While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
On Dec. 29, the Department of Homeland Security and FBI released a report, called a Joint Analysis Report (JAR), which, the agencies claimed, provides evidence of how Russian intelligence services used spear phishing cyberattacks against the Democratic National Committee and Hillary Clinton campaign chairman John Podesta to hack into their emails and interfere in the 2016 presidential election. The JAR, the agencies said in a statement, "details of the tools and infrastructure used by Russian intelligence services to compromise and exploit networks and infrastructure associated with the recent U.S. election, as well as a range of U.S. government, political and private sector entities."
However, the report does not provide definitive evidence that the Russian intelligence services were behind the attacks, according to cybersecurity experts critical of the JAR. As Ars Technica reports, instead of ending the debate, the JAR keeps it alive: "Instead of providing smoking guns that the Russian government was behind specific hacks, it largely restates previous private-sector claims without providing any support for their validity. Even worse, it provides an effective bait and switch by promising newly declassified intelligence into Russian hackers' 'tradecraft and techniques' and instead delivering generic methods carried out by just about all state-sponsored hacking groups."
And Fortune notes that Jeffrey Carr, author of Inside Cyber Warfare, wrote that the report “adds nothing to the call for evidence that the Russian government was responsible” for the campaign hacks. Additionally, Fortune adds that Robert Lee, a former Air Force cyberwarfare officer and cybersecurity fellow at the New America think tank, "argues that the report is of limited use to security professionals, in part because of poor organization and lack of crucial details."
A more extensive report from the intelligence community on the campaign hacks is expected to be released before President Obama leaves office on Jan. 20.