Tech Companies Take A Leading Role In Warning Of Foreign Cyber Threats

Jan 23, 2020
Originally published on January 24, 2020 9:36 am

The U.S. government says it's on high alert for cyberattacks from foreign countries in this election year. Yet private cybersecurity firms have often been the ones sounding the alarm, and in some cases, they are selling their services to the U.S. intelligence community.

"We've seen Iran impersonating political candidates," said Sandra Joyce, the head of global intelligence at FireEye, a leading cybersecurity company.

"They've even fabricated letters that look like they're coming from concerned citizens. They get themselves published in newspapers. Well-known newspapers. But they're influence operators from Iran. They're not concerned citizens from Texas," she added.

Whether it's Iran, Russia or other foreign actors, cybersecurity companies and research groups have been often been more public than the government in identifying potential foreign threats.

"The government doesn't have a monopoly on tracking, identifying or exposing some of these vulnerabilities," said Graham Brookie, who runs the Digital Forensic Research Lab at the Atlantic Council in Washington. "The threat is evolving and threats are becoming more diffuse, more complex and in some ways more open."

The U.S. government says it welcomes help from tech companies, according to Shelby Pierson, who works for the acting director of national intelligence, Joseph Maguire. She was appointed last year to a newly created position that puts her in charge of coordinating election security across the intelligence community.

"There is a whole consortium of players in this landscape which include private security firms," Pierson told NPR in an interview. "Those organizations will actually have deeper and technical insight into those networks before the intelligence community will.

"Pierson said the government sometimes buys services from cybersecurity companies, and she cited a couple of the biggest players in the industry.

"FireEye and CrowdStrike, for example, have done really good work, where based on the analysis, expertise and information analysis that they do, those are products and services that they can sell to the U.S. government."

The cyber firm Area 1 Security said it recently detected Russian military intelligence breaking into the computer systems of Burisa. That's the Ukranian gas company where Hunter Biden, the son of Democratic presidential candidate Joe Biden, used to be on the board.

This raised suspicions that the Russians are looking for dirt on the Bidens.

Area 1 has received a lot of media attention for this report — which is good for a private company. However, the tight-lipped U.S. intelligence community hasn't offered its own assessment.

So what's the government's position on the report — does it agree, disagree, or just prefer to remain silent?

"Of course, these topics are news and newsworthy," said Brookie, of the Atlantic Council. But he warned that we're going to see a wide range of opinions on how much public attention a potential threat should receive.

Tech companies have incentives to publicize threats they've uncovered. The media is looking for scoops. Yet the government might be inclined to say little or nothing.

"And we, collectively between government and media and tech have not shown that we know what to do with that," Brookie said.

The government is wrestling with the issue, said Pierson.

"Some of my [government] colleagues have said, 'Maybe we shouldn't necessarily spook the herd and share all this information,'" she said. "Maybe people go, 'You know what, this is all rigged. That's so much disinformation. I'm not going to vote.' That would be worst case scenario. And frankly, doing the work of our adversaries for them."

However, a number of government agencies have pledged to be more open than in the past. The FBI, for example, recently expanded its policy for issuing notifications when it detects a cyberattack.

Private cybersecurity firms say they often hire people who have worked in the intelligence community. And the companies stress that they cultivate close relationships with the government.

"We definitely work in lockstep with law enforcement and the intelligence community," said Karim Hijazi, the head of Prevailion, a cybersecurity company in Houston. "We want to make sure that we're not misstepping."

His firm put out a report earlier this month saying Iran is probing the computer systems at oil and gas companies.

As all this plays out, many Americans say they're concerned about election security. A poll by NPR, the PBS NewsHour and Marist found 41 percent of those surveyed believe the U.S. is not well prepared, or not prepared at all, to protect the November ballot from interference.

Greg Myre is an NPR national security correspondent. Follow him @gregmyre1.

Copyright 2020 NPR. To see more, visit https://www.npr.org.

AILSA CHANG, HOST:

The U.S. government says it's on high alert for cyberattacks from Russia and other countries this election year, yet the most recent announcements of these attempts haven't come from the government. Private cybersecurity firms are sounding the alarm. These firms, in some cases, are selling their work to the U.S. Intelligence Community. NPR national security correspondent Greg Myre has our story.

GREG MYRE, BYLINE: Russia still gets most of the attention, but cybersecurity firms say they're also monitoring Iran's online shenanigans. Sandra Joyce is the head of global intelligence at FireEye.

SANDRA JOYCE: We've seen Iran doing this, where they have been impersonating political candidates.

MYRE: And there's more.

JOYCE: They've even fabricated letters that look like they're coming from concerned citizens. They get themselves published in newspapers, well-known newspapers. But they're influence operators from Iran. They're not concerned citizens from Texas.

MYRE: In many recent cases, cybersecurity companies and research groups are providing the details on these foreign actors and not the U.S. government. Graham Brookie runs a digital research lab at the Atlantic Council in Washington.

GRAHAM BROOKIE: The government doesn't have a monopoly on tracking, identifying, exposing some of these vulnerabilities because of the way that the threat is evolving. The threat's becoming more diffuse, more complex and, in some ways, more open.

MYRE: The U.S. government says it welcomes help from tech companies. Shelby Pierson works for the acting director of national intelligence. She's in charge of coordinating election security across the intelligence community.

(SOUNDBITE OF ARCHIVED NPR BROADCAST)

SHELBY PIERSON: There is a whole consortium of players in this landscape, which include private security firms. And those organizations will actually have deeper and technical insight into those networks before the intelligence community will.

MYRE: In an interview with NPR, Pierson said the government sometimes buys reports from cybersecurity companies. She cited a couple of the biggest players in the industry.

(SOUNDBITE OF ARCHIVED NPR BROADCAST)

PIERSON: FireEye and CrowdStrike - those two firms, for example, have done really good work where - based upon the analysis and expertise and information analysis that they do, those are products and services that they can sell to the U.S. government.

MYRE: The cyber firm Area 1 Security said it recently detected Russian military intelligence breaking into the computer systems of Burisma. That's the Ukrainian gas company where Joe Biden's son Hunter Biden used to be on the board. This raised suspicions that the Russians are looking for dirt on the Bidens. Area 1 has received a lot of media attention for this report, which is good for the company. However, the tight-lipped U.S. Intelligence Community hasn't offered its own assessment. So does the government agree, disagree or just prefer to remain silent?

BROOKIE: Of course, these topics are news and newsworthy.

MYRE: Graham Brookie at the Atlantic Council says we're going to see a wide range of opinions on how much public attention a potential threat should receive.

BROOKIE: And we collectively, between government and media and tech, have not shown that we know what to do with that.

MYRE: Private cybersecurity firms say they often hire people who've worked previously in the national security sector, and the companies also stress that they cultivate close relationships with the government. Karim Hijazi is the head of Prevailion. It's a cybersecurity company in Houston. The firm recently put out a report saying Iran is probing the computer systems at oil and gas companies.

KARIM HIJAZI: We definitely work in lockstep with law enforcement and the intelligence community. We want to make sure that we're not misstepping (ph).

MYRE: As all this plays out, many Americans say they're concerned about election security. A poll by NPR, the "PBS NewsHour" and Marist found 41% of those surveyed do not believe the U.S. is well-prepared to protect the November ballot from interference.

Greg Myre, NPR News, Washington.

(SOUNDBITE OF BRIAN ENO'S "2/2") Transcript provided by NPR, Copyright NPR.

Tags: