| | | | |  | | By Maggie Miller | | Presented by |  | | | With help from John Sakellariadis
| | — An office at the State Department that serves as the nerve center for tackling overseas disinformation is likely to close amid Republican pushback. HAPPY MONDAY, and welcome to MORNING CYBERSECURITY! Fun fact: There is such a thing as too many holiday parties, and your MC host hit that max this weekend. So fun that our office party, featuring free drinks and potential breaking news mid-sip, is still to come. Follow POLITICO’s cybersecurity team on X at @johnnysaks130, @magmill95 and @rosieperper, or reach out via email or text for tips. You can also follow @POLITICOPro on X. Want to receive this newsletter every weekday? Subscribe to POLITICO Pro. You’ll also receive daily policy news and other intelligence you need to act on the day’s biggest stories.
| | Deputy Commerce Secretary Don Graves discusses “shaping and implementing policy at the intersection of national and economic security” during a virtual interview at the Center for a New American Security. 2 p.m.
| | | | A message from CyberArk: Build Faster in the Cloud with CyberArk and Wiz. Together, CyberArk and Wiz enhance multi-cloud security by improving visibility and control over privileged access for human and machine identities - and without impacting the speed and scale of cloud development. Learn More. | | | | | THE FUTURE IS UNCLEAR — A State Department office tasked with pushing back against disinformation around the U.S. abroad is likely to shut its doors at the end of this year due to Republican concerns about its mission, despite efforts to keep it open by some in Congress. The Global Engagement Center was launched under former President Barack Obama and is tasked with leading and coordinating U.S. government efforts to counter disinformation efforts overseas that could undermine the U.S. or its allies. Since its inception, the GEC has exposed Russian intelligence efforts to spread disinformation in African nations, and reported on China’s global disinformation campaigns. Most recently, the GEC led an interagency task force around authenticating artificial intelligence-generated content. — Bad news for GEC: But the GEC has come under fire from Republicans in recent months over accusations that it has strayed out of its jurisdiction and taken steps to censor conservative voices. As a result, the office may be forced to close its doors on Christmas Eve. Language that might have given the GEC a multi-year extension was excluded from the compromise version of the 2025 National Defense Authorization Act passed by the House last week, and lawmakers supporting the GEC have only days to figure out a new solution. Sens. John Cornyn (R-Texas) and Chris Murphy (D-Conn.) had proposed the amendment to keep the GEC open through 2031. Murphy told your MC host last week that he’d been working “all week” to give the GEC a future, adding that while he saw some of the conservative concerns as “legitimate,” that “it would be a real mistake to lose that capacity.” “We may have to start over again next year,” Cornyn acknowledged to your MC host separately. “I think it serves a useful function, so I’d like to see it restored.” — No easy path: But should the GEC go out of business this year, it may face a rocky path toward reopening under the next Congress. Rep. Brian Mast (R-Fla.) is set to take over as chair of the House Foreign Affairs Committee with jurisdiction over the State Department next year, and is not a fan of the GEC. He told your MC host last week that he had sent a letter to the GEC requesting that officials retain all documents, adding that he understood the program was being closed down. “The only big problem that I see in that is I hope they’re not over there heating the building right now with all the documents that were a part of the GEC,” Mast said. — Response: The State Department did not respond to questions about whether the office would stay open past the end of the year. But a State Department spokesperson, speaking anonymously as a condition of commenting, said that the agency was “disappointed” that the GEC did not get a multi-year extension in the NDAA. They noted that the State Department “remains hopeful that Congress extends this important mandate through other means before the December 24th termination date.” “The bottom line is we need to ensure that the capability to identify and counter foreign disinformation overseas is maintained,” the spokesperson said. “As our adversaries continue to ramp up their efforts globally, it’s counterintuitive — and dangerous — to weaken or worse yet, dismantle the United States’ leadership in this critical mission.” — A glimmer of light: All hope may not be lost for the GEC, or at least for the State Department's efforts to counter disinformation abroad. Mark Montgomery, senior director of the Center on Cyber and Technology Innovation at the Foundation for Defense of Democracies, said that something similar to the GEC will still be necessary for the State Department's mission. “The GEC as it is currently organized is ceasing to exist,” Montgomery, a supporter of the GEC said. “We need to have an aggressive program that identifies this foreign malicious disinformation or information operations campaigns, and puts a stop to it.”
| | | | Billions in spending. Critical foreign aid. Immigration reform. The final weeks of 2024 could bring major policy changes. Inside Congress provides daily insights into how Congressional leaders are navigating these high-stakes issues. Subscribe today. | | | | | | | | | GET THE BALL ROLLING — Federal Communications Commission Chair Jessica Rosenworcel is not waiting around for the investigation into the Chinese government-linked hacks of U.S. telecom networks to be complete. She’s pushing her agency to act now, even if the efforts could be short-lived in the next administration. Rosenworcel outlined her thoughts about the need to respond to the Salt Typhoon-linked hack in an interview, out this morning, with Steven Overly for the POLITICO Tech podcast. The conversation occurred a week after Rosenworcel proposed a pair of rules that would enhance the FCC’s enforcement power over telecom companies and require these groups to take steps to enhance their cybersecurity. “What we've seen with Salt Typhoon is really important and we have got to address it,” Rosenworcel said on the podcast. “I decided that while our national security colleagues go ahead and do their work to understand the scope and the impact of that incursion into our networks, the FCC can go ahead and start setting up a framework for the future.” Rosenworcel stressed that “we have to come up with standards for minimum cybersecurity in our nation's networks to make sure that this kind of intrusion in our security does not happen again.” — Future is shaky: The proposals could face pushback in the next administration and new Congress. Senate Commerce ranking member Ted Cruz (R-Texas), set to take the gavel of the panel with oversight of the FCC next year, said at a committee hearing last week that the rules “seem to be a band-aid at best and a concealment of a serious blind spot at worst.” He also criticized the timing, coming weeks ahead of a new administration. Current FCC Commissioner Brendan Carr has been nominated by Trump to serve as the new chair of the FCC, and he told CybersecurityDive last week that “we need all hands on deck” to address the issue, not directly commenting on the proposed rules. — Time is of the essence: When asked about the criticism, Rosenworcel noted that the level of threat from the Salt Typhoon hacks is “new,” and that there are huge vulnerabilities in portions of U.S. telecom systems that are decades old. “We haven't seen a new law on this issue at the FCC since 1994,” Rosenworcel said. “What I think is important is we take the laws we have on the books and start building a new framework for the future, even as our national security authorities keep on looking into what happened and why.” “I just don't I don't think we should wait for them to complete that task. I think we have to get started right now,” she stressed.
| | | | A message from CyberArk:   | | | | | LAW OF THE LAND — Robert Law, a former senior Trump administration official from the DHS component agency responsible for immigration policy, is now helming the Trump-Vance transition’s landing team for DHS, according to one person familiar with the matter. As John writes in, Law was a senior policy adviser and chief of policy at U.S. Citizenship and Immigration Services from 2017 and 2021. More recently, he has worked as the director of the center for homeland security and immigration at the America First Foreign Policy Institute, a Trump-aligned think tank. Law did not respond to a request for comment. In an email, Brian Hughes, a spokesperson for the transition said only ”as per the Transition MOU, the White House is receiving landing team names” and “Some teams have begun connecting with their counterparts at agencies." TAKING ACTION — Rep. Mike Waltz (R-Fla.), Trump’s pick for national security adviser, wants foreign hackers like the Salt Typhoon hacking group to face “higher costs and consequences” for attacking U.S. infrastructure, as POLITICO’s Andrew Howard reported. “We have been over the years trying to play better and better defense when it comes to cyber,” Waltz said Sunday during an appearance on CBS’ “Face the Nation.” “We need to start going on offense and start imposing, I think, higher costs and consequences to private actors and nation state actors that continue to steal our data, that continue to spy on us,” Waltz said. “I think we need to take a much stronger stance.” Waltz did not elaborate on what these costs might be, but he advocated for “taking a different approach to cyber” in order to “to get them to knock this off.” — The record: Past administrations have tried to address the issue of Chinese hacking. Obama in 2015 reached an agreement with Chinese President Xi Jinping for both nations to halt cyber-enabled efforts to steal intellectual property from the other. Officials under the first Trump administration accused China of violating this deal.
| | | | Write your own chapter in the new Washington. From the Lame Duck Congress Series to New Administration insights, POLITICO Pro delivers intelligence across 22+ policy areas to help you anticipate and navigate change. Discover how a Pro subscription empowers you. Learn more today. | | | | | | | | | Pro-tips from the pro:
| 
| | | ON THE WATCH — CISA is requesting comments on a draft of the National Cyber Incident Response Plan, which according to a Federal Register notice is set to be released sometime today. The NCIRP is meant to guide how the federal government coordinates with state and local officials in response to a major national cyberattack, and the comment notice states that “the need to update the NCIRP has never been greater.” Stay tuned. SOME (NOT) GOOD NEWS — Private information of potentially thousands of individuals in Rhode Island may have been compromised by a cyberattack on the state’s social services online portal by an “international cybercriminal group,” Aimee Ortiz reported for The New York Times. Chat soon. Stay in touch with the whole team: John Sakellariadis (jsakellariadis@politico.com); Maggie Miller (mmiller@politico.com); and Rosie Perper (rperper@politico.com).
| | | | A message from CyberArk: CyberArk and Wiz have joined forces to deliver cloud security, leveraging CyberArk’s Zero Standing Privileges approach with Wiz’s cloud insights. This partnership provides powerful visibility and precise privilege controls for both human and machine identities, enabling organizations to proactively manage risks, secure vital digital assets, and streamline security practices. Together, CyberArk and Wiz are setting a new standard for sustainable, effective cloud security in dynamic environments. Learn More. | | | | | | | Follow us on Twitter | | | | Follow us | | | | |
No comments:
Post a Comment