November 25, 2020
Hello and welcome to the latest edition of Codebook. This week we’re thinking about how we’re thankful for the promising recent news on coronavirus vaccines. And we’re wishing you a safe, restful and happy Thanksgiving.
Today's newsletter is 1,351 words, a 5-minute read.
1 big thing: The emerging cybersecurity headaches awaiting Joe Biden
The incoming administration will face a slew of cybersecurity-related challenges, as Joe Biden takes office under a very different environment than existed when he was last in the White House as vice president.
The big picture: President-elect Biden's top cybersecurity and national security advisers will have to wrestle with the ascendancy of new adversaries and cyberpowers, as well as figure out whether to continue the more aggressive stance the Trump administration has taken in cyberspace.
Here are details on some key challenges confronting Biden:
1. The ferocious growth of cybercrime groups
Where it stands: In the last few years, cybercriminal groups have become ever more brazen and sophisticated, increasingly seizing and encrypting victims' data in ransomware schemes that see them extort vast sums, sometimes in the tens of millions of dollars.
- These cash-flush groups, many of which hail from Eastern Europe, are undiscriminating in their victims, with health care providers, local governments and research facilities all falling prey to their schemes.
- In many cases, these private groups are as sophisticated as many nation-state groups — or even more so.
By the numbers: In 2019, the FBI’s Internet Crime Complaint Center “received 2,047 complaints identified as ransomware with adjusted losses of over $8.9 million.”
What's next: Cybercriminal groups will likely continue to target medical and research facilities focused on coronavirus treatments and vaccines — intellectual property with almost invaluable financial and geostrategic value.
- The Biden administration will need to continue building connections with international partners, especially when it comes to degrading cybercrime networks abroad and apprehending wanted cybercriminals when they, say, vacation outside their home countries.
- The administration will also need to clarify unsettled U.S. policies regarding legal liabilities that American businesses may incur if they pay ransoms to sanctioned cybercriminal groups.
2. The rise of the rest
Where it stands: Vietnam, the United Arab Emirates, Qatar and Saudi Arabia have all, to varying degrees, built up their cyber espionage capabilities during the Trump era, acting as smaller but increasingly sophisticated cyber powers that will merit more attention in the coming years.
- Gulf states have already shown a willingness to employ hack-and-dump campaigns to influence U.S. politics and policy.
The intrigue: Vietnam is building up its cyber operations at least partially in response to fears over Chinese designs in Southeast Asia.
- That could potentially make Vietnam an ally in the fight to stem Beijing's global influence, even as the U.S. looks to disrupt other cyber operations coming out of Vietnam.
What's next: How these countries choose to deploy their newfound powers could further upset regional dynamics, particularly in the Middle East, as well as bilateral relations with the U.S.
- The trend toward online influence campaigns directed at the U.S. — whether perpetrated by Gulf states or other countries — may also intensify during the Biden years.
3: Managing U.S. offensive cyber operations
Where it stands: In 2018 the Trump administration publicly announced that it was scrapping Obama-era rules governing the U.S. military’s offensive cyber operations, and also secretly loosened the restrictions governing the CIA’s covert operations in cyberspace.
- Since then, U.S. Cyber Command has undertaken a series of assertive actions aimed at degrading the infrastructure of Iranian, Russian and cybercriminal targets as part of Director Paul Nakasone’s strategy of “defending forward.”
- Meanwhile, the CIA has undertaken covert hack-and-dump campaigns against Russian and Iranian actors affiliated with those countries’ intelligence services.
Between the lines: There's wide consensus that Obama-era procedures for offensive cyber operations were too restrictive and deliberative, unnecessarily gumming up U.S. military and intelligence agencies that often work in highly time-sensitive environments.
What's next: The Biden administration will have to weigh whether the pendulum has swung too far in the other direction under Trump.
- Has the current administration extended too much leeway, and too little oversight, to U.S. military and intelligence cyber-operators, whose actions can have acute geopolitical consequences? Will the Biden National Security Council amend the Trump-era regulations, or preserve them?
- These decisions will have significant reverberations for U.S. national security.
2. Biden’s DNI pick is familiar with cyber challenges
Avril Haines, Biden’s pick for director of national intelligence, has a long history of working on critical cybersecurity and digital challenges facing the intelligence community.
Why it matters: A deep understanding of cyber issues is of great value in the position, including as the Biden administration seeks to restore faith in a role that has faced accusations of politicization in the Trump era.
Catch up quick: Haines served as CIA deputy director from 2013 to 2015 and deputy national security adviser from 2015 to 2017.
- During Haines’s tenure at the CIA, the agency initiated what became a major — and at times controversial — organizational transformation, known internally as the “reorg.” One of the main catalysts for this shakeup was CIA leaders’ desire to integrate cyber operations and new digital cybersecurity and intelligence-gathering practices across the agency.
- The CIA must “embrace and leverage the digital revolution and innovate across our missions,” wrote then-CIA Director John Brennan in a 2015 announcement of the reorganization. “We must place our activities and operations in the digital domain at the very center of all our mission endeavors.”
Haines was also deeply engaged in discussions at the CIA about the broader challenges that the digital era was presenting to intelligence tradecraft.
- It “was a major issue, even before I arrived at the agency,” Haines told me in 2019. “One way to frame our approach to the many challenges posed by technology was to ‘do less, but do it better,’ which meant focusing on what was most important and then spending the time and resources needed to keep it secret.”
Meanwhile: Haines currently co-chairs the Center for Strategic and International Studies’ Technology and Intelligence Task Force.
3. Inside Amazon’s private surveillance apparatus
Amazon has devoted intensive resources all over the world to private spying efforts focused on company unionization efforts and environmental protesters, according to Vice.
The big picture: Amazon has drawn fire for allowing governments to use its software to surveil people and for its own harvesting and use of data. The latest revelations suggest that a culture critics view as rife with invasive overreach extends to Amazon’s own workforce.
Details: Documents from Amazon’s investigative unit obtained by Vice “reveal in stark detail the company's obsessive monitoring of organized labor and social and environmental movements in Europe, particularly during Amazon's ‘peak season’ between Black Friday and Christmas.”
- These efforts have included online surveillance of Amazon employees, in which “Amazon intelligence agents” have created fake social media profiles to track unionizing efforts, writes Vice.
- Amazon also hired operatives from the Pinkerton firm to go undercover and track employee unionizing efforts in Europe.
Of note: Amazon’s internal surveillance apparatus has tracked labor organizing at a granular level, Vice writes, with a team that includes military intelligence veterans monitoring organized labor and union activity in countries with strong labor groups, particularly across Western and Central Europe.
Amazon has also surveilled environmental groups that have protested the company’s practices, including Greenpeace and Fridays For Future, the climate youth group founded by activist Greta Thunberg.
- Investigators gathered open-source information about Greenpeace’s online campaigns that were critical of the company and disseminated them in internal intelligence reports.
4. America's Chinese communities struggle with online disinformation
Disinformation has proliferated on Chinese-language websites and platforms like WeChat that are popular with Chinese speakers in the U.S., Axios’ Bethany Allen-Ibrahimian and Shawna Chen write.
Why it matters: There are fewer fact-checking sites and other sources of reliable information in Chinese, making it even harder to push back against disinformation.
Driving the news: Unknown perpetrators attempted to scare Chinese Americans away from the polls on Election Day, ProPublica reports.
- On WeChat, at least two dozen groups disseminated the false narrative that the Department of Homeland Security planned to dispatch the military to subdue riots.
- Steve Bannon and billionaire ally Guo Wengui amplified conspiracy theories relating to the coronavirus and to Hunter Biden's ties to China, in both English and Chinese-language media ahead of the election.
- “They’re trying to imitate tactics used by QAnon,” Keenan Chen, a researcher for the disinformation-tracking nonprofit First Draft, told Foreign Policy.
How it works: Information on WeChat is often hyperpartisan, transplanted from American news sites and social media. Right-wing narratives dominate the platform in both reach and volume, per research from Chi Zhang of the Tow Center for Digital Journalism.
- False or misleading information circulates heavily around hot-button issues like affirmative action, Black Lives Matter and undocumented immigrants.
5. Odds and Ends
- A Tigrayan group massacred hundreds of civilians as the civil war in Ethiopia has continued to intensify. (AP)
- Australian intelligence agencies have “incidentally collected” information from COVID-19 tracking apps. (Techcrunch)
- How to fix pre-publication review for former intelligence agency employees (Just Security)
- Biden’s new DHS secretary pick worked on some cybersecurity issues during his previous go-around at the agency. (CyberScoop)
- China and Russia are playing a game of COVID vaccine diplomacy. (Washington Post)