Big Brothers: US Government Taps Tech Giants to Build ‘Whole-of-Nation’ Cyber Defences
17:50 GMT 05.08.2021 (Updated: 19:14 GMT 05.08.2021)
© AP Photo / Mel EvansA United States Military Academy cadet checks computers at the Cyber Research Center at the United States Military Academy in West Point, N.Y.
© AP Photo / Mel Evans
The United States has spent months accusing Russia and other nations of failing to address criminal cyber actors operating in their jurisdictions, and launching state-sanctioned campaigns of cyber malevolence. At the same time, Washington has said little on reports of an Israeli tech firm’s sale of military-grade spyware to state clients.
The US Cybersecurity and Infrastructure Security Agency – the primary federal agency tasked with guarding America against critical cyber infrastructure threats – has tapped major tech giants to help it do so.
In a statement on Thursday, CISA announced the creation of the Joint Cyber Defence Collaborative initiative, describing it as “a new agency effort to lead the development of cyber defence operations plans, and to execute those plans in coordination with partners from the federal interagency, private sector, and state, local, tribal, territorial government stakeholders to drive down risks” of cyberattacks.
The ambitious project, whose partners include Amazon Web Services, AT&T, CrowdStrike, FireEye, Google Cloud, Lumen, Microsoft, Palo Alto Networks, and Verizon hopes to “integrate unique cyber capabilities” across government and private companies to “design and implement comprehensive, whole-of-nation cyber defences,” including cybersecurity joint exercises.
Commenting on the new initiative, CISA Director Jen Easterly said the project “presents an exciting and important opportunity” to create “a unique planning capability to be proactive vice reactive in our collective approach to dealing with the most serious cyber threats to our nation.”
Easterly suggested that CISA’s Big Tech partners “share” the agency’s “commitment to defending our country’s national critical functions from cyber intrusions,” as well as the agency’s “imagination to spark new solutions.”
CISA says it expects additional private sector allies to join the programme, and specifies that its government agency partners include the Pentagon, US Cyber Command, the NSA, FBI, Department of Justice, and the Office of the Director of National Intelligence.
The new collaboration comes amid concerns by privacy advocates such as Edward Snowden that governments and corporations have already concentrated too much power in their hands amid recent advances in technology, as well as fears that public-private partnerships threaten to provide the state and corporations with even more power to surveil and censor individuals or groups.
Puzzle Pieces Start to Fit
The CISA announcement on Thursday comes after months of allegations by the Biden administration and tech companies, including Microsoft and FireEye, that malign actors based in Russia, China, Iran, and other countries have been waging a private and/or state-sanctioned campaign of cyberattacks on US government agencies and companies.
Russian officials have spent years dismissing allegations of a state cyberwar campaign against the US, and have criticised repeated US actions to turn down Russian proposals for cooperation against cybercrime. The US side has failed to provide evidence of Russia’s alleged malevolent activities, apart from signs of Russian-language text being found in some of the malicious code. However, last year, former NSA cryptographer-turned whistleblower Bill Binny explained to Sputnik that US intelligence agencies have access to a software package known as the "Marble Framework," which enables agents to "spoof" attacks, making them seem like they’re coming from one country (Russia, China, Iran, North Korea, or the Arab world) while they’re actually being carried out by US government agents. Some experts fear that the existence of software like the Marble Framework may make potential attribution of cyberattacks difficult if not impossible.
At the same time that it has accused Russia and others of malevolence in cyberspace, the Biden administration has been largely silent on the Pegasus spyware scandal – which centres around the sale of powerful Israeli spyware to governments around the world and has enabled the zero-click penetration of the phones of tens of thousands of journalists, politicians, and other public figures. Last month, an in-depth investigation by Israel’s Haaretz newspaper revealed that the Israeli government not only allowed Pegasus’ maker to sell its products abroad, but actively pushed or even pressured it to do so. Israel’s defence ministry insists that it does not have access to information collected by Pegasus’ foreign clients.