Last week’s news (or non-news as it were) that Russia does not appear to have meddled in the U.S. midterm elections, continued to make headlines this week with the Wall Street Journal reporting that:
After unleashing widespread cyberattacks and disinformation warfare on the U.S. during the 2016 presidential election, Russia’s trolls and hackers mostly appeared to have sat on the sidelines during the campaign ahead of last week’s midterm elections. No one is sure why.
Despite their apparent lack of involvement in the midterms, Russia was potentially linked to other malicious activity this week with the Wall Street Journal, Ars Technica and Engadget all reporting that Google traffic had been briefly redirected through Russian and China on Monday. Network experts interviewed about the incident said that it could have been caused by technical error, such as a misconfiguration, or the result of a malicious attack. Google representatives however said Google’s services had not been compromised, nor did the company believe the incident was malicious.
In vulnerability news, The Verge reported on a cross-site request forgery vulnerability discovered in Facebook that exposed information on users and their friends regardless of privacy settings that limited visibility to friends. While the vulnerability has been fixed, data security company Imperva said it was a sign of things to come, predicting that sophisticated social engineering attacks like this one will become more prevalent over the next year.
While breaches have dominated headlines this past year, many have flown under the radar. This week, the Seattle Times reported that a security breach at Nordstrom exposed sensitive employee data. The breach however was limited to employees – no customer data was impacted according to the company which is gearing up for the holiday season.
In DC, cybersecurity continued to be a top priority this week with The Hill reporting that the National Security Telecommunications Advisory Committee (NSTAC) had voted to move forward with its cybersecurity “Moonshot.” Modeled after the national effort to put a man on the moon back in 1961, the Moonshot is aimed at making the U.S. a global leader on cyber over the next decade. In the 56-page report sent to the White house on Wednesday, the NSTAC issued a dire warning, warning that over the next decade the U.S. will see “more severe and physically destructive cyber attacks than have been experienced to date,” and that cyber threats need to be viewed as “an existential threat to the American people’s fundamental way of life.”
Meanwhile, NextGov reported that the General Services Administration, the government’s lead contracting agency, had proposed a new rule formalizing the disclosure of breaches, requiring government contractors to disclose “any data breach that compromises the ‘confidentiality, integrity, or availability’ of data or information systems owned or managed on behalf of government agencies.” Scheduled to publish in February 2019, the rule will provide better visibility into the security of government contracts, which have historically been a weak point for federal cybersecurity.
In a week that began by celebrating Veterans, we saw both the first big winter snowstorms on the east coast and deadly wildfires on the west coast of the U.S. Stay safe out there!