Aliya Sternstein

When Federal Communications Commission Chairman Ajit Pai decided to do away with the widely popular “network neutrality” rules that governed the Internet, his justification was that the regulations were slowing deployment. But a new analysis by the Center for Public Integrity plus other factors cited by industry experts show that reasoning to be shallow at best and ridiculous at worst.

Mass hacking seems to be all the rage currently. A vigilante hacker apparently slipped secure code into vulnerable cameras and other insecure networked objects in the "Internet of Things" so that bad guys can't corral those devices into an army of zombie computers, like what happened with the record-breaking Mirai denial-of-service botnet. The Homeland Security Department issued alerts with instructions for fending off similar “Brickerbot malware,” so-named because it bricks IoT devices. And perhaps most unusual, the FBI recently obtained a single warrant in Alaska to hack the computers of thousands of victims in a bid to free them from the global botnet, Kelihos. On April 5, Deborah M. Smith, chief magistrate judge of the US District Court in Alaska, greenlighted this first use of a controversial court order. Critics have since likened it to a license for mass hacking

Maybe it's time the Secret Service starts cracking down on the computer security of presidential candidates, in addition to their physical security, some private cyber investigators say, after a leak of Democratic party files right before the nomination of Hillary Clinton for president. "When you are running for president up and through [Republican National Committee] and DNC conventions, there are a lot of physical protections put in place for the potential president, however, on the cyber side we have not caught up in that world yet," said Tony Cole, global government chief technology officer for cyber forensics firm FireEye.

The Secret Service, in most situations, "does not secure the computer systems" of political organizations, nor does it "secure the computer systems of individuals, to include protectees," like major presidential candidates, according to a legal summary from the Secret Service. That said, Secret Service spokeswoman Nicole Mainor said that the agency "plays a significant law enforcement role in ensuring that candidates are aware of a range of vulnerabilities – ranging from physical protection to cybersecurity." She added, "The Secret Service continues to work vigorously with our local, state and federal partners to prevent and detect cyberthreats against the homeland, to include those against presidential candidates and their campaigns.”

US courts are moving forward with a plan federal agencies say is needed to track down potential terrorists hiding out on the Internet but privacy advocates say would give the FBI wide latitude to hack into people's computers.

Two adjustments to the US Courts Committee on Rules of Practice and Procedure’s draft of search and seizure changes would expand the scope of the government's offensive cyber techniques. The public has until Feb 17, 2015, to weigh in.

Nuclear Regulatory Commission computers within the past three years were successfully hacked by foreigners twice and also by an unidentifiable individual, according to an internal investigation.

Phishing e-mails baited personnel by asking them to verify their user accounts by clicking a link and logging in.

The way to handle a cyber threat is not by harnessing the enormous amounts of data the United States collects on similar hacks, according to an unlikely source -- a former US intelligence cyber chief.

It’s too much information and inefficient to analyze.

"I hate the wisdom of crowds. That is BS. Does not exist," said Roger Hockenberry, former chief technology officer for the National Clandestine Service. "It creates this immense opportunity when you have tons of data to look at and research, but at the same time, we have tons of data that we need to look at and research."

The quality of data and automation has not matured to the point where feeding information to machines can stop an assault, he said. Still, some current Homeland Security Department officials stressed the need to at least automate data feeds about breaches -- something organizations that are hit by hackers are often reticent about.

"What it really comes down to is your CERT," or computer emergency response team, said Hockenberry, who also served as a CIA chief for cyber solutions. "All the companies that I see have a very nascent ability to automate response to any kind of attack. It’s still a manual process."

The Secret Service is purchasing software to watch users of social networks in real time, according to contract documents.

In a work order, the agency details information the tool will collect -- ranging from emotions of Internet users to old Twitter messages. Its capabilities will include “sentiment analysis,” "influencer identification," "access to historical Twitter data," “ability to detect sarcasm," and "heat maps" or graphics showing user trends by color intensity, agency officials said.

The automated technology will "synthesize large sets of social media data" and "identify statistical pattern analysis" among other objectives, officials said. The tool also will have the "functionality to send notifications to users,” they said. Employees within the Secret Service's Office of Government and Public Affairs will be using the new system, agency officials said.

Concerns about data compromises are partly to blame for drawing out an effort to merge roughly 2,000 dot-gov websites, according to federal officials and internal emails. But officials say they are still committed to making government services and information easier to navigate, as the website consolidation initiative approaches its three-year anniversary.

Combining National Oceanic and Atmospheric Administration website content with content from the Coast Guard illustrates the trickiness. The Coast Guard, a Homeland Security Department agency with a dot-mil suffix, is more of a bull’s eye for hackers than NOAA, officials say. USCG employees shy away from sharing data with other agencies, one information technology employee complained on the government's Web content managers listserv in 2012. Nextgov retrieved the message, with the employee’s name redacted, through an open records request.

The Coast Guard staff "are security maniacs because hackers like to target them," wrote a NOAA web manager in the Office of Space Commercialization, which is part of the Department of Commerce.

The government should sponsor a national body to license cyber professionals and authorize cyber certifications, and then spin it off into an independent consortium, a military faculty member at the Pentagon's National Defense University said.

A body akin to an American Medical Association is needed to authorize individuals to practice as cyber professionals and to revoke that license when necessary, said Lt Col Sean CG Kern, an NDU information security professor. In order for that body to possess authority, it would have to be federally funded, at least initially. This model also would include sub-associations for specialty areas, such as digital forensics, that would pick which certifications currently offered by various firms should be required.

The Homeland Security Department and National Institute of Standards and Technology have carved out 31 cyber specialties. It might not be hard to imagine an American Cybersecurity Association, but upending the cyber certification industry would ruffle some feathers. International Information Systems Security Certification Consortium -- or (ISC)2 -- officials argued that overhauling the certification system would undo hard-won progress in educating the cyber workforce and exacerbate cyber staff shortages.

"Our organization has worked closely with government and anytime that they believe they need a more technical, specific credential, we sit down and build it," (ISC)2 Executive Director Hord Tipton said at the time.

The House approved legislation that breaks out $13.4 million for Air Force cyberattack operations and $5.6 million for efforts to defend the service's networks. But those numbers likely underrepresent cyber offense and especially cyber defense spending, some military budget analysts say.

The problem with cyber funding -- governmentwide -- is that it's hard to define what cyber is, they note. "What they are splitting out here is really just a portion of what they are doing for cyber offense and defense," said Todd Harrison, director of defense budget studies at the Center for Strategic and Budgetary Assessments. "I think it's the part that's more focused on specific adversaries around the world."

The House’s version of the 2015 National Defense Authorization Act would spend a total of $67 million on Cyber Command offensive and defensive activities. The command oversees all Defense Department cyber operations. "I expect that if you did a true accounting of what DOD is spending on cyber, it would be in the billions" of dollars, Harrison said.