Cyber Attackers Exploit COVID-19 Fears
Since the coronavirus disease (COVID-19) was first confirmed in the U.S. in January 2020, the virus has claimed at least 56 lives and infected at least 2,600 people across 49 states. As the nation combats the rising and unprecedented pandemic, malicious cyber actors have begun exploiting surrounding fears and anxieties. In January 2020, KnowBe4 identified a malicious phishing campaign based on COVID-19. The email falsely claimed it was sent on behalf of the CDC and asked users to click on a malicious link that was intended to compromise end users’ devices. In February, Proofpoint uncovered a malicious phishing attack targeting industries susceptible to shipping disruptions caused by COVID-19, with the emails meant to install malware on users’ devices. NortonLifeLock Inc. reports that cyberattacks related to coronavirus have begun to target employees’ workplace email accounts by impersonating senior company officials. Most recently, on March 13, 2020, one of the Czech Republic’s biggest COVID-19 testing laboratories and hospital was hit with a cyberattack and forced the hospital to shutdown its entire IT network during the incident.
The Department of Homeland Security has issued a warning urging individuals to remain vigilant for COVID-19 related scams and cyberattacks, and the Federal Trade Commission has warned consumers that scammers are exploiting coronavirus fears and setting up websites to sell fake products as a ruse to steal money and personal information. The World Health Organization has similarly issued a warning to be wary of cyberattackers who may be working to exploit vulnerable people and companies during this pandemic.
Pentagon Asks to “Reconsider” its Controversial Cloud Computing Contract Awarded to Microsoft over Amazon
In October 2019, the Pentagon awarded a major $10 billion cloud computing contract to Microsoft to run its Joint Enterprise Defense Infrastructure project, known as JEDI. The program will process vast amounts of classified data and allow for improved communications with soldiers on the battlefield, as well as enable increased use of artificial intelligence to speed up the U.S. military’s war planning and fighting capabilities. However, after the contract was awarded to Microsoft, Amazon sued the Pentagon, arguing that the decision was improperly influenced by President Donald Trump's dislike of Amazon and its CEO, Jeff Bezos. Amazon Web Services was long considered the front-runner to run the Pentagon’s JEDI program.
This week, U.S. government lawyers responded to the lawsuit by filing a request to reconsider its decision to award Microsoft the cloud computing contract, and to reevaluate technicalities of the companies' proposals to run the $10 billion computing project. Notably, the Defense Department did not address Amazon’s main argument concerning Trump’s potential influence in the bidding process in its court filing. Amazon has praised the Defense Department’s decision, and an Amazon Web Services spokesperson said Amazon “look[s] forward to complete, fair, and effective corrective action that fully insulates the re-evaluation from political influence and corrects the many issues affecting the initial flawed award.”
Cyberspace Solarium Commission Releases its Final Report, Suggesting U.S. Cyberspace Policy is in Need of Significant Change
On March 11, 2020, the Cyberspace Solarium Commission, a bipartisan intergovernmental body established by the 2019 Defense Authorization Act, released its final report to develop a new cyber strategy for the United States. In its 182-page report, the Cyberspace Solarium Commission issued 75 recommendations to improve the federal government’s response to a major cyberattack. Recommendations range from suggestions to implement cybersecurity oversight and departments to suggestions to improve election-security measures in light of recent election interference. Specific to oversight, the report recommends the creation of a national cyber director position that would report directly to the president. Unlike the cybersecurity coordinator that was eliminated by White House National Security Advisor John Bolton in 2018, Rep. Jim Langevin (D-R.I.), one of the solarium’s commissioners, said the new cyber director would serve as an advisor, coordinator, and convenor, and have “more teeth, with more authority, having policy and budgetary authority.” Another recommendation is the creation of a Bureau for Cyberspace Security and Emerging Technologies at the State Department, which would facilitate much-needed cyber diplomacy.
Commentaries on the report argue that underlying the 75 recommendations is a conviction that the status quo of cybersecurity policy is failing. While numerous commission reports and studies over the past several years have similarly suggested this, this report’s findings may gain more headway given its composition of representatives; four out of fourteen of its commissioners are serving U.S. Congressional legislators.
Supreme Court to Hear the “Copyright Case of the Century” this Month in Google v. Oracle America
Google v. Oracle is a landmark case concerning Google’s use of part of Oracle’s Java programming language's application programming interfaces (APIs) in early versions of Google’s android operating systems. While Google has admitted to using Oracle’s code, it argues that its use of them was within its “fair use” rights. Oracle initiated a $8.8 billion dollar suit, and while two District-court jury trials found in favor of Google, the U.S. Court of Appeals for the Federal Circuit found that Google’s use of the Java API packages was not fair as a matter of law.
The Supreme Court will hear oral arguments on this case on March 24, and will decide two primary issues: (1) Whether copyright protection extends to a software interface; and (2) whether, as the jury found, the petitioner’s use of a software interface in the context of creating a new computer program constitutes fair use. Some experts argue that ruling in Google’s favor would legalize intellectual property theft and abet China’s relentless theft of intellectual property. However, others point out that ruling in Google’s favor may make software free and keep consumer costs low as developers would not have to compensate for other companies’ licensing fees or pay for additional research and development in creating new APIs for every platform.
Three F.B.I. Surveillance Tools under the Foreign Intelligence Surveillance Act (FISA) Set to Lapse as Trump Signals Likely Veto
Three surveillance tools used to investigate terrorism and espionage are will expire on March 15, 2020 after President Trump suggested he would veto the bipartisan bill to extend them and U.S. senators left town for the weekend without voting on the legislation. The three tools up for renewal are called the business records provision, the roving wiretap provision and the lone wolf provision, which law enforcement officials cite are important in counterterrorism efforts. The House bill, supported by both Republicans and Democrats, aims to extend the use of these tools and includes several changes such as new privacy protections and the scrapping of a controversial metadata program. Despite the bipartisan support, on Thursday, President Trump tweeted: “Many Republican Senators want me to Veto the FISA Bill until we find out what led to, and happened with, the illegal attempted “coup” of the duly elected President of the United States, and others!” If a vote does not pass on the bill before the Sunday deadline, the surveillance tools will temporarily lapse until the Senate votes on the measure, likely early next week.