Presented by CyberArk: Delivered every Monday by 10 a.m., Weekly Cybersecurity examines the latest news in cybersecurity policy and politics.
| | | | |  | | By John Sakellariadis | | Presented by |  | | | | | — The Trump-Vance transition team is starting to interview candidates for senior cyber posts at the Department of Homeland Security, signaling it is inching closer to picking its team to go toe-to-toe with state-backed hackers and ransomware gangs, MC is first to report. HAPPY MONDAY, and welcome to MORNING CYBERSECURITY! So long and not-so-farewell to Syrian President Bashar Assad and his oft-forgotten contribution to the annals of cyber history: the Syrian Electronic Army. Follow POLITICO’s cybersecurity team on X at @johnnysaks130, @magmill95 and @rosieperper, or reach out via email or text for tips. You can also follow @POLITICOPro on X.
| | | | A message from CyberArk: Build Faster in the Cloud with CyberArk and Wiz. Together, CyberArk and Wiz enhance multi-cloud security by improving visibility and control over privileged access for human and machine identities - and without impacting the speed and scale of cloud development. Learn More. | | | | | FIRST IN MC: HEATING UP — The Trump-Vance transition team has started arranging interviews for top cybersecurity posts at the Homeland Security Department, according to three people familiar with the matter. What more we know: The transition team has begun reaching out to a small pool of candidates regarding interviews for “senior cybersecurity roles” at the agency, said the people, all of whom were granted anonymity in light of the ongoing nature of the hiring process. Two of them specified that the transition team had requested that candidates come to Mar-a-Lago for interviews. It is not clear what roles the candidates are up for — or if it is just one — but the two most sought-after cyber or cyber-adjacent roles at DHS are the head of the Cybersecurity and Infrastructure Security Agency and the undersecretary of homeland security for strategy, policy and plans. The latter role chairs the Cyber Safety Review Board, the after-action review board for major cyber incidents. The caveats: MC could not confirm any of the names under consideration, and the status of the interview process is unclear. The Trump-Vance transition did not reply to a request for comment. Why it matters: Trump’s cyber leadership team at DHS will have an imposing to-do list. That includes protecting federal networks from criminal and state-backed hackers, coordinating the digital defense of privately held infrastructure, like pipelines and chemical facilities, and — in all likelihood — helping clear out the remnants of Salt Typhoon, the Chinese cyber espionage team that has pulled off one of the most alarming hacks in recent history. What else to watch: Conservative lawmakers have accused CISA of censoring right-leaning speech online, and some are now clamoring for major budget cuts at the agency. (A Republican-led Supreme Court dismissed a lawsuit about those allegations last summer, while CISA has long denied the underlying claims.) Trump’s pick for CISA — and even just the candidates he considers — could thus signal whether his administration plans to overhaul the $3 billion agency, and if so, how.
| | | | Billions in spending. Critical foreign aid. Immigration reform. The final weeks of 2024 could bring major policy changes. Inside Congress provides daily insights into how Congressional leaders are navigating these high-stakes issues. Subscribe today. | | | | | Want to receive this newsletter every weekday? Subscribe to POLITICO Pro. You’ll also receive daily policy news and other intelligence you need to act on the day’s biggest stories.
| | CYBER IN THE DEFENSE BILL: The compromise defense policy package lawmakers in the House and Senate unveiled Saturday includes myriad cyber policy tweaks and several out-and-out changes for the Pentagon and U.S. intelligence community. Here are a few that stood out to us in this year’s $895 billion National Defense Authorization Act: Diluted cyber force study: After intense debate, the must-pass policy bill will tee up a hotly anticipated study of whether the U.S military needs a dedicated cyber service. Well, not really. The fiscal year 2025 NDAA only directs the secretary of Defense to “seek to enter” into an agreement with the National Academies of Sciences, Engineering, and Medicine to “conduct an evaluation of alternative organizational models for the cyber forces of the Armed Forces." The evasive language doesn’t even have a due date. No doubt about defense, intel: The NDAA will give a boost to the organization charged with protecting Pentagon networks from hackers: Joint Force Headquarters-DOD Information Network. The bill directs the secretary of Defense to elevate JFHQ-DODIN to a subordinate unified command, a sign of its organizational maturity and one that mirrors a similar move in 2022 with a separate Cyber Command unit. In addition, the bill requires the Pentagon to develop a dedicated cyber intelligence capability to support “warfighting missions” across the DOD. Another that caught our eye? A requirement for the Pentagon to carry out a “detailed evaluation” of how to better protect mobile phones used by DOD personnel. Evidence has piled up in recent years that foreign adversaries can track the movements of U.S. servicemen via the data exhaust of their mobile phones, and the issue has come to head recently with the Chinese hack inside U.S. phone carriers. Last week, Sen. Ron Wyden (D-Ore.) and Eric Schmitt (R-Mo.) tore into the Pentagon for signing billion-dollar contracts with those companies, alleging they weren’t doing enough to mitigate known security issues. Taking aim at ransomware: NDAA is also poised to ramp up the pressure on foreign ransomware groups. The bill includes a resolution — or “sense of Congress” — that the director of national intelligence should deem ransomware threats to critical infrastructure a priority and treat more than a dozen ransomware gangs as “hostile foreign cyber actors.” It also requires the DNI and FBI director to spin up a new report to Congress on the threats therein.
| | | | A message from CyberArk:   | | | | | ELECTION CHAOS — Romania’s Constitutional Court on Friday decided the first round of the country’s presidential elections was so marred by alleged Russian influence that it needed to be annulled, our POLITICO Europe’s Tim Ross and Andrei Popoviciu report. The stakes: The decision was unveiled just two days before voters were set to choose their next president in a second-round runoff between the center-right candidate Elena Lasconi and Călin Georgescu, a far-right independent who was almost unheard of before his shock performance in the first round of the vote. The alleged Kremlin angle: Last week, Romania’s current president, Klaus Iohannis, declassified state intelligence documents alleging Georgescu’s dark horse candidacy received a decisive boon from some 25,000 Kremlin-linked TikTok accounts. The State Department has called on the allegations to be “fully investigated,” without fully endorsing them. The D.C. angle: While Georgescu’s chances are now an open question, the decision from the Constitutional Court has nonetheless plunged an important U.S. ally into a crisis. It also shows just how far-reaching Russian election influence operations — or at least, the specter of them — has become across the West.
| | | | Write your own chapter in the new Washington. From the Lame Duck Congress Series to New Administration insights, POLITICO Pro delivers intelligence across 22+ policy areas to help you anticipate and navigate change. Discover how a Pro subscription empowers you. Learn more today. | | | | | | | | | Consider us intrigued when it comes to the ongoing hacks in the telecommunications sector:
| 
| | | The Wall Street Journal’s Robert McMillan and Vipal Monga have a jaw-dropping new profile of the other Krebs in cybersecurity.
| | | GETTING SALTY — Deputy National Security Adviser for Cyber and Emerging Technology Anne Neuberger spoke about Salt Typhoon during a regional security conference in Bahrain this weekend. ON THEIR TAILS — The FBI is investigating a hacking group that also carries out violent crimes, including against children, CyberScoop’s Greg Otto and Jana Winter report. Chat soon. Stay in touch with the whole team: John Sakellariadis (jsakellariadis@politico.com); Maggie Miller (mmiller@politico.com); and Rosie Perper (rperper@politico.com).
| | | | A message from CyberArk: CyberArk and Wiz have joined forces to deliver cloud security, leveraging CyberArk’s Zero Standing Privileges approach with Wiz’s cloud insights. This partnership provides powerful visibility and precise privilege controls for both human and machine identities, enabling organizations to proactively manage risks, secure vital digital assets, and streamline security practices. Together, CyberArk and Wiz are setting a new standard for sustainable, effective cloud security in dynamic environments. Learn More. | | | | | | | Follow us on Twitter | | | | Follow us | | | | |
No comments:
Post a Comment