| | | | |  | | By Sam Sabin | Presented by App Security Project | With help from Eric Geller
| | | — First in MC: The State Department's new cyber diplomacy agency launches today, and MC has an exclusive look at its leadership and the challenges they face. — A group of 23 former national security officials are warning of the cybersecurity challenges posed by Epic Games' antitrust lawsuit against Apple. —Lawmakers are preparing for a cyber-filled week of hearings, nomination votes and hackathons before heading out for recess. HAPPY MONDAY, and welcome back to Morning Cybersecurity! I'm your host, Sam Sabin, and happy NCAA Championship game day to all who celebrate. Go Heels, Go America! Have tips and secrets to share with MC? Or thoughts on what we should track down next? Send what you've got to ssabin@politico.com. Follow along at @POLITICOPro and @MorningCybersec. Full team contact info below. Let's get to it:
| | | | A message from App Security Project, an initiative of the Taxpayers Protection Alliance Foundation: Russia's invasion of Ukraine has added urgency to cybersecurity and privacy issues, which must be addressed. The question is how current efforts by Congress will impede tech companies' responses to this and similar crises. Federal efforts, such as the American Innovation and Choice Online Act and the Open App Markets Act threaten the nation's ability to respond to national security threats and protect users' personal privacy. Learn More from App Security Project:
https://appsecurityproject.org/news_post/antitrust-bills-empower-americas-adversaries-online/ | | | | | | FIRST IN MC: A NEW ERA FOR CYBER DIPLOMACY — The State Department's Bureau of Cyberspace and Digital Policy is today kicking off the Biden administration's effort to enhance its digital aid to allies and accelerate the U.S. role in setting global cyber standards. The long-awaited new agency "will address the national security challenges, economic opportunities, and implications for U.S. values associated with cyberspace, digital technologies, and digital policy," the department said in a statement shared first with MC. As Eric writes in, the bureau's formation — the result of combining and reforming three existing teams, with plans to hire 50 additional staffers — comes amid heightened fears of Russian cyberattacks as part of the war in Ukraine, a conflict that has highlighted the importance of the cyber aid that the U.S. has been giving other countries for years. Given the need for an international collective response to Russian aggression, "there has never been a time when State's leadership on these issues has been more important," Chris Painter, who served as the United States' top cyber diplomat from 2011 to 2017, told Eric. The new bureau will comprise three divisions. The International Cyberspace Security team will coordinate cyber aid to allies and represent State in cyber discussions between U.S. agencies. The International Information and Communications Policy team will represent the U.S. in meetings about technology standards at the International Telecommunication Union, the U.N. and other global bodies. The Digital Freedom team will promote technology that supports civil society and democracy, especially in repressive regimes. President Joe Biden still needs to nominate a bureau leader — who will have the rank of ambassador-at-large — for Senate confirmation. For now, career diplomat Jennifer Bachus is leading the bureau as a principal deputy assistant secretary, according to the department press release. Michele Markoff, a State cyber diplomat since 1998 and Painter's deputy during his tenure, is leading the cyberspace security team. Stephen Anderson is leading the communications and information policy team, a role he held under State's previous org chart. And Blake Peterson, a State Department policy adviser since 2010, will serve as acting digital freedom coordinator. Each of these officials will have plenty of challenges on their plates. Bachus will need to build the bureau's stature inside the government and with foreign allies while waiting for Biden to name her permanent replacement. Markoff will need to coordinate increased cyber aid to countries likely to be targeted by Russia, China and other U.S. adversaries. Anderson will need to counter Chinese influence in the creation of standards around 5G, quantum computing and other cutting-edge issues. And Peterson will have to find ways to combat the internet restrictions and tech censorship of authoritarian countries like Hungary and Belarus. But the bureau could also create new opportunities for tech experts at State, according to Lauren Zabierek, the executive director of the Harvard Belfer Center's Cyber Project. "I would love to see the State [Department] expand the Foreign Service career tracks to include science and technology as a standalone track," she said. The bureau could give mid-career tech and cyber professionals a new way to use their skills for global good, she added.
| | | | A message from App Security Project, an initiative of the Taxpayers Protection Alliance Foundation:   | | | | | | NATSEC OFFICIALS BACK APPLE — Nearly two dozen former national security officials made a familiar argument in an amicus brief filed late last week in the ongoing antitrust battle between Epic Games and Apple: allowing iPhone owners to download mobile apps outside of Apple's App Store — something Epic is fighting for and Apple is resisting — could make their phones more vulnerable to hacking and espionage. The group, led by former DHS official Paul Rosenzweig, argued in an amicus brief filed Thursday that allowing app downloads outside of the App Store will make it harder for Apple to prevent customers from accidentally downloading spyware, malware and other malicious apps onto their phones. That argument is similar to what Apple and other tech giants have been saying in recent months, as both U.S. and European lawmakers push to toughen their competition laws. Rosenzweig organized the brief with his lawyers at Robbins Russell, who then circulated it among the other signatories. Rosenzweig told your MC host that the brief's goal was to educate the courts on the ways these antitrust cases could possibly weaken the country's cyber and national security landscape. Signatories include a consortium of former officials at CISA, Cyber Command, the CIA, the NSA, the Pentagon, the White House and more. They don't hold back, warning in the brief that "the world in which Epic prevails also immediately places individuals and the country at risk." "There's some concern among antitrust advocates that this is all just sort of blown up by the tech companies and that this is a concern that only they hold," said Tatyana Bolton, a former CISA official who also signed onto the brief, in an interview. "What we're trying to do here is really signal that it's not just tech companies. These cybersecurity concerns are real." — Counterpoint: Those on Epic's side, advocates for changing the law to reign in "Big Tech," have argued that these cybersecurity concerns have been blown out of proportion and that the companies' current method of protecting user data stillleaves much to be desired. And regulators and lawmakers continue to push forward plans to allow sideloading and other changes to services that have worried cybersecurity experts. — Not the only group: The amicus brief is just the latest show of public support from former national security officials for the tech giants' cybersecurity and national security arguments. In September, a group of about a dozen former national security leaders sent a letter to House leadership making similar arguments. (According to a POLITICO analysis, each of the signatories to that House letter had connections to the tech industry.)
| | | | SUBSCRIBE TO NATIONAL SECURITY DAILY : Keep up with the latest critical developments from Ukraine and across Europe in our daily newsletter, National Security Daily. The Russian invasion of Ukraine could disrupt the established world order and result in a refugee crisis, increased cyberattacks, rising energy costs and additional disruption to global supply chains. Go inside the top national security and foreign-policymaking shops for insight on the global threats faced by the U.S. and its allies and what actions world leaders are taking to address them. Subscribe today. | | | | | Want to receive this newsletter every weekday? Subscribe to POLITICO Pro. You'll also receive daily policy news and other intelligence you need to act on the day's biggest stories.
| | | MARK YOUR CALENDARS — Before lawmakers head out for their two-week recesses next week, they're planning to cross plenty of cyber items off their to-do lists. Here are the events to watch this week: — Hearings: Gen. Paul Nakasone, head of both the U.S. Cyber Command and the National Security Agency, will testify before Congress twice on Tuesday — before the Senate Armed Services Committee in the morning and then with the House Armed Services' cyber subcommittee in the afternoon. During both appearances, Nakasone will discuss the state of his agencies' cyber capabilities and ongoing operations in cyberspace. Later in the week, the House Homeland Security Committee's cyber panel will hold two hearings: On Tuesday, it'll host a rescheduled hearing on Russian cyber threats posed to U.S. critical infrastructure. On Thursday, members will then discuss the progress of ongoing public-private partnerships in defending critical infrastructure with officials from CISA and the Office of the National Cyber Director. — Nominations heading to the floor: The Federal Trade Commission could also get its fifth commissioner this week, after the Senate teed up the last two procedural votes on Alvaro Bedoya's nomination last week. While a final nomination vote hasn't been scheduled so far, confirming Bedoya this week could let the FTC — which has been stuck in a 2-2 party line split since June — weigh in on more consumer data breach and privacy cases. — Capitol hackathon: Lawmakers and congressional staff will also have an opportunity Wednesday to take on the feds' own cybersecurity challenges firsthand at a hackathon that afternoon hosted by House Democratic and Republican leaders. Participants will brainstorm solutions to current challenges in legislative workflows, constituent casework and hearing modernization.
| | | | STEP INSIDE THE WEST WING: What's really happening in West Wing offices? Find out who's up, who's down, and who really has the president's ear in our West Wing Playbook newsletter, the insider's guide to the Biden White House and Cabinet. For buzzy nuggets and details that you won't find anywhere else, subscribe today. | | | | | | | | HIDING IN PLAIN SIGHT — Researchers at Lab52 warned in a blog post Friday that they've uncovered a new spyware strain targeting Android devices that's similar to a strain used by Russian state-sponsored hacking group Turla. The spyware, once downloaded onto an Android device, routinely sends information about the user's actions back to the hackers. Researchers are hesitant to attribute the malware to Turla, but it appears the collected information is sent to an IP address based in Russia.
| | | A reminder from Dragos CEO Robert M. Lee: "It's ok to admit the Ukrainians and the Baltic states know more about Russia than anyone else. Not only is it ok - but it's a safe assumption. It's very odd to see people try to explain Russia policy to Ukraine. It's like international policy mansplaining. Russiasplaining."
| | | | A message from App Security Project, an initiative of the Taxpayers Protection Alliance Foundation: The world is seeing the evils of war on TV. The increasing and invisible cyberattacks being waged by nation-state actors and cybercriminals taking advantage of the geopolitical unrest cannot be ignored. The question is how Congress' legislative efforts will impact American tech companies' responses to this escalating situation. Currently, the American Innovation and Choice Online Act and the Open App Markets Act all pose imminent threats to the national security and Americans' personal mobile privacy and security. Learn more from the App Security Project and prevent Congress from passing ill-considered tech legislation:
https://appsecurityproject.org/news_post/antitrust-bills-empower-americas-adversaries-online/ | | | | | | — Intelligence briefings from the Ukraine security service appear to suggest that China launched a cyberattack against Ukrainian military and nuclear facilities in the lead-up to the Russian invasion. (The Sunday Times) — Two teenagers suspected of being in the Lapsus$ extortion gang were charged in a London court on Friday with hacking for the group. (BBC) — Controversial facial recognition company Clearview AI is starting to sell its technology to banks and other businesses. (The Associated Press) — The General Services Administration's Login.gov is still exploring how it can add facial recognition to its secure sign-on service. (Federal Computer Week) — A Mandiant shareholder is suing the threat intelligence company for allegedly misleading them about Google's $5.4 billion acquisition proposal. (Bloomberg) Chat soon. Stay in touch with the whole team: Eric Geller (egeller@politico.com); Konstantin Kakaes (kkakaes@politico.com) ; Maggie Miller (mmiller@politico.com); Sam Sabin (ssabin@politico.com); and Heidi Vogt (hvogt@politico.com). | | | | Follow us on Twitter | | | | Follow us | | | | |
No comments:
Post a Comment