Reading this online? Sign up for The Cybersecurity 202 to get scoops and sharp analysis in your inbox each morning.
Last week’s Cybersecurity 202 on scrutiny of Microsoft inadvertently omitted statements provided by Microsoft. You can read the full story — and Microsoft’s comments — here.
Below: The White House convenes a school cybersecurity summit, and cyberattacks on health-care devices have soared. First:
China got into Japan’s ‘most sensitive networks,’ U.S. found
Chinese military hackers penetrated Japan’s most sensitive computer networks, the National Security Agency discovered in the fall of 2020, just as the United States was reckoning with the landmark SolarWinds hack — and then China’s intrusion continued through the transition to a new president.
That’s what a story out Monday afternoon from my colleague Ellen Nakashima details in-depth. It’s a tale that Bonnie Glaser, managing director of the Indo-Pacific program and the German Marshall Fund, called a “very important story” on Twitter, which has been renamed X. And it comes at a time when Beijing is eager to project power across the Western Pacific.
“The hackers had deep, persistent access and appeared to be after anything they could get their hands on — plans, capabilities, assessments of military shortcomings, according to three former senior U.S. officials, who were among a dozen current and former U.S. and Japanese officials interviewed, who spoke on the condition of anonymity because of the matter’s sensitivity,” Ellen wrote about the initial discovery.
- “‘It was bad — shockingly bad,’” recalled one former U.S. military official, who was briefed on the event, which has not been previously reported.”
And despite improvements Japan has made since, “they are still deemed not sufficiently secure from Beijing’s prying eyes,” Ellen wrote.
Japan says it will further bolster its cyberdefenses. “The government of Japan intends to strengthen its cybersecurity response capabilities to be equal to or surpass the level of leading Western countries,” Noriyuki Shikata, Prime Minister Fumio Kishida’s cabinet press secretary, said in an interview. As Ellen writes, “[t]hat goal — along with ‘active cyberdefense,’ or a form of offense-as-defense hacking — is enshrined in Japan’s new national security strategy.”
- After Ellen’s story was published, Japanese Defense Minister Yasukazu Hamada said Tokyo is responding to cyberattacks “through a variety of initiatives” but declined to detail any incidents. “We have not confirmed that any confidential information held by the Ministry of Defense has been leaked,” Hamada said in a news conference. “There have been no incidents of cyberattacks affecting the execution of the SDF’s missions.”
One theme of the story is Japan’s reluctance to embrace U.S. help.
An interesting detail in the piece is that Japan was leery of having Cyber Command deploy “hunt forward” teams — which conduct operations to look for foreign intruders — to their shores.
“They were uncomfortable having another country’s military on their networks,” said the former military official.
As of early May, according to Cyber Command, it had deployed its Cyber National Mission Force 47 times to 22 countries to conduct hunt operations on more than 70 networks across the globe. Most recently, a team deployed to Latvia for a second time, according to a Cyber Command press release.
- Canadian Armed Forces worked with the United States in Latvia on a three-month operation that turned up malware for analysis, Cyber Command said. Latvia has found itself a target of Russian and pro-Russian hackers for years, including during the war in Ukraine.
- “With our trusted allies, the U.S. and Canada, we are able to deter cyber threat actors and strengthen our mutual resilience,” Baiba Kaškina, general manager of CERT.LV, Latvia’s main cybersecurity response institution, said in a news release. “This can only happen through real-life defensive cyber operations and collaboration. The defensive cyber operations conducted allowed us to ensure our state infrastructure is a harder target for malicious cyber actors.”
But Japan isn’t the only nation to be skeptical of Cyber Command hunting forward.
Last year, the head of French Cyber Defense Command, Gen. Aymeric Bonnemaison, told a commission in his country that he was concerned that the “relatively aggressive” Cyber Command hunt-forward missions in Europe could lead to laying the groundwork for espionage.
Ellen’s story also shows that U.S. efforts to escalate Japan’s response weren’t as effective as officials would have liked.
- “The 2020 penetration was so disturbing that Gen. Paul Nakasone, the head of the NSA and U.S. Cyber Command, and Matthew Pottinger, who was White House deputy national security adviser at the time, raced to Tokyo,” the story reads. “They briefed the defense minister, who was so concerned that he arranged for them to alert the prime minister himself.”
- They emphasized that the cyberattack was one of the worst in Japan’s history, and left “thinking they had really made a point,” as the story quotes one official saying.
- Instead, as the Biden administration was getting acclimated by early January, “cybersecurity and defense officials realized the problem had festered,” Ellen writes.
The cyberattacks on Japan raise questions of how much the United States should share intelligence with Tokyo if their networks are vulnerable. A fair number of people in the story, however, suggest that the United States isn’t perfect there, either. And the United States needs Japan as an ally in the region, so sharing is the only way.
There’s been talk for years about Japan joining an intelligence alliance of nations known as the Five Eyes. The gaps that Ellen’s story exposed prompted some to doubt whether a “Six Eyes” alliance was likely.
Tobias Harris, deputy director of the German Marshall Fund’s Asia program, wrote on the social media platform Bluesky that it’s worth remembering Tokyo’s reputation as “spy heaven” — a term the story elaborates on — “the next time someone floats the ‘why not include Japan in Five Eyes’ question.”
Lisa Rein and Olivier Knox contributed to this report.
White House convenes summit on K-12 school cybersecurity priorities
White House officials are set to convene a summit today to outline the Biden administration’s priorities to protect K-12 school systems from cyberattacks.
- The summit expected this morning will be hosted by first lady Jill Biden, a professor. She will be joined by Education Secretary Miguel Cardona and DHS Secretary Alejandro Mayorkas.
- CISA Director Jen Easterly, FCC Chair Jessica Rosenworcel, FBI Deputy Director Paul Abbate are also expected to join — as are Education officials including Deputy Secretary of Education Cindy Marten, as well as other officials including Los Angeles Unified School District Superintendent Alberto Carvalho.
The administration aims to equip schools with knowledge to prevent cyberattacks, resources for up-to-date technologies and adequate staffing to focus on cybersecurity, Anne Neuberger, the deputy national security adviser for cyber and emerging technology, told reporters in a news conference ahead of the event. (Neuberger is also expected to provide remarks at the summit).
The administration has observed school cyberattacks in several states across the country, including Arizona, California, Washington, Massachusetts, West Virginia, Minnesota, New Hampshire and Michigan, Neuberger later added.
The private sector has made several voluntary commitments ahead of the event, and representatives will also attend to discuss those resources:
- Amazon Web Services will commit $20 million for a grant program for school districts and state departments of education, as well as free security training to K-12 IT staff. (Amazon founder Jeff Bezos owns The Washington Post. Interim CEO Patty Stonesifer sits on Amazon’s board).
- Cloudflare will offer a suite of cybersecurity tools to public school districts under 2,500 students.
- K-12 software provider PowerSchool will provide free and subsidized courses, training and resources to all U.S. schools and districts.
- Google rolled out an updated guidebook for school systems to help ensure security of their Google hardware or devices.
- Learning platform company D2L committed to providing access to new cybersecurity courses with trusted third parties.
Those commitments were made in recent weeks through both the White House and Education Department’s engagement with the private sector, according to senior administration officials who spoke on the condition of anonymity under the ground rules of a news conference.
AI models undergo White House-backed coherence tests at hacker convention
Leading AI firms including Google, OpenAI, Anthropic and Stability AI have volunteered their latest chatbots and image generators to be tested by hackers to see whether their underlying language models can be exploited, our colleague Will Oremus reports.
The tests will be the first public “red teaming” contest for AI language models — where hackers try to find ways to make AI systems act awry so their makers can try fixing them before they cause harm — and will happen later this week at the DEF CON hacking convention in Las Vegas.
- The Generative Red Team Challenge event “has drawn backing from the White House as part of its push to promote ‘responsible innovation’ in AI, an emerging technology that has touched off an explosion of hype, investment — and fear,” Will writes.
- “The contest underscores the growing interest, especially among tech critics and government regulators, in applying red-teaming exercises — a long-standing practice in the tech industry — to cutting-edge AI systems like OpenAI’s ChatGPT language model,” he adds.
Generative AI systems possess a wide range of applications, and AI experts have warned those applications can be used in malignant ways by terror groups or rogue states to create bioweapons.
The hope is that the contest will help root out these potential behaviors, as well as other embedded biases that could harm marginalized communities. The event may also weed out cases where models are subject to “prompt attacks” that override a language model’s instructions, as well as “data poisoning” where model training data is hijacked to change its behavior or outputs, Will notes.
Health-care cyber vulnerabilities surge nearly 60 percent since 2022, report says
Cybersecurity vulnerabilities in medical hardware, operating systems and software applications have skyrocketed 59 percent year-over-year, according to a new report available later today.
The joint findings from nonprofit Health Information Sharing and Analysis Center (Health-ISAC), supply chain security firm Finite State and cyber vulnerability detection company Securin come as several health-care systems around the United States face overwhelming cyberattacks that forced them to pause certain medical devices and pivot to paper record-keeping.
- There have been 993 vulnerabilities spanning 966 health-care products detected in 2023, compared with nearly 600 vulnerabilities detected the same time a year ago.
- Of those, 43 are categorized as exploits that allow hackers to take over systems and escalate their control of the network, making them very attractive to those aiming to access data in health-care settings, according to the report.
At 64 percent, most of the vulnerabilities outlined in the report come from software applications. Hardware and operating systems make up 27 percent and 9 percent of the vulnerabilities, respectively.
- The majority of vulnerabilities were found in what the research designated as Class II devices (such as anesthesia monitoring or CT scanners) and broad health-care IT management systems like software applications or IT infrastructure.
Ransomware attacks against hospitals and health systems are devastating because of medical device interconnectivity and interoperability, The Cybersecurity 202 previously reported.
- A Department of Health and Human Services official in June told a House panel that the agency found nearly all hospitals it surveyed had some medical devices running either operating systems that are no longer supported or software with known vulnerabilities.
CISA publishes cybersecurity strategic plan with high-level overview of initiatives through 2027 (Inside Cybersecurity)
Government watchdog finds U.S. embassies running software vulnerable to attacks (Politico)
FCC urged to act on Chinese modules in smart devices (Newsweek)
‘This isn’t some random dude with a duffel bag’: To catch fentanyl traffickers, feds dig into crypto markets (CNN)
Ukraine’s elite forces rely on technology to strike behind enemy lines (Isabelle Khurshudyan, Sasha Maslov and Kamila Hrabchuk)
North Korean hackers breached top Russian missile maker (Reuters)
A global web of Chinese propaganda leads to a U.S. tech mogul (New York Times)
Crypto heists funneling billions to North Korea’s nuclear program attract Senate scrutiny (Wall Street Journal)
‘Bitcoin Bonnie and Clyde’ plead guilty in ‘spy novel’-like laundering case (María Luisa Paúl)
MOVEit hack spawned around 600 breaches but isn’t done yet, cyber analysts say (Reuters)
Health data of 1.7 million Oregon residents accessed by MOVEit hackers (TechCrunch)
Curve Finance exploiter returns stolen funds, teases ‘I’m smarter than all of you’ (The Block)
Woman sues Detroit after facial recognition mistakes her for crime suspect (Kelly Kasulis Cho)
TikTok to face European privacy fine by September (Politico)
- Steve Kelly has joined the Institute for Security and Technology as its Chief Trust Officer. Kelly held several cyber roles at the FBI and also served as special assistant to the president and senior director for cybersecurity and emerging technology at the National Security Council.
- The Black Hat USA conference continues this week in Las Vegas
- The Institute of World Politics convenes a seminar on international cybersecurity laws on Wednesday at 6 p.m.
- NSA Director Paul Nakasone speaks at the Center for Strategic and International Studies on Thursday at 10 a.m.
Thanks for reading. See you tomorrow.