Monday, July 18, 2022

Will the Saudis help the U.S. beat Huawei?

Presented by App Security Project: Delivered every Monday by 10 a.m., Weekly Cybersecurity examines the latest news in cybersecurity policy and politics.
Jul 18, 2022 View in browser
 
POLITICO's Weekly Cybersecurity newsletter logo

By Eric Geller

Presented by App Security Project

Driving the Day

— A big win against China? A new cyber agreement between the U.S. and Saudi Arabia could boost Western goals of protecting telecom networks from Beijing's hackers — but the details of the deal remain unclear.

HAPPY MONDAY, and welcome back to Morning Cybersecurity! I'm your host, Eric Geller, and today's a big day — we're officially debuting a new version of MC, focused on the forward-looking news you all love and know, but snappier, streamlined and even more actionable.

Everything you know and love about Morning Cyber is still here — our sharp analysis and exclusive news, a daily rundown of the day's events and even a funny cyber tweet to round things out. But we've tightened our focus to make sure we're bringing you only the biggest, most actionable news that you really need.

We want our newsletter to serve you, our loyal reader. Let us know what you think of this new format — what's working and what could use some improvement. Email me (egeller@politico.com ) or my fellow MC fill-in host Maggie Miller (mmiller@politico.com).

And as always: Have any tips or secrets to share with MC? Or thoughts on what we should be covering? You can email us about those things, too. You can also follow @POLITICOPro and @MorningCybersec on Twitter. Full team contact info is below. Let's dive in.

 

A message from App Security Project, an initiative of the Taxpayers Protection Alliance Foundation:

In a recent warning about the importance of practicing good cyber hygiene on your connected devices, the Cybersecurity and Infrastructure Security Agency explained the security risks associated with sideloading unvetted software applications. With proposed antitrust legislation, including the American Innovation and Choice Online Act and the Open App Markets Act, this potentially harmful practice is one Congress would REQUIRE device manufacturers to allow. Learn more from App Security Project about the dangers of sideloading HERE.

 

Want to receive this newsletter every weekday? Subscribe to POLITICO Pro. You'll also receive daily policy news and other intelligence you need to act on the day's biggest stories.

The International Scene

TAKE THAT, HUAWEI — As President Joe Biden returns to Washington from his Middle East trip, U.S. and Saudi officials are beginning to implement a pair of cybersecurity agreements that the two countries announced during Biden's visit to Jeddah.

One of the agreements is a cybersecurity partnership between CISA, the FBI and Saudi Arabia's National Cybersecurity Authority. But the other — a deal between the U.S. and Saudi telecom agencies to foster private-sector collaboration on the rollout of 5G networks — could give the U.S. a boost in its battle with China over the security of next-generation telecom networks.

As part of the deal, Saudi Arabia "will invest in new U.S.-led technology to develop and secure reliable 5G and 6G networks," Biden told reporters in Jeddah. This technology, known as Open Radio Access Network or Open RAN, emphasizes interoperable, rather than proprietary, technologies, making it easier to combine pieces of different vendors' infrastructure.

— Taking on the giant: Saudi Arabia's support is a badly needed win for the U.S. in its efforts to promote Western 5G technology in a region where the Chinese vendor Huawei is dominant. "Huawei technology is widely deployed in the Middle East and due to Chinese government subsidies, it's hard for other companies to compete," said a senior administration official, who requested anonymity to candidly discuss the White House's goals.

— Driving a hard bargain: Cloud-based Open RAN technologies carry significant cost advantages that should make them attractive in markets where Chinese subsidies would otherwise carry the day, the senior administration official said.

And it's not just about phone networks: The 5G and 6G technology at the heart of the new U.S.–Saudi partnership could someday power all kinds of equipment. "The intention is to scale it to applications built on 5G which could include, for example, remote management of devices in the energy grid," said the senior administration official.

But all we have so far are words. The official said the Saudis "have agreed to do a pilot Open RAN deployment" through the new partnership, and the White House fact sheet mentions a "significant" Saudi financial investment as part of a broader G7 infrastructure plan. But it's unclear how big the pilot will be, how the Saudis will evaluate whether to proceed with more Western 5G purchases or what companies are involved.

At the White House

ON DECK FROM INGLIS — As National Cyber Director Chris Inglis staffs up, he's moving forward with more than half a dozen projects that span the full range of the portfolio that Congress gave him. Here's what he said he's working on during a recent interview with your MC host, POLITICO's Daniel Lippman and West Wing Playbook's Alex Thompson:

— Put your money where your mouth is: Inglis' team has issued guidance to agencies about "how they should think about cyber," who's accounting for agencies' cybersecurity outcomes and how they're budgeting for those goals.

— Supporting the private sector: Inglis and his aides are conducting a "sector-by-sector review" of the regulations issued by the agencies responsible for various critical infrastructure industries, as well as how those agencies see their responsibilities and the services they can offer to industry.

— Supply chain security: Inglis' office is developing criteria to determine when certain technology should be considered too risky given its provenance, as well as launching still-unspecified "software security and resilience initiatives."

Inglis is also contributing to Biden administration reviews of the cybersecurity components of all new infrastructure projects being funded by the bipartisan law that Congress passed last November. Transportation Secretary Pete Buttigieg and Mitch Landrieu, Biden's infrastructure coordinator, both want to ensure that these projects are cyber-secure for the long term, Inglis said, and they've "invited organizations like mine to the table to ensure that we describe those [security needs] upfront and that we build in whatever those attributes should be to the [initial spending] plan."

How much does Biden focus on cybersecurity? "He is as focused on this as I think a president should be," Inglis said.

— Read on: Inglis also discussed the lessons the administration learned about regulation from the TSA pipeline backlash and the initial speed bumps he faced in setting up his office.

 

A message from App Security Project, an initiative of the Taxpayers Protection Alliance Foundation:

Advertisement Image

 
On the Hill

KEEP AN EYE ON THEM — Now that the House has passed its version of the National Defense Authorization Act , it's time to see what the Senate keeps and what it jettisons in its version, setting up conflicts between the two chambers that will test lawmakers' commitments to preserving their pet projects and priority amendments. As this process unfolds, here are some of the cyber-related amendments in the House bill that Pros should be watching:

— Encryption: A provision from Rep. Tom Malinowski (D-N.J.) and colleagues would ban the use of federal funding to "require, support, pay, or otherwise induce" tech companies to build backdoors in their encryption to help law enforcement decrypt data during their investigations. The encryption debate has been quiet for several years now, but people on both sides of the debate agree the resumption of hostilities could only be one tragedy away.

— Satellites: Malinowski, along with a bipartisan group of House members, inserted language requiring CISA to publish resources for protecting satellites from cyberattacks and requiring GAO to study the adequacy of federal cyber support to satellite operators. Legislative attention to the cybersecurity of space systems is growing, with Sens. Gary Peters (D-Mich.) and John Cornyn (R-Texas) introducing a related bill, S. 3511, in January.

— Suing over nation-state hacks: One amendment with broad bipartisan support would amend the Foreign Sovereign Immunities Act to allow Americans to sue foreign governments for cyberattacks they launch. Past changes to the FSIA have been controversial, but with foreign government hackers responsible for so many breaches of U.S. companies, there's clearly broad congressional support for creating a new legal tool to respond to them.

Pentagon

HELP WANTED — The Pentagon is looking for a new director for its Defense Innovation Unit, the team that short-circuits military bureaucracy to quickly integrate cutting-edge private-sector technology into Defense Department operations. Michael Brown, the unit's current director, is leaving in September.

Cybersecurity is one of DIU's six priority areas, with the unit adopting technology to defend Pentagon networks and break into enemy systems. DIU has also explored ways to speed up communications over cloud services , developing technology that could be useful for other agencies as well. The team has a partnership with CISA's "innovation hub" to coordinate on the adoption of new technologies in areas ranging from mobile security to threat intelligence.

Tweet of the Day

Thought-provoking question from cyber firm founder Luke Stephens: "When you step back and take a look at cybersecurity on the whole, would you say the good guys are winning, or losing?"

Quick Bytes

Despite some embarrassing leaks, the TrickBot ransomware group remains a major threat. (CyberScoop)

A hacker released internal data from the video game company Roblox, including players' personal information.

Chat soon. 

Stay in touch with the whole team: Eric Geller (egeller@politico.com); Konstantin Kakaes (kkakaes@politico.com); Maggie Miller ( mmiller@politico.com); and Heidi Vogt (hvogt@politico.com).

 

A message from App Security Project, an initiative of the Taxpayers Protection Alliance Foundation:

Cybersecurity experts throughout government agree that practicing good cyber hygiene - including only downloading apps from official app stores - is vitally important given mounting cyber threats from foreign actors and domestic hackers alike. We've seen the warnings from the FBI, the Department of Homeland Security, the National Security Agency, the Federal Trade Commission and more. So why is Congress considering legislation (the American Innovation and Choice Online Act and the Open App Markets Act) that would REQUIRE device manufacturers to allow unvetted app downloads? Learn more from App Security Project about how you can protect yourself and read the newest warning from the Cybersecurity and Infrastructure Security Agency HERE.

 
 

Follow us on Twitter

Heidi Vogt @HeidiVogt

Eric Geller @ericgeller

Maggie Miller @magmill95

Konstantin Kakaes @kkakaes

 

Follow us

Follow us on Facebook Follow us on Twitter Follow us on Instagram Listen on Apple Podcast
 

To change your alert settings, please log in at https://www.politico.com/_login?base=https%3A%2F%2Fwww.politico.com/settings

This email was sent to edwardlorilla1986.paxforex@blogger.com by: POLITICO, LLC 1000 Wilson Blvd. Arlington, VA, 22209, USA

Please click here and follow the steps to unsubscribe.

No comments:

Post a Comment

Your Weekly Recommended Reads

Powered by AI, personalised for you Catch up on key news and analysis from the week gone by with The Business of Fashion's My...