From Aspen: Watch former U.S. Ambassador to NATO, Doug Lute, talk with the Aaron Haber about the need for the U.S. to reinvigorate the health of our allies so we can better compete with China. Full video here:
Recently CGA President Amb. Douglas Lute and CGA Senior Advisor Gen. Francis X. Taylor authored a report for the IBM Center for the Business of Government. The report, “Integrating and Analyzing Data Across Governments - The Key to 21st Century Security: Insights from a Transatlantic Dialogue,” focuses on data gathering, analysis, and dissemination challenges and opportunities across the homeland security enterprise. It especially looks at how improved information sharing could enhance threat prediction and prevention in a transatlantic context.
Lute and Taylor address how stakeholders in the U.S. and Europe can increase the understanding of effective ways to leverage channels involving technology, human capital, organizations, and private sector coordination that meet strategic, mission, and operational needs. The report highlights opportunities for governments to leverage data integration and analytics to support better decision making around cyber and homeland security.
The authors draw primarily on findings from two roundtable discussions with current and former government leaders and stakeholders. The first meeting, held in Washington, D.C. in October 2017, focused on how the U.S. Department of Homeland Security (DHS) information sharing enterprise can have the greatest impact and interaction with partners. The second meeting, held at the U.S. Mission to the European Union (EU) in Brussels in March 2018, focused on how the European Union and other European organizations and member states can work with U.S. agencies to enhance outcomes from improved information sharing.
Given the imperative for transatlantic and cross-sector collaboration to understand and respond to an increasingly complex set of threats facing governments, we hope that this report provides timely insights for public sector leaders and stakeholders.
Download and read the report here.
Cambridge Global CEO & University of Chicago Lecturer, Jake Braun, Leads Historic Effort to Massively Scale India's Cyber Workforce
(Gujarat, India. March 21, 2018) This week, Cambridge Global Advisors (CGA) was proud to announce that CEO Jake Braun participated in a groundbreaking Cyber Security and Governance training effort for the Government of the Indian State of Gujarat. Conducted through the University of Chicago, where Braun also serves as a cyber policy lecturer, Braun helped to deliver cyber policy training more than 240 senior executives from the Government of Gujarat, India. The training culminated in an MOU signing and press event on Tuesday, March 20 that featured leaders from the partnership organizations: Dr. Rajiv Gupta, Additional Chief Secretary, Labour and Employment Department Government of Gujarat & M.D., GNFC Ltd. and Dr. Balaji Srinivasan, Vice President, University of Chicago.
Touted as the first-of-its-kind in India, the partnership is currently administering a "train the trainer" cybersecurity program that will help India achieve its goals of scaling a massive government cyber workforce in the next few years. Along with several new national policies that have critically impacted India's needs for government cyber jobs, the nation has already made historic moves to digitize its currency and implement a monumental biometric data program. Under the University of Chicago curriculum model, participating senior executives will, in turn, train thousands of students at India's Industrial Training Institutes (ITIs) to fill cyber jobs and carry out government cyber operations critical to bolstering India's economy, positively impacting its global footprint, and safeguarding national security.
Of the training, Jake Braun said: "In this global and modern world, cybersecurity is an issue without borders. As more people come online, the challenge of filling cyber vacancies to meet evolving demand is a commonality that governments of all sizes encounter. I couldn't be more honored to support this mission in Gujarat, and to partner with the University of Chicago to equip what is soon-to-be one of the nation's largest cyber workforce bodies on the best policies and practices to keep all citizens safe and secure online."
With years' worth of experience in cyber policy and cyber workforce development issues, CGA is a strategic advisory services firm with deep expertise and experience at the global, national, state and local levels. The firm is currently working with U.S. government entities including the U.S. Department of Homeland Security to identify solutions and strategies to train and bolster its own cyber workforce.
Under the University of Chicago's program, Jake Braun is slated to conduct additional trainings over the coming months in Gujarat.
Cambridge Global Advisors is a strategic advisory services firm with deep expertise at the global, national, state and local levels. CGA assists clients in the management, development, and implementation of their programs, practices, and policies – with a special emphasis on homeland and cybersecurity. CGA works with government, non-profit organizations, and Fortune 500 companies to provide consulting and project management services as well as public diplomacy, stakeholder engagement, and communications. To learn more, visit www.cambridgeglobal.com or follow on Twitter at @camb_global
This article citing CGA Principal Douglas Lute appeared in the New York Times, February 13, 2018.
WASHINGTON — Russia is already meddling in the midterm elections this year, the top American intelligence officials said on Tuesday, warning that Moscow is using a digital strategy to worsen the country’s political and social divisions.
Russia is using fake accounts on social media — many of them bots — to spread disinformation, the officials said. European elections are being targeted, too, and the attacks were not likely to end this year, they warned.
“We expect Russia to continue using propaganda, social media, false-flag personas, sympathetic spokespeople and other means of influence to try to exacerbate social and political fissures in the United States,” Dan Coats, the director of national intelligence, told the Senate Intelligence Committee at its annual hearing on worldwide threats.
Mr. Coats and the other intelligence chiefs laid out a pair of central challenges for the United States: contending with the flow of Russian misinformation and shoring up the defenses of electoral systems, which are run by individual states and were seen as highly vulnerable in 2016.
“There should be no doubt that Russia perceives its past efforts as successful and views the 2018 U.S. midterm elections as a potential target for Russian influence operations,” said Mr. Coats, testifying alongside Mike Pompeo, the C.I.A. director; Christopher A. Wray, the F.B.I. director; and other leading intelligence officials.
“Throughout the entire community, we have not seen any evidence of any significant change from last year,” Mr. Coats said.
The warnings were striking in their contrast to President Trump’s public comments. He has mocked the very notion of Russian meddling in the last election and lashed out at those who suggested otherwise.
Mr. Trump has not directed his intelligence officials to specifically combat Russian interference, they said. But Mr. Pompeo said that the president has made clear that the C.I.A. has “an obligation, from the foreign intelligence perspective, to do everything we can to make sure there’s a deep and thorough understanding of every threat, including threats from Russia.”
Russia appears eager to spread information — real and fake — that deepens political divisions. Bot armies promoted partisan causes on social media, including the recent push to release a Republican congressional memo critical of law enforcement officials.
The bots have also sought to portray the F.B.I. and Justice Department as infected by partisan bias, said Senator Mark Warner of Virginia, the top Democrat on the intelligence committee.
“Other threats to our institutions come from right here at home,” he said. “There have been some, aided and abetted by Russian internet bots and trolls, who have attacked the basic integrity of the F.B.I. and the Justice Department. This is a dangerous trend.”
Russia does not, however, appear to be trying to penetrate voting machines or Americans’ ballots, United States officials said.
“While scanning and probing of networks happens across the internet every day, we have not seen specific or credible evidence of Russian attempts to infiltrate state election infrastructure like we saw in 2016,” Jeanette Manfra, the chief cybersecurity official at the Department of Homeland Security, said in an interview last week.
Right now, Mr. Pompeo said, Russia is trying to focus on what are known as influence operations — using social media and other platforms to spread favorable messages — not hacking.
“The things we have seen Russia doing to date are mostly focused on information types of warfare,” he said.
Intelligence officials and election-security experts have said both the states and federal agencies have made significant progress in addressing voting system vulnerabilities since 2016, when state-level officials could not even be warned of attacks because they lacked the necessary security clearances.
The intelligence community was focused on gathering information about potential attacks and then sharing it with local and state election officials, Mr. Coats said during the hearing.
Mr. Coats called Moscow’s meddling “pervasive.”
“The Russians have a strategy that goes well beyond what is happening in the United States,” he said. “While they have historically tried to do these types of things, clearly in 2016 they upped their game. They took advantage, a sophisticated advantage of social media. They are doing that not only in the United States but doing it throughout Europe and perhaps elsewhere.”
Mr. Pompeo was also asked about reports last week by The New York Times and The Intercept that American intelligence agencies spent months negotiating with a Russian who said he could sell stolen American cyberweapons and that the deal would include purportedly compromising material on Mr. Trump. The negotiations were conducted through an American businessman who lives in Europe and served as a cutout for American intelligence agencies.
Mr. Pompeo called the reporting “atrocious, ridiculous and inaccurate” and said the C.I.A. had not paid the Russian. The Times, citing American and European intelligence officials, said only that American spies had paid the Russian $100,000 for the cyberweapons using an indirect channel. Those weapons were never delivered. The Russian did provide information on Mr. Trump, which intelligence agencies refused to accept and remains with the American businessman.
“Our story was based on numerous interviews, a review of communications and other evidence. We stand by it,” said Dean Baquet, the executive editor of The Times.
Mr. Pompeo did appear to acknowledge the operation itself, saying that “the information that we were working to try and retrieve was information we believed might well have been stolen from the U.S. government.”
He and the other intelligence chiefs, including Adm. Michael S. Rogers, the departing director of the National Security Agency, also addressed the slew of other threats they see facing the United States. They cited North Korea’s nuclear program, Islamist militants in the Middle East and even illicit drug trafficking, especially the smuggling of cheaply made fentanyl, a powerful opioid responsible for thousands of deathseach year.
But as has been the case for years, the intelligence leaders presented cyberactivities of rival nations and rogue groups as the foremost threat facing the United States. They warned that such risks were likely to only grow, citing China, Iran, North Korea and Russia, along with militant groups and criminal networks, as the main agitators.
To ease the flow of information, the Department of Homeland Security is trying to get at least one election official in each state a security clearance. To date, 21 officials in 20 states received at least interim “secret”-level clearances, Ms. Manfra said in the interview.
The federal government is also working to provide states with enhanced online security “to ensure the American people that their vote is sanctioned and well and not manipulated in any way,” Mr. Coats said.
Homeland Security has added 32 states and 31 local governments to a system that scans internet-connected systems in the federal government every night for vulnerabilities, offering weekly reports and fixes to any issues they find, Ms. Manfra said.
Specialists also spend weeks auditing cyberdefense systems in both federal agencies and state elections offices, and last month, the department decided to prioritize requests for the latter to ensure that they get done swiftly, she added.
Virtually every state is taking steps to harden voter databases and election equipment against outside attacks and to strengthen postelection audits. When the National Association of Secretaries of State holds its winter meeting this weekend in Washington, half of the sessions will be devoted wholly or in part to election security.
New standards for voting equipment were approved last fall that will effectively require manufacturers to include several security improvements in new devices. States are moving to scrap voting machines that do not generate an auditable paper ballot as well as an electronic one; Virginia has decertified most of its devices, Pennsylvania has declared that all new devices will produce paper ballots, and Georgia — a state whose outdated equipment produces only electronic voting records — has set up a pilot program to move to paper.
But a host of problems remains. Roughly one-fifth of the country lacks paper ballots, and replacing digital-only machines costs millions of dollars. Federal legislation that would allot funds to speed up the conversion to paper is crawling through Congress.
Many experts, meanwhile, believe that Russian meddling in the presidential race was but a foretaste of what is to come — not just from the Kremlin, but also from other hostile states and private actors.
“Russia learned a lot last year in what really, I think, can be seen as a series of probing attacks,” Douglas Lute, a retired Army lieutenant general, deputy national security adviser to President George W. Bush and ambassador to NATO under President Barack Obama, said in an interview. “I think we should expect that they learned and they’re going to come back in a much more sophisticated way.”
This article originally appeared in Dark Reading, January 18, 2018.
Expert panel lays out potential risks for the 2018 election cycle and beyond
Speaking at a panel on election security in Chicago last night, Douglas Lute, former US Ambassador to NATO, said he remains very concerned that Russian interference in the 2016 elections has eroded the public’s confidence in the election system, the cornerstone of the American democracy.
“What happened in the 2016 election is as serious a national security threat as I’ve seen in the last 40 years,” said Lute. “When you think of events such as Pearl Harbor and 9-11, those are physical attacks and terrible as they are, we can recover from them. But if we lose confidence in the election system, that erosion is more serious.”
The panel discussion, "Secure the Vote," was sponsored by DEF CON, which held a Voting Machine Hacker Village during its August event, and by the Chicago Council on Global Affairs. Also participating were Rick Driggers, deputy assistant secretary at the US Department of Homeland Security's (DHS) Office of Cybersecurity & Communications, and Greg Bales, community outreach coordinator in Sen. Richard Durbin’s (D-Ill.) office. The panel moderator was Jake Braun, cybersecurity instructor at the University of Chicago.
Braun hailed the panel as the first time the executive and legislative branches of government got together to publicly discuss hacking of the US election system.
In September, DHS informed 21 US states that some component of their respective election systems had been targeted by Russian state-sponsored cybercriminals during the 2016 election campaign. According to DHS, no votes were changed and many of the targets experienced only vulnerability scans. Last night’s discussion was held ahead of the nation’s first primaries this March in Illinois and Texas, both of which were among the 21 targeted states.
Lute kicked off the panel with five points for attendees to consider:
- Russia is a proven threat. Although President Donald Trump has rejected the validity of reports on election tampering, national security agencies agreed that Russia attacked our election system in 2016 and that it was state-sponsored under the direction of Russian President Vladimir Putin, said Lute.
- Russia is not going away. President Putin is likely to win another six-year term this year in an uncontested election, and even if something happened to Putin, he would be replaced by a similar figure who will look to expand on global election hacking efforts, said Lute.
- Other nation-states are potential threats. It’s clear that other nations such as China, Iran and North Korea have the capability to hack into our elections and other critical businesses and infrastructure.
- Time is short. The election cycle of 2018 is a short two months away and the 2020 Presidential race is just around the corner.
- Our allies are vulnerable. Other countries' elections are already experiencing cybersecurity incidents, like the data breach that hit French president Francois Macron days before the election.
The DHS’s Driggers said DHS is available upon the request of state and local governments to provide security services such as technology assessments, information sharing and basic cyber hygiene. He said in early January 2017, DHS identified the US election system as part of the nation’s critical infrastructure, putting it on the level of our IT, defense, energy, and financial services systems.
"It's definitely a priority in our planning," Driggers said. "We realize that US elections are run by local election officials and our efforts are primarily to support state and local efforts."
On the legislative front, Bales said Sen. Durbin is working hard to support the Secure Elections Act, a bill sponsored by Sen. James Lankford (R-Okla.) and Sen. Amy Klobuchar (D-Minn.) that seeks to protect against foreign interference in future elections.
"Voting is a bi-partisan American issue, so we have to make sure outside actors like Russia are not involved," Bales said.
As for potential solutions, Lute offered three suggestions: get the entire election system off the Internet; protect the state voter registration databases; and create an audit trail by using optical scanners to track individual paper votes.
Most of Lute’s suggestions are based on the Election Security Plan developed by Noah Praetz, director of elections with the Cook County Clerk’s Office. Praetz’s plan represents the first known formal response by a local government to reported US election hacking in 2016.
Many cybersecurity researchers also called for paper voting or systems that use optical character readers to generate voter-verified paper trails after two (decommissioned) voting machines were hacked within 90 minutes during DEF CON's Voting Machine Hacker Village in August.
This article originally appeared in the New Castle News, December 22, 2017
ALBANY, N. Y. — As Gov. Andrew Cuomo tells it, the state pension fund — the third largest retirement nest egg for public employees in the nation — should sell off its investment in fossil fuel companies that have polluted the environment with products that worsen global climate change.
"That is the energy of yesterday," he told reporters this week after previewing a proposal that he plans to stitch into his Jan. 3 State of the State speech. "It is literally polluting the planet."
The $201.3 billion New York State and Local Retirement System fund, as it is officially called, is managed by state Comptroller Thomas DiNapoli.
As the fund's sole trustee, DiNapoli has resisted earlier calls from green activists for divestment in oil and natural gas companies. He has contended that as a shareholder with a seat at the table he is in a better position to influence corporate behavior than he would be if he sold off the pension fund's stake in those companies.
Cuomo, who has no oversight role over the fund, cast his interest in an avuncular way, suggesting that he wants to "protect the retirement savings of New Yorkers." But with the governor poised to seek a third term in Albany in 2018 and leaving the door open for a run for the White House in 2020, the pension fund divestment issue has already triggered speculation that political considerations were a factor in the proposal.
But the governor's move has spawned concerns that a green energy litmus test over investment decisions could end up limiting the fund's growth should Cuomo's prognostications regarding energy sector stocks prove to be flawed.
"The comptroller needs to stick to his guns and understand that his fiduciary responsibility is to the beneficiaries" of the fund, said Christopher Burnham, the former Connecticut state treasurer who served as the sole trustee of the Nutmeg State's pension fund from 1995 to 1997.
"You have to invest these monies cautiously, carefully and wisely, and without allowing a personal agenda to play a role in how you execute your duties," said Burnham, a Republican and native New Yorker who is chairman of Cambridge Global Advisors in Virginia.
DiNapoli and Cuomo are downstate Democrats, though at times the relationship between the two has been chilly. Since Cuomo advanced his pension proposal, the comptroller has avoided arguing with the governor over the issue, instead signaling that he welcomes the "opportunity to partner" with Cuomo via an advisory council aimed at "achieving investment returns."
DiNapoli further stated that while he has "no immediate plans to divest our energy holdings," the New York pension fund has been a leader in advancing climate change goals and is increasing its current stake of more than $5 billion in "sustainable" investments.
"We believe in engagement with companies," DiNapoli said in responding in June to a CNHI inquiry about a push for divestment by a coalition calling itself Elected Officials to Protect New York.
Republicans lost no time in accusing Cuomo of meddling in an arena where they say he has no business.
“The public pension fund does not exist so Andrew Cuomo can use it to build a campaign platform for a presidential run," said Assembly GOP Leader Brian Kolb, who has announced he is a candidate for governor.
By taking on the fight for divestment, though, Cuomo may be choosing a pathway that could put octane into any future run for the presidency, said Harvey Schantz, the chairman of the political science department at the State University at Plattsburgh.
"Running for governor in New York state and running for the Democratic nomination for the presidency present overlapping opportunities," Schantz said. "You have to show liberal bona fides and you have to show executive ability. First, he has to get re-elected as governor. But by staking out liberal positions, he could be helping himself in New York and also helping himself win the Democratic nomination."
In advancing his proposal, Cuomo pointed out that the World Bank plans to stop financing gas and oil exploration projects, and the Norwegian sovereign wealth fund is already shedding its fossil fuel investments.
While it is DiNapoli who calls the shots at the pension fund, Cuomo is not out of line in suggesting that its portfolio mix be shuffled in ways that promote greater reliance on renewable energy, said Larry Levy, a longtime observer of New York politics and director of the National Center for Suburban Studies at Hofstra University,
Levy suggested that Cuomo has been steadily building his record as an advocate for expanded use of solar and wind energy and is the architect of the state's policy to have the state's energy diet include no less than 50 percent renewable energy by 2030. The Cuomo administration, he added, has also kept the gas drilling technique known as hydraulic fracturing from being introduced in New York.
"He can't be accused of posturing on this issue because he has gone all-in on reducing the reliance of fossil fuels in a big way," he said. "It's not as if he has suddenly discovered an issue and is coming out to please a certain constituency."
As to the speculation that Cuomo is preparing a White House run, Levy said, "2018 is 2020. If a U.S. senator or governor doesn't knock it out of the park in his home state in 2018, then he or she is going to drop precipitously on any list for any national election."
This piece originally appeared in USA Today, December 7, 2017
Illinois' most populous county has a plan to keep hackers out, after the state's voter registration list was breached during last year's presidential race. There's one big sticking point: the money.
The director of elections for Illinois' Cook County and a group including Ambassador Douglas Lute will present a strategy to bolster U.S. election systems' defenses against foreign intruders on Thursday.
That roadmap comes with a request for the federal government to fund their plan, underlining a hurdle for many municipalities as they head into the 2018 midterm and 2020 presidential elections.
While last year's general election made clear the voting system was vulnerable to hackers, and the federal government has instructed the nation's 9,000 election officials to make their voting rolls safer, many municipalities lack funding to make these changes.
The last time there was significant federal funding for election infrastructure at the local level was the Help America Vote Act of 2002, passed in the aftermath of the controversy surrounding the 2000 president election recount. That resulted in almost $3 billion in funds for new voting equipment.
"For a relatively modest investment it seems to me that we can shore up the system significantly," Noah Praetz told USA TODAY.
His five-page plan, sponsored by Cook County Clerk David Orr and being presented at the University of Chicago's Harris School of Public Policy, is part of a broader effort by an ad hoc bipartisan group working to strengthen the U.S. election system after Russian intrusions during the 2016 U.S. presidential race. It calls on the federal government to aid states, laying out a list of 20 defense tactics election officials can take to protect election integrity.
"Make no mistake, this will be a painful and expensive undertaking," it reads.
Just how expensive isn't known. The U.S. election system is highly decentralized. Each jurisdiction has different staff, equipment and funding and must deal with differing local and state regulations governing elections.
For Cook County, which is responsible only for county-wide elections as the city of Chicago holds its own elections, "it's going to cost many millions." Praetz said he couldn't be more specific because the county is in the middle of a procurement process.
Even hundreds of millions is just "a rounding error of the defense department budget," said Lute, a retired three-star general who served under both Obama and George W. Bush.
"We're buying hard defense for America to the tune of $700 billion a year. And for literally less than one-one-thousandth of that, we could make dramatic inroads to secure our election systems. Which quite frankly may be more fundamental [to our security] than the next fighter plane," he said.
Russia will be back
The problem with Russia, which denied any interference in the U.S. election, isn't going to go away, say election officials. The 2016 attacks were a classic Russian intelligence military operation.
"Initially it is rather clumsy. They probe and they make mistakes and they get found out. But they also learn very quickly. I expect that in 2018 they will be back, with a much more sophisticated and targeted approach," said Lute, most recently the former United States Permanent Representative to the North Atlantic Council, NATO’s standing political body.
2016 was a heads up
The 2016 election was a watershed in terms of awareness about foreign election meddling. No one knows the problem better than Illinois, one of two states where federal authorities say Russian hackers succeeded in infiltrating the election system.
The hackers operated undetected for three weeks, viewing the records of 90,000 voters and, according to the Illinois State Board of Elections, attempted to delete or alter some voter data.
Time is also short. Illinois also is one of two states with the earliest primaries in the county, meaning its voters will go to the polls in March.
The white paper suggests the creation of a national digital network for local election officials to quickly share information about threats and incidents. This is in contrast to 2016, when officials in 21 states only learned they'd been targeted almost a year after the fact.
Next, every local and state election official should have a security officer on staff, to deal with these issues.
The paper then goes on to outline a standard list of the things any company would implement to protect the security of its networks, but which election officials have overall been slow to roll out because of a lack of funding, knowledge and awareness of the dangers.
The final suggestion is the idea that every election jurisdiction needs to come up with a plan about how it will recover if it is hacked. That could mean paper backups of voter registration lists, storing paper ballots or saving digital scans of ballots.
"If we detect breaches and recover from them quickly, we will survive. And so will our democracy," the paper says.
Cambridge Global Advisors (CGA) is proud to announce the participation of Nate Snyder, former senior counterterrorism official in the Department of Homeland Security and current CGA employee, in last Wednesday's discussion with John Brennan, former Director of the Central Intelligence Agency regarding the outlook of global security. The event was hosted by The Center on National Security at Fordham University School of Law in New York, where Brennan is Distinguished Fellow for Global Security. It was attended by widely recognized national security thought leaders, published researchers, current CT practitioners, national media, and national security correspondents.
The conversation was moderated by David Ignatius, columnist for the Washington Post. Video of the conversation can be found here.
CGA Principal and former NATO Ambassador Douglas Lute told ABC News Chief Anchor George Stephanopoulos in an interview on "This Week" Sunday that the United States is stuck in a political and military stalemate in Afghanistan, and it is unclear whether President Donald Trump's new strategy in the country will resolve it. Read more here.