| | | | |  | | By Maggie Miller | Presented by App Security Project | With help from Eric Geller and Daniel Lippman
| | | — Congress has a long to-do list of cyber and tech-related legislation to consider and hearings to delve into before its six-week August recess. HAPPY MONDAY, and welcome back to Morning Cybersecurity! I'm your host, Maggie Miller, and if you didn't get outside to pretend to enjoy the heat this weekend, you're in the minority, at least according to my social media feeds. I certainly enjoyed the sun, and I have the souvenirs to prove it … by which I mean dozens of mosquito bites and an awful sunburn. Have any tips or secrets to share with MC? Or thoughts on what we should be covering? Email your MC hosts Eric Geller ( egeller@politico.com ) and Maggie Miller ( mmiller@politico.com ). You can also follow @POLITICOPro and @MorningCybersec on Twitter. Full team contact info is below. Let's dive in.
| | | | A message from App Security Project, an initiative of the Taxpayers Protection Alliance Foundation: In a recent warning about the importance of practicing good cyber hygiene on your connected devices, the Cybersecurity and Infrastructure Security Agency explained the security risks associated with sideloading unvetted software applications. With proposed antitrust legislation, including the American Innovation and Choice Online Act and the Open App Markets Act, this potentially harmful practice is one Congress would REQUIRE device manufacturers to allow. Learn more from App Security Project about the dangers of sideloading HERE. | | | | | | NO TIME BUT THE PRESENT— The House and Senate are headed into their final days in session before the weeks-long summer break with a packed schedule for cyber and tech legislation and hearings. This week marks the last opportunity for the House before it breaks until after Labor Day, while the Senate will still be in session the first week of August. But the summer recess always serves as a long drought for legislation moving forward, putting pressure on lawmakers to make progress before leaving town. — In the House: The House this week will consider legislation primarily sponsored by Rep. Gus Bilirakis (R-Fla.) that would increase oversight and reporting on ransomware attacks against U.S. groups carried out by a foreign country or a group tied to a foreign country, with an emphasis on Russia, China, Iran and North Korea. The House will also consider a measure sponsored by Rep. Deborah Ross (D-N.C.) to establish a scholarship program for graduate and postdoctoral students pursuing careers in energy and cybersecurity. — In the Senate: The Senate has a longer to-do list, and is expected to vote on the CHIPS Act as early as today. The bill, which includes $52 billion in microchip subsidies, would also take steps to stop China and other foreign nations from stealing U.S. intellectual property, such as establishing a Research Security and Policy Office at the National Science Foundation. The slimmed-down CHIPS Act would also appropriate $13 billion over five years for STEM workforce and education efforts, including cybersecurity issues. If the Senate approves the bill, the House could move to quickly take up the legislation at the end of the week. The Senate has also not yet acted to pass its version of the 2023 National Defense Authorization Act, which the House approved earlier this month. The version approved by the Senate Armed Services Committee includes provisions to increase Cyber Command's funding for "hunt forward operations," which have assisted Ukraine to defend against cyberattacks in recent months, and to increase funds for artificial intelligence and cyber warfare operations. — C-SPAN, so hot right now: Both the House and Senate are also squeezing in several high-profile cyber and tech-related hearings before breaking for the summer. These include a House Intelligence Committee hearing this week on threats from foreign spyware; a House Science, Space and Technology Committee hearing on cyber risks to commercial space systems; and the examination of the latest FITARA scorecard by the House Oversight and Reform Committee. Next week, the Senate Foreign Relations Committee will hold a nomination hearing for Nathaniel Fick, President Joe Biden's nominee to serve as the first Ambassador-at-Large for Cyberspace and Digital Policy at the State Department.
| | | | A message from App Security Project, an initiative of the Taxpayers Protection Alliance Foundation:   | | | | | | BIG WINS FOR CYBER — A White House summit resulted in a long list of actions that industry will take to address U.S. cyber workforce and education shortfalls. The White House released a fact sheet late last week detailing planned steps following the July 19 cyber workforce summit from both the Biden administration and the private sector. — Top-down: At the federal level, National Cyber Director Chris Inglis is working to develop a cyber workforce and education strategy, which Eric reported last week for Pros that Inglis noted will be completed in several months. Secretary of Commerce Gina Raimondo and Labor Secretary Martin Walsh kicked off a 120-day cyber apprenticeship sprint , and Susan Rice, director of the Domestic Policy Council, announced steps the Commerce Department and National Security Agency are taking to strengthen K-12 cybersecurity education. — Public-private partnerships: There is no lack of interest from the private sector side on collaborating with the Biden administration to solve cyber workforce issues. Among the actions planned is a commitment from IBM to work with Historically Black Colleges and Universities and other Minority Serving Institutions to promote cyber education, while cybersecurity group Fortinet is making its information security training program available to U.S. K-12 institutions free of charge. Nonprofit Girls Who Code is set to develop cybersecurity coding activity sets for middle and high school students, and technology group Cisco committed to provide cybersecurity training to 200,000 U.S. students over the next three years. The International Information System Security Certification Consortium, or (ISC)², pledged to provide its cyber certification exam and education program for free to one million individuals, half of whom will be from traditional minority groups. This is not the first effort to address the cyber workforce gap, which a 2021 study from (ISC)² estimated stood at close to 3 million positions worldwide. Former President Donald Trump issued an executive order to address the cyber workforce shortage in 2019, and President Biden described the issue during a previous White House cyber workforce summit last year as "a challenge" as well as a "real opportunity."
| | | | The Women Rule series brings together rising stars, accomplished professionals, and women at the pinnacle of their careers to inform, empower and connect women across diverse sectors and career levels. Attendance to our quarterly in-person POLITICO Women Rule meetings, is by invitation-only. Join our interest list and learn more here . | | | | | Want to receive this newsletter every weekday? Subscribe to POLITICO Pro . You'll also receive daily policy news and other intelligence you need to act on the day's biggest stories.
| | | MORE RUSSIAN WOES — Experts are sounding the alarm about how private military contractors, or PMCs, affiliated with the Russian government are complicating U.S. efforts to counter Russian global cyber interference. In a report published today , experts from the Atlantic Council's Cyber Statecraft Initiative and Digital Forensic Research Lab dive into the world of mercenary groups employed by the Russian government, warning there could be consequences in cyberspace if Moscow continues to "outsource activities" to these private paramilitary groups. "It is likely that market demands for these capabilities…will drive them to increasingly develop or procure newer surveillance and cyber capabilities as well," the experts concluded in the report in reference to the PMCs. They warned that new spyware and ransomware variants could be purchased and used by the contractors, making them an increasingly formidable adversary that Russia could use to further its goals without direct involvement.
| | | Jay Healey, who has been working at CISA part-time since 2020, has been detailed to the Office of the National Cyber Director to help Rob Knake prepare the administration's cyber strategy . Healey told MC that he'll likely be there for the next several months; the strategy is expected by October ... Alyssa Miller is now SVP and chief information security officer at legal and business services company Epiq Global. She most recently was business information security officer at S&P Global Ratings.
| | | | INTRODUCING POWER SWITCH: The energy landscape is profoundly transforming. Power Switch is a daily newsletter that unlocks the most important stories driving the energy sector and the political forces shaping critical decisions about your energy future, from production to storage, distribution to consumption. Don't miss out on Power Switch, your guide to the politics of energy transformation in America and around the world. SUBSCRIBE TODAY . | | | | | | | | CISA Director Jen Easterly offers up some Monday reads about the use of password managers: "I was doing a chat last week about the importance of cyber hygiene & got a question about password managers, so wanted to share a couple resources worth checking out…"
| | | — "FBI investigators determined Chinese-made Huawei equipment could disrupt US nuclear arsenal communications." (CNN) — The Information Technology Council laid out its wish-list for the upcoming National Security Strategy. — Pro-choice hacktivists leaked massive amounts of data from evangelical organizations. (CyberScoop) — "DIY collective embeds abortion pill onto business cards, distributes them at hacker conference." (Vice Motherboard) — New Air Force cyber chief details support for Europe amid ongoing conflict in Ukraine. (The Record) Chat soon. Stay in touch with the whole team: Eric Geller ( egeller@politico.com ); Konstantin Kakaes ( kkakaes@politico.com ); Maggie Miller ( mmiller@politico.com ); and Heidi Vogt ( hvogt@politico.com ).
| | | | A message from App Security Project, an initiative of the Taxpayers Protection Alliance Foundation: Cybersecurity experts throughout government agree that practicing good cyber hygiene - including only downloading apps from official app stores - is vitally important given mounting cyber threats from foreign actors and domestic hackers alike. We've seen the warnings from the FBI, the Department of Homeland Security, the National Security Agency, the Federal Trade Commission and more. So why is Congress considering legislation (the American Innovation and Choice Online Act and the Open App Markets Act) that would REQUIRE device manufacturers to allow unvetted app downloads? Learn more from App Security Project about how you can protect yourself and read the newest warning from the Cybersecurity and Infrastructure Security Agency HERE. | | | | | | | Follow us on Twitter | | | | Follow us | | | | |
No comments:
Post a Comment