| | | | |  | | By Maggie Miller | With help from John Sakellariadis, Joseph Gedeon and Mallory Culhane
| | — Vice President Kamala Harris, the potential new Democratic presidential nominee, has a long record of advocating for cyber and AI policies. HAPPY MONDAY, and welcome to MORNING CYBERSECURITY! I’m your host, Maggie Miller, and hmmm, did something happen in the IT space the last few days? Also, was there something that occurred in the presidential race? Can’t tell. Completely unrelated: I’m out of coffee, and I’m counting my vacation days for the year. Have any tips or secrets to share with MC? Or thoughts on what we should be covering? Find Joseph on X at @JGedeon1 or email him at jgedeon@politico.com. You can also follow @POLITICOPro and @MorningCybersec on X. Full team contact info is below. Want to receive this newsletter every weekday? Subscribe to POLITICO Pro. You’ll also receive daily policy news and other intelligence you need to act on the day’s biggest stories.
| | | | Live briefings, policy trackers, and procedural, industry, and people intelligence from POLITICO Pro Analysis gives you the insights you need to focus your policy strategy this election cycle. Secure your seat. | | | | | | | | | The National Institute of Standards and Technology holds a virtual meeting of the National Artificial Intelligence Advisory Committee. 1 p.m. The Atlantic Council's Digital Forensic Research Lab holds a virtual discussion on a new report, "Venezuela: A Playbook for Digital Repression." 9 a.m. The House Veterans' Affairs Technology Modernization Subcommittee holds a hearing on "Report Card: Assessing Electronic Health Record Modernization at the Captain James A. Lovell Federal Health Care Center." 4:30 p.m.
| | A NEW PICK FOR THE DEMS — Vice President Kamala Harris, President Joe Biden’s pick to succeed him as the Democratic nominee for president, has a history of endorsing cybersecurity and tech measures. This could easily lead to a deeper focus on these topics if she secures the nomination and wins in November. — On Russia: Coming into office as vice president in 2021, Harris made clear that her top foreign policy priorities would be around cybersecurity and technology. It was a pressing issue at the time, given that she came into office as the federal government was still reeling from the fallout of the Russian-backed SolarWinds hack, which left almost a dozen agencies open to Russian hackers for at least a year. — On AI: Harris stayed focused on the topic. Last year, Harris led the Biden administration delegation on a trip to the United Kingdom for the Global Summit on AI Safety, during which she announced multiple commitments by the administration to further the safety and security of AI-enabled technologies. This included draft policy guidance on how the U.S. government will use AI, along with announcing new endorsements by other nations of a U.S. declaration on the responsible use of AI by military and intelligence agencies. In addition, Harris worked with French President Emmanuel Macron in 2021 to put together new initiatives on space and cybersecurity, including U.S. support for the Paris Call for Trust and Security in Cyberspace. — On election security: Harris is also likely to continue pushing for steps to increase election cybersecurity. While running for the Democratic presidential nomination in 2019, Harris called on states to pursue using paper ballots, noting that “Russia can’t hack a piece of paper.” Harris was also a co-sponsor of the Secure Elections Act, one of the few bipartisan efforts to step up the cybersecurity of voting systems ahead of the 2020 election. It stalled out in the Senate amid Republican pushback. Her interest may have stemmed from serving on the Senate Intelligence Committee, which produced five bipartisan reports on Russia’s cyber and disinformation interference efforts ahead of the 2016 presidential election. — Into the future: Harris still has a long way to go before November, and could still be challenged for the Democratic nomination. But AI and cybersecurity are certainly on her radar, and unlikely to shift measurably away from Biden’s approach, which included signing an executive order to increase the nation’s cybersecurity in 2021, and signing a separate order on AI policies last year.
| | | CROWDSTROKE — What may turn out to be the most impactful cyber incident in U.S. history doesn’t appear to have resulted from a hack — which really shouldn’t be comforting. A faulty “content update” that cybersecurity giant CrowdStrike shipped to its customers on Friday backfired, bricking millions of Windows computers across the globe and spewing beyond the digital domain. It grounded thousands of flights, forced hospitals to cancel elective medical procedures and snuffed out 911 emergency services in parts of the U.S., among other second-order effects. Here are five big issues for D.C. as the dust settles on the globe-spanning IT outage, which while mostly resolved as of Sunday will have long-running repercussions. — Watching the watchmen: The central irony of what went down Friday is that CrowdStrike has built a billion-dollar business protecting customers from such an incident. And while the company has offered some explanation — that faulty “content update” — for what happened, it’s still not fully clear what went wrong, and who's to blame. — All the eggs in two baskets: The sprawling fallout of the global outage — which prompted a Friday briefing to President Joe Biden and caught the eye of other world leaders — underscores how much our increasingly digital world relies on a small number of software providers. That overdependence on Microsoft is pointing first and foremost toward CrowdStrike. But the incident also shows the world still runs on Windows, even if Microsoft is not to blame for this one. Microsoft said Saturday the defunct update brought down 8.5 million Windows devices. “I do think it really begs the question about how we are building resilience into our infrastructure,” Kiersten Todt, former CISA chief of staff, told MC. — Liability? The full cost of Friday’s incident is sure to be enormous. It's far less clear who will be responsible for it. There are no clear rules for software liability in the United States. But, the incident could breathe life into an ongoing push within the Office of the National Cyber Director to do just that. “It's easy to see how this will lead to increased calls for liability for software companies and for increased government regulation,” said Glenn Gerstell, a former NSA general counsel. — Review board time? The incident is already prompting calls for making the incident the subject of the Cyber Safety Review Board’s next investigation, with lawmakers, a former CSRB board member and other experts raising that idea over the weekend. Asked about that idea, three former officials and one cyber expert hesitated, citing the fact that the board is meant to deal with hacks. The bigger problem might be the political calendar — and whether this administration is willing to pick up a new issue it might not have time to finish. — How much will U.S. adversaries learn? While the outage was not a cyberattack, it did negatively impact critical global systems in a way that the best cyber criminals and nation state adversaries dream and plan for. And they are watching and learning. “I have no doubt that our adversaries are looking carefully, trying to understand how this could happen, trying to see if they can understand how it became so widespread, and whether that teaches them something about the vulnerabilities in our systems,” former DHS Secretary Michael Chertoff warned your MC host. “You can bet that malicious cyber actors in China and Russia are watching and taking note on how we respond,” House Homeland Security Chair Mark Green (R-Tenn.) added.
| | | WORK TO DO — The Department of Health and Human Services “needs to improve” the security of its cloud services, and sensitive agency information stored there is at risk of exploitation, a report out today from the agency’s Office of Inspector General concluded. The report, shared with Joseph ahead of its release, involved a review by the OIG of HHS’s Office of the Secretary’s cloud information security procedures. The OIG found that while the office “implemented some security controls to protect its cloud systems, several key security controls were not effectively implemented in accordance with Federal requirements and guidelines.” The OIG found this occurred because the Office of the Secretary did not take certain security steps, and that personnel involved in protecting the cloud systems were not always at the experience or skill set level expected for those roles. There is also no process in place at HHS to vet these individuals to ensure they are up to the task. “This adversely effects HHS OS’s ability to ensure security controls are effectively implemented,” the report reads. “As a result, HHS OS data stored in the cloud systems we examined may potentially be at a risk of compromise.” — Slap on the wrist received: HHS OIG made four recommendations in order to help improve the OS’s security, including putting together a policy to hire better candidates to cybersecurity positions. In written comments at the end of the report, HHS OS agreed to take steps to address the recommendations.
| | AUTUMN VIBES — Come the fall, you may walk into a store to buy an internet-connected device and see a new label guaranteeing its high cybersecurity, a top White House official said Friday. Anne Neuberger, deputy national security adviser for cyber and emerging technology, said during one of the closing panels at the Aspen Security Forum last week that the Cyber Trust Mark program is likely to be launched in October. The program, which was unanimously approved by the Federal Communications Commission earlier this year, is aimed at putting labels on products to help inform customers about the cybersecurity of the products they buy, and therefore encourage the private sector to step up cyber efforts. “The program was launched last year, it’s gone through a number of legal reviews to get input from the public, and is now at the final stage where companies who will be doing the testing are submitting,” Neuberger said. “We hope to launch in October and have products with labels in stores and online by the end of the year.” — Going global: Neuberger pointed to the work done with the European Union to expand the cyber label globally, including the signing last year of an agreement between the U.S. and the EU to create safer cybersecurity products. Neuberger teased that the administration plans to go further, and is working with “other governments around the world” to expand the label program.
| | | | SUBSCRIBE TO GLOBAL PLAYBOOK: Don’t miss out on POLITICO’s Global Playbook, our newsletter taking you inside pivotal discussions at the most influential gatherings in the world. Suzanne Lynch delivers the world's elite and influential moments directly to you. Stay in the global loop. SUBSCRIBE NOW. | | | | | | | | | RETURN OF THE RANSOMWARE — The crackdown on major ransomware players may have inadvertently led to a surge in new, more agile threat groups, according to a new report from cybersecurity firm CyberInt. As law enforcement successfully disrupts established ransomware operations, a new generation of cybercriminals is rushing to fill the void while attacks bounced back by 21.5 percent during Q2. CyberInt researchers identified 27 new ransomware groups emerging in just the first half of 2024. Notable entrants include ArcusMedia, APT73 and the Russian-linked SpaceBears. — Usual suspects: Despite the influx of new players, established groups still dominate the landscape. LockBit3.0 remains the top threat, responsible for 16.5 percent of all attacks, even after major law enforcement disruptions earlier this year. The U.S. continues to be the prime target, accounting for nearly half of all recorded attacks, with business services, retail and manufacturing the most frequently hit sectors. — What’s next: While law enforcement has notched some wins — including the unmasking of LockBit's alleged leader and a major European operation netting four arrests — the report suggests the overall ransomware threat, instead of being contained, is being reshaped and remains highly volatile.
| | BLACKOUT — The population of Bangladesh on Sunday faced a third day of the internet being turned off in the country following a government crackdown on student protests that involved taking the entire nation offline. According to data from internet observatory group NetBlocks, the blackout remained in place as of Sunday afternoon, and the company posted on X that the internet outage had been sudden. IT service management group Cloudflare posted to X Sunday that “no address space is being announced” by internet service providers in Bangladesh, and that prior to the government shutdown of the internet, “both latency and bandwidth” had been improving for the nation. The government of Bangladeshi Prime Minister Sheikh Hasina also took steps over the weekend to impose curfews and shutter all institutions except emergency services. The student-led protests began after the government imposed quotas on government jobs, and as of Sunday, more than 100 people had been killed.
| | Christine Bordine is the new deputy director of the Defense Intelligence Agency. Bordine previously served as the National Security Agency’s deputy director of the Directorate of Capabilities, and as the deputy director of intelligence at U.S. Cyber Command. Bordine succeeds former DIA Deputy Director Suzanne White in taking on the new role.
| | | Nothing like a presidential distraction from your worst day.
|  @gregotto/X | | | | HELP IS ON THE WAY — Microsoft released a recovery tool over the weekend to help IT professionals restore Windows systems taken down by the CrowdStrike outage, Tom Warren reported for The Verge. DETAILS, NOW — Sen. Ted Cruz (R-Texas) is sending a letter today to Microsoft and Crowdstrike, requesting a briefing around last week’s sweeping IT outage. CRACKDOWN — The Treasury Department on Friday sanctioned Russian nationals Yuliya Vladimirovna Pankratova and Denis Olegovich Degtyarenko for their roles in Russian cyber operations against U.S. critical infrastructure as part of the Cyber Army of Russia Reborn. BEWARE OF SCAMS — The United Kingdom and Australia’s cyber agencies were among the organizations that warned over the weekend that cybercriminals are looking to scam groups trying to recover from the CrowdStrike outage, POLITICO’s Pieter Haeck reported. Chat soon. Stay in touch with the whole team: Joseph Gedeon (jgedeon@politico.com); John Sakellariadis (jsakellariadis@politico.com); Maggie Miller (mmiller@politico.com); and Heidi Vogt (hvogt@politico.com). | | | | Follow us on Twitter | | | | Follow us | | | | |
No comments:
Post a Comment