Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


08:00 AM
Connect Directly

Cyber Security for the 44th Presidency Group to Come Out of the Shadows at Black Hat

A presidential 'playbook' for cyberware is among the issues under discussion by the group

An unprecedented cyber security commission made up of a who’s who of experts and policymakers (as well as a few top-secret members) will give attendees of Black Hat USA next week a peek at its progress thus far. The so-called Commission on Cyber Security for the 44th Presidency is working on policy, research, and technology recommendations for the next administration to combat cybercrime and cyber warfare.

Tom Kellermann, one of the commissioners who will sit on a special panel at Black Hat in Las Vegas next week, says the bottom line is that the U.S. is in a Cold War -- cold cyber war, that is -- with at least two nations, and that over 100 different countries have dedicated cyber attack groups. “The reality is that our command and control and SCADA systems can now be directly impacted,” says Kellermann, who is also vice president of security awareness at Core Security Technologies.

But this isn’t just a national security threat issue, he says. “This is an international and economic issue. There is an institutionalization of the threat in developing countries, much like there was with the drug cartels in the 1970s and 1980s.”

“We are losing this war,” he says.

The nonpartisan commission, which was established by the Center for Strategic and International Studies (CSIS) and is co-chaired by Congressmen Jim Langevin (D-RI) and Michael McCaul (R-TX), Scott Charney, corporate vice president for Trustworthy Computing at Microsoft, and Retired Lieutenant General Harry D. Raduege Jr., will present a report to Congress within the next two months, providing specific recommendations for a comprehensive cyber security strategy in federal systems and in private critical infrastructures. Among the commissioners are Mary Ann Davidson of Oracle, John Stewart of Cisco, and former DHS assistant secretary for cybersecurity Amit Yoran.

The 44th Presidency Commission’s goal is to provide a holistic perspective on the policy and technology issues surrounding the protection of critical infrastructures, Kellermann says. “We want to focus on the long-term protection and the fight we are waging in cyberspace... from a national security lens, and from an economic security lens."

Kellermann says the commission’s final report with a handful of recommendations -- due to be completed within six to eight weeks -- will go to both presidential candidates, as well as to the House and Senate. He couldn’t disclose where some of the recommendations under consideration stand as of now, but he did say the commission is considering a doctrine of sorts that would define the basic rules of engagement for cyber war. “It would delineate when and how the president should consider reacting” in a cyber war situation, he says. “There’s been some discussion of what this presidential playbook would look like.”

The problem with battling in cyber war, he says, is how you determine if an attack was from an individual or if it was state-sponsored. And fighting back would entail incurring some internal damage: “Even if we were to hit back, say with a distributed denial of service attack, for example, it would blow back on us because the enemy is so deeply in our systems” already. But that’s something for the Pentagon, NSA, and DOD to ultimately determine, he says.

So how do this commission’s recommendations avoid the pitfalls of previous commissions and panels that get lost in the political crossfire? Kellermann says the key is for the U.S. to establish a national policy on cyber security. “We need to have in the public eye that this is the greatest threat we face -- and it’s invisible. It’s not just your computer going down, but your FICA account stolen, or your financial future being ripped out underneath you.”

— Kelly Jackson Higgins, Senior Editor, Dark Reading

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/6/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-07-07
MobileIron Core and Connector before, 10.4.x before, 10.5.x before, 10.5.2.x before, and 10.6.x before, and Sentry before 9.7.3 and 9.8.x before 9.8.1, allow remote attackers to execute arbitrary code via unspecified vectors.
PUBLISHED: 2020-07-07
MobileIron Core and Connector before, 10.4.x before, 10.5.x before, 10.5.2.x before, and 10.6.x before allow remote attackers to bypass authentication mechanisms via unspecified vectors.
PUBLISHED: 2020-07-07
MobileIron Core and Connector before, 10.4.x before, 10.5.x before, 10.5.2.x before, and 10.6.x before allow remote attackers to read files on the system via unspecified vectors.
PUBLISHED: 2020-07-07
In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using "contextIsolation" are affecte...
PUBLISHED: 2020-07-07
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary local file read is possible by defining unsafe window options on a child window opened via window.open. As a workaround, ensure you are calling `event.preventDefault()` on all new-window events where the `url` or `options` is not ...