Monday, June 12, 2023

House bill charts alternative path for water sector

Presented by SentinelOne: Delivered every Monday by 10 a.m., Weekly Cybersecurity examines the latest news in cybersecurity policy and politics.
Jun 12, 2023 View in browser
 
POLITICO's Weekly Cybersecurity newsletter logo

By John Sakellariadis

Presented by

SentinelOne

With help from Joseph Gedeon and Maggie Miller

Driving the Day

  A pair of lawmakers on the House Agriculture Committee is winning allies for a new bill to help the country’s rural water facilities fend off cyberattacks. Their secret? Taking cues from recent pushback to sector-wide mandates out of 1600 Pennsylvania Ave.

HAPPY MONDAY, and welcome to Morning Cybersecurity! “I’m pretty sure there is a lot more to life than being really, really good-looking, and I plan on finding out what that is.”

That’s how Derek Zoolander justified his stunning retirement from male modeling, and if you substitute the good-looking part for newsletter-writing, it’s more or less how I feel today, on what will be my last day shepherding this newsletter from my brain to your inboxes.

I’m off to a new cyber role within POLITICO. In my place you’ll get the very capable hands (and Hansel-esque hair) of Joseph Gedeon, who has reported on foreign affairs, disinformation and a whole lot more during stints at the AP, New York Public Radio and POLITICO.

Please welcome Joseph to the team. And while you’re at it, go grab an orange mocha frappuccino in his honor!

Got tips, feedback or other commentary? Send them to John at jsakellariadis@politico.com. You can also follow @POLITICOPro and @MorningCybersec on Twitter. Full team contact info is below.

A message from SentinelOne:

The SentinelOne Singularity Platform and Security DataLake is the only FedRAMP Authorized solution empowering centralized security operations in a world of big-data, decentralized IT. SentinelOne DELIVERS Industry leading, autonomous protection, detection, and response across attack surfaces. Unmatched cross-platform security analytics and intelligence with scalable, cost-effective long-term data retention. Expert-level, US-based personnel for deep-dive, comprehensive analysis, and active threat hunting. SentinelOne brings the most innovative and impactful cyber technology solutions to our federal government customers.

 
Today's Agenda

CISA Director Jen Easterly speaks at an Aspen Institute event on cybersecurity. 10 a.m. 

Rep. Andrew Garbarino (R-N.Y.) headlines an Axios panel discussion on cybersecurity. 3:30 p.m.

Reps. Darrell Issa (R-Calif.) and Raja Krishnamoorthi (D-Ill.) join CISA Executive Assistant Director for Cybersecurity Eric Goldstein and SolarWinds President and CEO Sudhakar Ramakrishna for a discussion on the national cyber strategy. 12:30 p.m.

CISA Deputy Director Nitin Natarajan delivers remarks on critical infrastructure protection at an American Water Works Association conference. 3:45 p.m.

 

GET READY FOR GLOBAL TECH DAY: Join POLITICO Live as we launch our first Global Tech Day alongside London Tech Week on Thursday, June 15. Register now for continuing updates and to be a part of this momentous and program-packed day! From the blockchain, to AI, and autonomous vehicles, technology is changing how power is exercised around the world, so who will write the rules? REGISTER HERE.

 
 

Want to receive this newsletter every weekday? Subscribe to POLITICO Pro. You’ll also receive daily policy news and other intelligence you need to act on the day’s biggest stories.

Critical Infrastructure

FOR HOGS, BUT NOT HOGWASH — A bipartisan duo of lawmakers on the House Agriculture Committee is testing a new blueprint for plugging digital holes in the water sector: don’t follow the White House’s example.

Last week, Reps. Don Davis (D-N.C.) and Zachary Nunn (R-Iowa) introduced a bill that would fold cybersecurity assistance into an Agriculture Department program aimed at providing technical and managerial expertise to small rural water facilities.

The legislation comes after a group of Republican attorneys general filed suit to block a White House-backed EPA directive requiring states to incorporate cybersecurity audits into agency sanitary surveys. While the lawsuit largely focuses on legal and procedural matters, industry groups have criticized the new rules as a one-size-fits-all approach to the sector — something the Cybersecurity for Rural Water Systems Act of 2023 tries to avoid, per Nunn.

The bill “is the reflection of a government that has … really overreached in a couple of areas, including the EPA,” the lawmaker told POLITICO over the weekend.

Keeping it small — Unlike the White House-led efforts, the Davis-Nunn bill is targeted at a fraction of the nation’s 52,000 drinking water and 16,000 wastewater systems: rural facilities serving fewer than 10,000 people.

While that may not sound like much, those entities play an outsized role in the food supply chain, Nunn said. A cyberattack that cuts the water supply to a single farm in the summer could “send 500 hogs to death” in 24 hours and “end that farming operation for the year,” he warned.

And keeping it voluntary — The bill also breaks from the White House model in carrying no mandates for water providers. Instead, it would give the USDA nearly $40 million over five years to expand its circuit rider program — a network of technical experts who provide as-needed support to rural water facilities.

According to Davis, the bill’s other backer, that funding is critical because rural facilities can’t afford in-house cyber expertise on their own. “Most rural communities don’t have the dedicated staff to prevent cyberattacks and keep members of their communities safe,” Davis told MC in a statement.

Charting a path — Nunn and Davis both told MC they are eyeing this year’s farm bill — an omnibus spending package that comes up for reauthorization roughly once every five years — as a pathway to move it into law.

And while there’s still plenty of congressional legwork to go to make it a reality, the bill is already winning converts in important places. The American Water Works Association and the National Rural Water Association, two industry groups that oppose the EPA directive, told MC over the weekend that they support the Nunn-Davis bill.

A little too easy? — Between its focus on a subset of the country’s water facilities and its emphasis on carrots not sticks, it might come as little surprise that this bill is finding fast friends — while the White House effort isn’t.

But Mark Montgomery, executive director of the CSC 2.0, an influential cyber policy organization, said a continued focus on smaller, well-crafted fixes like the Nunn-Davis bill could ultimately make a huge difference for the country’s security.

“It’s ironic,” Montgomery said. “Real success is a bunch of small provisions like this as much as big ones like the creation of the national cyber director.”

 

A message from SentinelOne:

Advertisement Image

 
The International Scene

CYBER DIPLOMACY IN ACTION — The government of Costa Rica is quickly putting into use $25 million in cybersecurity improvement funds given by the Biden administration earlier this year, the State Department’s cyber ambassador Nathaniel Fick said.

In a conversation with Maggie on Friday following a week-long trip to Costa Rica, Colombia and Panama, Fick said the funds — appropriated in the wake of multiple major ransomware attacks that impacted Costa Rican government services — are in the process of being used to train personnel and build a new cybersecurity center.

“I sat down for an hour with [Costa Rican] President [Rodrigo] Chaves, among many other conversations, and I think we have a good concrete action plan,” Fick said, noting that the plan will begin with the creation of a security operations center, or SOC, as a service.

“We are working with them to scope out how the national cybersecurity center should look like, and how to build it in a modern way,” Fick said. “This isn’t like bricks and mortar, this is a collection of software tools designed to work well together in a modern stack framework.”

Fick said the Costa Rican government is also working to provide civil servants with cybersecurity skills, and to grow this capacity. He pointed to challenges worldwide in addressing the cyber talent shortage, noting it’s a problem in Costa Rica as well as the United States.

— China, China, China: A major part of Fick’s discussions in all three countries was around building trusted telecommunications, in particular through encouraging the nations to forgo business with Chinese telecommunications giant Huawei, as he told your MC host ahead of the trip last week. Huawei has largely been blacklisted in the U.S. due to alleged national security concerns. Fick believes progress is being made on convincing allied nations to shy away from Huawei.

“My macro take is that the momentum is starting to shift in favor of the rules-based, consensus-driven, trust-centric approach to tech policy and infrastructure,” Fick said.

 

STEP INSIDE THE WEST WING: What's really happening in West Wing offices? Find out who's up, who's down, and who really has the president’s ear in our West Wing Playbook newsletter, the insider's guide to the Biden White House and Cabinet. For buzzy nuggets and details that you won't find anywhere else, subscribe today.

 
 
On the Hill

CYBER MARKUP TIME! — Between a House Armed Services Committee markup of the 2024 defense bill on Tuesday and a cyber-heavy Senate Homeland Security Committee markup on Wednesday, lawmakers on two key Congressional panels are about to throw their weight behind a slew of new cybersecurity provisions.

Here are a few things to watch:

Taiwan and ports — The chair of the House Armed Services cyber subcommittee, Rep. Mike Gallagher (R-Wisc.), also happens to chair the select committee on China, which recently put out a report outlining 10 policy recommendations for peace in the Taiwan Strait.

Among them are a series of cybersecurity provisions that are a safe bet to find their way into Tuesday’s markup: the expansion of the Port Security Grant Program to cover security improvements, and the Taiwan Cybersecurity Resiliency Act of 2023, a bipartisan bill to deliver U.S. cybersecurity support and training to Taipei.

Hospitals, awareness and teamwork — On Wednesday, the Senate Homeland and Government Security Committee will take a look at three cyber bills: one to give DHS the green light to assign cyber specialists to foreign nations, another to require CISA to raise public awareness about the important of digital security, and a third directing DHS to craft a workforce development strategy for rural hospitals.

Seeing as the chair of the committee, Gary Peters (D-Mich.), has already signed onto all three of those bills, it's safe to conclude the following: DHS and CISA are about to be one step closer to some big new homework assignments.

Tweet of the Weekend

I decree that this counts as a cyber tweet. Don’t agree? Kick me off the newsletter.

@shashj

Twitter

Quick Bytes

BITCOIN BUST: The Department of Justice has indicted two Russian nationals behind an infamous crypto heist that brought down Mt. Gox, once the world’s largest crypto exchange, as The Record’s just-married Jonathan Greig reports.

DPRK CRYPTO WINDFALL — North Korean state hackers have netted more than $3 billion in five years — and the Wall Street Journal’s Dustin Volz breaks down how they did it.

BIRD SITE SAFETY TEAM ON EDGE — Twitter’s Trust and Safety team is hanging in the balance, as Musk is refusing to pay the company’s Google Cloud Bill, Platformer’s Casey Newton and Zoe Schiffer report.

CALLS FOR EAST-WEST AI THAW — OpenAI’s Sam Altman wants the U.S. and China to team up in the name of AI safety, reports the Wall Street Journal’s Karen Hao.

Chat soon. 

Stay in touch with the whole team: John Sakellariadis (jsakellariadis@politico.com); Maggie Miller (mmiller@politico.com); Joseph Gedeon (jgedeon@politico.com); and Heidi Vogt (hvogt@politico.com).

A message from SentinelOne:

Today’s Federal Agencies are challenged by a growing list of adversaries operating in an increasingly complex cyber threat landscape. With staffing, expertise, and budget constraints, they are faced with managing multiple, disjointed security tools and increasing operational costs. At SentinelOne, we are uniquely positioned to help Agencies tackle these problems and combat our most aggressive and malicious adversaries.

The SentinelOne Singularity Platform delivers a single, unified console to manage the full breadth of AI-powered cybersecurity protection, detection, and response technologies for all-surface protection.

Our platform runs on the industry’s first and only unified, M-21-31 Security Data Lake that fuses SentinelOne and 3rd Party security data, threat hunting, deep-dive analytics, and autonomous enforcement into a single unified console.

Authorized through the FedRAMP program, the SentinelOne Platform and Security Data Lake are architected to surpass the stringent operational and security requirements, protecting our nation’s most critical and sensitive data and information.

 
 

Follow us on Twitter

Heidi Vogt @HeidiVogt

Maggie Miller @magmill95

John Sakellariadis @johnnysaks130

Joseph Gedeon @JGedeon1

 

Follow us

Follow us on Facebook Follow us on Twitter Follow us on Instagram Listen on Apple Podcast
 

To change your alert settings, please log in at https://www.politico.com/_login?base=https%3A%2F%2Fwww.politico.com/settings

This email was sent to edwardlorilla1986.paxforex@blogger.com by: POLITICO, LLC 1000 Wilson Blvd. Arlington, VA, 22209, USA

Please click here and follow the steps to unsubscribe.

No comments:

Post a Comment

Could CVS Health (CVS) Be a Safe Haven as Healthcare Costs Rise?

Healthcare costs in the U.S. are surging, placing significant financial pressure on consumers, insurers, and providers. The growing demand...