On Tuesday, July 23rd, 2019 the National Security Agency of the United Sates, commonly referred to as the NSA, released plans for a new division whose purpose is to protect intelligence and defense organizations from the threat of foreign cyberattacks. This new division, which will be named the Cybersecurity Directorate, intends to increase the nations’ cybersecurity capability by integrating the foreign intelligence and cyber operations of the NSA. The Cybersecurity Directorate is scheduled to begin operations on October 1st, 2019 and will be led by Anne Neuberger who served as the NSA’s first chief risk officer, deputy director of operations and headed the agency’s Russia Small Group joint task force
This newly formed directorate will greatly expand “White Hat” operations within the NSA and help “operationalize threat intelligence, vulnerability assessments and cyber defense expertise,” according to a statement on the NSA website. So called “White Hat” operations consist of teams of cyber security experts who specialize in testing and evaluating the defenses of cyber networks within the limits of the law, or after being grated permission to do so. Unlike malicious hackers, who are sometimes referred to as black or grey hats, white hat hackers disclose all of their findings to the organization they are testing so these vulnerabilities can be addressed before they can be exploited. These tests help prepare networks for real world cyberattacks and are an invaluable resource to any organization that is concerned about the protection of their sensitive information.
The formation of this new directorate is undoubtably in response to executive order 13800, Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, which was issued by the President of the United States on May 11th, 2017. This order called for a complete review and detailed report on the cybersecurity of organizations within the Federal Government. This report also involved a limited review of private industries that are considered vital to national defense. The results of this report were brought before Congress by the Comptroller General of the United States Gene L. Dorado, who is the head of the Government accountability office. Unfortunately, these reports were not filled with good news. In response to the findings in these reports, the Government Accountability office made more than 3,000 recommendations aimed at addressing cybersecurity shortcomings in specific action areas, including protecting cyber critical infrastructure, managing the cybersecurity workforce, and responding to cybersecurity incidents.
The Trump administration has placed particular emphasis and urgency on the state of American cybersecurity, which culminated in the President declaring a national emergency over threats to American technology, in May of 2019. This national emergency declaration is expected to precede an outright ban on American companies doing business with the Chinese tech giant Huawei, who has been accused on multiple occasions of stealing American technology. Accusations of intellectual property theft and lawsuits from companies such as Motorola and T-Mobile showcase the willingness of Huawei to cheat and steal in order to get ahead of the competition.
Shortly after a national emergency was declared, the U.S. Department of Commerce added Huawei Technology and its partner companies to the Bureau of Industry and Security (BIS) Entity List. The purpose of this list is to identify companies and organizations that may pose a threat to the national security of the United States, and to impose regulations that restrict listed organizations from dealing with American companies. In the case of Huawei, these restrictions prevent American companies from selling or transferring technology to Huawei without a license issued by the BIS. This could greatly affect Huawei’s ability to do business as they rely on some U.S. manufacturers for parts
NPR recently did an exposé piece on efforts by Huawei to reverse engineer technology from the American company Akhan Semiconductor, who had debuted the world’s first diamond coated glass. The CEO of Akhan Semiconductor, Adam Kahn, recounts his dealings with Huawei and their blatant efforts to steal his technology. Huawei allegedly wanted Kahn’s nanocrystalline diamond-based glass for their smartphone screens and the Chinese tech giant openly suggested that Kahn leave behind samples during one of their first meetings. Because diamond-coated components also have military applications, Kahn knew that his glass could not leave the United States without government permission, but he made a deal with Huawei and sent a sample to their San Diego office. There was an agreement between Huawei and Kahn that the sample stay within the United States and be returned within 60 days. But when the sample was returned four months later, Kahn immediately new he had made a mistake, stating:
“Immediately picking up the parcel and you could hear the broken glass, you know, we knew there was an issue.”
Someone had fired a laser at the glass in an attempt to reverse engineer it, the sample was sent to China which violates U.S. law and the sample was broken with pieces missing. Kahn immediately partnered with the FBI and an investigation is currently under way.
This story is merely one example of the vast efforts being made by China, as well as other aggressor nations, to steal intellectual property and harm American industry. The recent efforts by the NSA, GAO and United States Cyber Command to integrate, streamline and refine their process is a great step in the right direction towards enhancing the cyber defense capabilities of the United States. The utilization of “White Hat” hackers to test and identify weaknesses in these systems also play a pivotal role in ensuring the safety and security of cyber networks. Contact us today and receive a 57-point security assessment at no cost to you. Ensure you are talking the proper steps to protect yourself and your sensitive information in our ever-changing cyber world.
Remember to save often and backup daily,
Karl Volkman CTO, SRV Network.