Early Edition: December 18, 2020

A curated guide to major national security news and developments over the past 24 hours.

Signup to receive the Early Edition in your inbox here.

A curated guide to major national security news and developments over the past 24 hours. Here’s today’s news.

RUSSIAN HACKING

The Department of Homeland Security (DHS)’s Cybersecurity and Infrastructure Security Agency (CISA) yesterday warned that the recently unearthed Russian hack operation poses “a grave risk to the Federal Government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations”  and stated that hackers used a far wider variety of methods than previously thought to access federal systems from as early as March. The Washington Post were the first to report that those responsible were a Russian military group dubbed “Cozy Bear,” a prolific hacking group which has previously targeted the State Department during the Obama administration and coronavirus researchers this year. Hackers were believed to have infiltrated federal systems via a widely used network-management software, SolarWinds; however, CISA said in an alert that hackers had actually used a number of other conduits to infiltrate systems: “CISA has evidence of additional initial access vectors, other than the SolarWinds Orion platform; however, these are still being investigated,” the agency wrote, adding that the hackers had “demonstrated patience, operational security, and complex tradecraft in these intrusions. CISA expects that removing this threat actor from compromised environments will be highly complex and challenging for organizations.” Maggie Miller reports for The HillCISA’s alert also said: “This adversary has demonstrated an ability to exploit software supply chains and shown significant knowledge of Windows networks … It is likely that the adversary has additional initial access vectors and tactics, techniques, and procedures (TTPs) that have not yet been discovered.”

Hackers also accessed the networks of the Department of Energy (DOE) and the National Nuclear Security Administration (NNSA), which is responsible for maintaining US nuclear weapons stockpile, agency officials said yesterday, reports Natasha Bertrand and Eric Wolff for POLITICO. The authors note that the DOE and NNSA reportedly found suspicious activity in a number of their networks, including the Federal Energy Regulatory Commission (FERC), the Sandia and Los Alamos national laboratories, the Office of Secure Transportation at NSAA and the DOE’s Richland Field Office, although more damage was said to have been done at FERC, officials said. Those officials also said CISA was overwhelmed and so would not be able to provide necessary resources to FERC; DOE therefore stepped in to assist. DOE spokesperson Shaylyn Hynes told The Hill that: “At this point, the investigation has found that the malware has been isolated to business networks only, and has not impacted the mission essential national security functions of the Department, including the National Nuclear Security Administration (NNSA) … When DOE identified vulnerable software, immediate action was taken to mitigate the risk, and all software identified as being vulnerable to this attack was disconnected from the DOE network.”

Microsoft said yesterday that it too had been hacked and had also identified 40 companies, government agencies and think-tanks that the hacking operation has compromised. “It’s still early days, but we have already identified 40 victims — more than anyone else has stated so far — and believe that number should rise substantially,” Brad Smith, Microsoft’s president, said in an interview yesterday. “There are more nongovernmental victims than there are governmental victims, with a big focus on I.T. companies, especially in the security industry,” he added. David E. Sanger and Nicole Periroth report for the New York Times80 percent of victims were in the US, but there were also victims in Belgium, Canada, Israel, Mexico, Spain, the UAE and the UK, Smith said in a blog post for Microsoft.

The House’s Homeland Security Committee and the Oversight and Reform Committee yesterday announced that they would be initiating a joint investigation into the matter, with the chairs of the respective panels sending a letter to the leaders of the FBI, Director of National Intelligence (DNI) and DHS notifying them of their decision. Homeland Security panel chair Bennie Thompson (D-MS) and Oversight and Reform panel chair Carolyn Maloney (D-NY) informed top intelligence officials that “Our Committees are seeking information related to the apparent, widespread compromise of multiple federal government, critical infrastructure, and private sector information technology networks.” Olivia Beavers reports for The Hill.

Leaders of the Senate Finance Committee yesterday asked the IRS to brief the panel on whether sensitive taxpayer information had been compromised as part of the hack. Finance Committee Chair Chuck Grassley (R-IA) and ranking member Ron Wyden (D-OR) wrote in a letter to IRS Commissioner Charles Rettig: “Given the extreme sensitivity of personal taxpayer information entrusted to the IRS, and the harm both to Americans’ privacy and our national security that could result from the theft and exploitation of this data by our adversaries, it is imperative that we understand the extent to which the IRS may have been compromised,” adding that, “It is also critical that we understand what actions the IRS is taking to mitigate any potential damage, ensure that hackers do not still have access to internal IRS systems, and prevent future hacks of taxpayer data.” Naomi Jagoda reports for The Hill.

President Trump has remained silent on the hack which his administration missed, with some saying Trump’s silence further underlines his deference to Russia and Russian President Vladimir Putin. Kevin Liptak reports for CNN.

President-elect Joe Biden yesterday pledged to make cybersecurity a top priority: “We need to disrupt and deter our adversaries from undertaking significant cyberattacks in the first place,” Biden said in a statement, adding, “We will do that by, among other things, imposing substantial costs on those responsible for such malicious attacks, including in coordination with our allies and partners.” He also said: “Our adversaries should know that, as president, I will not stand idly by in the face of cyber assaults on our nation.” Al Jazeera reporting.

How Bellingcat’s open-source investigations help the work of US intelligence agencies is explained by Amy Mackinnon for Foreign Policy.

A useful explainer on what we know so far is provided by Dustin Volz for the Wall Street Journal.

US DEVELOPMENTS

President Trump said yesterday that he intends to go through with his threats to veto the annual defense policy bill which was passed in the House and Senate last week with veto-proof majorities. Nonetheless, Trump took to Twitter, stating: “I will Veto the Defense Bill, which will make China very unhappy. They love it. Must have Section 230 termination, protect our National Monuments and allow for removal of military from far away, and very unappreciative, lands. Thank you!” Rebecca Shabad reports for NBC News.

Lawmakers may be forced to pass another stopgap spending measure to give themselves more time to settle negotiations on a $900 billion coronavirus relief package due to a government funding deadline set for 12.01 a.m. Saturday. “Disagreements on authority for Federal Reserve lending programs, aid distributed by the Federal Emergency Management Agency and eligibility for the direct checks held up negotiations Thursday,” report Andrew Duehren and Kristina Peterson report for the Wall Street Journal.

Some lawmakers have expressed objection to the stopgap bill, reports Heather Caygle, Burgess Everett and Jake Sherman for POLITICO. “I know people who are going to object to that, that want to keep pressure on the process until we get a deal. It would take consent, obviously, to a do a short-term [spending bill],” said Senate Majority Whip John Thune (R-SD), adding, “Government shutdowns are never good. If it’s for a very short amount of time on a weekend hopefully it’s not going to be something that would be all that harmful.”

A Dutch hacker reportedly hacked Trump’s Twitter account twice by guessing his passwords  first, six years ago, when he guessed the password as “yourefired,” and then again on Oct. 16, when he guessed the password as “maga2020!”  Dutch prosecutors said Wednesday. “We believe the hacker has actually penetrated Trump’s Twitter account, but has met the criteria that have been developed in case law to go free as an ethical hacker,” the public prosecutor’s office said in a statement, the Guardian reported. Miriam Berger reports for the Washington Post.

A bipartisan group of over 30 state attorneys general filed another antitrust lawsuit against Google yesterday which took issue with the company’s online search market power  the third such lawsuit against Google since October and the second this week. The lawsuit, filed by 35 states and Washington, D.C., Guam and Puerto Rico, claims that Google has abused its market power over search engines and search advertising markets via anticompetitive contracts and measures. Leah Nylen reports for POLITICO.

Trump said yesterday on Twitter that he had nothing to do with the federal investigations into the business dealings and finances of Hunter Biden, President-elect Joe Biden’s son. Sarah N. Lynch reports for Reuters.

A grand jury has indicted six men facing charges of conspiring to kidnap Michigan Governor Gretchen Whitmer from her holiday home in June. The men — Adam Fox, Barry Croft, Ty Garbin, Kaleb Franks, Daniel Harris and Brandon Caserta — were arrested and charged in October, with some said to be members of an anti-government militia group called Wolverine Watchmen. Devan Cole and Sonia Moghe report for CNN.

PRESIDENT-ELECT JOE BIDEN’S TRANSITION TO POWER 

Former New Jersey Gov. Chris Christie, a top ally of President Trump, yesterday indicated that President-elect Joe Biden’s victory must now be accepted. “Whenever anybody loses an election — party, an individual — there is great disappointment. But elections have consequences and this one was clearly won by President-elect Biden by the same margin in the Electoral College that President Trump won four years ago — by even more, nearly double the popular vote,” Christie told CNN’s Chris Cuomo on “Prime Time,” adding, “This election, there has been no evidence put forward that has shown me as a former prosecutor that there is any fraud that would change the results of the election. It’s time for us to accept that defeat. Also, by the way, accept the many victories we had that night. Fourteen new House members, two legislatures at the state level switched, and a governorship flipped to the Republican party.” “We had a great night except at the top of the ticket,” he continued, “So we need to accept that and we need to move on.” Paul LeBlanc reports for CNN.

Biden intends to nominate Michael Regan to lead the Environmental Protection Agency (EPA) and Rep. Deb Haaland (D-NM) to serve as interior secretary, those familiar with the matter said. Adam Edelman, Geoff Bennett and Mike Memoli report for NBC News.

US RELATIONS

“Iran has begun construction on a site at its underground nuclear facility at Fordo amid tensions with the US over its atomic program,” satellite photos obtained today by the AP reveal.

A new agreement between Iran and the Biden administration is required to revive the 2015 Iran nuclear deal, International Atomic Energy Agency (IAEA) Director General Rafael Mariano Grossi said, suggesting that there had been too many breaches of the deal by Iran for the United States to just rejoin the deal and things to return to how they were when Iran had been more compliant. “I cannot imagine that they are going simply to say, ‘We are back to square one’ because square one is no longer there,” Grossi said at IAEA headquarters. Francois Murphy reports for Reuters.

However, Iran’s ambassador to the IAEA today rejected Grossi’s call: “Presenting any assessment on how the commitments are implemented is absolutely beyond the mandate of the agency and should be avoided,” Kazem Gharibabadi said in post on Twitter. Reuters reporting.

The US is expected to add dozens of Chinese companies to a trade blacklist today, including the country’s top chipmaker SMIC, people familiar with the matter told Reuters yesterday. The Commerce Department is reportedly going to add around 80 companies and affiliates to the entity list, nearly all of whom are Chinese. Alexandra Alper, David Shepardson and Humeyra Pamuk report for Reuters.

Responding to potential US blacklists on Chinese companies, China’s foreign ministry today urged the US to stop its “unjustified” measures. Reuters reporting.

Secretary of State Mike Pompeo this week spoke with his Turkish counterpart following US sanctions on Turkey over its purchase of S–400 Russian missile defense systems. Pompeo said on Twitter that he had spoken to Turkish Foreign Minister Mevlut Cavusoglu and said that the recent sanctions demonstrates that “the U.S. will fully implement [the Countering America’s Adversaries Through Sanctions Act (CAATSA)] and prevent Russia from receiving revenue, access, and influence.” Laura Kelly reports for The Hill.

CORONAVIRUS

The novel coronavirus has infected over 17.21 million and now killed over 310,000 people in the United States, according to data compiled by Johns Hopkins University. Globally, there have been over 75.08 million confirmed coronavirus cases and over 1.665 million deaths. Sergio Hernandez, Sean O’Key, Amanda Watts, Byron Manley and Henrik Pettersson report for CNN.

The FDA vaccine-advisory panel yesterday recommend that the FDA authorize the emergency-use of the new Covid-19 vaccine from Moderna Inc. Erika Edwards reports for NBC News.

A map and analysis of all confirmed cases of the virus in the US is available at the New York Times.

US and worldwide maps tracking the spread of the pandemic are available at the Washington Post.

A state-by-state guide to lockdown measures and reopenings is provided by the New York Times.

Latest updates on the pandemic at The Guardian.

GLOBAL DEVELOPMENTS

Over 300 Nigerian school boys, who were last week kidnapped by the Boko Haram group, have been released after pictures show the children arriving in the capital of Katsina state on a buses. Al Jazeera reporting. 

About the Author(s)

Siven Watt

Associate News Editor at Just Security and Legal Fellow at JUSTICE, a law reform and human rights organization based in the UK. Follow him on Twitter (@SivenWatt)