News : Cyber pros are giving up on a key government program

Monday, February 5, 2024

Cyber pros are giving up on a key government program

Feb 05, 2024

— With help from John Sakellariadis and Maggie Miller

Driving the day

— Top cyber defenders are pulling back from CISA's Joint Cyber Defense Collaborative, citing concerns over politicization and lack of technical expertise.

HAPPY MONDAY, and welcome to MORNING CYBERSECURITY! To celebrate the good weather and Punxsutawney Phil’s groundbreaking revelation that spring will come early this year, I joined my friend and his toddler at the playground over the weekend. It’s been decades since I last graced a play area, but now I’m realizing that maybe adults do need more places to swing and slide of their own.

Have any tips or secrets to share with MC? Or thoughts on what we should be covering? Find me on X at @JGedeon1 or email me at jgedeon@politico.com. You can also follow @POLITICOPro and @MorningCybersec on X. Full team contact info is below.

YOUR GUIDE TO EMPIRE STATE POLITICS: From the newsroom that doesn’t sleep, POLITICO's New York Playbook is the ultimate guide for power players navigating the intricate landscape of Empire State politics. Stay ahead of the curve with the latest and most important stories from Albany, New York City and around the state, with in-depth, original reporting to stay ahead of policy trends and political developments. Subscribe now to keep up with the daily hustle and bustle of NY politics.

Want to receive this newsletter every weekday? Subscribe to POLITICO Pro. You’ll also receive daily policy news and other intelligence you need to act on the day’s biggest stories.

Today's Agenda

Executive vice president for strategy, mergers and acquisitions at Infineon Technologies Andreas Schumacher, associate professor of international history at Tufts University Chris Miller and adjunct professor at Georgetown University Charles Wessner are joining the Center for Strategic and International Studies for a virtual chat on emerging policy issues for semiconductors. 10 a.m.

At the Agencies

CYBER EXPERTS STEP BACK — A wave of discontent is washing over a key government cybersecurity initiative, as leading experts are quietly retreating from the program in frustration.

A pillar of the Joint Cyber Defense Collaborative, launched in 2021 to enlist private-sector muscle to fight against cybercrime, is facing a pullback of participants who say it’s hampered by mismanagement. And they say they are increasingly fearful of being caught in growing conservative blowback against the agency and its partners.

The idea was to have elite hackers from companies like Microsoft and Google quickly share threats with CISA and IT teams defending key sectors. But five participants told John they are no longer contributing or have pared back their involvement in recent months. The JCDC “has been dead for a while now,” SentinelOne’s senior cybersecurity analyst Juan Andres Guerrero-Saade told John.

— Networks in peril: Most U.S. networks are privately owned, so CISA relies on outside help for its core job of protecting government and critical infrastructure. And threats are rising, with Chinese hackers aggressively targeting American systems, a star-studded panel of U.S. cyber officials warned Congress last week. And the JCDC itself was even brought up as a successful layer of defense against hard-hitting Chinese intrusions.

— CISA has something to say: CISA's assistant executive director Eric Goldstein disputed claims of any drop-off in private sector participation, and said the JCDC continues to play an important role in addressing cutting-edge hacking threats, such as an ongoing campaign by Chinese state-backed hackers to hold critical U.S. infrastructure at risk.

He also argued JCDC remains an important vehicle for planning longer-term cyber defense planning with industry, a separate major thrust of its work. However, CISA did acknowledge the challenges and expressed a willingness to work with partners to improve the JCDC.

— Management woes: There are concerns that CISA has not staffed JCDC with enough technical experts to analyze the threat data coming in. Multiple participants said CISA is slow to act on tips and mainly has lawyers and policy people working in JCDC, not seasoned cybersecurity operators.

— The straw that broke the camel’s back: But a big part of the problem stems from the conservative backlash against CISA over its separate work combating disinformation. Even though JCDC isn’t involved in that work — and CISA vehemently denies the charges against it — conservative activists recently targeted members of a nonprofit cyber defense group, the CTI League, that predated the JCDC but helped the agency protect hospitals from cyberattacks during the pandemic.

CISA did not reach out to offer the researchers any support, CTI League members say, angering some JCDC participants and leaving others worried that conservative scrutiny is now expanding into even apolitical cybersecurity work.

“You want us to go to battle on a dangerous battlefield, and we don’t know if you’re actually going to show up alongside us,” said Marc Rogers, the founder of the CTI League, who worked with the agency before the formation of the JCDC.

Get all the details in John’s latest story.

PENTAGON LENDS A HAND — The Department of Defense is accelerating its efforts to assist Taiwan and other nations in resisting cyberattacks, part of a larger effort by the Pentagon to zoom in on raising international awareness about threats from China.

As Maggie reports, a senior defense official, speaking anonymously in order to discuss details not made public, said that U.S. aid to Taiwan against Chinese cyber threats "has been ongoing for quite some time."

“The conversation with Taiwan has really matured, and we [and the broader U.S. Government] continue to do a lot of work together to support their defensive cybersecurity capabilities,” the official said.

— Congressional direction: The 2024 National Defense Authorization Act gave a boost to military cyber cooperation with Taiwan, especially U.S. Indo-Pacific Command efforts. This has drawn notice as China-linked attacks on the island have surged, including after Nancy Pelosi's 2022 visit and around Taiwan's recent presidential election.

The official said it’s an ongoing, high-focus area for the Pentagon, with the U.S. helping to ensure Taiwan “better understands the threat,” including through “regular exchanges about threat information.”

— Expanding the tent: Taiwan isn't the only recipient of U.S. cyber aid, and the Pentagon has been "stepping up cyber partner capacity building," per the official. Reviewing this process will be a major effort this year, and there will be a “very large line” for the Department going forward.

Threats from China, including to U.S. critical infrastructure, are a top concern for the broader Biden administration. Recently resigned NSA and Cyber Command leader Gen. Paul Nakasone called cyberthreats from China the "generational challenge of our time."

— Spread the word: It's an issue the whole Pentagon is zeroed in on and working to get allies more engaged with. The senior defense official said NATO's Cyber Defense Committee was briefed last month on the Pentagon's new cyber strategy, an unclassified summary of which was released in September, which focuses on countering Chinese malicious cyber efforts and other adversarial nations.

At the White House

PUSHING BACK ON GAO — The Biden administration is defending its efforts to implement the president's cybersecurity strategy in the wake of a critical report from the Government Accountability Office citing a lack of metrics to gauge progress.

In a statement, the Office of the National Cyber Director said it “appreciates GAO's longstanding interest in cybersecurity" but disagreed with some of the watchdog's findings on the administration's progress in securing cyberspace.

"We are aggressively and effectively implementing the President's National Cybersecurity Strategy and have published an implementation plan to ensure transparency, and accountability," the ONCD spokesperson said.

— Quick reminder: The GAO report released late last week argued the administration's strategy lacks concrete benchmarks to measure effectiveness nearly a year after its rollout as well as providing cost estimates for major program initiatives. Those shortcomings, the GAO says, undermines oversight to see if goals are being met.

— It’s a little more complicated: While acknowledging the watchdog's critiques, the ONCD pointed to progress made over the past year through initiatives like cybersecurity exercises for critical infrastructure and workforce development programs.

“With 69 lines of effort underway, the Office of the National Cyber Director is working hard every day to secure the full benefits of a safe and secure digital ecosystem for all Americans,” the spokesperson said.

The office deferred questions about associated costs to the Office of Management and Budget.

— Yet pressure persists: For ONCD Director Harry Coker, strengthening oversight – as threats mount from advanced adversaries including Russia, China, North Korea and Iran – is blinking extra brightly on the radar now that top U.S. cyber officials (including Coker) sounded the alarm just last week on Chinese state-backed hackers constantly breaching U.S. critical infrastructure.

Industry Intel

AMICUS FOR THE REST OF US — Top former national security and law enforcement officials are warning a U.S. federal court that cyberattacks pose a growing danger to U.S. interests, underscoring the need for private companies to voluntarily share information with the government.

In an amicus brief attached to the SolarWinds case, more than 20 former officials including first and acting national cyber directors Chris Inglis and Kemba Walden, former CISA director Chris Krebs called cyberattacks "a mounting threat to our national security."

They pointed to state-sponsored hackers and criminal groups extorting billions from U.S. victims, stealing intellectual property and disrupting critical infrastructure.

Even advanced cyber defenses cannot fully protect against dedicated nation-state hackers, the experts said, noting breaches at agencies from OPM to the NSA.

— So what do they suggest?: They argue it’s critical for victim companies to partner with law enforcement and share information — enabling the government to help victims, warn others of threats and glean insights to improve collective cyber defenses.

There is an impact to public-private data sharing, with the FBI providing decryption keys from breached ransomware servers to help hundreds of victims hurt by Hive. And after the Colonial Pipeline hack, close public-private cooperation helped to recover extorted funds.

But officials say they can only take such action if companies promptly report cyber incidents. Biden's executive order last year called for removing barriers to threat info sharing. The FBI director and CISA leaders have also pushed for more collaboration with industry.

Vulnerabilities

RANSOMWARE SURGE — Ransomware groups unleashed a torrent of attacks in 2023, extorting a record number of victims, according to new data. But the year also saw major law enforcement actions that severely disrupted two notorious groups even as new ones emerged.

An analysis by cybersecurity firm Unit 42 found ransomware leak sites, which are used by hackers to pressure victims into paying ransoms, posted nearly 4,000 incidents in 2023 — a 49 percent jump from the previous year.

— Where’s it coming from?: The surge was driven in large part by attackers exploiting major vulnerabilities unknown to defenders. Flaws in software like GoAnywhere MFT and MOVEit allowed notorious groups like CL0P and LockBit to compromise thousands of entities before patches could be released.

— Who’s getting hit: Nearly half of all ransomware incidents posted on leak sites in 2023 involved U.S. organizations. That far outpaced targets in the U.K., Canada, Germany and other nations with 6 percent or less of the global total each.

— There’s some good news: An international operation in January shut down Hive, seizing its infrastructure and decryption keys. The FBI disabled Hive's main site, essentially putting it out of business. Likewise, European police in October took down Ragnar Locker, capturing its leader and infrastructure.

Still, the criminal ecosystem proved resilient despite major law enforcement actions kneecapping the two veteran ransomware cartels.

Unit 42 identified at least 25 new ransomware variants that emerged in 2023. But at least five disappeared after half a year, showing how unstable many of the fly-by-night operations can be.

Tweet of the Day

The future looks bright.

Source: https://twitter.com/jsrailton/status/1754228530479534284

Quick Bytes

THE FUTURE IS A CON — A multinational company lost more than $25 million in a deepfake scam after employees in Hong Kong were tricked by fake video calls, including one featuring a digitally recreated version of its chief financial officer ordering transfers. Harvey Kong with South China Morning Post has the story.

ALMOST A WEEK OFFLINE — Lurie Children's Hospital in Chicago has been dealing with a network outage for five days following a cyberattack, with phone, email and patient portal access still down. (WGN-TV)

TIME TO SAY GOODBYE — PhoneSpector and Highster, stalkerware apps that allowed secret phone monitoring, shut down after the owner agreed to settle accusations of illegally promoting them. Both apps' websites and customer service are now offline, suggesting their permanent closure, reports Zack Whittaker for TechCrunch.

SCHOOL’S OUT — Reykjavík University fell victim to a cyberattack by Russian hacker group Akira, which deployed ransomware to encrypt university files and data. The university is working to restore affected systems, writes Andie Sophia Fontaine for Iceland Review.

Why AI-generated audio is so hard to detect (NBC News)

Chat soon.

Stay in touch with the whole team: Joseph Gedeon (jgedeon@politico.com); John Sakellariadis (jsakellariadis@politico.com); Maggie Miller (mmiller@politico.com); and Heidi Vogt (hvogt@politico.com).

DON’T MISS POLITICO’S GOVERNORS SUMMIT: Join POLITICO on Feb. 22 to dive into how Governors are wielding immense power. While Washington remains gridlocked, governors are at the center of landmark decisions in AI and tech, economic development, infrastructure, housing, reproductive health and energy. How are they setting the stage for the future of American politics, policies and priorities? How are they confronting major challenges? Explore these questions and more at the 2024 Governors Summit. REGISTER HERE.