With help from Eric Geller, Mary Lee and Martin Matishak
Editor’s Note: This edition of Morning Cybersecurity is published weekdays at 10 a.m. POLITICO Pro Cybersecurity subscribers hold exclusive early access to the newsletter each morning at 6 a.m. Learn more about POLITICO Pro’s comprehensive policy intelligence coverage, policy tools and services at www.politicopro.com.
Story Continued Below
— The Artist Formerly Known as the Consumer Electronics Show will feature plenty of cybersecurity and cybersecurity-related talks beginning today.
— An organization representing some of the top state election officials cheered a cash infusion from Congress that gave them a win in more than just their coffers.
— Speaking of Congress, lawmakers have returned to Washington and are set to approve some 5G legislation this week.
HAPPY TUESDAY and welcome to Morning Cybersecurity! The “Star Wars” hot take your MC host requested in Monday’s edition arrived here, as if anyone thought that was actually Yoda, but younger? Send your thoughts, feedback and especially tips to email@example.com. Be sure to follow @POLITICOPro and @MorningCybersec. Full team info below.
CES IS THE PLACE TO BE — The annual CES show officially kicks off today, and while the big event is far broader than just cybersecurity, that subject and related topics are on the agenda in a significant way. Already, Facebook unveiled a revamped Privacy Checkup feature in conjunction with the 2020 conference, and Ring announced that it was debuting additional privacy and security features — responses from two outfits experiencing a tough run of privacy and security criticisms. Also, surveillance tech has already proven a tricky subject at this year’s CES.
The conference has tracks on 5G, privacy, drones, artificial intelligence, cryptocurrency, resilience and self-driving cars, all of which can or will talk up cybersecurity angles. For instance, DHS officials will appear at a talk on “protecting privacy and security in an AI world;” there’s a chat on the “cybersecurity industry in action;” FCC and FTC officials are set to chat about regulatory issues involving subjects such as the internet of things; another session will discuss how to securely design products to mitigate software vulnerabilities; health care cybersecurity will get the spotlight in yet another session; and even your friendly neighborhood NIST is slated to stop by for some IoT security thoughts.
There’s like, “cyber everywhere,” really. Our Tech team colleagues will be on the scene and are producing a special newsletter for the occasion, by the way.
NO KICKSTARTER NECESSARY — State officials are pleased that Congress appropriated $425 million for election administration grants in its latest spending bill. The money “will help states meet their unique needs to further invest in election security protections, personnel and systems,” Iowa Secretary of State Paul Pate, the president of the National Association of Secretaries of State, said in a statement. But Pate reiterated NASS’ request for dedicated, regular funding “that allows states to plan and implement election security enhancements to counter emerging cybersecurity threats.”
In addition to the money itself, the lack of conditions attached to it represents a second win for NASS. The organization has consistently opposed restrictions on how states can spend federal money, frustrating experts who worry that states won’t spend it all on cybersecurity improvements. House Democrats included strict usage requirements in their legislation, but Senate Republicans did not. The final spending bill adopted the Senate language, and as a result, states do not need to use the money for security purposes.
THEY’RE BACK — The House is back and revving up its legislative engines. Lawmakers are expected to pass two 5G bills on Wednesday: One bill, H.R. 3763, that would direct the secretary of State to provide assistance and technical expertise to shore up U.S. participation at international standards-setting bodies that set standards for 5G; and another bill, H.R. 2881, that would require President Donald Trump to create a national strategy to ensure the security of 5G and future generation mobile telecommunications systems and infrastructure.
IGs CAN’T GET ENOUGH OF OG CISA — The Energy Department’s inspector general gave DOE a passing grade for its implementation of the 2015 Cybersecurity Information Sharing Act in a report released Monday. “Specifically, we found that policies and procedures related to sharing cyber threat indicators were sufficient and included requirements for the removal of personally identifiable information,” a summary of the report reads. The DOE watchdog report is a spinoff from a joint IG document published on the 2015 law last month.
ESPOSITO IS NO LONGER LOBBYING FOR HUAWEI — Michael Esposito is no longer representing Huawei, POLITICO Influence reports, less than six months after he started lobbying for the Chinese company. Huawei paid Esposito’s firm, Federal Advocates, more than $1.6 million to lobby the White House and the Commerce Department as part of Huawei’s effort to get off the Commerce Department’s “entity list” restricting U.S. companies’ ability to do business with Huawei, according to disclosure filings. It was a strikingly lucrative contract even for K Street. “Our contract expired with Federal Advocates in December,” Rob Manfredo, a Huawei spokesperson, wrote in an email to POLITICO. Esposito didn’t respond to a request for comment.
The Washington Post reported in November that Esposito, who once claimed to have “an open line of communication” to President Donald Trump, had exaggerated his connections to the Trump administration and the Republican National Committee. The FBI raided Esposito’s Virginia home and Washington office last week “looking for evidence of possible fraud,” The Post reported on Friday.
TWEET OF THE DAY — Talk about hyper-specific content.
RECENTLY ON PRO CYBERSECURITY — The NATO website going down was not the result of a cyberattack despite concerns about Iranian retaliation, a spokesperson said. … Eric Chewning, chief of staff to Defense Secretary Mark Esper, is leaving at the end of January. … The Trump administration published an interim final rule on restricting exports of artificial intelligence software. … European privacy regulators commissioned studies into data broker and mobile app compliance with the General Data Protection Regulation.
— The Global Forum on Cyber Expertise established a GCFE Foundation and appointed four board members who will serve two-year terms. Christopher Painter, the State Department’s former cyber coordinator, was named president, along with panel members Olaf Kolkman and Inge Bryan and special adviser Uri Rosenthal.
— Rob Cataldo has been appointed to helm Kaspersky North America as its new managing director. He previously served as vice president of enterprise sales at Kaspersky North America.
— Maybe calm down on the Iranian cyber retaliation hype? The Washington Post
— Although DHS issued fresh guidance about Iran and cyber. CyberScoop
— New school CISA issued some guidance on the CLAW. Inside Cybersecurity
— Google let suspected surveillance tool ToTok back into its Play Store. Motherboard
— Travelex got hit with a ransomware attack. Computer Weekly
— “The Hidden Cost of Ransomware: Wholesale Password Theft.” Krebs on Security
— More Cambridge Analytica info is coming out. TechCrunch
— Is nothing sacred? ZDNet
— Privacy International wrote about cloud extraction tech.
That’s all for today.
Stay in touch with the whole team: Mike Farrell (firstname.lastname@example.org, @mikebfarrell); Eric Geller (email@example.com, @ericgeller); Mary Lee (firstname.lastname@example.org, @maryjylee) Martin Matishak (email@example.com, @martinmatishak) and Tim Starks (firstname.lastname@example.org, @timstarks).