Monday, March 22, 2021

The latest Microsoft Exchange numbers — The FCC seeks spending advice — Raimondo addresses semiconductors

Delivered every Monday by 10 a.m., Weekly Cybersecurity examines the latest news in cybersecurity policy and politics.
Mar 22, 2021 View in browser
 
POLITICO's Weekly Cybersecurity newsletter logo

By Martin Matishak

With help from Eric Geller

Editor's Note: Weekly Cybersecurity is a weekly version of POLITICO Pro's daily Cybersecurity policy newsletter, Morning Cybersecurity. POLITICO Pro is a policy intelligence platform that combines the news you need with tools you can use to take action on the day's biggest stories. Act on the news with POLITICO Pro.

Quick Fix

— The number of vulnerable Microsoft Exchange servers dropped dramatically in the last week, according to the Biden administration.

— The FCC wants to hear from you about how best to go about replacing telecom equipment.

— The newly-installed Commerce Secretary promises to keep her eye on the ball when it comes to the semiconductor shortage.

HAPPY MONDAY and welcome to Morning Cybersecurity! Send your thoughts, feedback and especially tips to mmatishak@politico.com. Be sure to follow @POLITICOPro and @MorningCybersec. Full team info below.

 

SUBSCRIBE TO "THE RECAST" TO JOIN AN IMPORTANT CONVERSATION : Power dynamics are shifting in Washington and across the country, and more people are demanding a seat at the table, insisting that all politics is personal and not all policy is equitable. "The Recast" is a new twice-weekly newsletter that breaks down how race and identity are recasting politics, policy, and power in America. Get fresh insights, scoops, and dispatches on this crucial intersection from across the country, and hear from new voices that challenge business as usual. Don't miss out on this new newsletter, SUBSCRIBE NOW . Thank you to our sponsor, Intel.

 
 


Driving the Day

EXCHANGE PROGRESS ACCELERATING — The number of systems still vulnerable after the massive Microsoft Server Exchange hack fell by 45 percent last week, to less than 10,000 organizations in the U.S., a National Security Council spokesperson told MC on Monday. That's a sharp drop from the 120,000 systems that were at risk after the sweeping compromise was uncovered earlier this month.

Microsoft's one-click mitigation tool for companies running on-premises Exchange servers who don't have dedicated IT or security teams to install the security updates has been downloaded over 25,000 times since it was released last week, the spokesperson said. Anne Neuberger, the deputy national security adviser for cyber and emerging technology, had pressed the tech giant to design a simple solution for small businesses and organizations to fix the digital flaws that prompted a feeding frenzy by malicious online actors.

"With one click, the tool protects organizations against attacks, and also scans systems for known compromises established there by an attacker and remediates them," the spokesperson said. "We continue to strongly encourage everyone, including those that run this tool, to also update their Exchange Server for more complete protection." The spokesperson also noted that CISA "has published a number of helpful resources regarding ransomware as well."

FCC Corner

HOW DOES THIS SOUND TO YOU? — The FCC today is asking for public feedback on its planned implementation of a telecom equipment replacement reimbursement fund. In a Federal Register notice , the FCC explained how it plans to implement provisions in the fiscal 2021 appropriations bill that relate to the program, which is designed to mitigate the costs of replacing insecure communications equipment produced by vendors, such as Huawei and ZTE, that are linked to foreign adversaries.

The first change affects how many customers a company can have before it's considered too big to qualify for equipment replacement reimbursements. The 2019 Secure and Trusted Communications Networks Act originally restricted eligibility to companies with fewer than 2 million customers, but in the 2021 funding bill, Congress raised that ceiling to 10 million or fewer. The FCC is proposing to change its rules accordingly and wants public feedback about "any implications that [the change] may have" for the program.

The second change affects what kinds of Huawei and ZTE products can be replaced through the reimbursement program. The FCC initially decreed that only telecom equipment or services on its "Covered List" qualified. The list contained products that met three specific criteria, including posing "an unacceptable risk" to U.S. national security. But Congress included language in the funding bill that the FCC interpreted as requiring broader eligibility. The commission asked the public to provide comments on its interpretation of the law. "Would reimbursement for all Huawei and ZTE equipment better ensure the security of U.S. communications networks than a narrower scope of reimbursement?" the commission asked.

The commission also proposed changing its list of equipment that telecom operators must remove from their networks, in order to align that list with the new, broader definition of risky equipment that can be replaced with reimbursement program funds. And it described its plan for prioritizing the distribution of reimbursement funds, including by starting with companies serving fewer than 2 million customers. Industry stakeholders should review the full document for more changes on which the FCC is seeking public feedback.

 

STEP INSIDE THE WEST WING : The Biden administration is more than halfway through its first 100 days and is now facing a growing crisis at the border and escalating violence against Asian Americans, while navigating the pandemic and ongoing economic challenges. Add Transition Playbook to your daily reads to find out what actions are being considered, as well the internal state of play inside the West Wing and across the administration. Track the people, policies, and emerging power centers of the Biden administration. Don't miss out. Subscribe today.

 
 


Industry Intel

NOT SHORTING THE SHORTAGE — Commerce Secretary Gina Raimondo on Friday vowed to focus on the country's shortage of semiconductors . "As Secretary of Commerce, combating the semiconductor shortage and investing in American manufacturing of semiconductor technology is going to be a priority of mine and I look forward to working alongside leaders like the Semiconductor Industry Association," Raimondo said in a statement released by the Commerce Department following a meeting with industry executives.

President Joe Biden recently issued an executive order that directed Commerce to report on semiconductor supply chain vulnerabilities, and the fiscal 2021 defense policy bill, H.R. 6395 (116), contained language creating a similar review.

Department of Justice

DIGITAL CRIMINALS SENTENCED — A federal judge on Friday sentenced two foreign nationals to prison for their roles in the cybercrime organization Infraud that caused more than $568 million in losses through stolen payment cards and identity theft. Sergey Medvedev of Russia, who received a ten-year prison term, and Marko Leopard of North Macedonia, who received five years, had pleaded guilty last year to a racketeering conspiracy.

Medvedev served as the criminal ring's administrator for several years, "handling day-to-day management, deciding membership, and meting out discipline to those who violated the enterprise's rules," according to the Justice Department. Leopard, meanwhile, acted as web host to Infraud members who wanted to sell contraband. The 31-year-old "hosted a number of sites for Infraud members in this fashion, providing the infrastructure that allowed his co-conspirators to profit off of their criminal activities," DOJ said.

TWEET OF THE DAY — What's the worst that could happen?

Quick Bytes

President Biden is under increasing pressure to nominate a national cyber director.

The hack of Verkada raises concerns about the company's security.

A new strain of ransomware is taking advantage of the Microsoft Exchange Server hack.

Acer faced with ransom up to $100 Million after network breach.

Customers claim Square's Cash App is vulnerable to hackers.

An executive at the U.K.'s National Health Service saw her two Twitter accounts hacked.

That's all for today.

Stay in touch with the whole team: Eric Geller (egeller@politico.com, @ericgeller); Bob King (bking@politico.com, @bkingdc); Martin Matishak ( mmatishak@politico.com, @martinmatishak); and Heidi Vogt (hvogt@politico.com, @heidivogt).

 

Follow us on Twitter

Heidi Vogt @HeidiVogt

Eric Geller @ericgeller

Martin Matishak @martinmatishak

 

Follow us

Follow us on Facebook Follow us on Twitter Follow us on Instagram Listen on Apple Podcast
 

To change your alert settings, please log in at https://www.politico.com/_login?base=https%3A%2F%2Fwww.politico.com/settings

This email was sent to edwardlorilla1986.paxforex@blogger.com by: POLITICO, LLC 1000 Wilson Blvd. Arlington, VA, 22209, USA

Please click here and follow the steps to unsubscribe.

No comments:

Post a Comment

PayPal, Tesla, SpaceX... Elon's Next Project Is Bigger Than Them All

Musk's "silent partner" could soar as a result of his new AI project ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ...