Tagged: including

0

Homeland Security's tall order: A hacker-free election

jeanette-manfra-head-of-cybersecurity-department-of-homeland-security-7600

James Martin/CNET

As lawmakers and federal investigators continue to try to understand the chaos foreign actors were able to create during the 2016 election, the US Department of Homeland Security has taken a central role in helping secure the next election.

The agency declared the US election system, which is run by a fragmented group of officials in all 50 states as well as dozens of smaller local governments, to be a part of the nation’s “critical infrastructure” in January 2017. The agency doesn’t have any legal authority over election officials, but it offers programs to help them keep hackers out of voting machines, voter registration databases and public-facing election websites.

Homeland Security’s top cybersecurity official, Jeanette Manfra, sat down with CNET to talk about the balancing act of helping secure elections without overstepping the federal government’s authority. She serves as the National Protection and Programs Directorate  Assistant Secretary for the Office of Cybersecurity and Communications at Homeland Security. Manfra told us that, so far, 32 states and 31 local governments have taken part in at least the most basic cybersecurity help offered by Homeland Security, and the agency will have finished 14 deeper assessments by the end of April.

What’s more, Manfra said Homeland Security hasn’t seen a concerted hacking effort targeting the election system like it saw in 2016 — so far.

“The intelligence community has said we have every reason to expect that this foreign influence activity will continue, but we don’t see any specific credible threat or targeting of election infrastructure,” Manfra said.

Manfra also talked with us about why she thinks a return to paper ballots wouldn’t create a totally secure election, what Homeland Security has done to secure the federal government since the disastrous Office of Personnel Management data breach in 2015, and how she thinks the government can help make the internet of things safer. Here’s an edited transcript of our conversation.

Question: Tell us what Homeland Security is doing to help states and local governments secure the vote.
Manfra: When the government has information that would be useful to election officials, that we get that to them.

We issued a few public statements[1] over the past couple of days about a series of meetings[2] with industry, with state and local government officials. If there’s somebody targeting a network or a system in your state, who are the people that we need to notify.

To the extent that they would like to take advantage of the services we have, we offer those as well. There’s everything from scanning — they provide us with their IP ranges, we provide them with a weekly report on any vulnerabilities that we identify.

The other one that’s been written about a lot is the risk and vulnerability assessment. It takes about three weeks. They lay out for us what their networks, what their systems look like. We try a variety of different things and identify where we saw some potential issues, some recommended mitigations, and we often times will talk through with them if they have any questions.

Can you speak to the difference between securing voting machines and securing voter rolls and other election related networks?
The voting machines tend to make a lot of news when you’ve got people talking about being able to hack into them. While technically somebody may be able to demonstrate it, it’s nearly impossible to gain physical access to those machines.

Then you’ve got all these other pieces of the system, where if somebody wanted to [they could] create confusion. It’s got nothing to do with actually changing a vote, but you try to get into these different systems, because people don’t understand necessarily how all of these pieces are very disconnected.

We published voter registration database best practices in 2016[3]. We’ve been working with software vendors. We’ve been working with state officials. How can they best ensure that their public-facing websites are protected? How can they ensure that there’s no disruption of voter rolls? We’re working with the different organizations that would publish [early results], whether that’s through a state site, or the AP.

Not that we’re seeing targeting of any of this. We’re just wanting to take a really comprehensive approach to what we consider election infrastructure. Because it’s virtually impossible to actually affect the vote count itself, then an adversary may want to look at other means.

Security experts have been warning that voting machines are vulnerable to hacks for years, even if they would have to be hacked in person. What’s your approach with the vendors of these machines in ensuring that this improves?
My approach with the vendor community is more nascent. We had a meeting with them last Thursday, and have had some individual meetings, and we’ve got our own team of experts to look and do some penetration testing. I would say it’s a little bit early for me to judge them, and pretty much anything is going to have some vulnerability that somebody is going to try to exploit.

I also believe that once you have a product, you also have to make sure that you’re doing everything you can to lower the risk. It’s not always a cyberfix for a cybervulnerability; sometimes it’s reducing physical access, like they’ve done, and there’s other mechanisms in place such as the transparency of our election process. We’ve got observers that are looking at the vote counts and would be able to identify if there’s any anomalous changes.

I’ve talked to some advocates who say we should move back to paper ballots across the board. Would that make things more secure?
I vote in a community who’s gone to paper ballots. That introduces different complexity that those digital machines were trying to overcome. I couldn’t say that that will just unilaterally remove all risk. Particularly because if you have an adversary whose goal is to just create confusion, and undermine confidence, it wouldn’t necessarily matter.

I do believe that there should be audit capability and redundant means for checking if there is suspicion that something happened. And I know a lot of states and localities already have it, and if they didn’t, they’re working on it.

If there’s no current signs of foreign activity against US election systems, that’s different from what you’ve said was seen in the 2016 election when 21 states were targeted and a few were actually — is breached the right word?
That’s been the subject of endless debates.

But now you’re saying you’re not seeing a specific, concerted efforts along those lines…
…targeting election systems at this time. But again, what the intelligence officials laid out is, there is no reason to believe that the previous activity would go away.

There was an initial announcement that elections would be considered critical infrastructure because there was concerns over federal involvement in the state and local processes. Can you speak to where those concerns are coming from and how you deal with the challenge of offering assistance in elections that Homeland Security doesn’t have authority over?
In our non-federal cybersecurity role, we’ve tried to focus on what are those critical services and functions that we depend upon. Access to clean water, electricity and communications, and confidence in the financial systems. We have no kind of oversight or directive authority over any of those functions. Some of them may be regulated by other parts of the state government or the federal government, but not by us. And we think that [Homeland Security’s] voluntary approaches have been very useful.

Not every state is using every service offered by Homeland Security. What are some of the reasons a state might not opt into some of this?
We have a lot of great partnerships with organizations across the country that never take any of our services because they’re buying their own. If they’d like to take advantage [of ours], then that’s great. It benefits both of us. We learn about their systems, and they’re able to participate in our programs for free.

What has changed in the government’s approach to securing federal networks since the Office of Personnel Management breach in June of 2015[4]?
That was only three years ago, [but] it feels like a lifetime. At Homeland Security, Congress has given us a lot of authority. [We’ve been] implementing those authorities, many of them we got in 2014 and 2015. The binding operational directive[5] is one that we’ve been using successfully. You saw in the president’s executive order[6] [in May 2017] very clearly that cabinet secretaries, heads of agencies, you are accountable for your cybersecurity. This needs to be a priority for you.

The first directive we issued was about patching critical vulnerabilities within 30 days. We were not there when that started. And we’re now largely in that [range].

How developed is the information sharing system authorized under the Cybersecurity Information Sharing Act in 2015[7], and what has Homeland Security been able to do with it so far?
For the automated indicator sharing — remembering that it’s all about volume and velocity, and not about human validation for every single indicator — we’ve shared 1.8 million unique indicators through that program. We’ve got a little over 200 organizations that are signed up for it.

Are those private and public sector organizations?
Yes. And the 200 doesn’t necessarily mean a company or an agency. We’ve got a lot of information sharing organizations that have thousands of customers.

In 2016 we saw internet of things devices being used in unprecedented DDOS attacks[8]. Now we’re seeing botnets, including IoT botnets, caught up in cryptojacking schemes[9]. What do you see Homeland Security’s role in setting security standards for the growing network of sensors in our homes, workplaces and industrial settings?
In traditional consumer products, you can look at your microwave and see the UL seal there and you know that it’s passed some level of standards and certification. I think that is probably what we need for the so-called internet of things.

What we’ve looked at is Underwriter Laboratories, Energy Star and different things that have now become an industry standard — how did they develop? I think that there’s a government role in nurturing that process, but not dictating what the standards are. I think at one point the government said we’re only going to buy Energy Star products[10], and that was a very clear indicator for the market. I’m not suggesting that we have any plans along those lines, but I think it’s worthwhile looking back at how some of these different certification programs came about. I want to keep seeing the innovation, but I also want to see some standards.

When it comes to critical infrastructure like power plants and water systems, we’ve only seen small attacks in the US, such as the breach of a control system for a small dam in Rye Brook, NY[11]. But places like Ukraine have seen problems like power outages[12]. What’s your assessment of the threat to the US electrical grid and other physical infrastructure?
I think the advantage that the US has in a lot of its critical infrastructure is it’s not very connected yet. A lot of it is very legacy systems. When you’re talking about water systems, you have some large water systems in our country, but it’s still very local. The electric grid has a long history of resilience.

What we’re working with with all the different industries is to recognize what we’ve done to build resilient systems for natural hazards or terrorist attacks, and all these different things that people have been working on now for quite a long time, [and asking,] how can we use those processes to manage a cyber incident, and where is there potentially a difference?

0

Homeland Security's tall order: A hacker-free election

jeanette-manfra-head-of-cybersecurity-department-of-homeland-security-7600

James Martin/CNET

As lawmakers and federal investigators continue to try to understand the chaos foreign actors were able to create during the 2016 election, the US Department of Homeland Security has taken a central role in helping secure the next election.

The agency declared the US election system, which is run by a fragmented group of officials in all 50 states as well as dozens of smaller local governments, to be a part of the nation’s “critical infrastructure” in January 2017. The agency doesn’t have any legal authority over election officials, but it offers programs to help them keep hackers out of voting machines, voter registration databases and public-facing election websites.

Homeland Security’s top cybersecurity official, Jeanette Manfra, sat down with CNET to talk about the balancing act of helping secure elections without overstepping the federal government’s authority. She serves as the National Protection and Programs Directorate  Assistant Secretary for the Office of Cybersecurity and Communications at Homeland Security. Manfra told us that, so far, 32 states and 31 local governments have taken part in at least the most basic cybersecurity help offered by Homeland Security, and the agency will have finished 14 deeper assessments by the end of April.

What’s more, Manfra said Homeland Security hasn’t seen a concerted hacking effort targeting the election system like it saw in 2016 — so far.

“The intelligence community has said we have every reason to expect that this foreign influence activity will continue, but we don’t see any specific credible threat or targeting of election infrastructure,” Manfra said.

Manfra also talked with us about why she thinks a return to paper ballots wouldn’t create a totally secure election, what Homeland Security has done to secure the federal government since the disastrous Office of Personnel Management data breach in 2015, and how she thinks the government can help make the internet of things safer. Here’s an edited transcript of our conversation.

Question: Tell us what Homeland Security is doing to help states and local governments secure the vote.
Manfra: When the government has information that would be useful to election officials, that we get that to them.

We issued a few public statements[1] over the past couple of days about a series of meetings[2] with industry, with state and local government officials. If there’s somebody targeting a network or a system in your state, who are the people that we need to notify.

To the extent that they would like to take advantage of the services we have, we offer those as well. There’s everything from scanning — they provide us with their IP ranges, we provide them with a weekly report on any vulnerabilities that we identify.

The other one that’s been written about a lot is the risk and vulnerability assessment. It takes about three weeks. They lay out for us what their networks, what their systems look like. We try a variety of different things and identify where we saw some potential issues, some recommended mitigations, and we often times will talk through with them if they have any questions.

Can you speak to the difference between securing voting machines and securing voter rolls and other election related networks?
The voting machines tend to make a lot of news when you’ve got people talking about being able to hack into them. While technically somebody may be able to demonstrate it, it’s nearly impossible to gain physical access to those machines.

Then you’ve got all these other pieces of the system, where if somebody wanted to [they could] create confusion. It’s got nothing to do with actually changing a vote, but you try to get into these different systems, because people don’t understand necessarily how all of these pieces are very disconnected.

We published voter registration database best practices in 2016[3]. We’ve been working with software vendors. We’ve been working with state officials. How can they best ensure that their public-facing websites are protected? How can they ensure that there’s no disruption of voter rolls? We’re working with the different organizations that would publish [early results], whether that’s through a state site, or the AP.

Not that we’re seeing targeting of any of this. We’re just wanting to take a really comprehensive approach to what we consider election infrastructure. Because it’s virtually impossible to actually affect the vote count itself, then an adversary may want to look at other means.

Security experts have been warning that voting machines are vulnerable to hacks for years, even if they would have to be hacked in person. What’s your approach with the vendors of these machines in ensuring that this improves?
My approach with the vendor community is more nascent. We had a meeting with them last Thursday, and have had some individual meetings, and we’ve got our own team of experts to look and do some penetration testing. I would say it’s a little bit early for me to judge them, and pretty much anything is going to have some vulnerability that somebody is going to try to exploit.

I also believe that once you have a product, you also have to make sure that you’re doing everything you can to lower the risk. It’s not always a cyberfix for a cybervulnerability; sometimes it’s reducing physical access, like they’ve done, and there’s other mechanisms in place such as the transparency of our election process. We’ve got observers that are looking at the vote counts and would be able to identify if there’s any anomalous changes.

I’ve talked to some advocates who say we should move back to paper ballots across the board. Would that make things more secure?
I vote in a community who’s gone to paper ballots. That introduces different complexity that those digital machines were trying to overcome. I couldn’t say that that will just unilaterally remove all risk. Particularly because if you have an adversary whose goal is to just create confusion, and undermine confidence, it wouldn’t necessarily matter.

I do believe that there should be audit capability and redundant means for checking if there is suspicion that something happened. And I know a lot of states and localities already have it, and if they didn’t, they’re working on it.

If there’s no current signs of foreign activity against US election systems, that’s different from what you’ve said was seen in the 2016 election when 21 states were targeted and a few were actually — is breached the right word?
That’s been the subject of endless debates.

But now you’re saying you’re not seeing a specific, concerted efforts along those lines…
…targeting election systems at this time. But again, what the intelligence officials laid out is, there is no reason to believe that the previous activity would go away.

There was an initial announcement that elections would be considered critical infrastructure because there was concerns over federal involvement in the state and local processes. Can you speak to where those concerns are coming from and how you deal with the challenge of offering assistance in elections that Homeland Security doesn’t have authority over?
In our non-federal cybersecurity role, we’ve tried to focus on what are those critical services and functions that we depend upon. Access to clean water, electricity and communications, and confidence in the financial systems. We have no kind of oversight or directive authority over any of those functions. Some of them may be regulated by other parts of the state government or the federal government, but not by us. And we think that [Homeland Security’s] voluntary approaches have been very useful.

Not every state is using every service offered by Homeland Security. What are some of the reasons a state might not opt into some of this?
We have a lot of great partnerships with organizations across the country that never take any of our services because they’re buying their own. If they’d like to take advantage [of ours], then that’s great. It benefits both of us. We learn about their systems, and they’re able to participate in our programs for free.

What has changed in the government’s approach to securing federal networks since the Office of Personnel Management breach in June of 2015[4]?
That was only three years ago, [but] it feels like a lifetime. At Homeland Security, Congress has given us a lot of authority. [We’ve been] implementing those authorities, many of them we got in 2014 and 2015. The binding operational directive[5] is one that we’ve been using successfully. You saw in the president’s executive order[6] [in May 2017] very clearly that cabinet secretaries, heads of agencies, you are accountable for your cybersecurity. This needs to be a priority for you.

The first directive we issued was about patching critical vulnerabilities within 30 days. We were not there when that started. And we’re now largely in that [range].

How developed is the information sharing system authorized under the Cybersecurity Information Sharing Act in 2015[7], and what has Homeland Security been able to do with it so far?
For the automated indicator sharing — remembering that it’s all about volume and velocity, and not about human validation for every single indicator — we’ve shared 1.8 million unique indicators through that program. We’ve got a little over 200 organizations that are signed up for it.

Are those private and public sector organizations?
Yes. And the 200 doesn’t necessarily mean a company or an agency. We’ve got a lot of information sharing organizations that have thousands of customers.

In 2016 we saw internet of things devices being used in unprecedented DDOS attacks[8]. Now we’re seeing botnets, including IoT botnets, caught up in cryptojacking schemes[9]. What do you see Homeland Security’s role in setting security standards for the growing network of sensors in our homes, workplaces and industrial settings?
In traditional consumer products, you can look at your microwave and see the UL seal there and you know that it’s passed some level of standards and certification. I think that is probably what we need for the so-called internet of things.

What we’ve looked at is Underwriter Laboratories, Energy Star and different things that have now become an industry standard — how did they develop? I think that there’s a government role in nurturing that process, but not dictating what the standards are. I think at one point the government said we’re only going to buy Energy Star products[10], and that was a very clear indicator for the market. I’m not suggesting that we have any plans along those lines, but I think it’s worthwhile looking back at how some of these different certification programs came about. I want to keep seeing the innovation, but I also want to see some standards.

When it comes to critical infrastructure like power plants and water systems, we’ve only seen small attacks in the US, such as the breach of a control system for a small dam in Rye Brook, NY[11]. But places like Ukraine have seen problems like power outages[12]. What’s your assessment of the threat to the US electrical grid and other physical infrastructure?
I think the advantage that the US has in a lot of its critical infrastructure is it’s not very connected yet. A lot of it is very legacy systems. When you’re talking about water systems, you have some large water systems in our country, but it’s still very local. The electric grid has a long history of resilience.

What we’re working with with all the different industries is to recognize what we’ve done to build resilient systems for natural hazards or terrorist attacks, and all these different things that people have been working on now for quite a long time, [and asking,] how can we use those processes to manage a cyber incident, and where is there potentially a difference?

0

Homeland Security's tall order: A hacker-free election

jeanette-manfra-head-of-cybersecurity-department-of-homeland-security-7600

James Martin/CNET

As lawmakers and federal investigators continue to try to understand the chaos foreign actors were able to create during the 2016 election, the US Department of Homeland Security has taken a central role in helping secure the next election.

The agency declared the US election system, which is run by a fragmented group of officials in all 50 states as well as dozens of smaller local governments, to be a part of the nation’s “critical infrastructure” in January 2017. The agency doesn’t have any legal authority over election officials, but it offers programs to help them keep hackers out of voting machines, voter registration databases and public-facing election websites.

Homeland Security’s top cybersecurity official, Jeanette Manfra, sat down with CNET to talk about the balancing act of helping secure elections without overstepping the federal government’s authority. She serves as the National Protection and Programs Directorate  Assistant Secretary for the Office of Cybersecurity and Communications at Homeland Security. Manfra told us that, so far, 32 states and 31 local governments have taken part in at least the most basic cybersecurity help offered by Homeland Security, and the agency will have finished 14 deeper assessments by the end of April.

What’s more, Manfra said Homeland Security hasn’t seen a concerted hacking effort targeting the election system like it saw in 2016 — so far.

“The intelligence community has said we have every reason to expect that this foreign influence activity will continue, but we don’t see any specific credible threat or targeting of election infrastructure,” Manfra said.

Manfra also talked with us about why she thinks a return to paper ballots wouldn’t create a totally secure election, what Homeland Security has done to secure the federal government since the disastrous Office of Personnel Management data breach in 2015, and how she thinks the government can help make the internet of things safer. Here’s an edited transcript of our conversation.

Question: Tell us what Homeland Security is doing to help states and local governments secure the vote.
Manfra: When the government has information that would be useful to election officials, that we get that to them.

We issued a few public statements[1] over the past couple of days about a series of meetings[2] with industry, with state and local government officials. If there’s somebody targeting a network or a system in your state, who are the people that we need to notify.

To the extent that they would like to take advantage of the services we have, we offer those as well. There’s everything from scanning — they provide us with their IP ranges, we provide them with a weekly report on any vulnerabilities that we identify.

The other one that’s been written about a lot is the risk and vulnerability assessment. It takes about three weeks. They lay out for us what their networks, what their systems look like. We try a variety of different things and identify where we saw some potential issues, some recommended mitigations, and we often times will talk through with them if they have any questions.

Can you speak to the difference between securing voting machines and securing voter rolls and other election related networks?
The voting machines tend to make a lot of news when you’ve got people talking about being able to hack into them. While technically somebody may be able to demonstrate it, it’s nearly impossible to gain physical access to those machines.

Then you’ve got all these other pieces of the system, where if somebody wanted to [they could] create confusion. It’s got nothing to do with actually changing a vote, but you try to get into these different systems, because people don’t understand necessarily how all of these pieces are very disconnected.

We published voter registration database best practices in 2016[3]. We’ve been working with software vendors. We’ve been working with state officials. How can they best ensure that their public-facing websites are protected? How can they ensure that there’s no disruption of voter rolls? We’re working with the different organizations that would publish [early results], whether that’s through a state site, or the AP.

Not that we’re seeing targeting of any of this. We’re just wanting to take a really comprehensive approach to what we consider election infrastructure. Because it’s virtually impossible to actually affect the vote count itself, then an adversary may want to look at other means.

Security experts have been warning that voting machines are vulnerable to hacks for years, even if they would have to be hacked in person. What’s your approach with the vendors of these machines in ensuring that this improves?
My approach with the vendor community is more nascent. We had a meeting with them last Thursday, and have had some individual meetings, and we’ve got our own team of experts to look and do some penetration testing. I would say it’s a little bit early for me to judge them, and pretty much anything is going to have some vulnerability that somebody is going to try to exploit.

I also believe that once you have a product, you also have to make sure that you’re doing everything you can to lower the risk. It’s not always a cyberfix for a cybervulnerability; sometimes it’s reducing physical access, like they’ve done, and there’s other mechanisms in place such as the transparency of our election process. We’ve got observers that are looking at the vote counts and would be able to identify if there’s any anomalous changes.

I’ve talked to some advocates who say we should move back to paper ballots across the board. Would that make things more secure?
I vote in a community who’s gone to paper ballots. That introduces different complexity that those digital machines were trying to overcome. I couldn’t say that that will just unilaterally remove all risk. Particularly because if you have an adversary whose goal is to just create confusion, and undermine confidence, it wouldn’t necessarily matter.

I do believe that there should be audit capability and redundant means for checking if there is suspicion that something happened. And I know a lot of states and localities already have it, and if they didn’t, they’re working on it.

If there’s no current signs of foreign activity against US election systems, that’s different from what you’ve said was seen in the 2016 election when 21 states were targeted and a few were actually — is breached the right word?
That’s been the subject of endless debates.

But now you’re saying you’re not seeing a specific, concerted efforts along those lines…
…targeting election systems at this time. But again, what the intelligence officials laid out is, there is no reason to believe that the previous activity would go away.

There was an initial announcement that elections would be considered critical infrastructure because there was concerns over federal involvement in the state and local processes. Can you speak to where those concerns are coming from and how you deal with the challenge of offering assistance in elections that Homeland Security doesn’t have authority over?
In our non-federal cybersecurity role, we’ve tried to focus on what are those critical services and functions that we depend upon. Access to clean water, electricity and communications, and confidence in the financial systems. We have no kind of oversight or directive authority over any of those functions. Some of them may be regulated by other parts of the state government or the federal government, but not by us. And we think that [Homeland Security’s] voluntary approaches have been very useful.

Not every state is using every service offered by Homeland Security. What are some of the reasons a state might not opt into some of this?
We have a lot of great partnerships with organizations across the country that never take any of our services because they’re buying their own. If they’d like to take advantage [of ours], then that’s great. It benefits both of us. We learn about their systems, and they’re able to participate in our programs for free.

What has changed in the government’s approach to securing federal networks since the Office of Personnel Management breach in June of 2015[4]?
That was only three years ago, [but] it feels like a lifetime. At Homeland Security, Congress has given us a lot of authority. [We’ve been] implementing those authorities, many of them we got in 2014 and 2015. The binding operational directive[5] is one that we’ve been using successfully. You saw in the president’s executive order[6] [in May 2017] very clearly that cabinet secretaries, heads of agencies, you are accountable for your cybersecurity. This needs to be a priority for you.

The first directive we issued was about patching critical vulnerabilities within 30 days. We were not there when that started. And we’re now largely in that [range].

How developed is the information sharing system authorized under the Cybersecurity Information Sharing Act in 2015[7], and what has Homeland Security been able to do with it so far?
For the automated indicator sharing — remembering that it’s all about volume and velocity, and not about human validation for every single indicator — we’ve shared 1.8 million unique indicators through that program. We’ve got a little over 200 organizations that are signed up for it.

Are those private and public sector organizations?
Yes. And the 200 doesn’t necessarily mean a company or an agency. We’ve got a lot of information sharing organizations that have thousands of customers.

In 2016 we saw internet of things devices being used in unprecedented DDOS attacks[8]. Now we’re seeing botnets, including IoT botnets, caught up in cryptojacking schemes[9]. What do you see Homeland Security’s role in setting security standards for the growing network of sensors in our homes, workplaces and industrial settings?
In traditional consumer products, you can look at your microwave and see the UL seal there and you know that it’s passed some level of standards and certification. I think that is probably what we need for the so-called internet of things.

What we’ve looked at is Underwriter Laboratories, Energy Star and different things that have now become an industry standard — how did they develop? I think that there’s a government role in nurturing that process, but not dictating what the standards are. I think at one point the government said we’re only going to buy Energy Star products[10], and that was a very clear indicator for the market. I’m not suggesting that we have any plans along those lines, but I think it’s worthwhile looking back at how some of these different certification programs came about. I want to keep seeing the innovation, but I also want to see some standards.

When it comes to critical infrastructure like power plants and water systems, we’ve only seen small attacks in the US, such as the breach of a control system for a small dam in Rye Brook, NY[11]. But places like Ukraine have seen problems like power outages[12]. What’s your assessment of the threat to the US electrical grid and other physical infrastructure?
I think the advantage that the US has in a lot of its critical infrastructure is it’s not very connected yet. A lot of it is very legacy systems. When you’re talking about water systems, you have some large water systems in our country, but it’s still very local. The electric grid has a long history of resilience.

What we’re working with with all the different industries is to recognize what we’ve done to build resilient systems for natural hazards or terrorist attacks, and all these different things that people have been working on now for quite a long time, [and asking,] how can we use those processes to manage a cyber incident, and where is there potentially a difference?

0

EU to double funding for military force in West Africa's Sahel

BRUSSELS (Reuters) – International donors have raised half a billion dollars for a multi-national military operation in West Africa’s Sahel region, the EU’s top diplomat said on Friday, as Europe seeks to stop migrants and militants reaching its shores.

At a conference of about 50 countries including the United States, Japan and Norway, countries pledged 414 million euros ($509 million) for the G5 Sahel force, made up of troops from Mali, Niger, Chad, Burkina Faso and Mauritania.

The European Union, which believes training local forces will avoid risking the lives of its own combat troops, was one of the biggest donors, doubling its contribution to 116 million euros. It paves the way to make the force fully operational later this year.

EU foreign policy chief Federica Mogherini stressed that promises had to be followed through on quickly to reach troops, while African leaders said the money so far would only cover the first year of operations.

France, the region’s former colonial power with more than 4,000 soldiers in the region, welcomed the donations after several years of struggling to raise sufficient financing.

The change in sentiment reflected concern that the Sahel could be a springboard for attacks on the West, diplomats said.

“We will continue our offensive alongside the G5 Sahel force to eradicate jihadi terrorist violence across the region,” France’s President Emmanuel Macron said, standing with German Chancellor Angela Merkel and Italian Prime Minister Paolo Gentiloni.

Militants took over northern Mali in 2012 before French forces pushed them back in 2013 in an intervention that alerted Washington and others to the growing threat in the region.

The United States has some 800 troops in Niger, where four U.S. soldiers died in October, but global awareness of the security importance of the vast, desert region remains low.

Spain’s Prime Minister Mariano Rajoy struggled to name the five countries of Mali, Niger, Chad, Burkina Faso and Mauritania as he arrived at the conference.

(First row L-R) Hungarian Prime Minister Viktor Orban, German Chancellor Angela Merkel, French President Emmanuel Macron and Cyprus’ President Nicos Anastasiades take part in a group photo during a High Level Conference on the Sahel in Brussels, Belgium February 23, 2018. REUTERS/Olivier Hoslet/Pool

But Germany’s Merkel said the pledges showed the European Union’s commitment to stabilize the arid region: “We cannot only start to fight illegal migration in Libya. We have to start in Mali, Niger, Chad. All of Europe is involved,” she said.

The G5 Sahel operation, whose command base is in central Mali, is to swell to 5,000 personnel from seven battalions and will also engage in humanitarian and development work.

About 350,000 people traveled through Niger alone in 2017, mostly hoping to reach Europe but some trying to return home, according to the Red Cross.

Slideshow (13 Images)

TWO OPTIONS: MIGRATE OR DIE

Evoking the desperation young people feel in the impoverished Sahel, Niger’s President Mahamadou Issoufou said many had just two options in life: to die in the Mediterranean trying to reach Europe or to die at the hands of militants.

“We have to act resolutely to change the face of the Sahel region or risk seeing this region of the world fall irreversibly into chaos and violence,” Issoufou told the conference after asking leaders and ministers to stand for a moment of silence for two French soldiers killed this week in Mali.

But Issoufou said the force would still need future financing on an annual basis of around 115 million euros and urged the West to take the fight against militants as seriously as it has taken the threat in Iraq and Syria.

As well as the European Union, pledges have come from the United States, Saudi Arabia and the United Arab Emirates, among others.

France is set to spend 1.2 billion euros to fund development in the region over the next five years, a 40 percent increase over current levels, while other countries are expected to provide more aid for farmers, schools and water projects.

The European Union is investing 8 billion euros in development aid in the region, according to EU data.

($1 = 0.8132 euros)

Additional reporting by Robert-Jan Bartunek; and Jean-Baptiste Vey

References

  1. ^ The Thomson Reuters Trust Principles. (thomsonreuters.com)
0

EU to double funding for military force in West Africa's Sahel

BRUSSELS (Reuters) – International donors have raised half a billion dollars for a multi-national military operation in West Africa’s Sahel region, the EU’s top diplomat said on Friday, as Europe seeks to stop migrants and militants reaching its shores.

At a conference of about 50 countries including the United States, Japan and Norway, countries pledged 414 million euros ($509 million) for the G5 Sahel force, made up of troops from Mali, Niger, Chad, Burkina Faso and Mauritania.

The European Union, which believes training local forces will avoid risking the lives of its own combat troops, was one of the biggest donors, doubling its contribution to 116 million euros. It paves the way to make the force fully operational later this year.

EU foreign policy chief Federica Mogherini stressed that promises had to be followed through on quickly to reach troops, while African leaders said the money so far would only cover the first year of operations.

France, the region’s former colonial power with more than 4,000 soldiers in the region, welcomed the donations after several years of struggling to raise sufficient financing.

The change in sentiment reflected concern that the Sahel could be a springboard for attacks on the West, diplomats said.

“We will continue our offensive alongside the G5 Sahel force to eradicate jihadi terrorist violence across the region,” France’s President Emmanuel Macron said, standing with German Chancellor Angela Merkel and Italian Prime Minister Paolo Gentiloni.

Militants took over northern Mali in 2012 before French forces pushed them back in 2013 in an intervention that alerted Washington and others to the growing threat in the region.

The United States has some 800 troops in Niger, where four U.S. soldiers died in October, but global awareness of the security importance of the vast, desert region remains low.

Spain’s Prime Minister Mariano Rajoy struggled to name the five countries of Mali, Niger, Chad, Burkina Faso and Mauritania as he arrived at the conference.

(First row L-R) Hungarian Prime Minister Viktor Orban, German Chancellor Angela Merkel, French President Emmanuel Macron and Cyprus’ President Nicos Anastasiades take part in a group photo during a High Level Conference on the Sahel in Brussels, Belgium February 23, 2018. REUTERS/Olivier Hoslet/Pool

But Germany’s Merkel said the pledges showed the European Union’s commitment to stabilize the arid region: “We cannot only start to fight illegal migration in Libya. We have to start in Mali, Niger, Chad. All of Europe is involved,” she said.

The G5 Sahel operation, whose command base is in central Mali, is to swell to 5,000 personnel from seven battalions and will also engage in humanitarian and development work.

About 350,000 people traveled through Niger alone in 2017, mostly hoping to reach Europe but some trying to return home, according to the Red Cross.

Slideshow (13 Images)

TWO OPTIONS: MIGRATE OR DIE

Evoking the desperation young people feel in the impoverished Sahel, Niger’s President Mahamadou Issoufou said many had just two options in life: to die in the Mediterranean trying to reach Europe or to die at the hands of militants.

“We have to act resolutely to change the face of the Sahel region or risk seeing this region of the world fall irreversibly into chaos and violence,” Issoufou told the conference after asking leaders and ministers to stand for a moment of silence for two French soldiers killed this week in Mali.

But Issoufou said the force would still need future financing on an annual basis of around 115 million euros and urged the West to take the fight against militants as seriously as it has taken the threat in Iraq and Syria.

As well as the European Union, pledges have come from the United States, Saudi Arabia and the United Arab Emirates, among others.

France is set to spend 1.2 billion euros to fund development in the region over the next five years, a 40 percent increase over current levels, while other countries are expected to provide more aid for farmers, schools and water projects.

The European Union is investing 8 billion euros in development aid in the region, according to EU data.

($1 = 0.8132 euros)

Additional reporting by Robert-Jan Bartunek; and Jean-Baptiste Vey

References

  1. ^ The Thomson Reuters Trust Principles. (thomsonreuters.com)
0

EU to double funding for military force in West Africa's Sahel region

BRUSSELS (Reuters) – The European Union will double its funding for a multi-national military operation in West Africa’s Sahel region to counter Islamist insurgencies, the EU’s top diplomat said on Friday, part of a broader effort to stop migrants and militants.

At a donor conference of about 50 countries including the United States, Japan and Norway, former colonial power France looked set to win enough backing to allow the new regional force to be fully operational later this year.

“This is not about charity, this is a partnership,” EU foreign policy chief Federica Mogherini told reporters, promising a doubling of EU funding to 100 million euros for the G5 Sahel force, made up of troops from Mali, Niger, Chad, Burkina Faso and Mauritania.

The G5 Sahel force needs more than 400 million euros ($494 million) to be able to meet the demands of its Western backers, up from the 250 million euros it has now.

Evoking the desperation young people feel in the impoverished Sahel, Niger’s President Mahamadou Issoufou said many had just two options in life: to die in the Mediterranean trying to reach Europe or to die at the hands of militants.

“We have to act resolutely to change the face of the Sahel region or risk seeing this region of the world fall irreversibly into chaos and violence,” Issoufou told the conference after asking leaders and ministers to stand for a moment of silence for two French soldiers killed this week in Mali.

Fears that violence in the arid zone could fuel already high levels of migration toward Europe and become a springboard for attacks on the West have made military and development aid there a priority for European nations and Washington.

While the deaths of four U.S. soldiers in October in Niger have highlighted the security threat, public awareness is low. Spain’s Prime Minister Mariano Rajoy struggled to name the five countries of Mali, Niger, Chad, Burkina Faso and Mauritania as he arrived at the conference.

(First row L-R) Hungarian Prime Minister Viktor Orban, German Chancellor Angela Merkel, French President Emmanuel Macron and Cyprus’ President Nicos Anastasiades take part in a group photo during a High Level Conference on the Sahel in Brussels, Belgium February 23, 2018. REUTERS/Olivier Hoslet/Pool

France, which has more than 4,000 troops in the region, hopes to reach at least 300 million euros in military aid on Friday to overcome financing problems for the force that was first proposed in 2014, while militants have scored military victories in West Africa.

So far, the United States has pledged 60 million euros to support it. Another 100 million euros has been pledged by Saudi Arabia, 30 million from the United Arab Emirates and 40 million on a bilateral basis by EU member states, separate from the EU.

The G5 Sahel operation, whose command base is in central Mali, is to swell to 5,000 personnel from seven battalions and will also engage in humanitarian and development work.

Slideshow (13 Images)

“PRICE OF PEACE”

France is also set to pledge 1.2 billion euros to fund development in the region over the next five years, a 40 percent increase over current levels, while other countries are expected to provide more aid for farmers, schools and water projects.

Mogherini said the European Union was spending 8 billion euros in development aid in the region over eight years.

“Peace has no price, peace is made with financial support” Mogherini said.

French President Emmanuel Macron will call for more to be done to support a separate EU train-and-advise mission in Mali, an EU diplomat said, and is seeking 50 more EU troops after Belgian soldiers ended their tour in the mission.

France has been frustrated that it is the only EU member with combat troops on the ground, although others have contributed trainers. By training African forces, Paris sees an eventual exit strategy for what is its biggest foreign deployment, diplomats said.

Tuaregs and jihadists took over northern Mali in 2012 before French forces pushed them back in 2013 in an intervention that alerted Washington to the growing threat in the region.

Additional reporting by Robert-Jan Bartunek; Editing by Janet Lawrence

References

  1. ^ The Thomson Reuters Trust Principles. (thomsonreuters.com)
0

EU to double funding for military force in West Africa's Sahel region

BRUSSELS (Reuters) – International donors have raised half a billion dollars for a multi-national military operation in West Africa’s Sahel region, the EU’s top diplomat said on Friday, as Europe seeks to stop migrants and militants reaching its shores.

At a conference of about 50 countries including the United States, Japan and Norway, countries pledged 414 million euros ($509 million) for the G5 Sahel force, made up of troops from Mali, Niger, Chad, Burkina Faso and Mauritania.

The European Union, which believes training local forces will avoid risking the lives of its own combat troops, was one of the biggest donors, doubling its contribution to 116 million euros. It paves the way to make the force fully operational later this year.

EU foreign policy chief Federica Mogherini stressed that promises had to be followed through on quickly to reach troops, while African leaders said the money so far would only cover the first year of operations.

France, the region’s former colonial power with more than 4,000 soldiers in the region, welcomed the donations after several years of struggling to raise sufficient financing.

The change in sentiment reflected concern that the Sahel could be a springboard for attacks on the West, diplomats said.

“We will continue our offensive alongside the G5 Sahel force to eradicate jihadi terrorist violence across the region,” France’s President Emmanuel Macron said, standing with German Chancellor Angela Merkel and Italian Prime Minister Paolo Gentiloni.

Militants took over northern Mali in 2012 before French forces pushed them back in 2013 in an intervention that alerted Washington and others to the growing threat in the region.

The United States has some 800 troops in Niger, where four U.S. soldiers died in October, but global awareness of the security importance of the vast, desert region remains low.

Spain’s Prime Minister Mariano Rajoy struggled to name the five countries of Mali, Niger, Chad, Burkina Faso and Mauritania as he arrived at the conference.

(First row L-R) Hungarian Prime Minister Viktor Orban, German Chancellor Angela Merkel, French President Emmanuel Macron and Cyprus’ President Nicos Anastasiades take part in a group photo during a High Level Conference on the Sahel in Brussels, Belgium February 23, 2018. REUTERS/Olivier Hoslet/Pool

But Germany’s Merkel said the pledges showed the European Union’s commitment to stabilize the arid region: “We cannot only start to fight illegal migration in Libya. We have to start in Mali, Niger, Chad. All of Europe is involved,” she said.

The G5 Sahel operation, whose command base is in central Mali, is to swell to 5,000 personnel from seven battalions and will also engage in humanitarian and development work.

About 350,000 people traveled through Niger alone in 2017, mostly hoping to reach Europe but some trying to return home, according to the Red Cross.

Slideshow (13 Images)

TWO OPTIONS: MIGRATE OR DIE

Evoking the desperation young people feel in the impoverished Sahel, Niger’s President Mahamadou Issoufou said many had just two options in life: to die in the Mediterranean trying to reach Europe or to die at the hands of militants.

“We have to act resolutely to change the face of the Sahel region or risk seeing this region of the world fall irreversibly into chaos and violence,” Issoufou told the conference after asking leaders and ministers to stand for a moment of silence for two French soldiers killed this week in Mali.

But Issoufou said the force would still need future financing on an annual basis of around 115 million euros and urged the West to take the fight against militants as seriously as it has taken the threat in Iraq and Syria.

As well as the European Union, pledges have come from the United States, Saudi Arabia and the United Arab Emirates, among others.

France is set to spend 1.2 billion euros to fund development in the region over the next five years, a 40 percent increase over current levels, while other countries are expected to provide more aid for farmers, schools and water projects.

The European Union is investing 8 billion euros in development aid in the region, according to EU data.

($1 = 0.8132 euros)

Additional reporting by Robert-Jan Bartunek; and Jean-Baptiste Vey

References

  1. ^ The Thomson Reuters Trust Principles. (thomsonreuters.com)
0

EU to double funding for military force in West Africa's Sahel region

BRUSSELS (Reuters) – The European Union is set to double its funding for a multi-national military operation in West Africa’s Sahel region to counter Islamist insurgencies on Friday, EU diplomats said, part of a broader effort to fight militants and people traffickers.

At a donor conference of some 50 countries including the United States, Japan and Norway, military power France hopes to win enough backing to allow a regional force first proposed four years ago to be fully operational later this year.

“There is a direct European interest in restoring stability to the region,” a senior EU diplomat said. “There is a general awareness now that the future of the European Union is also the future of Africa.”

Fears that violence in the arid zone could fuel already high levels of migration towards Europe and become a springboard for attacks on the West have made military and development aid there a priority for European nations and Washington.

The G5 Sahel force, made up of troops from Mali, Niger, Chad, Burkina Faso and Mauritania, needs more than 400 million euros ($494 million) to be able to meet the demands of its Western backers, up from the 250 million euros it has now.

France, which has more than 4,000 troops in the region, hopes to reach at least 300 million on Friday, as the European Union pledges another 50 million euros to take its contribution to 100 million for the force that has struggled to meet expectations while militants have scored military victories in West Africa.

So far, the United States has pledged 60 million euros to support it. Another 100 million euros has been pledged by Saudi Arabia, 30 million from the United Arab Emirates and 40 million on a bilateral basis by EU member states, separate from the EU’s joint effort.

Separately, France is set to pledge 1.2 billion euros to fund development in the region over the next five years, a 40 percent increase over current levels, an EU diplomat said.

“MORE WEAPONS, MORE SUFFERING”

The deaths of two French soldiers this week in Mali and four U.S. soldiers in October in Niger, where most Americans did not know the United States had forces, has highlighted the security threat in the vast scrublands spanning from Mauritania to Chad.

French President Emmanuel Macron will call for more to be done to support a separate EU train-and-advise mission in Mali, a second EU diplomat said, and is seeking some 50 more EU troops after Belgian soldiers ended their tour in the mission.

France has been frustrated that it is the only EU member with combat troops on the ground, although others have contributed trainers. By training African forces, Paris sees an eventual exit strategy for what is its biggest foreign deployment, diplomats said.

“There’s a lack of EU training troops that we must fill,” a EU diplomat said.

Macron will also call to redouble efforts to broker peace through talks with Tuareg rebels in the desert north.

Tuaregs and jihadists took over northern Mali in 2012 before French forces pushed them back in 2013 in an intervention that alerted Washington to the growing threat in the region.

The G5 Sahel operation, whose command base is in central Mali, is set to swell to 5,000 men from seven battalions and will also engage in humanitarian and development work.

The International Committee of the Red Cross (ICRC) warned that training soldiers was not the only strategy and called for greater efforts to relieve the roots of the conflict in poverty, poor governance and climate hazards.

“When you add more weapons, you add more suffering,” Patrick Youssef, deputy head of the ICRC’s operations for Africa, told Reuters. “That needs to be accompanied with real measures to alleviate the suffering that is the main reason why this war was created.”

Reporting by Robin Emmott; Editing by Nick Macfie

References

  1. ^ The Thomson Reuters Trust Principles. (thomsonreuters.com)
0

US, S. Korea Military Exercises Could End Outreach to Nuclear North

SEOUL — 

The resumption of U.S.-South Korea joint military exercises, which were postponed until after the PyeongChang Olympics and Paralympics end in late March, could also mark the end of the current diplomatic outreach to North Korea.

The annual joint exercises include the Key Resolve strategic simulation drill, where U.S. and South Korean troops and military assets are deployed to respond to potential North Korean threats, and field exercises called Foal Eagle. Past drills involved nearly 20,000 American troops, 300,000 South Korean forces, and an array of bomber aircrafts, fighter jets and warships.

Needed deterrence

Military leaders deem these conventional exercises to be essential to maintain defense readiness and deterrence against the growing North Korean nuclear threat. It is also standard practice for every country in the world to conduct ongoing training for soldiers that are continually being drafted or deployed.

“All militaries train. The Korean People’s Army in North Korea trains. The PLA (People’s Liberation Army) trains in China. That’s what militaries do,” said North Korea security analyst Daniel Pinkston, a lecturer in international relations with Troy University in Seoul

North Korea has called these joint exercises threatening rehearsals for invasion.

South Korean President Moon Jae-in negotiated a delay in this year’s exercises to ensure the safety of the winter Olympics games being held close to the inter-Korean border. North Korea’s participation in the Olympics has also been accompanied by a pause in its missile launches and nuclear tests. In the year prior, Pyongyang conducted numerous provocative tests, after publicly setting the goal to develop a functional nuclear intercontinental ballistic missile that can target the U.S. mainland.

South Korean President Moon Jae-in talks with president of the Presidium of the Supreme People's Assembly of North Korea Kim Young Nam as Kim Yo Jong, the sister of North Korea's leader Kim Jong Un, looks on.
South Korean President Moon Jae-in talks with president of the Presidium of the Supreme People’s Assembly of North Korea Kim Young Nam as Kim Yo Jong, the sister of North Korea’s leader Kim Jong Un, looks on.

In response, the administration of U.S. President Donald Trump has led an international effort to impose harsh sanctions on the North that cut off much of its income, including banning its lucrative coal and mineral exports.

Freeze for freeze

Moon’s diplomatic outreach has enacted what is basically a temporary “freeze for freeze” proposal, suspending both the U.S.-South Korea joint drills and North Korean provocations that China and Russia have been advocating to reduce regional tensions.

Washington has so far rejected any proposals to further suspend conventional military exercises that it argues are defense oriented and legal under international law, while it says North Korea’s nuclear program threatens its neighbors and the world.

There is, however, speculation that Washington and Seoul may try to reduce the size and scope of the exercises to make them less threatening to the North, perhaps by eliminating decapitation simulations that practice targeting leadership in Pyongyang, or excluding U.S. nuclear capable bombers from participating in the drills.

“The question is what level of the exercises is adequate for military preparedness and for robust deterrence purposes, and how do you calibrate it in a way that is nonthreatening,” said Pinkston.

In this Nov. 12, 2017 photo provided by South Korea Defense Ministry, three U.S. aircraft carriers USS Nimitz, left top, USS Ronald Reagan, left center, and USS Theodore Roosevelt, left bottom, participate with other U.S. and South Korean navy ships.
In this Nov. 12, 2017 photo provided by South Korea Defense Ministry, three U.S. aircraft carriers USS Nimitz, left top, USS Ronald Reagan, left center, and USS Theodore Roosevelt, left bottom, participate with other U.S. and South Korean navy ships.

But Pyongyang has warned it would respond to the resumption of the joint drills, possibly by resuming provocative nuclear and missile tests, even if it means triggering further sanctions.

“The North Korean authority must do its own calculation about gains and losses about such an action in protest to the resumption of the military exercises. So it is all up to Kim Jong on government,” said Bong Young-shik, a political analyst with the Yonsei University’s Institute for North Korean Studies in Seoul.

Olympic engagement

North Korea’s official KCNA news agency on Monday said restarting the drills would be a “provocative act” that would undermine Pyongyang’s recent efforts to “defuse tension and create a peaceful environment.”

Moon’s Olympic engagement efforts with the North, including marching together at the opening ceremony and fielding a unified women’s hockey team, has reduced inter-Korean tensions and brought about an invitation from the North Korean leader to host the South Korean president in Pyongyang for a leaders summit.

North Korean leader Kim Jong Un meets members of the high-level delegation of the Democratic People's Republic of Korea, which visited South Korea to attend the opening ceremony of the 23rd Winter Olympics.
North Korean leader Kim Jong Un meets members of the high-level delegation of the Democratic People’s Republic of Korea, which visited South Korea to attend the opening ceremony of the 23rd Winter Olympics.

By participating in the Olympics, Pyongyang also embarked on what critics called a “charm offensive,” meant to improve its threatening image and weaken support for economic sanctions imposed for its continued nuclear violations.

Moon’s diplomatic outreach, however, has so far been unable to bring Washington and Pyongyang into direct talks to resolve the nuclear standoff. The U.S. will not engage in official negotiations until the North agrees to give up its nuclear program, which Pyongyang refuses to do, insisting that its nuclear weapons are needed to prevent a U.S. invasion.

“History does not give me much confidence that this will lead anywhere, especially when the bargaining position of the U.S. side is that the North does have to give up its weapon nuclear weapons and parts of its missile program,” said regional security analyst Grant Newsham with the Japan Forum for Strategic Studies in Tokyo.

The Trump administration recently indicated a willingness to support Moon’s efforts and engage in exploratory talks. U.S. officials on Tuesday said Vice President Mike Pence, who led the U.S. Olympic delegation at the Olympics opening ceremony, was planning to meet with Kim Yo Jong, the sister of the North Korean leader at the games, but North Korea canceled the meeting at the last minute.

However the vice president also clarified that the U.S. “maximum pressure” approach, which includes increasing economic sanctions and maintaining the credible threat of military force as well, would remain in place until the Kim government agrees to give up its nuclear weapons.

Lee Yoon-jee in Seoul contributed to this report.