Ahead of LatAm swing, Nate Fick looks to Beijing

Delivered every Monday by 10 a.m., Weekly Cybersecurity examines the latest news in cybersecurity policy and politics.

Jun 05, 2023 View in browser   By John Sakellariadis — With help from Maggie Miller  Driving the Day — The nation’s top cyber diplomat is in Latin America this week as part of a renewed push to convince America’s neighbors to reduce their reliance on the Chinese telco giant. HAPPY MONDAY, and welcome to Morning Cybersecurity! First, the U.S. didn’t default on its debt. Then, we got a killer jobs report. But without a doubt the most important news of last week is how Aaron Judge literally ran through a wall to help the Yanks beat the Dodgers. Take that, D.C. Got tips, feedback or other commentary? Send them to John at jsakellariadis@politico.com. You can also follow @POLITICOPro and @MorningCybersec on Twitter. Full team contact info is below. Today's Agenda The Coast Guard’s National Maritime Security Advisory Committee holds a meeting by teleconference to discuss ways to enhance information-sharing on cyberthreats. 1 p.m.   GET READY FOR GLOBAL TECH DAY: Join POLITICO Live as we launch our first Global Tech Day alongside London Tech Week on Thursday, June 15. Register now for continuing updates and to be a part of this momentous and program-packed day! From the blockchain, to AI, and autonomous vehicles, technology is changing how power is exercised around the world, so who will write the rules? REGISTER HERE.     Want to receive this newsletter every weekday? Subscribe to POLITICO Pro. You’ll also receive daily policy news and other intelligence you need to act on the day’s biggest stories. The International Scene FEET IN LATAM, HEAD IN CHINA — Across a five-day swing through Costa Rica, Panama and Colombia that starts today, the nation’s top cyber diplomat has one unifying goal in mind: boxing Chinese telecom giant Huawei out of America’s backyard. Huawei has built a large market share in Latin America in part through aggressive, state-subsidized price-cutting, Nate Fick, the State Department’s ambassador at large for cyberspace and digital policy, told MC during a Sunday interview. But until recently, Fick said, the U.S. hasn’t done enough to make trusted suppliers competitive in foreign markets, where price often trumps politics. “We need to get more creative and assertive in our financing,” Fick told me. “We've been playing market competitive economics with these places, and the Chinese have been playing geopolitics.” Putting money where your mouth is — Fick is fresh off participating in the Trade and Technology Council meeting in Europe, where, among other things, the U.S. and the EU agreed to jointly finance and secure the rollout of new 5G infrastructure in Costa Rica. Fick said a major focus of the TTC discussions was how to get non-Western countries on board with trusted telecommunications providers — and that “operationalizing” some of those ideas was a key aim of his trip. The U.S. and the EU want to “see the footprints of trusted ICT infrastructures expanding, particularly in the Western Hemisphere and particularly among partners where we really need to have solid information sharing and intelligence sharing capabilities,” said Fick. Incentives align — In the context of 5G technology, a “trusted” supplier effectively means one of two companies, neither of them American: Sweden’s Ericsson or Finland’s Nokia. And while there are plenty of areas where the EU and U.S. are beginning to get testy over trans-Atlantic trade, as my POLITICO colleague Adam Behsudi reported on Saturday, telecommunications policy doesn’t appear to be one of them, at least in this case and at least according to Fick. “There's a nice alignment between European competitive interests and our desire to promote trust and connectivity, especially in Latin America,” he argued. Carrots and sticks — Fick struck a confident note when asked about the sales pitch he can make during his trip, even though Huawei can often outcompete those two suppliers on price. On one hand, the West is getting serious about offering more lending support, as the TTC-brokered deal illustrates. On the other, new Western export restrictions on high-end chips are undermining the long-term competitiveness of Huawei and other Chinese providers, he argued. But Fick’s sales pitch isn’t all dollars and cents. “I try to encourage our partners to think in terms of total cost of ownership,” he said, before invoking China’s reputation for coercing debtors to repay hefty borrowing bills with political favors, often referred to as “debt trap diplomacy.” “The real bill often has come in terms of geopolitical support,” Fick added. Money well spent — On the first leg of his trip, Fick is speaking on digital rights and responsible technology policy at the RightsCon Summit in Costa Rica. And outside the event, he’ll be pursuing another big goal on his agenda: checking in on the $25 million commitment the U.S. recently made San José as it recovered from a spate of crippling ransomware attacks in the summer of 2022. Thus far, Fick said, implementation of the grant is “going strong.” The U.S. announced the funding vehicle in late March, shortly after doling out $50 million to help Albania recover from a separate set of ransomware attacks attributed to Iranian state hackers. Stumping for cyber support — Asked whether we could see more of that type of assistance in the future, the cyber diplomat said he’s working with Congress, the State Department and the other agencies to forge consensus on the creation of a “dedicated cyber, digital and emerging tech assistance mechanism.” Fick argued that such a fund is essential to ensure the efficient provision of emergency cyber support to foreign nations. He also said it would offer a vehicle for the U.S. to enlist support from foreign partners. After all, Fick said, the U.S. can’t go writing $25 million checks after every cyberattack. “We can bet we're going to see a lot more of this, and we need to be ready to respond quickly,” Fick said. Yet, “we don't have the mechanism in place right now to do that.” Cyber Warfare BE WARY OF MOSCOW’S CLAIMS — When Russian spy agencies start lobbing scandalous accusations at their counterparts in the West, there’s at least two things to consider: what really happened, and what message the Kremlin is trying to send. Those issues have been top of mind for MC since Thursday, when Russia’s domestic spy agency, the FSB, accused the NSA of working with Apple to deploy spyware on the phones of thousands of diplomats — not all of them Russian — in the motherland. MC spent some time digging into the accusations to figure out what Moscow did prove — and why it said the things it can’t. Here's what MC found, and what you might want to keep in mind. Mixing fact and fiction — Russian disinformation operations tend to mix a kernel of truth in a web of insinuation — and in this case, that tincture of truthfulness came courtesy of Russian cybersecurity firm Kaspersky. Around the same time as the FSB’s Thursday announcement, Kaspersky published new research outlining slick and heretofore unseen iPhone spyware that had infected the phones of several of the firm’s employees. Kaspersky didn’t cite FSB allegations in its research (or vice versa), but predictably, everyone else drew a line from A to B. While the spyware is real, there’s no evidence the campaign has any connection to the NSA or Apple, even if the victims — Kaspersky employees, per the firm, and Russian and foreign diplomats, according to the FSB — meet the smell test for U.S. spooks. The same largely applies to Apple, though it's even less clear why a company which prides itself on user privacy would risk that reputation for ostensibly humdrum, state-on-state espionage. So why move forward with the claims?  — Moscow may be seeking to turn the tables on D.C., which regularly publishes information on the Kremlin’s cyber espionage activity, Dmitri Alperovitch, co-founder and executive chairman of the Silverado Policy Accelerator, told MC. Earlier this month, for example, the U.S. outed and dismantled prize malware FSB operatives had used for more than 20 years to snoop on Moscow’s enemies. But unlike in the West, Alperovitch cautioned, the FSB’s “reveal comes with no attribution detail and few technical indicators.” Another goal could be internal, argued Gavin Wilde, a senior fellow in the Technology and International Affairs Program at the Carnegie Endowment for International Peace. Wilde said it's possible the Kremlin is weaponizing the allegations to pressure staff to stop using iPhones — an effort that’s been ongoing since March, according to Russian media. “There’s potential for some pretext,” said Wilde, who also cited the payback theory of the accusations. Keep your eyes peeled — It’s possible that new information will come to light. But the bolder the claim, the higher the burden of proof. And thus far, we haven’t got much proof for the sauciest parts of Moscow’s claims. At the Agencies MARITIME BOARD MEETING — An independent DHS advisory panel that counsels the Coast Guard on sharing cyberthreat information between ships, ports and local, state and federal government meets today, amid growing concern on Capitol Hill about Chinese threats to the maritime sector. At the meeting, the National Maritime Security Advisory Committee will provide input to the Coast Guard on its Maritime Cyber Risk Assessment Model, per a meeting notice shared in the Federal Register. The meeting comes as U.S. lawmakers have expressed growing concern that China would seek to use cyberattacks to cripple military mobilization infrastructure, like ports, in the event of a cross-strait invasion of Taiwan. Two weeks ago, the government and Microsoft also warned that Chinese hacking groups were burrowing inside U.S. telecommunications infrastructure. Tweet of the Weekend Twitter Must-Reads NO EXCUSES FOR NO AI REGS — In a new Foreign Affairs essay, three experts in artificial intelligence argue that counter to popular belief, regulating artificial intelligence within the U.S. wouldn’t lend a major leg up to China. Quick Bytes SHOW ME THE CYBER GOODS — The Biden administration has offered little evidence to back up its claims that Section 702 of the Foreign Intelligence Surveillance Act is vital to investigating cyberattacks, writes CyberScoop’s Tonya Riley. STIRRING THINGS UP FROM THE CLOUD — The Treasury Department is sanctioning an Iranian cloud provider who helped the regime censor activists and protesters, per The Record’s James Reddick. PUTTING DPRK ON ALERT — The U.S and South Korea are warning about the threat of North Korean hacking against academics, journalists and think tankers, The Record’s Daryna Antoniuk reports. CANADA ON WATCH — Canada is facing growing cyberthreats, warns the country’s defense minister. (Reuters) Chat soon.  Stay in touch with the whole team: John Sakellariadis (jsakellariadis@politico.com); Maggie Miller (mmiller@politico.com); and Heidi Vogt (hvogt@politico.com).   DON’T MISS POLITICO’S HEALTH CARE SUMMIT: The Covid-19 pandemic helped spur innovation in health care, from the wide adoption of telemedicine, health apps and online pharmacies to mRNA vaccines. But what will the next health care innovations look like? Join POLITICO on Wednesday June 7 for our Health Care Summit to explore how tech and innovation are transforming care and the challenges ahead for access and delivery in the United States. REGISTER NOW.       Follow us on Twitter Heidi Vogt @HeidiVogt Maggie Miller @magmill95 John Sakellariadis @johnnysaks130   Follow us

To change your alert settings, please log in at https://www.politico.com/_login?base=https%3A%2F%2Fwww.politico.com/settings This email was sent to edwardlorilla1986.paxforex@blogger.com by: POLITICO, LLC 1000 Wilson Blvd. Arlington, VA, 22209, USA Please click here and follow the steps to unsubscribe.