The US government today formally attributed the SolarWinds cyberespionage campaign to the Russian Foreign Intelligence Service (SVR). The Intelligence Community has “high confidence” in this assessment, the White House statement says, and President Biden signed an Executive Order imposing economic sanctions and other actions on Russia.

Read the rest at Breaking Defense

Stanford University’s Herb Lin, a member of the Aspen Institute’s new Commission on Information Disorder, says “cyber-enabled information warfare” poses an existential threat that in many ways defies current government and private-sector structures organized to protect digital systems from cyber attack.

“Cybersecurity is usually thought of in technical terms -- viruses, firewalls, etc. -- and the primary focus is on protecting the computer,” Lin told Inside Cybersecurity. “The problem of defending against information disorder is more about protecting the human mind than about computers. A computer can be patched but there’s no downloadable patch for the human mind.”

Read the rest at Inside CyberSecurity

It's impossible to stop all hacks, and a lack of cybersecurity experts isn't helping

The U.S. government is still managing the fallout from two separate, massive cyberattacks linked to Russian and Chinese hackers, with a White House task force meeting this past Monday to probe the most recent attack, which involved Microsoft’s (MSFT) e-mail software.

On Thursday, the Senate’s homeland security committee will hold a hearing to probe the other attack, which exploited a vulnerability in a software company called SolarWinds (SWI) in one of history’s most far-reaching cyberattacks on governments and private companies.

Read the rest at Yahoo News

The China Program at Shorenstein APARC had the privilege of hosting Jude Blanchette, the Freeman Chair in China Studies at the Center for Strategic and International Studies​ (CSIS). The program, entitled "What’s ‘Communist’ about the Communist Party of China?," explored the goals and ideology of the Chinese Communist Party (CCP), as well as what they might mean for the future of China in the global community. Professor Jean Oi, William Haas Professor of Chinese Politics and director of the APARC China Program, moderated the event.

After the death of Mao Zedong in 1976, the goals of the CCP became less clear. As the country began to adopt market reforms in the 1980s and 1990s, CCP theorists were forced into contortions providing ideological justifications for policies that appeared overtly capitalist. Deng Xiaoping’s concept of “Socialism with Chinese characteristics” came to be seen as a theoretical fig leaf rather than a description of an egalitarian economic system, and by the 2000s, a consensus emerged that the CCP had completely abandoned any pretense of pursuing the Marxist vision it purported to hold. With the rise of Xi Jinping, however, the Party talks with renewed vigor about Marxism-Leninism and the goal of achieving actual, existing socialism. Has the CCP re-discovered communism?  In his talk, Blanchette discussed the abandoned and existing legacies of Mao Zedong, Marxism-Leninism, and the CCP’s vision of socialism. Watch now: 

On March 3, the Biden administration released its Interim National Security Strategic Guidance. Regarding cybersecurity, the document stated that 

Read the rest at Lawfareblog

On February 10, 2021, the China Program at Shorenstein APARC hosted Professor Oriana Skylar Mastro, Center Fellow at the Freeman Spogli Institute for International Studies​ for the virtual program "Military Competition with China: Harder to Win Than During the Cold War?" Professor Jean Oi, William Haas Professor of Chinese Politics and director of the APARC China Program, moderated the event.

As US-China competition intensifies, experts debate the degree to which the current strategic environment resembles that of the Cold War. Those that argue against the analogy often highlight how China is deeply integrated into the US-led world order. They also point out that, while tense, US-China relations have not turned overtly adversarial. But there is another, less optimistic reason the comparison is unhelpful: deterring and defeating Chinese aggression is harder now than it was against the Soviet Union. In her talk, Dr. Mastro analyzed how technology, geography, relative resources and the alliance system complicate U.S. efforts to enhance the credibility of its deterrence posture and, in a crisis, form any sort of coalition. Mastro and Oi's thought-provoking discussion ranged from the topic of why even US allies are hesitant to take a strong stance against China to whether or not Taiwan could be a catalyst for military conflict. Watch now: 

On Jan. 6, the U.S. Capitol was assaulted and occupied for the first time since 1814. Five people were killed, including a Capitol Police officer. Two Republican Representatives have introduced a bill to establish a national bipartisan commission to investigate the attack. We agree that a commission is needed. Here, we sketch the mandate, major areas of inquiry, and legislative language that we believe are needed to guide this effort.

Read the rest at Lawfare Blog

Last week, I wrote about cybersecurity issues raised by the loss of physical control in the U.S. Capitol during the occupation. Since then, it has become clear that a number of devices are missing and presumably taken by the occupiers. The rioters took laptops from the offices of House Speaker Nancy Pelosi and Sen. Jeff Merkley. These devices are now in the physical possession of people who can be considered adversarial threat actors, and those actors now have the opportunity to take their time in trying to penetrate them and see what data is available on those machines.

Read the rest at Lawfare blog

The recently revealed SolarWinds hack unfolded like a scene from a horror movie: Victims frantically barricaded the doors, only to discover that the enemy had been hiding inside the house the whole time. For months, intruders have been roaming wild inside the nation’s government networks, nearly all of the Fortune 500, and thousands of other companies and organizations. The breach—believed to be the work of an elite Russian spy agency—penetrated the Pentagon, nuclear labs, the State Department, the Department of Homeland Security (DHS), and other offices that used network-monitoring software made by Texas-based SolarWinds. America’s intelligence agencies and cyberwarriors never detected a problem. Instead, the breach was caught by the cybersecurity firm FireEye, which itself was a victim.

Read the rest at The Atlantic