Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


08:00 AM
Connect Directly

Cyber Security for the 44th Presidency Group to Come Out of the Shadows at Black Hat

A presidential 'playbook' for cyberware is among the issues under discussion by the group

An unprecedented cyber security commission made up of a who’s who of experts and policymakers (as well as a few top-secret members) will give attendees of Black Hat USA next week a peek at its progress thus far. The so-called Commission on Cyber Security for the 44th Presidency is working on policy, research, and technology recommendations for the next administration to combat cybercrime and cyber warfare.

Tom Kellermann, one of the commissioners who will sit on a special panel at Black Hat in Las Vegas next week, says the bottom line is that the U.S. is in a Cold War -- cold cyber war, that is -- with at least two nations, and that over 100 different countries have dedicated cyber attack groups. “The reality is that our command and control and SCADA systems can now be directly impacted,” says Kellermann, who is also vice president of security awareness at Core Security Technologies.

But this isn’t just a national security threat issue, he says. “This is an international and economic issue. There is an institutionalization of the threat in developing countries, much like there was with the drug cartels in the 1970s and 1980s.”

“We are losing this war,” he says.

The nonpartisan commission, which was established by the Center for Strategic and International Studies (CSIS) and is co-chaired by Congressmen Jim Langevin (D-RI) and Michael McCaul (R-TX), Scott Charney, corporate vice president for Trustworthy Computing at Microsoft, and Retired Lieutenant General Harry D. Raduege Jr., will present a report to Congress within the next two months, providing specific recommendations for a comprehensive cyber security strategy in federal systems and in private critical infrastructures. Among the commissioners are Mary Ann Davidson of Oracle, John Stewart of Cisco, and former DHS assistant secretary for cybersecurity Amit Yoran.

The 44th Presidency Commission’s goal is to provide a holistic perspective on the policy and technology issues surrounding the protection of critical infrastructures, Kellermann says. “We want to focus on the long-term protection and the fight we are waging in cyberspace... from a national security lens, and from an economic security lens."

Kellermann says the commission’s final report with a handful of recommendations -- due to be completed within six to eight weeks -- will go to both presidential candidates, as well as to the House and Senate. He couldn’t disclose where some of the recommendations under consideration stand as of now, but he did say the commission is considering a doctrine of sorts that would define the basic rules of engagement for cyber war. “It would delineate when and how the president should consider reacting” in a cyber war situation, he says. “There’s been some discussion of what this presidential playbook would look like.”

The problem with battling in cyber war, he says, is how you determine if an attack was from an individual or if it was state-sponsored. And fighting back would entail incurring some internal damage: “Even if we were to hit back, say with a distributed denial of service attack, for example, it would blow back on us because the enemy is so deeply in our systems” already. But that’s something for the Pentagon, NSA, and DOD to ultimately determine, he says.

So how do this commission’s recommendations avoid the pitfalls of previous commissions and panels that get lost in the political crossfire? Kellermann says the key is for the U.S. to establish a national policy on cyber security. “We need to have in the public eye that this is the greatest threat we face -- and it’s invisible. It’s not just your computer going down, but your FICA account stolen, or your financial future being ripped out underneath you.”

— Kelly Jackson Higgins, Senior Editor, Dark Reading

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Virginia a Hot Spot For Cybersecurity Jobs
Jai Vijayan, Contributing Writer,  10/9/2019
How to Think Like a Hacker
Dr. Giovanni Vigna, Chief Technology Officer at Lastline,  10/10/2019
7 SMB Security Tips That Will Keep Your Company Safe
Steve Zurier, Contributing Writer,  10/11/2019
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-10-16
A cross-site scripting (XSS) vulnerability in admin/translate/translateheader_view.php in LimeSurvey 3.19.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the tolang parameter, as demonstrated by the index.php/admin/translate/sa/index/surveyid/336819/lang/ PATH_INFO.
PUBLISHED: 2019-10-16
Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user input...
PUBLISHED: 2019-10-16
The broken-link-checker plugin through 1.11.8 for WordPress (aka Broken Link Checker) is susceptible to Reflected XSS due to improper encoding and insertion of an HTTP GET parameter into HTML. The filter function on the page listing all detected broken links can be exploited by providing an XSS payl...
PUBLISHED: 2019-10-16
The eu-cookie-law plugin through 3.0.6 for WordPress (aka EU Cookie Law (GDPR)) is susceptible to Stored XSS due to improper encoding of several configuration options in the admin area and the displayed cookie consent message. This affects Font Color, Background Color, and the Disable Cookie text. A...
PUBLISHED: 2019-10-16
The events-manager plugin through 5.9.5 for WordPress (aka Events Manager) is susceptible to Stored XSS due to improper encoding and insertion of data provided to the attribute map_style of shortcodes (locations_map and events_map) provided by the plugin.