.

The government is committed to better serving families and is working to create a consistent hostage policy, but will continue refusing to pay ransoms in exchange of hostages, said Douglas Frantz, a former journalist who now serves as the assistant secretary of state for public affairs.

“We’re going to come up with what I hope will be a cohesive and single policy,” Frantz said. “The idea that families in their darkest hours can’t get a consistent piece of information and don’t feel like they’re treated like human beings by the United States government is unacceptable.”

Frantz admitted the government did not have the right responses in place for hostage situations. However, he said he is confident the government review will result in a new policy that addresses those issues, including the lack of communication with families.

Both Foley and Tice disagreed with the stringent no-ransom policy, saying they believe no options should be taken off the table when it comes to trying to bring hostages home.

Kathleen Carroll, the Associated Press’ senior vice president and executive editor, said there needs to be more mindfulness in working with freelance journalists, suggesting there should probably be fewer freelancers. Both James Foley and Austin Tice worked as freelancers.

“You can’t absolve yourself of responsibly for these folks who are out in the field for you,” she said. “There has to be much more purposefulness.”

Carroll said she has been working with other news organizations and nonprofits such as the Committee to Protect Journalists at Columbia University to develop guidelines for freelancers and news organizations that hire them. The guidelines are set to be unveiled this week. However, she said the challenge with guidelines is that it is often difficult to plan in advance because situations such as captured journalists are “totally out of your control.”

“I can figure out what to do if I know what somebody wants and if you don’t know where they are and who has them or what someone wants, how do you figure out what that strategy is?” she said. “Matching passion for telling untold stories against that question is the story worth it, boy, there’s no answer for that.”

]]>
Obama, Merkel continue to pursue diplomatic solution in Ukraine http://nationalsecurityzone.medill.northwestern.edu/blog/2015/02/09/obama-merkel-continue-to-pursue-diplomatic-solution-in-ukraine/ Mon, 09 Feb 2015 20:16:00 +0000 http://nationalsecurityzone.medill.northwestern.edu/site/?p=20848 Continue reading ]]> WASHINGTON – President Barack Obama and German Chancellor Angela Merkel stressed the importance of continuing diplomatic efforts to resolve the situation in Ukraine, but Obama said he would consider sending lethal arms if diplomacy fails.

At a joint news conference Monday, both leaders said Russia has violated the territorial integrity of Ukraine, which has seen an increase in violence in recent weeks. The U.S and Germany are working together to pursue a diplomatic solution, they said.

President Barack Obama said if diplomacy fails, he would consider sending arms to Ukraine. (Tyler Pager/MNS)

President Barack Obama said if diplomacy fails, he would consider sending arms to Ukraine. (Tyler Pager/MNS)

“The possibility of lethal defensive weapons is one of those options being examined,” Obama said. “I want to emphasize that a decision has not yet been made.

Both Obama and Merkel have opposed providing lethal weapons to Ukraine and they maintained those positions Monday.

“We continue to pursue a diplomatic solution, although we have suffered a lot of setbacks,” Merkel said. “I’ve always said I don’t see a military solution to this conflict.”

The leaders are trying to force Russian President Vladimir Putin to accept a peace plan, but Obama said if diplomacy fails, all options would be considered.

“My hope is that through these diplomatic efforts, those costs have become high enough that Mr. Putin’s preferred option is for a diplomatic solution,” Obama said.

German Chancellor Angela Merkel said she is still opposed to arming Ukraine and pushed for a diplomatic approach. (Tyler Pager/MNS)

German Chancellor Angela Merkel said she is still opposed to arming Ukraine and pushed for a diplomatic approach. (Tyler Pager/MNS)

The president said there is no specific point at which he would support sending lethal weapons. Rather, he said there will be an ongoing analysis of strategy to prevent Russia from encroaching further on Ukrainian territory.

At his confirmation hearing last week, Defense Secretary nominee Ashton Carter said he would be “inclined” to providing weapons to Ukraine.

The president reiterated his goal is to not to weaken Russia, but he said the U.S. and its allies must impose a cost on Russia for its bad decisions.

“Our preference is for a strong, prosperous, vibrant, confident Russia that can be a partner with us on a whole host of global challenges,” he said.

Obama also discussed the impending March deadline for negotiations with Iran and said he would not extend the deadline any further. He said the extensions were useful in narrowing the issues and they are now at a point where a decision must be made.

He also talked about the “real difference” of opinions he has with Israeli Prime Minister Benjamin Netanyahu on Iranian negotiations. Obama said the negotiations should not be soured as they are nearing completion.

The president was also asked about his reaction to Netanyahu’s upcoming speech to a joint session of Congress in March. Netanyahu was invited to speak by Speaker of the House John Boehner, R-Ohio.

The White House said it was a “departure from protocol” and Obama said Monday he never invites foreign leaders to the White House close to their own elections. He reiterated he would not be meeting with Netanyahu.

]]>