| | | | |  | | By Maggie Miller | | Presented by |  | | | PROGRAMMING NOTE: We’ll be off starting Wednesday for the holidays but back to our normal schedule on Monday, Jan. 6, 2025. With help from Steven Overly
| | — Two years after devastating cyberattacks, officials say U.S. funds sent to Costa Rica in response to the hacks have helped the country step up its security by leaps and bounds. HAPPY MONDAY, and welcome to MORNING CYBERSECURITY! Welcome to the holiday break season, when dates and times seem blurry, and everyone you know is spending way too much time in airports. On a completely unrelated note, I’d like to thank my airline (which shall remain nameless) for the unexplained five-hour delay in my flight home this weekend. Spreading joy at all times. Follow POLITICO’s cybersecurity team on X at @johnnysaks130, @magmill95 and @rosieperper, or reach out via email or text for tips. You can also follow @POLITICOPro on X.
| | | | A message from CyberArk: Build Faster in the Cloud with CyberArk and Wiz. Together, CyberArk and Wiz enhance multi-cloud security by improving visibility and control over privileged access for human and machine identities - and without impacting the speed and scale of cloud development. Learn More. | | | Want to receive this newsletter every weekday? Subscribe to POLITICO Pro. You’ll also receive daily policy news and other intelligence you need to act on the day’s biggest stories.
| | A frantic dash to your mom’s favorite store to buy her wildly expensive bath products to put in her stocking. Otherwise, nothing to report.
| | | | PURA VIDA — The Biden administration gave the Costa Rican government $25 million to step up cybersecurity in early 2023. Officials say that almost two years later, the effort has made the Latin American nation a cyber powerhouse. “Cybersecurity became a priority, not just talk,” Paula Bogantes Zamora, head of the Costa Rican Ministry of Science, Innovation, Technology and Telecommunications, told your MC host during a recent visit to Washington. “Now we're having actions demanding that we're utilizing the money that the U.S. gave us, but one of the mandates that the President and I signed was that starting in 2026, every single public institution has to include as part of their budget cybersecurity.” The funds were given to the Costa Rican government by the State Department almost a year after the smaller nation was hit by cyberattacks that severely negatively impacted government services for months. During her trip to Washington in early December, the minister spoke with officials in the administration and on Capitol Hill about the use of these funds and her hopes that the U.S. will continue to support Costa Rica under a new president and Congress. — On Capitol Hill: Bogantes Zamora met mostly with Republicans, and a key focus of their discussions was around her country’s efforts to defend against China, which has put pressure on Costa Rica in recent years to continue using products from Chinese telecom group Huawei. “We're a small country, we're battling an elephant, as my president likes to call it, and it is important for us to know that we have the support of the U.S. should anything happen,” the minister said of the discussions. — Big fish in the pond: She noted that after the U.S. invested in Costa Rica following the 2022 attacks, the country became a leading nation in the region on cyber and technology issues. “They're using us as an example to follow,” Bogantes Zamora said of neighboring Latin American nations. The minister pointed to work on cybersecurity with Chile, which earlier this year enacted a new law around digital security. — Testing: These improvements were tested in recent weeks when the state-owned energy provider for Costa Rica was hit by a ransomware attack, followed quickly by attacks on government agencies. Bogantes Zamora said that while the attack was difficult, this time, the organizations that were hit had implemented cybersecurity measures like backing up data in different servers that made the response easier. In addition, a U.S. incident response team went to Costa Rica to assist. — Best of friends: U.S. Southern Command formally alleged that cybercriminal groups in China had carried out the most recent attack, noting that the hackers had targeted Costa Rican telecommunications and technology systems. Bogantes Zamora was grateful for the help, saying that “it makes me sleep better when I know that I am a phone call away from the U.S., the White House.” The warm relationship goes both ways. Nathaniel Fick, State Department ambassador at large for cyberspace and digital security, said in a statement provided to your MC host that Costa Rica was “top of mind” on the list of “examples of digital solidarity” with the U.S. “In the wake of a debilitating 2022 ransomware attack, Costa Rica has made real progress towards building a strong tech economy and has been a vocal advocate for responsible state behavior in cyberspace,” Fick said. “By working to address cybersecurity challenges and building a trusted ICT ecosystem, they are creating an enabling environment for digital investment.” — Into the future: Bogantes Zamora’s trip to Washington took place just weeks before President-elect Donald Trump — and, likely, a new set of cyber policies — will take over. The minister said she was not able to meet with either officials from the Trump transition team or with Sen. Marco Rubio (R-Fla.) — Trump’s nominee for secretary of State — but she intends to return to Washington in the spring. She expressed optimism that both Rubio and the incoming administration would continue supporting her nation’s cybersecurity. “Costa Rica and cybersecurity is a great example to show other countries how things should be done,” Bogantes Zamora said. “We're very hopeful that the Trump administration sees things the same way.”
| | | | You read POLITICO for trusted reporting. Now follow every twist of the lame duck session with Inside Congress. We track the committee meetings, hallway conversations, and leadership signals that show where crucial year-end deals are heading. Subscribe now. | | | | | | | | BAD WEEK FOR SPYWARE INDUSTRY — Israeli company NSO Group, the maker of notorious spyware product Pegasus, violated U.S. hacking laws when Pegasus was used to infiltrate around 1,400 phones using the messaging app WhatsApp in 2019, a judge ruled late last week. The case was brought by WhatsApp in a U.S. district court in California five years ago, where it alleged that NSO Group had violated the Computer Fraud and Abuse Act and California state laws when messages sent through WhatsApp allowed Pegasus to be installed on targeted users’ phones. The judge ruled in favor of WhatsApp, and damages owed will be determined early next year. Pegasus has become a poster child in recent years for spyware concerns and has been used secretly by governments around the world to target both criminals and regime dissidents. It can be installed on devices without the user clicking anything or becoming aware and can collect wide amounts of data from these devices, such as text messages and location data. The Commerce Department added NSO Group to its entity list in 2021 due to “malicious cyber activities,” seriously restricting the ability for the company to do business in the U.S. — The reaction: After the ruling, Will Cathcart, head of WhatsApp, which is owned by Meta, wrote on X it was “a huge win for privacy.” NSO Group did not respond to a request for comment on the ruling. “We spent five years presenting our case because we firmly believe that spyware companies could not hide behind impunity or avoid accountability for their unlawful actions,” Cathcart wrote. “Surveillance companies should be on notice that illegal spying will not be tolerated.” John Scott-Railton, senior researcher at the University of Toronto’s Citizen Lab, one of the leading groups that has investigated spyware, wrote on X that the case “sets a potent precedent” and the ruling is a sign for victims of spyware that “accountability can happen."
| | | | A message from CyberArk:   | | | | | CHANGES (MIGHT) BE COMING — Sen. Mike Rounds (R-S.D.), the ranking member and likely new chair of the Senate Armed Services Committee’s cyber subcommittee, might not be opposed to splitting up the dual-hat leadership of U.S. Cyber Command and the National Security Agency — but only if a good case can be made. Rounds, who spoke with POLITICO’s Steven Overly for today’s episode of Politico Tech, was asked about his thoughts on the potential ending of the dual-hat command of U.S. Cyber Command and NSA, which are both currently led by Gen. Timothy Haugh. The Record reported earlier this month that the Trump transition team is readying a plan to end this leadership arrangement. Rounds, a key figure in the Senate on cyber, might still need some convincing. “If there's new ideas out there, I'm all open to it, but if it's a matter of change for change's sake only, that's different,” Rounds said. “But if we can make things more effective, more powerful, I'm all in favor of doing it.” Rounds said further that he believed the dual-hat arrangement had been “extremely effective” in carrying out cyber offensive activities, but added that there are times when NSA has made calls around operations Cyber Command can carry out based on what intelligence capabilities the NSA is comfortable with revealing. He described this as a “trade off” and noted that if the agencies were split up, there would still need to be an “umpire” calling the shots. — Salt in the wound: While the senator mulls over the dual hat, he’s also zeroed in on the biggest headline in the cybersecurity space these days: the compromise of U.S. telecommunications systems by Chinese government-linked hacking group Salt Typhoon. “The Chinese government has had access to … millions of individuals' phone calls,” Rounds said. “They've been able to read texts and so forth. We don't know to what degree they've actually done, but we know that there have been individuals, particularly within the D.C. area, that they have had a keen interest in.” — Regulate, you say?: Rounds said that not only should Congress take action to respond to the ongoing hack, but it should ensure that the private sector’s cybersecurity is stepped up. He previously expressed support for a bill in the works from Senate Intelligence Committee Chair Mark Warner (D-Va.), which may aim to shore up the security of the telecom sector. “I think there's going to be … members of the Senate coming together and finding a path in which we talk about the minimum amount of security that's got to be included by these big telecom organizations,” Rounds said. “But it goes beyond that. There's going to have to be a minimum amount of cyber security that larger organizations are going to have to be responsible for, including within their own staff, or they're going to be held accountable for it.” GOODBYE GEC — The State Department’s Global Engagement Center — which fights disinformation abroad — will close its doors this week after an extension of the office was stripped out of the final government funding deal signed into law by President Joe Biden. The GEC has come under fire by congressional Republicans in recent months over allegations that its work censors conservative views. As a result, reauthorization of the office was left out of the annual National Defense Authorization Act. Then, after work by advocates behind the scenes, a one-year extension of the office was included in the original federal spending bill Congressional Republicans introduced last week. That clause was later stripped out, though, after Elon Musk and President-elect Donald Trump initiated a massive overhaul to the bill. Now, the GEC’s authorization will expire on Christmas Eve, leaving the agency without an office designed to counter disinformation. The State Department sent a statement to your MC host confirming that the office will shut down by close of business today and that the State Department "has consulted with Congress regarding next steps."
| | | | POLITICO Pro's unique analysis combines exclusive transition intelligence and data visualization to help you understand not just what's changing, but why it matters for your organization. Explore how POLITICO Pro will make a difference for you. | | | | | | | | | Fun fact, if someone contacts you officially from POLITICO, it will not be from a Gmail account:
|  https://x.com/france24_en/status/1870816772577706048?s=46&t=7qgObawVR3sD59eITHivyA |
Source: https://x.com/france24_en/status/1870816772577706048?s=46&t=7qgObawVR3sD59eITHivyA
| |
WINTER BLUES — Russian hackers late last week launched one of the largest cyberattacks against Ukraine in the past few months, knocking state registrars with official records and citizen data offline, Daryna Antoniuk reported for The Record.
RESPONSE NEEDED — Sen. Chuck Grassley (R-Iowa) sent a letter to the Justice Department last week outlining ways that AT&T and Verizon are stonewalling on providing his office with details about the impact of the China-linked Salt Typhoon hack, John and your MC host reported Friday. KICKED OUT — The government of Albania announced a one-year ban on TikTok in the country after the platform was allegedly used to incite violence, leading to the death of a 14-year-old schoolboy, POLITICO’s Giedre Pesecktyte reported Sunday. Chat soon. Stay in touch with the whole team: John Sakellariadis (jsakellariadis@politico.com); Maggie Miller (mmiller@politico.com); and Rosie Perper (rperper@politico.com).
| | | | A message from CyberArk: CyberArk and Wiz have joined forces to deliver cloud security, leveraging CyberArk’s Zero Standing Privileges approach with Wiz’s cloud insights. This partnership provides powerful visibility and precise privilege controls for both human and machine identities, enabling organizations to proactively manage risks, secure vital digital assets, and streamline security practices. Together, CyberArk and Wiz are setting a new standard for sustainable, effective cloud security in dynamic environments. Learn More. | | | | | | | Follow us on Twitter | | | | Follow us | | | | |
No comments:
Post a Comment