Monday, July 25, 2022

Congress eyes cyber to-do list ahead of August recess

Presented by App Security Project: Delivered every Monday by 10 a.m., Weekly Cybersecurity examines the latest news in cybersecurity policy and politics.
Jul 25, 2022 View in browser
 
POLITICO's Weekly Cybersecurity newsletter logo

By Maggie Miller

Presented by App Security Project

With help from Eric Geller and Daniel Lippman

Driving the Day

Congress has a long to-do list of cyber and tech-related legislation to consider and hearings to delve into before its six-week August recess.

HAPPY MONDAY, and welcome back to Morning Cybersecurity! I'm your host, Maggie Miller, and if you didn't get outside to pretend to enjoy the heat this weekend, you're in the minority, at least according to my social media feeds. I certainly enjoyed the sun, and I have the souvenirs to prove it … by which I mean dozens of mosquito bites and an awful sunburn.

Have any tips or secrets to share with MC? Or thoughts on what we should be covering? Email your MC hosts Eric Geller ( egeller@politico.com ) and Maggie Miller ( mmiller@politico.com ). You can also follow @POLITICOPro and @MorningCybersec on Twitter. Full team contact info is below. Let's dive in.

 

A message from App Security Project, an initiative of the Taxpayers Protection Alliance Foundation:

In a recent warning about the importance of practicing good cyber hygiene on your connected devices, the Cybersecurity and Infrastructure Security Agency explained the security risks associated with sideloading unvetted software applications. With proposed antitrust legislation, including the American Innovation and Choice Online Act and the Open App Markets Act, this potentially harmful practice is one Congress would REQUIRE device manufacturers to allow. Learn more from App Security Project about the dangers of sideloading HERE.

 
On the Hill

NO TIME BUT THE PRESENT— The House and Senate are headed into their final days in session before the weeks-long summer break with a packed schedule for cyber and tech legislation and hearings.

This week marks the last opportunity for the House before it breaks until after Labor Day, while the Senate will still be in session the first week of August. But the summer recess always serves as a long drought for legislation moving forward, putting pressure on lawmakers to make progress before leaving town.

— In the House: The House this week will consider legislation primarily sponsored by Rep. Gus Bilirakis (R-Fla.) that would increase oversight and reporting on ransomware attacks against U.S. groups carried out by a foreign country or a group tied to a foreign country, with an emphasis on Russia, China, Iran and North Korea. The House will also consider a measure sponsored by Rep. Deborah Ross (D-N.C.) to establish a scholarship program for graduate and postdoctoral students pursuing careers in energy and cybersecurity.

— In the Senate: The Senate has a longer to-do list, and is expected to vote on the CHIPS Act as early as today. The bill, which includes $52 billion in microchip subsidies, would also take steps to stop China and other foreign nations from stealing U.S. intellectual property, such as establishing a Research Security and Policy Office at the National Science Foundation. The slimmed-down CHIPS Act would also appropriate $13 billion over five years for STEM workforce and education efforts, including cybersecurity issues.

If the Senate approves the bill, the House could move to quickly take up the legislation at the end of the week.

The Senate has also not yet acted to pass its version of the 2023 National Defense Authorization Act, which the House approved earlier this month. The version approved by the Senate Armed Services Committee includes provisions to increase Cyber Command's funding for "hunt forward operations," which have assisted Ukraine to defend against cyberattacks in recent months, and to increase funds for artificial intelligence and cyber warfare operations.

— C-SPAN, so hot right now: Both the House and Senate are also squeezing in several high-profile cyber and tech-related hearings before breaking for the summer.

These include a House Intelligence Committee hearing this week on threats from foreign spyware; a House Science, Space and Technology Committee hearing on cyber risks to commercial space systems; and the examination of the latest FITARA scorecard by the House Oversight and Reform Committee. Next week, the Senate Foreign Relations Committee will hold a nomination hearing for Nathaniel Fick, President Joe Biden's nominee to serve as the first Ambassador-at-Large for Cyberspace and Digital Policy at the State Department.

 

A message from App Security Project, an initiative of the Taxpayers Protection Alliance Foundation:

Advertisement Image

 
White House

BIG WINS FOR CYBER — A White House summit resulted in a long list of actions that industry will take to address U.S. cyber workforce and education shortfalls.

The White House released a fact sheet late last week detailing planned steps following the July 19 cyber workforce summit from both the Biden administration and the private sector.

— Top-down: At the federal level, National Cyber Director Chris Inglis is working to develop a cyber workforce and education strategy, which Eric reported last week for Pros that Inglis noted will be completed in several months. Secretary of Commerce Gina Raimondo and Labor Secretary Martin Walsh kicked off a 120-day cyber apprenticeship sprint , and Susan Rice, director of the Domestic Policy Council, announced steps the Commerce Department and National Security Agency are taking to strengthen K-12 cybersecurity education.

— Public-private partnerships: There is no lack of interest from the private sector side on collaborating with the Biden administration to solve cyber workforce issues. Among the actions planned is a commitment from IBM to work with Historically Black Colleges and Universities and other Minority Serving Institutions to promote cyber education, while cybersecurity group Fortinet is making its information security training program available to U.S. K-12 institutions free of charge.

Nonprofit Girls Who Code is set to develop cybersecurity coding activity sets for middle and high school students, and technology group Cisco committed to provide cybersecurity training to 200,000 U.S. students over the next three years. The International Information System Security Certification Consortium, or (ISC)², pledged to provide its cyber certification exam and education program for free to one million individuals, half of whom will be from traditional minority groups.

This is not the first effort to address the cyber workforce gap, which a 2021 study from (ISC)² estimated stood at close to 3 million positions worldwide. Former President Donald Trump issued an executive order to address the cyber workforce shortage in 2019, and President Biden described the issue during a previous White House cyber workforce summit last year as "a challenge" as well as a "real opportunity."

 

The Women Rule series brings together rising stars, accomplished professionals, and women at the pinnacle of their careers to inform, empower and connect women across diverse sectors and career levels. Attendance to our quarterly in-person POLITICO Women Rule meetings, is by invitation-only. Join our interest list and learn more here .

 
 

Want to receive this newsletter every weekday? Subscribe to POLITICO Pro . You'll also receive daily policy news and other intelligence you need to act on the day's biggest stories.

Russia

MORE RUSSIAN WOES —  Experts are sounding the alarm about how private military contractors, or PMCs, affiliated with the Russian government are complicating U.S. efforts to counter Russian global cyber interference.

In a report published today , experts from the Atlantic Council's Cyber Statecraft Initiative and Digital Forensic Research Lab dive into the world of mercenary groups employed by the Russian government, warning there could be consequences in cyberspace if Moscow continues to "outsource activities" to these private paramilitary groups.

"It is likely that market demands for these capabilities…will drive them to increasingly develop or procure newer surveillance and cyber capabilities as well," the experts concluded in the report in reference to the PMCs. They warned that new spyware and ransomware variants could be purchased and used by the contractors, making them an increasingly formidable adversary that Russia could use to further its goals without direct involvement.

People on the Move

Jay Healey, who has been working at CISA part-time since 2020, has been detailed to the Office of the National Cyber Director to help Rob Knake prepare the administration's cyber strategy . Healey told MC that he'll likely be there for the next several months; the strategy is expected by October ... Alyssa Miller is now SVP and chief information security officer at legal and business services company Epiq Global. She most recently was business information security officer at S&P Global Ratings.

 

INTRODUCING POWER SWITCH: The energy landscape is profoundly transforming. Power Switch is a daily newsletter that unlocks the most important stories driving the energy sector and the political forces shaping critical decisions about your energy future, from production to storage, distribution to consumption. Don't miss out on Power Switch, your guide to the politics of energy transformation in America and around the world. SUBSCRIBE TODAY .

 
 
Tweet of the Day

CISA Director Jen Easterly offers up some Monday reads about the use of password managers: "I was doing a chat last week about the importance of cyber hygiene & got a question about password managers, so wanted to share a couple resources worth checking out…"

Quick Bytes

"FBI investigators determined Chinese-made Huawei equipment could disrupt US nuclear arsenal communications." (CNN)

— The Information Technology Council laid out its wish-list for the upcoming National Security Strategy.

Pro-choice hacktivists leaked massive amounts of data from evangelical organizations. (CyberScoop)

"DIY collective embeds abortion pill onto business cards, distributes them at hacker conference." (Vice Motherboard)

— New Air Force cyber chief details support for Europe amid ongoing conflict in Ukraine. (The Record)

Chat soon. 

Stay in touch with the whole team: Eric Geller ( egeller@politico.com ); Konstantin Kakaes ( kkakaes@politico.com ); Maggie Miller ( mmiller@politico.com ); and Heidi Vogt ( hvogt@politico.com ).

 

A message from App Security Project, an initiative of the Taxpayers Protection Alliance Foundation:

Cybersecurity experts throughout government agree that practicing good cyber hygiene - including only downloading apps from official app stores - is vitally important given mounting cyber threats from foreign actors and domestic hackers alike. We've seen the warnings from the FBI, the Department of Homeland Security, the National Security Agency, the Federal Trade Commission and more. So why is Congress considering legislation (the American Innovation and Choice Online Act and the Open App Markets Act) that would REQUIRE device manufacturers to allow unvetted app downloads? Learn more from App Security Project about how you can protect yourself and read the newest warning from the Cybersecurity and Infrastructure Security Agency HERE.

 
 

Follow us on Twitter

Heidi Vogt @HeidiVogt

Eric Geller @ericgeller

Maggie Miller @magmill95

Konstantin Kakaes @kkakaes

 

Follow us

Follow us on Facebook Follow us on Twitter Follow us on Instagram Listen on Apple Podcast
 

To change your alert settings, please log in at https://www.politico.com/_login?base=https%3A%2F%2Fwww.politico.com/settings

This email was sent to edwardlorilla1986.paxforex@blogger.com by: POLITICO, LLC 1000 Wilson Blvd. Arlington, VA, 22209, USA

Please click here and follow the steps to unsubscribe.

No comments:

Post a Comment

Welcome to Bernie Schaeffer's Award-Winning Option Advisor

Congratulations! By signing up for Option Advisor, you just took the first step towards becoming a successful trader and pot...