Biden aide calls SolarWinds top priority as new details emerge — National Cyber Director becomes law with NDAA veto override — Feds warn U.S. businesses on China

Delivered every Monday by 10 a.m., Weekly Cybersecurity examines the latest news in cybersecurity policy and politics.

Jan 04, 2021 View in browser   By Eric Geller With help from Martin Matishak Editor's Note: Weekly Cybersecurity is a weekly version of POLITICO Pro's daily Cybersecurity policy newsletter, Morning Cybersecurity. POLITICO Pro is a policy intelligence platform that combines the news you need with tools you can use to take action on the day's biggest stories. Act on the news with POLITICO Pro. Quick Fix — The SolarWinds cyber espionage campaign will be a top priority for President-elect Joe Biden once he takes office, one of his top aides said as new details emerged about the suspected Russian operation. — There will now be a National Cyber Director office in the White House after lawmakers overrode President Donald Trump's veto of the fiscal 2021 defense policy bill. — Threats facing businesses in 2021: The federal government warned U.S. companies about the growing risks of pandemic-related ransomware and storing sensitive data in China. HAPPY NEW YEAR, HAPPY MONDAY, and welcome back to Morning Cybersecurity! Children are a blessing, and we can't wait for the newest little cyber scoop to start wreaking havoc on their dad's home network. Send your thoughts, feedback and especially tips to egeller@politico.com , and be sure to follow @POLITICOPro and @MorningCybersec. Full team info below.   GET THE BIG PRE-INAUGURATION SCOOPS IN TRANSITION PLAYBOOK: Inauguration Day is quickly approaching. Is the Biden administration ready? Transition Playbook brings you inside the transition and newly forming administration, tracking the latest from Biden world and the transition of power. Written for political insiders, this scoop-filled newsletter breaks big news and analyzes the appointments, people and emerging power centers of the new administration. Track the transition and the first 100 days of the incoming Biden administration. Subscribe today.     Transition 2020 TWISTING IN THE SOLARWIND — The SolarWinds campaign promises to be one of the biggest problems confronting Biden's administration in a year already full of daunting challenges. Jake Sullivan, whom Biden has tapped to be his national security adviser, told CNN's Fareed Zakaria on Sunday that the president-elect "has made clear to us that from day one this is going to be a top national security priority of his administration." The sophisticated operation, tentatively linked to Russia's SVR intelligence service, has exposed the frailties of U.S. government and corporate networks and the risks of relying on poorly scrutinized technology vendors. "This attack constitutes a grave risk to our national security," Biden told reporters last week after meeting with national security advisers. The drip-drip-drip of details: The cyber campaign has infected the networks of more than a dozen companies operating critical infrastructure facilities such as power plants, along with at least three companies that supply technology to those facilities and have extensive remote access to them, according to The Intercept. Microsoft, which initially denied being hacked, said on New Year's Eve that an intrusion had exposed some of its products' source code (the company said its defenses do not rely on that code being secret). Microsoft also spotted hackers breaching one of its third-party resellers in a failed attempt to spy on the security firm CrowdStrike. Meanwhile, an Amazon intelligence report obtained by The New York Times suggested that the cyber campaign may have targeted as many as 250 networks. Congress wants answers: SolarWinds will pose an early test of Biden's relationship with Capitol Hill, as federal agencies face intense congressional scrutiny about their digital defenses. On Saturday, Sen. Richard Blumenthal (D-Conn.) tweeted that the government should "immediately" begin "declassifying [and] disclosing difficult facts" about the breach, hinting at the transparency issues that Biden will have to weigh once he takes office. Senate Foreign Relations ranking member Robert Menendez (D-N.J.) asked the State Department about the extent of the compromise there, and Blumenthal did the same with the Department of Veterans Affairs. CISA in the spotlight: DHS's Cybersecurity and Infrastructure Security Agency, which leads the protection of government networks, has told other agencies that it does not have "enough resources to provide direct support" to them in their SolarWinds investigations, according to CNN. CISA has released guidance documents and detection software for the SolarWinds campaign, but sources told CNN that CISA lacks the funding "to effectively handle an issue of this magnitude," echoing earlier reporting by yours truly. (CISA denies being overwhelmed.) Biden and his team will need to closely examine CISA's posture and determine whether it needs more staff to confront the chaos. Other potential targets: The IRS found no evidence that the SolarWinds hackers accessed taxpayer data; the U.S.'s electric grid regulator asked utilities to examine their networks for signs of a compromise; affected businesses must confront a patchwork of state data-breach notification laws; SolarWinds overlooked cybersecurity until it was too late , leading the government to worry about an insider threat at one of its Eastern European offices; and Palo Alto Networks published a handy timeline of the campaign. Question mark: Trump is considering "issuing three cyber presidential determinations in the coming days," CNN reported, including one that will transfer "certain authorities" from the Pentagon to CISA. Exactly what this will mean for the SolarWinds response, and for Biden's agenda, remains unclear. VETO, SHMETO — Congress easily overrode Trump's veto of the $740 billion National Defense Authorization Act, H.R. 6395, one of the most consequential pieces of cybersecurity legislation in years. As MC has highlighted, the massive authorization bill included more than two dozen provisions drawn from the Cyberspace Solarium Commission. Here are some of the key provision that just became law: — The creation of a Senate-approved National Cyber Director to coordinate the federal government's various digital missions and serve as the president's principal cyber adviser. — CISA received administrative subpoena power so that it can ask internet service providers for information about companies whose vulnerable infrastructure it uncovers. The agency also received the authority to hunt for threats across federal networks. The bipartisan bill also established a joint cyber planning office and a cyber advisory committee within the agency and directed CISA to appoint a cyber adviser for each state. — A force structure assessment of U.S. Cyber Command's Cyber Mission Force and a plan for annual Pentagon assessments of cyber vulnerabilities in major weapons systems. GROWING RISK FOR U.S. FIRMS IN CHINA — A new Chinese "data security" law taking effect early this year will increase the importance of U.S. businesses protecting their sensitive information, DHS said in an advisory published in December. The law "represents an even greater shift in [Beijing's] attitude away from protecting Chinese data systems as a defensive mechanism, and toward collecting data as an offensive act," DHS said. The agency's bulletin explains the new data-transfer law as well as an existing statute that applies to companies operating in China, and it lists the ways in which this collection can endanger U.S. companies and the mitigations they can apply. DHS advised U.S. firms to minimize the amount of sensitive data they store in China, determine the ownership structures of any Chinese firms with which they partner and identify alternatives to Chinese suppliers for their most sensitive operations. Companies should also develop plans for responding to Beijing's demands for data, the document said, and they should notify the U.S. embassy any time they receive such an order. Coronavirus KEEP AN EYE OUT — Banks and other financial institutions should remain on guard for cybercrime schemes exploiting the coronavirus pandemic, the Treasury Department's Financial Crimes Enforcement Network said in a Dec. 28 alert . "Cybercriminals, including ransomware operators, will continue to exploit the COVID-19 pandemic alongside legitimate efforts to develop, distribute, and administer vaccines," the office warned. "FinCEN is aware of ransomware directly targeting vaccine research, and FinCEN asks financial institutions to stay alert to ransomware targeting vaccine delivery operations as well as the supply chains required to manufacture the vaccines." Mike Stewart/AP Photo I KNOW WHAT YOU DID LAST ELECTION — The U.S. government has "highly credible" evidence that the Iranian government was behind a website that threatened federal officials and election supervisors in mid-December, the FBI and CISA said on Dec. 23. The website, enemiesofthepeople.org, attacked and doxxed FBI Director Chris Wray, former CISA Director Chris Krebs, employees of the election technology firm Dominion Voting Systems and officials of both major parties. Iran's goal was to "create divisions and mistrust in the United States and undermine public confidence in the U.S. electoral process," the two agencies said. As part of the disinformation operation, the Iranians also forged a letter from Krebs to FBI Cyber Division chief Matt Gorham that falsely claimed that Dominion's voting machines had been hacked. The letter also falsely claimed that the chairman of the Election Assistance Commission "was conspiring with the Biden campaign to flip votes," according to CyberScoop, which obtained a copy. "The leaked forgery was just so blatantly fake it was almost offensive," tweeted Krebs, who singled out its unrealistic omission of an Oxford comma. IN CASE YOU MISSED IT — Yours truly published a story during the break that rounded up the biggest election security challenges facing the country , from paperless voting machines and underfunded election offices to internet voting and tensions between technology vendors and security researchers. As the story notes, "the foreign cyberattacks that so many intelligence officials feared didn't upend the 2020 elections — but this year's contests nonetheless showed how much the nation still needs to do to fix its security weaknesses." PEOPLE ON THE MOVE: — Rep. John Katko (R-N.Y.), the incoming ranking member of the House Homeland Security Committee, hired Daniel Kroese as his staff director and Kyle Klein as his deputy staff director. Kroese comes from CISA, where he was the No. 2 official in the National Risk Management Center. Klein has worked for four previous top Republicans on the homeland panel and most recently served as staff director for its transportation and maritime security subcommittee. TWEET OF THE HOLIDAY BREAK — The analytic framework we didn't know we needed.   A NEW YEAR MEANS A NEW HUDDLE IS HERE: Huddle, our daily congressional must-read, has a new author! Olivia Beavers took the reins this week, and she has the latest news and whispers from the Speakers' Lobby. Don't miss out, subscribe to our Huddle newsletter, the essential guide to all things Capitol Hill. Subscribe today.     Quick Bytes — Did hardware security tokens protect 2020 from a 2016-style email hack-and-leak operation? (CNBC) — Hackers obtained Finnish lawmakers' emails during a breach of the country's parliament. (CyberScoop) — Spyware firm NSO Group used real people's location data while demoing its contact-tracing software. (TechCrunch) — The EAC made strides after a funding boost but still struggles with its election security mission, its inspector general found. — Ticketmaster will pay a $10 million fine to settle charges related to its illegal access of a competitor's computer network. — Does the SolarWinds crisis demand new international norms for intelligence collection? (Just Security) — An electric industry coalition's supply chain group encouraged collaboration in comments filed with the Energy Department. That's all for today. Stay in touch with the whole team: Eric Geller (egeller@politico.com, @ericgeller); Bob King (bking@politico.com, @bkingdc); Martin Matishak (mmatishak@politico.com, @martinmatishak); and Heidi Vogt (hvogt@politico.com, @heidivogt).   Follow us on Twitter Heidi Vogt @HeidiVogt Eric Geller @ericgeller Martin Matishak @martinmatishak   Follow us

To change your alert settings, please log in at https://www.politico.com/_login?base=https%3A%2F%2Fwww.politico.com/settings This email was sent to edwardlorilla1986.paxforex@blogger.com by: POLITICO, LLC 1000 Wilson Blvd. Arlington, VA, 22209, USA Please click here and follow the steps to unsubscribe.