Commentary: A Centralized, National 5G Network Would Pose More Harm Than Good

By: Frank Taylor

This op-ed originally appeared in Homeland Security Today, March 20, 2019.

5G wireless technology is poised to become a critical piece of infrastructure at home and abroad, and the efforts well underway by U.S. wireless carriers to develop and deploy 5G are not only a matter of economic security, but also of national security. Not only will 5G mean lightning-fast data speeds upward of 20Gbps that will usher in a host of innovations, but the fifth generation of connectivity will allow for more secure and better connections among Internet of Things, enterprise networking and critical communications. 5G will only grow in importance as federal agencies, like the Department of Homeland Security (DHS) or the State Department, continue efforts to modernize current systems and processes.

However, there has been some recent advocacy for the development of a single, government-owned and managed 5G network. This idea has grown based on fears that China is both leading in the race to 5G and that Chinese network equipment poses a security threat. To be clear, American leadership and security are paramount for the best development of the 5G network, but a nationalized commodity is the wrong approach to ensure the safety and security of American mobile network users. As FCC Commissioner Brendan Carr recently wrote, this is a race between two very different models, “the central planning and industrial policies of China versus America’s free markets.”

Beyond the anti-American nature of a nationalized 5G network, there are already security risks and implications of the increased connectivity between 5G devices. A government network would create more harm than good for several reasons. 

First, a nationwide government network would take years to deploy, launching long after American wireless carriers roll out their own. The U.S. was first to deploy 4G wireless technology, and is already on the cusp of nationwide deployment of 5G technology, as all national wireless carriers have announced plans to deploy a 5G network, with some beginning as early as this year.

Second, the government is not known for being at the forefront of technological advances, nor for having the tightest cyber and data security. For example, one of the largest government data breaches in the history of this country occurred in 2015 when the Chinese hacked the Office of Personnel Management (OPM) database, exposing the sensitive data of more than 21 million Americans. With such a track record, how can we trust the government to secure a single nationwide 5G network?

Furthermore, a single network creates one centralized target for bad actors, like a giant bull’s-eye. Rather, decentralized networks create redundancy and offer a more secure approach to wireless communications.

American companies have also been steadfast in leading the global standard setting necessary for an interconnected 5G platform. Through umbrella standards groups like the Third Generation Partnership Project (3GPP), U.S. companies have been advocating for open and transparent standards for 5G, much as they did with 4G connectivity in the early 2000s. This commitment to open, transparent and impartial standards is necessary to ensure that the American homeland, individual citizens, companies, and the government do not face undue cybersecurity risks.

By its nature, 5G architecture’s unique specifications add many security layers, which is in addition to the many security features that wireless carriers are adding within their networks. These features are necessary to protect the capabilities that 5G brings with it — whether that be enhanced machine learning or driverless vehicle-to-vehicle technology. American wireless carriers have a longstanding history of protecting networks from cyber risks and vulnerabilities, which the federal government does not.

According to 5G Americas, “The mobile wireless industry’s longstanding emphasis on security has been a strong market differentiator against many other wireless technologies which have network architectures that are inherently more vulnerable. Even mobile’s use of licensed spectrum provides a powerful additional layer of protection against eavesdropping on data, voice and video traffic.”

While a government-owned 5G network has some inherent weaknesses, there is a clear role for the government to play in the rollout of 5G. To ensure that our data is secure, and that Americans are not subject to malicious actors through backdoors of foreign technology, the government can maximize its long-established private-public partnerships (P3s). The government can, and should, aid in information-sharing, standard-setting, and adoption of best practices to ensure that our national security needs are met while simultaneously allowing industry to continue leading through innovation. Through the latest reorganization at DHS, which includes establishing the Cybersecurity and Infrastructure Security Agency (CISA), we can ensure that the telecom companies have the latest in cybersecurity intelligence and best practices so that not only will 5G be lightning fast, but also secure. 

Rather than pursuing a centralized network that will take years to build and create unnecessary vulnerabilities, the federal government should facilitate the ongoing industry efforts to usher in the next generation of secure wireless connectivity. Government should not be in the middle of innovation — instead, government should exist to foster innovation.

Press Release: CGA's Jake Braun Testifies Before U.S. House Homeland Security Committee

Washington, DC (February 13, 2019) - Today, Jake Braun, co-founder of the Voting Village at DEF CON -- the world’s largest and longest running hacker conference -- testified before the U.S. House Homeland Security Committee about the cybersecurity threats facing our nation’s elections infrastructure.  Citing DEF CON’s own groundbreaking research that it has conducted over the last two years in the aftermath of the Russian hacking during the 2016 elections, Braun’s testimony represented one of the first times DEF CON was invited to play a prominent role in informing and educating Washington lawmakers on issues of national security.

The testimony also represented a first foray into Washington for the University of Chicago’s Cyber Policy Initiative (CPI), launched last year at DEF CON 26 and currently led by Braun, who serves as its Executive Director. Housed within the Harris School at the University of Chicago, CPI serves as a forum through which hackers, technologists, academics, and the cyber research community can engage policy makers at all levels of government to strengthen our voting systems and our democracy.

“It’s an honor to be here on the Hill wearing both hats today,” said Braun. “Over the last two years, DEF CON has done cutting-edge research to expose and elevate the vulnerabilities in our voting systems -- and now CPI is playing a critical translator role, taking findings out of the ‘hacker’ world and explaining threats and solutions to lawmakers in policy terms, helping to tackle what’s become one of the biggest national security concerns of our time.”

In addition to highlighting the link between national security and protection of our nation’s election infrastructure, Braun highlighted specific vulnerabilities found by the DEF CON Voting Village demonstration, which represented the first public, third-party security assessment of voting machines.

Braun also added, “The attacks on our election infrastructure are not solely an election administration nuisance but rather a national security threat,” said Braun. “This is about our national security apparatus marshalling its resources to do what our nation expects it to do, which is protect our country from existential threats to the United States.”

The hearing, called by Representative Bennie G. Thompson (D-MS), sought to kick-off debate on H.R. 1, the For the People Act of 2019.  Braun was joined by notable election leaders including California Secretary of State Alex Padilla; former Cook County, Illinois, Director of Elections Noah Praetz; Alabama Secretary of State John Merrill; Christopher C. Krebs, Director, Cybersecurity and Infrastructure Security Agency, Department of Homeland Security; and Thomas Hicks, Chairman, U.S. Election Assistance Commission.

Additional Resources:

For a full video of the proceedings, please visit https://youtu.be/EXosdmRSsNA

For Braun’s full testimony, please visit: https://homeland.house.gov/sites/democrats.homeland.house.gov/files/documents/Testimony-Braun.pdf

For the full 2017 DEF CON report, please visit https://defcon.org/images/defcon-25/DEF CON 25 voting village report.pdf

For the full 2018 DEF CON report, please visit https://defcon.org/images/defcon-26/DEF CON 26 voting village report.pdf

###


We’ve Spent Billions on Cybersecurity: How Are We Doing?

This commentary originally appeared in Homeland Security Today, January 30, 2019.

Protecting America’s critical infrastructure — essential to our everyday life — from cyber attacks remains one of our nation’s most important missions. How are we doing?

Not so good, by some accounts. In 2017, a major MIT report concluded that after spending billions of dollars over the past few decades, our infrastructure is somehow less secure than we were 30 years ago. Its authors conclude that “the vulnerability of the systems that power our nation is a national disgrace.”

And this is not merely a theoretical risk. Last April, the U.S. Department of Homeland Security (DHS)  and the Federal Bureau of Investigation issued an alert regarding the worldwide cyber exploitation of network infrastructure devices by Russian state-sponsored cyber actors. In May, the U.S. Department of Justice announced they had stopped a network of more than half a million worldwide web-connected infected devices or “botnets.” And the Office of the Director of National Intelligence has concluded that they “expect that Russia will conduct bolder and more disruptive cyber operations” against our critical infrastructure in 2019.

Despite the recent re-opening of the federal government, Washington will likely remain gridlocked with no consensus plan to protect our critical infrastructure. Without the federal government acting, we will likely end up with a patchwork of potentially confusing and conflicting state and local regulations, which would create a nightmare landscape for business.

Progress, however, is possible and achievable. The same MIT report that paints such a grim picture also concludes that “the pathway to higher ground has been charted.” In addition, a new law was passed in October that formally creates a new federal agency at DHS, the Cybersecurity and Infrastructure Security Agency (CISA), which will become the federal government’s focal point to more strategically catalogue national critical functions and better advise on risk. And while properly organizing and planning is necessary to taking action, so is process. Fortunately, embedded in CISA is a cross-sector, collaborative approach to improving cybersecurity. DHS calls it providing for a collective defense.

So, where do we go from here? Such a process could lead to more widespread adoption of voluntary best practice standards, like the CIS Controls, the set of internationally recognized prioritized actions that form the foundation of basic cyber hygiene — cyber network defense that is demonstrated to prevent 80-90 percent of all known pervasive and dangerous cyber attacks. The Controls, compiled by cybersecurity experts around the world, help implement the goals of the NIST Cybersecurity Framework by providing a blueprint for network operators to improve cybersecurity by identifying specific actions to be done in priority order.

In the oil and natural gas industry – obviously a key sector – most companies already adhere to the NIST framework, and other voluntary standards. For example, a majority of the natural gas pipeline companies that operate about 200,000 miles of pipelines have committed to implementing the updated Transportation and Security Administration (TSA) voluntary pipeline cybersecurity guidelines, further demonstrating the success of public-private collaboration. But not all sectors possess the same resources. Greater adoption of the Controls would further boost critical infrastructure by increasing their ability to defend against common attacks.

There will be no single, silver bullet that magically protects our critical infrastructure from cyber harm. But the CIS Controls and other voluntary best practices are known pathways to stronger cybersecurity. We should redouble our efforts to implement them today.

Brian de Vallance, a former Assistant Secretary for Legislative Affairs at the U.S. Department of Homeland Security, is a senior fellow at the Center for Cyber and Homeland Security at the George Washington University.

Commentary: Energy Sector Cyber Threat Is Real; Greater Collaboration Is Part of the Answer

By: Christopher Burnham & Brian deVallance

This piece originally appeared in Homeland Security Today, October 9, 2018.

In June of 2017, when Wired magazine published a harrowing account of Russia’s hack of the Ukrainian electrical grid, it quickly generated broad discussion about the state of our nation’s cyber defense in the critical infrastructure (CI) sectors. But Washington is nearly 5,000 miles from Kiev, and Russia’s ability to take control of a Ukrainian power company through its IT helpdesk seemed even more remote.

Remote no longer. Dan Coats, the director of National Intelligence, recently testified before Congress that “the warning lights are blinking red again” and that “today the digital infrastructure that serves this country is literally under attack.” In March, the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) issued a joint alert of Russian cyber activity seeking to disrupt the energy and other CI sectors.

While much remains to be done, the U.S. is headed in the right direction on cyber. First, there is growing consensus about what constitutes basic cyber hygiene or cyber defense – for example, the Critical Security Controls from the nonprofit Center for Internet Security. In addition, following the release of the federal government’s National Security Strategy last December, the White House issued its new National Cyber Strategy in September.

Earlier this year the Department of Energy unveiled its new Office of Cybersecurity, Energy Security, and Emergency Response (CESER), and the Senate has confirmed cyber-savvy Karen Evans as the office’s first assistant secretary. Just last week, DOE announced $28 million in technologies intended to improve the cybersecurity of power and energy infrastructure.

At the DHS Cyber Summit in July, Secretary Kirstjen Nielsen announced the creation of the National Risk Management Center (NRMC), DHS’s intended home for collaborative, sector-specific and cross-sector risk management efforts to better protect critical infrastructure. It is significant that DHS is highlighting the need to continue to build and strengthen partnerships as a part of fortifying American cybersecurity. As former DHS Deputy Secretary Jane Lute has noted, we have not yet decided, as a society, the precise role that government will play in protecting our national cyber resources. This is consistent with DHS’s enterprise approach of needing more than a single federal department to secure the homeland. Instead, we need the active partnership of all of us: state, local, tribal, and territorial (SLTT) governments; federal and SLTT law enforcement; nonprofit best-practice providers; the private sector; and the American public.

Jeanette Manfra, DHS’s assistant secretary for cyber, provides a cogent roadmap: We need to “create this collective defense model, where we all provide capabilities, authorities, and competencies to make cyberspace safer.”

For their part, the various CI sectors have been diligent in working to combat cybersecurity risk. Some CI sectors, like the natural gas industry, have been investing millions in new technologies to improve distributed control systems, cloud-based services, and data analytics. Additionally, sector-specific Information Sharing and Analysis Centers (ISACs) have allowed for improved information sharing between industry and the federal government. Top ISACs include the Multi-State ISAC, the Oil and Natural Gas ISAC, and the Financial Services ISAC, among other ISACs. Other positive industry actions include adopting voluntary best practices like the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity; participating in cross-industry exercises like Grid-Ex, where CI sectors practice responding to cyber-attacks; and continually educating employees on the latest cyber risks and threats.

With the establishment of the NRMC, Secretary Nielsen has issued a challenge and an invitation: private industry and the various national security agencies need to work together to help make this cross-sector, public-private partnership model a successful approach to increasing cyber defense in critical infrastructure.

The individual partners are making progress. We must now work together to create a collective defense.

IN-THE-NEWS: CGA President Douglas Lute and CGA Senior Advisory Francis Taylor co-author report for the IBM Center for the Business of Government

Recently CGA President Amb. Douglas Lute and CGA Senior Advisor Gen. Francis X. Taylor authored a report for the IBM Center for the Business of Government. The report, “Integrating and Analyzing Data Across Governments - The Key to 21st Century Security: Insights from a Transatlantic Dialogue,” focuses on data gathering, analysis, and dissemination challenges and opportunities across the homeland security enterprise. It especially looks at how improved information sharing could enhance threat prediction and prevention in a transatlantic context.

Lute and Taylor address how stakeholders in the U.S. and Europe can increase the understanding of effective ways to leverage channels involving technology, human capital, organizations, and private sector coordination that meet strategic, mission, and operational needs. The report highlights opportunities for governments to leverage data integration and analytics to support better decision making around cyber and homeland security.

The authors draw primarily on findings from two roundtable discussions with current and former government leaders and stakeholders. The first meeting, held in Washington, D.C. in October 2017, focused on how the U.S. Department of Homeland Security (DHS) information sharing enterprise can have the greatest impact and interaction with partners. The second meeting, held at the U.S. Mission to the European Union (EU) in Brussels in March 2018, focused on how the European Union and other European organizations and member states can work with U.S. agencies to enhance outcomes from improved information sharing.

Given the imperative for transatlantic and cross-sector collaboration to understand and respond to an increasingly complex set of threats facing governments, we hope that this report provides timely insights for public sector leaders and stakeholders.

Download and read the report here.

Commentary: Next frontier of Russian meddling: energy intimidation

By: Doug Lute

This commentary originally appeared in The Hill, August 28, 2018.

Russian meddling in the 2016 U.S. elections is now largely beyond debate. But this focus is too limited in scale and too narrow in scope. This is more than just a challenge to American elections. Russia has interfered repeatedly with democracies in Europe, including a number of our NATO allies. Putin has used cyberattacks, misinformation campaigns and support for rightist parties. He even attempted an overthrow of the government in Montenegro as they approached a national decision to join NATO.  

Another key vulnerability for many in Europe is their dependence on Russian energy, particularly natural gas. While Putin has yet to play this card beyond Ukraine, energy intimidation must be a national security concern among many of our NATO allies. In July, NATO leaders met in Brussels and reaffirmed the role that energy security plays in the common security of the alliance.

 

The European Union, which includes most of our NATO allies, gets about 40 percent of its natural gas from Russia. While Germany has been critiqued for importing about a third of its gas from Russia, allies in Lithuania and Estonia are 100 percent dependent on Russian gas. Concerns increase as the Nord Stream 2 pipeline would increase Russian imports to Europe. If Russia decided to manipulate these energy streams, or even intimidate by threatening to do so, it could cripple the European allies.

NATO is alert to this vulnerability, reaffirming during the recent summit that “it is essential to ensure that the members of the Alliance are not vulnerable to political or coercive manipulation of energy, which constitutes a potential threat.”

Given the dependence of our European allies on Russian energy, it is in U.S. national security interest to reduce Russian potential for influence by diversifying gas sources to Europe. U.S. liquid natural gas (LNG) production has nearly doubled since 2010 and exports of LNG quadrupled in 2017, with exports to Europe accounting for the third-largest share. This is a big step in the right direction as Europe seeks to diversify its energy sources. 

While the U.S. itself remains a massive consumer of LNG, production is expected to grow 59 percent between 2017 and 2050, increasing further the capability of the U.S. to export LNG to our allies. This is, of course, dependent upon adequate infrastructure for exporting and importing LNG, but the U.S. has opened two export terminals since 2016, with four more on the way. On the European continent there are now 28 LNG import terminals, with 22 more terminals planned or under consideration. 

The first tankers carrying U.S. LNG docked at Polish and Lithuanian terminals last year, and we can expect this to increase. This is a classic case where U.S. security interests and economic interests are mutually supportive.  

While expanding American LNG exports to Europe will help, other vulnerabilities remain for energy security. For example, cyberattacks can wreak havoc on energy infrastructure and some critics claim that American LNG companies face particular vulnerabilities. Cyber experts agree that any activity reliant on the internet can be at risk and must be protected. All forms of energy infrastructure face this challenge. As Professor Chris Bronk, an expert in computer and information systems at the University of Houston, recently told Reuters: “coal plants, train deliveries and transmission systems are just as susceptible to hackers as gas pipelines… [and] the stakes involved in a successful nuclear cyber attack are enormous.” 

The U.S. LNG industry takes responsible steps on cyber security. In line with new guidance from the Department of Homeland Security, the LNG industry orients its cybersecurity to the national standards and implements cybersecurity programs based on established best practices, including following the National Institute of Standards and Technology (NIST) Cybersecurity Framework, and sharing information through the Oil and Natural Gas Information Sharing and Analysis Center (ONG-ISAC). While there is no perfect cybersecurity, such steps reduce the risk as we expand LNG production.

Energy security is national security. This means reducing the dependence of our European allies on Russian energy.  It is in the national interest of the U.S. to stand with our allies to do all that we can to help diversify their energy sources, and increased U.S. LNG export capacity provides the means to do so.

Douglas Lute was the U.S. ambassador to NATO from 2013 to 2017. He is a senior fellow at the Belfer Center at Harvard University, and president of Cambridge Global Advisors, a consulting firm with a special focus on national security, and experience at the global, national, state and local levels. 

Commentary: DHS’ Big Data Integration Challenge

By Francis X. Taylor

This commentary originally appeared in The Cipher Brief, August 8, 2018.

Department of Homeland Security Secretary Kirstjen Nielsen recently traveled from Washington D.C. to New York with her senior team in tow, to announce the creation of the National Risk Management Center.  It is intended to be DHS’ tip of the spear when it comes to information sharing between the public and private sectors about emerging and sometimes urgent, cyber security threats. 

In an opinion piece posted on CNBC, Nielsen said that the U.S. is not “connecting the dots” quickly enough and said “Between government and the private sector, we have the data needed to disrupt, prevent and mitigate cyberattacks.  But we aren’t sharing fast enough or collaborating deeply enough to keep cyberattacks from spreading or to prevent them in the first place.”

As DHS takes on a new collective defense strategy by putting a premium on public-private information sharing efforts, The Cipher Brief wanted to know a little more about how DHS itself stores and accesses the vast amounts of data it holds. 

Francis Taylor served as DHS’ Under Secretary for Intelligence and Analysis during President Obama’s second term.  One of his priorities was to figure out how DHS could better use data technology tools to increase its operational effectiveness.  It was an issue that he also had to tackle during his time in the private sector, where he worked as Vice President and Chief Security Officer for General Electric. 

Taylor shared his insights with The Cipher Brief, offering a better understanding of the current efforts within DHS to strengthen its capacities, especially at the enterprise level.  We also wanted him to explain what makes integration such a vexing task.

The Cipher Brief: Can you give us some strategic context around data analysis and integration?

Taylor:  Data analysis and integration is critical to how we protect our country and our border. After 9/11 the discussion was about “connecting the dots.” Today there are trillions of dots of information that are available to help us understand what individual, organization or nation- state represent a threat to our people, our country and way of life. Much of that information comes from around the world and allows us to push our analysis beyond our border to regions across the globe. Not only must DHS integrate the data that it collects in the performance of its mission, it must integrate that data with other data from open source, our international partners, and the intelligence and law enforcement communities to have a full picture of the threats we face.

The Cipher Brief:What kinds of data does DHS collect and store?

Taylor: DHS is the third largest department of our government.  DHS components comprise the largest number of federal law enforcement officers in our government and the department conducts its law enforcement mission worldwide.  It interacts daily (and collects information on) U.S. citizens, foreign nationals and U.S. and foreign businesses applying for benefits from the U.S. Government.  DHS also collects data in conjunction with its law enforcement and security missions enforcing U.S. immigration and trade security regimes, immigration violations, citizenship, refugee and asylum applications, and trusted traveler programs.  DHS stores all of this data in more than 900 unconnected databases and the information is kept in silos that are then accessed by the components to perform daily missions. Many of these databases were created long before DHS was established in 2003 and contain old technology that make it difficult to update and integrate.

The Cipher Brief:  How does the issue of data overload negatively impact DHS’ mission to protect the country?

Taylor: I believe that DHS has all the information it needs to proactively defend our country, but the information that is collected is not available to the operators for data analytics that would improve their understanding of threats to our homeland.  The amount of valuable intelligence sitting in DHS data systems is staggering and would be invaluable to DHS and the rest of the U.S. government if it was better analyzed and shared with the appropriate stakeholders.

The Cipher Brief:What is the DHS Information Sharing Enterprise and how does the National Vetting Center (NVC) support the overall mission?

Taylor: The DHS Information sharing enterprise is embodied in the DHS Information Sharing and Safeguarding Governance Board (ISSGB) which is chaired by the DHS Chief Information Officer and the DHS Under Secretary for Intelligence and Analysis. All of the components of the Department are represented on the ISSGB. Unfortunately though, the ISSGB has been largely ineffective in moving the needle within the Department to improve information sharing across the enterprise.  DHS component elements generally do not see value in integrating information across the enterprise.  And there is little incentive to change this paradigm, absent dedicated funding for the enterprise and a clear prioritization of this integration from the Department’s leadership.

The NSC established the National Vetting Center (NVC) in DHS to serve as a focal point for all USG vetting to support travel and border security. It is a logical enhancement to CBP’s National Targeting Center (NTC) that has developed and deployed significant capability in data analytics and integration that improves our understanding of threats to our travel and trade activities as well as our border. NVC envisions building on the NTC foundation to develop even more sophisticated tools and processes to vet individuals applying for benefits within our country.  As the Obama administration was transitioning, former DHS Secretary Jeh Johnson asked all senior staff what we would have done differently, based on what we had learned during our time at the helm.  My answer was that we should have moved ALL vetting for benefits administered by the Department to the National Targeting Center as a government-wide shared service.  My rationale was simple, the Secretary of DHS is the one official in our government that has the final say over who is allowed into our country, but the Secretary does not own the process to ensure that the vetting is effective and continues to improve.  I believe the NVC begins that process and will significantly improve how we make decisions across our government on applications for benefits.

The Cipher Brief: What is the state of DHS data integration and information sharing (i.e. HSIN)?

Taylor: The DHS Data Framework is a joint endeavor by the DHS CIO and Under Secretary for Intelligence and Analysis to build a data lake with the top 20 databases essential to the Department’s vetting and assessment mission. I understand the momentum of the data framework has slowed significantly. I also understand that CBP is driving the data framework as the next level of improvement in information sharing but that DHS headquarters support for initiative is lacking.

The Homeland Security Information Network (HSIN) continues to be the most effective system for DHS to communicate with its state, local, tribal, territorial and private sector partners. But it has real shortcomings.  It needs continued investment to make it more a data sharing platform and not just a communication platform.  HSIN does not allow for data searching and online queries.  This needs to change if the system is to continue to be valuable to DHS stakeholders at every level.

The Cipher Brief:Why is creating DHS-wide searchable data stores so difficult for the Department? Would DHS benefit from a data integration acquisition and standards czar?

Taylor: Most law enforcement organizations are organized to pursue investigating and interdicting wrong doers.  It is the most important aspect of the mission, and I share focus on these priorities.  However, the absence of an integrated data system denies DHS components and others the ability to fully exploitat the information stored in Department systems.  This is inefficient. The lack of an integration function at the headquarters-level makes fixing this shortcoming harder.  The original vision for the Department was to have little centralized-control of operations and to keep operational power within the components.  Each DHS component approaches its missions from its own narrow organizational mission perspective. The components have built processes and procedures from their individual operational perspectives and not from the perspective of how these procedures can be more effectively integrated to meet the collective mission of the Department.  Add to this the fact that budgeting and oversight of the Department is controlled by more than 80 Congressional oversight committees and you can imagine the dysfunction and disincentive to collaborate.

The Cipher Brief: Finally, how do blockchain, advanced encryption or other types of algorithms increase the likelihood of safe data sharing across the DHS Information Sharing Enterprise?

Taylor:  All of the new information analysis technologies will greatly improve information sharing in the Department. Some of this technology is already in use in some of the components; yet it is not systematic and does not optimize the use of these technologies.

IN-THE-NEWS: CGA President Doug Lute Participates in Five Eyes Roundtable

View the full event HERE.

At a time of growing international instability, the Five Eyes intelligence arrangements (which brings the UK together with the United States, Australia, Canada and New Zealand) is of vital important to the security of Britain and its allies.

While questions are being raised over the long-term future of NATO, Five Eyes represents another crucial pillar of our national security – mitigating threats from hostile states, terrorism, and other non state actors. Why does the continuation of the Five Eyes matter and what can be done to support and enhance it for the challenges ahead? A distinguished panel, including two former Prime Ministers, a former NATO Secretary General, and a former Former US Permanent Representative to NATO, discussed these issues in this unique event.

Panelists:

Rt Hon Stephen Harper PC, Canada’s 22nd Prime Minister Hon

John Howard OM AC, Former Prime Minister of Australia

Ambassador Douglas Lute, Former US Permanent Representative to NATO, Former US Deputy National Security Advisor

Rt Hon Sir Donald McKinnon ONZ GCVO, Former New Zealand Minister of Foreign Affairs and Trade and Former Secretary General of the Commonwealth

Rt Hon the Lord Robertson of Port Ellen KT, Former Secretary General of NATO, Former UK Secretary of State for Defence

PRESS RELEASE: Cambridge Global CEO Jake Braun Presents DEFCON Voting Village Report at LRPP Conference

June 28, 2018 (Singapore) - This week, Cambridge Global Advisors (CGA) was proud to announce that CEO Jake Braun presented the 7th Annual International Conference on Law, Regulations, and Public Policy (LRPP) in Singapore.  Hosted by the Global Science & Technology Forum (GTSF), the conference brings together public sector leaders from around the world to discuss the latest developments in legal, policy, and regulatory space.

Bruan’s presentation featured a discussion on the ground-breaking “Voting Machine Hacker Village” demonstration at last year’s DEFCON -- the largest, longest running hacker conference in the world. Coming at a time when intelligence and news was emerging about Russian-backed attempts to hack U.S. voting infrastructure during the 2016 election, the DEFCON Voting Village sought to serve as an awareness-building opportunity.  The Village assembled more than 25 pieces of election equipment including voting machines and pollbooks still widely used in U.S. elections today and made them accessible to thousands of hackers.

Following on the Voting Village demonstration, Braun and several other Village organizers co-authored an award-winning report, detailing the Voting Village findings. The report can be accessed here.

In presenting this report at the LRPP 2018 Conference, Braun furthered his efforts to raise awareness about the severity and pervasiveness of cyber threats facing not only the U.S. but also democracies around the world.

“Nefarious cyber actors, including but not limited to Russia, know no boundaries,” said Braun. “What the DEFCON Voting Village revealed last year is that this is election security a global problem that will continue to persist. We have to work together, across all nations, in the cyber, public policy and legal arena to make our elections more secure. LRPP gives one forum to start and continue this important conversation.”

The Voting Village is slated to run again at this year’s DEFCON, August 9-12, 2018, hosted annually in Las Vegas.

 

###

About CGA

Cambridge Global Advisors is a strategic advisory services firm with deep expertise at the global, national, state and local levels. CGA assists clients in the management, development, and implementation of their programs, practices, and policies – with a special emphasis on homeland and cybersecurity. CGA works with government, non-profit organizations, and Fortune 500 companies to provide consulting and project management services as well as public diplomacy, stakeholder engagement, and communications.  To learn more, visit www.cambridgeglobal.com or follow on Twitter at @camb_global