With help from Eric Geller, Mary Lee, Martin Matishak and Bjarke Smith-Meyer
Editor’s Note: Morning Cybersecurity is a free version of POLITICO Pro Cybersecurity’s morning newsletter, which is delivered to our subscribers each morning at 6 a.m. The POLITICO Pro platform combines the news you need with tools you can use to take action on the day’s biggest stories. Act on the news with POLITICO Pro.
— A recent election security briefing played a part in President Donald Trump switching up leadership atop the intelligence community, and the new pick looks to be simpatico with Trump’s views on Russian election meddling.
— The agency that handles the president’s communications had a data breach, although there was no evidence yet that any potentially stolen data had been exploited.
— The U.S. and other countries pointed the finger at Russia over a cyberattack on Georgia.
HAPPY FRIDAY and welcome to Morning Cybersecurity! Today marks Mary Lee’s last day at POLITICO. MC will miss her. So, not such a “happy” Friday. Send your thoughts, feedback and especially tips to firstname.lastname@example.org. Be sure to follow @POLITICOPro and @MorningCybersec. Full team info below.
THE INTELLIGENCE THE PRESIDENT WANTS — Russian election interference figured into Trump’s abrupt selection of Richard Grenell as acting director of national intelligence, it appears — it’s just a question of how much of a role it played. The Washington Post reported on Thursday that Trump soured on the prior acting DNI, Joseph Maguire, after blasting him for remarks made during a House Intelligence panel briefing on 2020 election security, and apparently blamed him erroneously. The New York Times reported that remarks a DNI official made in that briefing about Russia trying to get Trump reelected did lead to a blowup, but Trump already wasn’t gung-ho about Maguire.
House Homeland Security Chairman Bennie Thompson (D-Miss.) was not happy about the development. “By firing Acting DNI Maguire because his staff provided the candid conclusions of the Intelligence Community to Congress regarding Russian meddling in the 2020 Presidential election, the President is not only refusing to defend against foreign interference, he’s inviting it,” he said.
Either way, it looks like Grenell will offer a sympathetic point of view to Trump on Russian election interference, with Grenell having downplayed it in 2016. He deleted some of his tweets that weighed in on Russia-related topics, such as one where he cheered the firing of former FBI Director James Comey. It’s less clear how long Grenell will be around. While a Senate GOP leader and member of the Intelligence Committee, Roy Blunt (Mo.), supported the pick, other Republicans have been less vocal, and Grenell himself said he wouldn’t be the eventual nominee; on the other hand, even having a nominee could keep Grenell in the spot for a while longer. Trump said late Thursday that he was considering Rep. Doug Collins (R-Ga.) and others for the nomination.
WHO WATCHES THE WATCHMEN — The Pentagon’s top IT support agency suffered a data breach last year that may have compromised Social Security numbers and other sensitive information. The Defense Information Systems Agency (DISA), which handles communications for Trump, sent letters to possible victims earlier this month warning of a “data breach” between May and July 2019 involving a system run by the organization. DISA’s letters said it was required to notify individuals who may have had data taken, though the agency has no evidence any personal data possibly taken was exploited.
KNOCK IT OFF — The U.S. and more than a dozen other Western countries on Thursday blamed Russia for an October cyberattack on Georgia that disrupted access to thousands of websites and knocked the national TV broadcaster offline. “This action contradicts Russia’s attempts to claim it is a responsible actor in cyberspace and demonstrates a continuing pattern of reckless Russian GRU cyber operations against a number of countries,” the State Department said in a statement, referring to Russia’s military intelligence agency. Allies including the U.K., Australia, the Netherlands, Poland and Romania joined the attribution campaign. Georgia said the attack “runs counter to the principles and norms of international law and represents another breach of Georgia’s sovereignty against the country’s European and Euro-Atlantic integration and democratic development.”
Thursday’s joint announcement marks the latest example of the Trump administration’s multilateral attribution strategy, which is aimed at deterring malicious cyber activity by strengthening the consensus around culpability in its aftermath. Rep. Jim Langevin (D-R.I.), the co-founder of the Congressional Cybersecurity Caucus, praised the State Department for sending a “clear message” that “destabilizing activity in cyberspace is unacceptable regardless of where it occurs.”
The GRU unit behind the Georgia cyberattack, known as “Sandworm,” is one of Russia’s most prolific hacking groups. It has been implicated in the DNC hack, repeated hacks of the Ukrainian power grid, and the 2018 Winter Olympics hack, not to mention the devastating NotPetya malware outbreak. “Notably, they have not been publicly admonished for their attempt to disrupt the Games,” said John Hultquist, senior director of intelligence analysis at FireEye, “and we are concerned that the actors will target the Games in Tokyo this year.”
TO THE MOON AND BACK — Top Trump administration officials identified some of their most pressing cybersecurity work on a conference call meeting of the National Security Telecommunications Advisory Committee on Thursday. “Protecting 2020 is our 1, 2, 3, 4 and 5 priority,” said Bradford Willke, acting assistant director for stakeholder engagement at CISA. Joshua Steinman, a White House cyber official, listed that lower down the list, with 5G taking the top spot.
Other priorities Willke mentioned included aiding state and local governments that are fighting ransomware; devoting energy to the NSTAC “cybersecurity moonshot” project; risk management for information and communications technology; and convincing Congress to give CISA administrative subpoena powers for tracking down owners of critical infrastructure when DHS identifies vulnerabilities.
WE CAN GO IN HAZMAT ATTIRE — Thirteen total exhibitors canceled their participation as a sponsor or exhibitor at the RSA Conference due to health concerns about the coronavirus, according to an update posted Thursday. The total number of individuals who canceled their registration, including members from AT&T after the company announced its exit on Thursday, is approximately 1.2 percent of the total number of expected attendees, conference organizers explained in the post.
Six of nine Chinese companies that planned to exhibit at the conference canceled due to travel restrictions, and the remaining three exhibitors will staff their booths with “individuals from the USA to maintain their presence,” the post reads. AT&T and IBM are two of six U.S. companies that dropped out, as well as one company from Canada, according to conference organizers.
CENTRAL BANKS VS. CYBER RISK — Giving more power to central banks to combat online attacks could prevent cyber crises from becoming a credit crunch threatening the whole financial industry. That’s according to the EU’s watchdog for the financial system, the European Systemic Risk Board (ESRB), which Wednesday published a report on cyber risk.
The ESRB, which is made up of EU supervisors and central banks, listed a number of examples in the report — considering how digital the industry has become — of how a cyberattack could lead to a financial crisis. Hackers targeting account balances could lead to “loss of confidence in the system, triggering liquidity freezes, bank runs and panic” and undermine “the integrity of data.” Putting central banks in charge of “emergency communications” could ensure lenders react to a cyber crisis, while “intervention” powers would give the sector a liquidity lifeline in a credit crunch.
It shouldn’t all fall on central banks’ shoulders, though. EU banks need to make sure that their online defenses are up-to-date and effective. “The cyber equivalent of capital buffers is preparedness and resilience,” the ESRB said, suggesting backup systems for clients — known as “data vaulting.”
TWEET OF THE DAY — “Nature is cruel but not malicious,” as one of the replies put it.
RECENTLY ON PRO CYBERSECURITY — Longtime Trump adviser Roger Stone was sentenced to 44 months in prison. … FireEye found that companies were more likely to learn about cyber incidents from third parties last year than from internal security teams. … The top Coast Guard admiral said the service’s IT is on “the brink of catastrophic failure.” … The state of New Mexico filed a lawsuit against Google, accusing it of illegally collecting information from young children in classrooms. … European privacy regulators warned that Google’s purchase of Fitbit poses a privacy risk. … “Europe’s big tech vision fizzles to life.”
— Yahoo News: Former Rep. Dana Rohrabacher said he did tell Julian Assange he could lobby for a pardon if the WikiLeaks founder would say Russia wasn’t involved in the DNC leaks.
— Motherboard: Cameo, an app where celebrities record short personal videos, exposed sensitive info on individuals.
— Bloomberg Law: “A market analysis company accidentally exposed customer data from major retailers.”
— Wired: An Electronic Frontier Foundation researcher has a plan for eliminating stalkerware.
— TechCrunch: There are more problems with stalkerware, too.
— BuzzFeed News: A fake mass email about the coronavirus outbreak claiming to be from Ukraine’s health ministry inspired riots.
— NBC News: Twitter is testing out how to label lies and misinformation.
— Microsoft is employing artificial intelligence to protect data in a range of areas.
— Corporate leaders think they’re doing a good job of gaining trust from customers on their data, but customers disagree, PwC found.
— MITRE Engenuity will assess the threat of Carbanak and FIN7 to commercial cybersecurity products.
— Recorded Future won a $50 million Cyber Command contract.
— Council on Foreign Relations: All those Facebook takedowns aren’t a measurement of success, but the opposite.
Stay in touch with the whole team: Mike Farrell (email@example.com, @mikebfarrell); Eric Geller (firstname.lastname@example.org, @ericgeller); Martin Matishak (email@example.com, @martinmatishak); and Tim Starks (firstname.lastname@example.org, @timstarks).