House cyber goes Euro

Delivered every Monday by 10 a.m., Weekly Cybersecurity examines the latest news in cybersecurity policy and politics.

Jul 05, 2023 View in browser   By Joseph Gedeon — With help from Maggie Miller Driving the day — Cyber lawmakers say they’ve picked up new ideas on how to tackle crypto crime and other issues after a weeklong trip across Europe. HAPPY WEDNESDAY, and welcome to Morning Cybersecurity! Also happy National Workaholics Day — I know you’re all celebrating if you’re reading a newsletter the morning after meeting friends for barbecues and fireworks on the slightly more popular July Fourth holiday. Got tips, feedback or other commentary? Send them to Joseph at jgedeon@politico.com. You can also follow @POLITICOPro and @MorningCybersec on Twitter. Full team contact info is below.   JOIN 7/11 FOR A TALK ON THE FAA’S FUTURE: Congress is making moves to pass the FAA Reauthorization Act, laying the groundwork for the FAA’s long-term agenda to modernize the aviation sector to meet the challenges of today and innovate for tomorrow. Join POLITICO on July 11 to discuss what will make it into the final reauthorization bill and examine how reauthorization will reshape FAA’s priorities and authorities. REGISTER HERE.     Want to receive this newsletter every weekday? Subscribe to POLITICO Pro. You’ll also receive daily policy news and other intelligence you need to act on the day’s biggest stories. The International Scene EUROTRIP — A gang of cybersecurity lawmakers told us they have new ideas for how to regulate crime online after a weeklong trip to the U.K., the Netherlands and Estonia. It’s not quite the postcard takeaway you’d expect from a group of Americans traveling around Europe in the summer. But the CODEL of House cyber subcommittee Chair Andrew Garbarino (R-N.Y.) and Reps. Dave Joyce (R-Ohio), Eric Swalwell (D-Calif.) and Rob Menendez (D-N.J) said there are definitely lessons to be learned from some of the continent’s top foreign, defense and cyber officials. We spoke to the lawmakers on a group call when they touched back down in Washington and — much like the plot in every other coming-of-age movie set in Europe — the specific details were hard to come by. Here are a few takeaways we gathered from the Eurotrippers. — The future is now: One concept, in particular, that struck a chord with some of the lawmakers in their meeting with Estonia’s Secret Service was a proposal to provide the agency with additional authority to investigate crimes related to digital currency. “It's something that we're gonna have further discussion on whether or not the Homeland Security Committee wants to move a bill forward,” Garbarino said. “I think that's something that I want to talk to [HSC] Chairman [Mark] Green about.” — Cyber jobs: But to add more responsibilities to domestic agencies would only heighten the need to churn out more cybersecurity professionals — something the public sector is already struggling with. A solution the lawmakers discussed with counterparts on the trip to address the workforce shortfall was to consider establishing a “Cyber Academy,” or to at least work with schools to get younger people more actively interested in the industry. — Ukraine and beyond: The common thread pulled from the meetings with NATO cyber officials, cyber attachés, and foreign and defense ministries across the countries is that continuing support for cyber, military and humanitarian aid to Ukraine remains important, though specific numbers weren’t a part of the discussion. The lawmakers believe the lessons learned by their counterparts would be “very helpful” in the case of another war, whether it’s between Russia and another country, or China and Taiwan. And while the lawmakers didn’t visit Ukraine or meet with any Ukrainian officials on the trip, the Eastern European country is “probably on the list” of countries to visit on a future CODEL, Garbarino said. On the Hill DEFEND THE NETWORKS — The House Rules Committee is set Friday to screen amendments to be considered on the House floor for addition to the chamber’s version of the annual National Defense Authorization Act. Here’s what we noticed among the more than 1,400 amendments: — Critical infrastructure: Be on the lookout for a measure from Rep. Vicente Gonzalez (D-Texas) requiring the Department of Homeland Security to work with the Department of Defense to conduct threat assessments of technologies used at the U.S. border. Another is an amendment from Rep. Mike Gallagher (R-Wis.), chair of the House Armed Services Committee’s cyber subcommittee, requiring all major air carriers to carry out annual cybersecurity assessments. — It’s all in the sender: It’s safe to say House Homeland Security Committee Chair Mark Green (R-Tenn.) has sway in his own congregation, so keep an eye on his amendment requiring DOD to report to Congress what it needs to ensure the National Guard has a state-level cyber unit to help individual states respond to attacks. — Allies in the Middle East: If your name is on the Abraham Accords — a normalization agreement between Israel and some Arab states — you may be getting a boost to your cyber resilience. One amendment is the House version of a bipartisan Senate bill introduced earlier this year to formally authorize cybersecurity cooperation between DHS and countries signed on to the Abraham Accords: Bahrain, the United Arab Emirates, Israel and Morocco. — Crystal ball: Cybersecurity measures are typically among the more bipartisan elements of the NDAA process, and it’s unclear which of the many amendments submitted will be filtered out in committee. Still, the House Armed Services Committee unanimously agreed to dozens of amendments submitted by the panel’s cybersecurity subcommittee during the full markup of the House NDAA last month. Cybercrime JOURNALIST FOR MALWARE DEVELOPER? — Suspected Russian cybercriminal Vladimir Dunaev is being floated as a prisoner exchange option for detained American journalist Evan Gershkovich, according to Russian state media reports on Tuesday, quoting Kremlin press secretary Dmitry Peskov. Dunaev was arrested in South Korea and extradited to Ohio in 2021 for his role in deploying “Trickbot,” a trojan originally used to steal financial information that has since evolved into a multi-stage malware. Its millions of victims span the globe and include schools, banks, governments and health care companies, the Justice Department said at the time of the arrest. Dunaev is said to have stolen money and confidential information, and damaged computer systems through his role as a malware developer for the Trickbot Group. The Wall Street Journal’s Gershkovich was arrested while on a reporting trip to Russia in March and is being held on charges of espionage. Russian authorities have not provided evidence to support his detainment. At the Agencies ATTACKING THE HIVE — The FBI's takedown of notorious cybercrime gang Hive this year revealed a new approach to quashing foreign ransomware groups: foregoing actual arrests. Agents in Florida dismantled Hive by hacking into its network and helping targeted organizations unlock their own systems. It’s a strategy that was once inconceivable for the old guard, but is part of shifting attitudes in an evolving cyber landscape where most threat actors operate outside of U.S. jurisdiction. It’s also estimated to have saved victims worldwide roughly $130 million, the FBI said. — There’s a cost: Even though the operation was broken wide open, the sting was long and labor-intensive. And because there were no arrests, the criminals are still at large and can regroup again. Get the details from John, who spoke to FBI officials for the inside scoop on their digital sabotage mission against Hive. Tweet of the Day Always trust zero-trust. Quick Bytes RUSSIAN SURVEILLANCE TOOLS — A document leak reveals how software being used by Russian spies can find ways to monitor activities on encrypted apps like Signal and WhatsApp. While the program can’t intercept messages, it can track your relationship network, Aaron Krolik, Paul Mozur and Adam Satariano report for The New York Times. NORDIC COUNTRIES UNITE — Denmark, Finland, Iceland, Norway and Sweden are set to invest more than $2 billion combined to upgrade their military and national cyber defenses over the next three years, according to their defense spending plans. Gerard O’Dwyer at DefenseNews has the details. “COVID-19 digital contact tracing worked — heed the lessons for future pandemics” –  (Nature)  Chat soon.  Stay in touch with the whole team: Joseph Gedeon (jgedeon@politico.com); John Sakellariadis (jsakellariadis@politico.com); Maggie Miller (mmiller@politico.com); and Heidi Vogt (hvogt@politico.com). —---------------   STEP INSIDE THE WEST WING: What's really happening in West Wing offices? Find out who's up, who's down, and who really has the president’s ear in our West Wing Playbook newsletter, the insider's guide to the Biden White House and Cabinet. For buzzy nuggets and details that you won't find anywhere else, subscribe today.       Follow us on Twitter Heidi Vogt @HeidiVogt Maggie Miller @magmill95 John Sakellariadis @johnnysaks130 Joseph Gedeon @JGedeon1   Follow us

To change your alert settings, please log in at https://www.politico.com/_login?base=https%3A%2F%2Fwww.politico.com/settings This email was sent to edwardlorilla1986.paxforex@blogger.com by: POLITICO, LLC 1000 Wilson Blvd. Arlington, VA, 22209, USA Please click here and follow the steps to unsubscribe.