Security Central: Trump’s Executive Order on Cybersecurity is Stalled, Russia Charges Cybersecurity Experts with Treason

It appears that President Trump may have hit his first speed bump amid his flurry of executive orders. On Tuesday, Trump was supposed to sign an executive order to commission a review of the federal government’s cybersecurity capabilities and defenses. It didn’t exactly happen. The cancelation of the signing was, to say the least, unexpected. During a “listening session” with experts in the White House’s Roosevelt Room, Trump had trumpeted that action on cybersecurity needs to be taken, and that he was fulfilling one of his campaign promises to secure our nation’s networks from cyber-attacks and hacking.

“I will hold my Cabinet secretaries and agency heads accountable, totally accountable for the cybersecurity of their organizations,” he said. According to the Associated Press, Trump had also made strong statements regarding the importance of cybersecurity. “We must defend and protect federal networks and data,” Trump said during the meeting. “We operate these networks on behalf of the American people and they are very important and very sacred.” 

A White House official stated Tuesday morning that the order is intended to put the Office of Management and Budget in charge of cybersecurity efforts within the executive branch. This means that it would be up to direct federal agency directors to develop their own plans to get their infrastructure up to snuff. 

It has become commonplace for each new president to take a stance and implement some sort of action in terms of cybersecurity since the internet has been a thing. However, Trump’s “stamp” and direction on this issue is particularly weighty considering the hackings during the election season and the U.S. officially calling out Russia for being involved. This makes the cancelation of signing the order all the more baffling. The executive order had been scheduled for signing after the listening session, though it was not made clear exactly when it would be signed. After the abrupt postponing, there are likely more than a few raised eyebrows and comical shrugs going on in Washington D.C. 

As of now, no new word on the cybersecurity order, so I guess we’ll just have to sit on our thumbs until then. Or use it as an opportunity to, once again, educate customers on what they can do to prevent and detect potential attacks. Or we could call Russia… maybe they know something. 

Aaaand with that, we pick up where we left off last week regarding the cybercrime investigator and hacker hunter Ruslan Stoyanov. Stoyanov, an incident response chief at the well-known Kaspersky Labs, was arrested by Russian law enforcement as part of a probe into possible treason. Yesterday, Stoyanov, along with ex-FSB men Sergei Mikhailov and Dmitry Dokuchayev were officially charged by Russian authorities with committing treason in the interests of the United States, according to the BBC. 

Some experts are saying that the arrests and charges could be tied back to the to claims that Russian hackers were involved in cyber shenanigans during the U.S. election. The Kremlin, of course, scoffed at the accusation. Since this was a supposed act of treason, the details have not been made widely known, says BBC. 

Rory Challands, a reporter with Al Jazeera, states that the three men were actually arrested in late 2016, and added that the punishment for such charges likely mean significant prison time, anywhere from 12 and 20 years. “There are a couple of not necessarily mutually exclusive theories about this,” said Challands. “One is that when the CIA said that it had high confidence that Russia was behind the hacking of Democratic Party National Congress emails in the run-up to the US presidential elections, it was information from these guys that gave the CIA that high confidence. Another theory is that these people were running a kind of shadow hacking group motivated primarily by profit–selling information on important people to anyone who would buy it, private buyers or foreign intelligence services.”

Again, this is as far as the story has gotten given the amount of secrecy around these types of accusations, but more will likely come to light in the next few months. We can’t wait.

Our last story touches on a few of the highlights from the recently released Cisco 2017 Annual Cybersecurity Report (ACR). The report, which includes data from 3,000 chief security officers (CSOs) and security operations leaders from 13 countries, reveals that over one-third of organizations that experienced a breach in 2016 reported substantial customer, opportunity and revenue loss – more than 20 percent. Ninety percent of these organizations have set to work improving their threat defense technologies and processes after said attacks by “separating IT and security functions (38 percent), increasing security awareness training for employees (38 percent), and implementing risk mitigation techniques (37 percent).” 

So what does the report mean for the channel? In a statement, Dave Gronner, Senior Manager, Security Partner Go To Market, Global Partner Organization at Cisco says that “in today’s cyber security landscape, channel partners are playing a more crucial role in providing a first line of defense against cyber attackers than ever before. As hackers across the globe have become more sophisticated, partners have realized the need to work with both with customers and each other through the Cisco Partner Ecosystem to best address thwart cyberattacks. Findings from Cisco’s latest Annual Cybersecurity Report show that adversaries have more tools at their disposal than ever before through mobile endpoints and online traffic.”

Gronner goes on to say that Cisco partners play a crucial role in ensuring organizations understand the drivers and safeguards required to minimize risk and calculate where to invest. Through an architecture-led approach to security, Cisco partners gain an advantage in the marketplace, giving them the ability to provide customers with a differentiated cross-architectural security approach that spans the network and endpoints and leverages Cisco’s sophisticated threat intelligence capability, significantly reducing time to detection while meeting customers security requirements.

Here are a few more highlights to note, as detailed in Cisco’s blog post about the report:

• Average broadband speeds are on pace to nearly double between 2015 and 2020. This explosive growth in speed, digital traffic, and mobile endpoints creates a broader attack surface with more choices of targets and approaches. Cloud-based services aren’t helping. With tight budgets, a scarcity of skilled defenders, and cybercriminals operating more like their targeted businesses, this brings about a whole new slew of issues. 
• Today’s adversaries continue to find new ways to operate, experimenting with a wide range of malware delivery methods. Their varied techniques for gaining access to organizational resources exploit lapses in patching and updating, lure users into socially engineered traps, and inject malware into supposedly legitimate online content. Our adversaries move with speed and agility to evade detection and continually evolve their strategies. 
• Half of the organizations surveyed suffered a security breach that involved public scrutiny. What’s promising for organizations that have experienced a public breach is that they’re taking it as a learning opportunity. Organizations once reluctant to admit when they’ve been breached are sharing more quickly and openly with law enforcement, regulators, investors, and customers. The more organizations share when an attack has occurred, the better position we’ll all be in to help each other and defend ourselves.

So, there is hope. We can indeed, it seems, teach organizations new tricks.