Cyber summer school

Delivered every Monday by 10 a.m., Weekly Cybersecurity examines the latest news in cybersecurity policy and politics.

Aug 07, 2023 View in browser   By Joseph Gedeon Driving the day — The White House is hosting a cyber education summit for educators nationwide and after that, CISA could be coming to a school near you. HAPPY MONDAY, and welcome to Morning Cybersecurity! I spent the weekend getting lost in hotels all along the Vegas Strip in my quest for delicious food. If you see me wandering around at Black Hat or Def Con deep in thought this week, come save me — I’m still lost! Have any tips or secrets to share with MC? Or thoughts on what we should be covering? Email me at jgedeon@politico.com. You can also follow @POLITICOPro and @MorningCybersec on X. Full team contact info is below. Let’s dive in.   YOUR TICKET INSIDE THE GOLDEN STATE POLITICAL ARENA: California Playbook delivers the latest intel, buzzy scoops and exclusive coverage from Sacramento and Los Angeles to Silicon Valley and across the state. Don't miss out on the daily must-read for political aficionados and professionals with an outsized interest in California politics, policy and power. Subscribe today.     Want to receive this newsletter every weekday? Subscribe to POLITICO Pro. You’ll also receive daily policy news and other intelligence you need to act on the day’s biggest stories. Today's Agenda First Lady Jill Biden, Homeland Security Secretary Alejandro Mayorkas and Education Secretary Miguel Cardona are at the White House for a cybersecurity summit for K-12 schools. 4 p.m. At the White House BUELLER? BUELLER? — School’s out for the summer, that is unless you plan on protecting your classroom from state-backed ransomware attacks. To better shield the country’s increasingly virtual education system from incoming cyberattacks, the White House is convening its top squad at a cyber summit for K-12 schools this afternoon. — CISA training sessions: America’s premier cyber agency is posturing to deliver tailored assessments, facilitate exercises and offer cybersecurity training to 300 new K-12 “entities” (CISA wouldn’t identify more specifically) over the incoming school year. Expect those exercises to come about once a month, 12 times a year (does that mean homework in the summer?) and are meant to help schools identify their own cyber risks. — Hold up: Administration officials are not promising new federal regulations to address the problem, instead casting today's events at the White House as a first step to action. — Enter the industry groups: It’s hard enough to spread limited resources within school budgets, let alone ward off cybercriminals tripping up infrastructure systems with ransomware attacks. Some IT and software giants including Amazon Web Services, Cloudflare and Google are joining the Biden administration to emphasize the need for post-attack monitoring through grant funding and free services. Among the offerings is a $20 million cyber grant commitment from AWS available to school districts and state departments of education as well as no-cost cyber incident response assistance, with Cloudflare offering public school districts with under 2,500 students a suite of free Zero Trust cybersecurity solutions. Those measures could go a long way, considering schools that do invest in cyber mainly focus on preventative controls before an attack. “Schools don’t invest in monitoring and response, so they’re unable to control the impact of an event,” said Michael Hamilton, former CISO for the city of Seattle and founder of PISCES, which helps train students to become cyber analysts. “They're just not in a situation where they can monitor their networks.” — Disinfo strikes back: The White House’s long-awaited cyber workforce and education strategy released last week called for “foundational cyber skills” to be taught to the general population — and is again repeated as a K-12 cyber protection tactic. This could very well be a side door for realizing the Department of Homeland Security’s shuttered Disinformation Governance Board, which opened and closed in less than four months last year. And to Hamilton, it translates into an increasingly prioritized goal to make Americans less gullible in recognizing disinformation and fraud attempts. “Our media literacy in this country sucks ass,” Hamilton told MC. “Rather than having the federal government being the arbiter of what’s disinformation, they want to equip the population with their own ability to suss this stuff out.” — A history of attacks: Despite becoming an increasingly visible target for ransomware groups, school systems still receive woefully low funding to protect against attacks. The latest State EdTech Trends report found 70 percent of school officials reported at least one district in their state was the victim of a cyberattack, while 57 percent said their state provided very little funding for cybersecurity. Our colleagues on POLITICO’s Weekly Education team have more details on how the Education Department is involved in today’s announcements. The International Scene WAGNER JUMPS NIGER — Russia’s Wagner Group has seized on Niger’s ongoing coup attempt to launch a new disinformation campaign, sending a barrage of unsubstantiated claims that it assisted in the military takeover. While researchers say the coup in Niger appears to be organic, they also say there’s no doubt influence operations are coming in across borders, notably from Wagner . “Russia jumped on to claim they are assisting with the coup,” South Africa-based research analyst Jean le Roux, who co-authored a June Atlantic Council report on disinformation in West Africa detailing Wagner Group operations, told MC. “It’s a fake plan.” According to the report, Niger’s government has been on Wagner’s radar — along with several neighbors that have also been framing Western colonization, particularly from France, as the root of all their woes. Wagner’s influence has been cited by Niger’s embattled President Mohamed Bazoum, who warned in a Washington Post op-ed last week that “the entire Sahel region could fall to Russian influence via the Wagner Group.” In comparison to pro-Russian regimes in Burkina Faso and Mali, which have their own home-grown disinformation apparatuses, le Roux said “none of the disinformation was actually originating from inside Niger.” INDIA’S PRIVACY LAW — The world’s most populous country is set to consider a landmark data privacy bill today that could give Prime Minister Narendra Modi’s government unmatched authority over personal data. The controversial measure, dubbed “The Digital Personal Data Protection Bill,” aims to regulate the processing of digital personal data in India — both collected online and offline if digitized. — Consent, but not always: Under the bill, companies that collect user data will have to get clear consent from users, who can also change their minds and withdraw their consent later on. But that doesn’t apply to government agencies, which the bill allows exemption in the name of national security. — Incoming board: A key component of implementing the new rules will be the creation of a data protection board under India’s central government. The board will be responsible for ensuring compliance with the bill, dishing out penalties if needed, handling grievances and guiding data fiduciaries in case of breaches. Board members will be appointed for two-year terms and are eligible for re-appointment. — Unchecked concerns: Dissent is mounting over the exemptions for data processing afforded to the state, which some believe may lead to excessive data collection and potential privacy violations. Some industry groups are concerned about the risks from a lack of regulation for data processing, allowing data to be transferred outside India (except to certain notified countries) — leaving the door open for data to fall into the wrong hands. At the Agencies  AGENCIES ASSEMBLE — CISA is introducing a new strategic plan to strengthen coordination among federal agencies and partners, meant to safeguard critical infrastructure from escalating cyber threats. The plan introduced on Friday aims to address the growing cyber concerns regarding China and Russia by enhancing collaboration with the White House in defending critical networks, Maggie reports. — Key details: The plan calls to address immediate threats by expediting the vulnerability disclosure process and improving cyber defense operations with private-sector companies and international agencies. It also emphasizes the importance of assisting small businesses and underfunded government agencies in their defense against hackers. — CISA certified: Following up on the White House’s cyber workforce strategy and the Department of Defense’s cyber workforce implementation plan in the last week, CISA’s plan zeroes in on prioritizing the number of students trained in CISA-funded courses and boosting the organizations that offer those courses.   HITTING YOUR INBOX AUGUST 14—CALIFORNIA CLIMATE: Climate change isn’t just about the weather. It's also about how we do business and create new policies, especially in California. So we have something cool for you: A brand-new California Climate newsletter. It's not just climate or science chat, it's your daily cheat sheet to understanding how the legislative landscape around climate change is shaking up industries across the Golden State. Cut through the jargon and get the latest developments in California as lawmakers and industry leaders adapt to the changing climate. Subscribe now to California Climate to keep up with the changes.     Tweet of the Day Ending the week by burning a hacked network security key just doesn’t hit the same. Quick Bytes SPYWARE SHUTDOWN — Android phone monitoring app LetMeSpy is shutting down after a breach in June wiped its servers and stole data from thousands of users, reports Zack Whittaker for TechCrunch. GRANT MONEY — Google is giving UC Berkeley $2.2 million to build out its cybersecurity clinic, reports Sam Sabin for Axios. “How to protect American democracy” (Foreign Affairs) Chat soon. Stay in touch with the whole team: Joseph Gedeon (jgedeon@politico.com); John Sakellariadis (jsakellariadis@politico.com); Maggie Miller (mmiller@politico.com); and Heidi Vogt (hvogt@politico.com).   Follow us on Twitter Heidi Vogt @HeidiVogt Maggie Miller @magmill95 John Sakellariadis @johnnysaks130 Joseph Gedeon @JGedeon1   Follow us

To change your alert settings, please log in at https://www.politico.com/_login?base=https%3A%2F%2Fwww.politico.com/settings This email was sent to edwardlorilla1986.paxforex@blogger.com by: POLITICO, LLC 1000 Wilson Blvd. Arlington, VA, 22209, USA Please click here and follow the steps to unsubscribe.