Welcome to Codebook, the cybersecurity newsletter that's pretty sure Ed Harris plays a robot on "Westworld."
Situational awareness: Sens. Claire McCaskill (D-Missouri) and James Lankford (R-Okla.) introduced a supply chain cybersecurity protection law Tuesday.
Tips? Reply to this email address.
Lt. General Paul Nakasone, head of U.S. Cyber Commmand. Photo: Saul Loeb/AFP via Getty.
In recent months, the Pentagon has begun taking a more aggressive posture in its approach to cyber conflicts, seeking to slow attacks by taking the fight to enemy networks. But experts worry that approach could escalate cyber conflicts in ways the U.S. may not be prepared to absorb.
How we got here: Cyber Command, the Department of Defense's unified command for cyberwarfare, was conceived under President George W. Bush. It has been elevated in the chain of command under President Trump, who gave it increased autonomy as part of a Defense-wide effort to give the military more agility.
Why it matters: Under the new approach, there is "a very real danger of escalation," said Lisa Monaco, a former assistant to the president for homeland security and counterterrorism, via email.
The topic of the newly unleashed Cyber Command re-emerged Monday in a book excerpt in the New York Times by its cybersecurity reporter David Sanger.
What we're missing: "This is far from a cure-all to our cyber problems," said Michael Morell, former deputy director of the CIA. He sees two big hang-ups:
The best defense is a good defense: The best deterrent to a cyberattack, said Peter Singer, strategist at the New America Foundation, is "demonstrating that attacks won't work" — which can be as simple as hardening systems.
On Tuesday, the Department of Justice made two big announcements: A Maryland woman pleaded guilty to using data from the 2015 Office of Personnel Management breach in a bank fraud scheme, and a suspect was charged in leaks of CIA documents published on WikiLeaks.
Why the OPM plea matters: According to the DOJ press release, Karvia Cross pleaded guilty to applying for "numerous online membership and consumer loan[s] in the names of stolen identities that were victims of the OPM data breach."
This is a little baffling, because the OPM data breach — which pilfered information on millions of Americans — has always been assumed to be a Chinese espionage operation. We don't know where Cross and her codefendants got these identities.
Why the CIA leak charges matter: The media had already identified Joshua Schulte as the likely suspect in the CIA leaks, which were, largely, unimportant (and not to be confused with the Shadowbrokers ordeal, in which a trove of National Security Agency tools was leaked). Also, Schulte was already on trial for an unrelated charge related to child pornography. Nonetheless, the 2017 leaks — posted on WikiLeaks under the name Vault7 — were a major embarrassment to the intelligence agency.
Photo: Paco Freire/SOPA Images/LightRocket via Getty Images
With passage of its version of the National Defense Authorization Act on Monday, 85-10, the Senate has acted to thwart the president's deal to keep Chinese telecom manufacturer ZTE in business. The vote came two days before Trump is to meet with Republicans and lobby to salvage his deal.
ZTE in the length of a tweet: The U.S. gave ZTE a 7-year ban on using U.S. technology for illegally trading with Iran and North Korea.
The House and Senate will now have to reconcile their differing defense authorization bills.
Researchers at Tripwire discovered a slight glitch in Google Home and Chromecast devices allowing attackers to swipe extremely precise location data. Blogger Brian Krebs, who first reported the discovery, says Google is likely to soon release a patch.
The details: All online computers have an internet address and, unless extra measures are taken, any computer that can see that address can figure out roughly what city that computer is in. Google determines location using other sources and can locate systems close to a street address. The Tripwire glitch would allow advertisers or unsavory characters to see that precise address.
I mean, wouldn't it be devastating if the guy whose persona is based on not being a robot is a robot?
Codebook will return on Thursday. It is not a robot.