With help from Eric Geller, Martin Matishak and Cristiano Lima
Editor’s Note: Morning Cybersecurity is a free version of POLITICO Pro Cybersecurity’s morning newsletter, which is delivered to our subscribers each morning at 6 a.m. The POLITICO Pro platform combines the news you need with tools you can use to take action on the day’s biggest stories. Act on the news with POLITICO Pro.
— RSA Conference highlights coming today include chats on congressional cybersecurity priorities, how to deter cyberattacks and election security.
— Democrats spoke a decent amount about election security during Tuesday evening’s presidential debate.
— Back in Washington, a House panel today will debate legislation addressing an NSA surveillance program.
HAPPY WEDNESDAY and welcome to Morning Cybersecurity! The weather in San Francisco was so nice on Tuesday. Sorry to gloat, those of you who are enduring the cold. Send your thoughts, feedback and especially tips to firstname.lastname@example.org. Be sure to follow @POLITICOPro and @MorningCybersec. Full team info below.
RSAC, DAY THREE — Things get started early (Pacific Time, anyway) at the RSA Conference today with a panel on the congressional perspective on cybersecurity, and with a DOJ official and others talking about the battle against online sexual predators. Officials from State, DOJ, the FBI and DoD discuss a panel on deterrence in cyberspace. There are also sessions later in the day on the future of the cybersecurity moonshot, election security and cyber risk management (both featuring CISA).
WE PAUSE RSAC COVERAGE FOR… DEBATE MENTIONS OF US? — Democrats talked about, and clashed about, election interference issues during the latest presidential debate. Mike Bloomberg told Sen. Bernie Sanders, “Vladimir Putin thinks that Donald Trump should be president of the United States, and that’s why Russia is helping you get elected.” Sanders, as before, said he wouldn’t allow Russian interference as president. Pete Buttigieg jumped in, too: “I’ll tell you what the Russians want. They don’t have a political party. They want chaos. And chaos is what is coming our way.”
Joe Biden fielded a question about whether he would retaliate in cyberspace if there was proof Russia meddled in an election. “I would make them pay for it, and I would make them pay for it economically,” he answered. “We, in fact, should be imposing sanctions on Russia now for their interference.” Tom Steyer said he started his push for the impeachment of the president over Russian election interference. “Twenty-first century warfare is cyber warfare.” He added: “There was a hostile, foreign attack on our election last time and the president sided with the hostile foreign power.”
ALL OF THE KREBS — In a speech at RSAC and then in a gaggle with reporters, Krebs held forth on a variety of subjects besides his response to House Homeland Security Chairman Bennie Thompson and the Mississippi Democrat’s election security fears:
— NIAC/Solarium recommendations: The Trump administration is waiting for the Cyberspace Solarium Commission to release its report next month before taking action on National Infrastructure Advisory Council recommendations about structural changes to agencies with cybersecurity responsibilities, Krebs said.
— Administrative subpoena legislation: Krebs said that CISA has some more work to do to advance a big Hill priority, legislation (H.R. 5680) that would grant the agency administrative subpoena powers to track down critical infrastructure owners via internet service providers when CISA finds a vulnerability. The House Homeland Security Committee approved its version of the bill. Senators, Krebs said, are still talking to various interested parties.
— Industrial control systems and ransomware: CISA issued a series of advisories on Tuesday about industrial control systems security, Krebs said, but there was no special event that prompted them. He said the recent activity alert on a cyberattack that prompted the victim to temporarily halt pipeline operations was “noteworthy” because of the role ransomware played, and it was part of CISA’s effort to shore up operational technology, or OT, which is a “solid 10 years” behind its broader IT counterpart on security. Also on ransomware, Krebs said CISA a couple weeks ago released a “ransomware tabletop exercise in a box” to aid election security, although he doesn’t know which states have used it.
— Iran (and ransomware again): After the U.S. killing of Iranian Gen. Qassem Soleimani, CISA relied on plans it created during last summer’s escalating tensions with Tehran to arrange calls and other forms of threat information sharing with critical infrastructure owners, state and local governments and other partners totaling 26,000 individuals within a week, Krebs said.
“When everything kind of died down at the end of the next week, we didn’t want to take our foot off the gas,” he said, noting that “we had the attention of the nation and national leadership.” CISA asked: What might a destructive attack from Iran look like? And it decided it might look a bit like ransomware, Krebs said. So CISA decided, “Let’s go ahead and defend against these ransomware capabilities so that Iran, if it comes back six months from now, you’re in a better position.”
— Logo and branding: CISA has a new logo, featuring an eagle with computer circuitry on one of its wings, and a building emitting a Wi-Fi symbol. It also added a motto, “Cybersecurity Has a Posse,” which is a combo of some Andre the Giant street art and the CISA “war on pineapple” meme — with the pineapple being “our election security spirit animal/mascot,” per Krebs. The message of “Cybersecurity Has a Posse” is, in the words of Krebs, “We are only going to be able to do this together.”
HUAWEI HEARTBURN — A Tuesday panel about the 5G landscape revealed significant anxiety about Chinese telecom giant Huawei’s dominant position in the marketplace. “On the trajectory we’re on, I think it’s headed Huawei’s way,” said Arthur Coviello of Rally Ventures. With that in mind, Coviello said, “the pressure will actually blow back on the security industry to find the vulnerabilities and to be able to prevent bad things from happening.”
Coviello also argued that the U.S. government should match China’s hands-on approach to fostering strong tech companies. “The U.S. government looks at the tech industry with great pride and benign neglect” for the most part, Coviello said. “And it’s high time that we countered what China does and have a concerted effort to help American industry or European industry, our allies, to be competitive.
Meanwhile, former Director of National Intelligence Dennis Blair offered some praise for the Trump administration’s approach to China, which others criticized during the panel. When he served in the Obama administration, Blair said, “the approach was just talk, talk, talk to China without any stick or potential threat behind it. But I give full marks to this administration for taking action against Chinese economic practices.”
WHAT YOU MISSED AT RSA — The State Department has “taken progressively [more] nimble steps to call out malicious state behavior in cyberspace” in the past year and a half, according to Liesyl Franz, a senior policy adviser in State’s cyber office. During a panel about nation-state hacking, Franz pointed to the recent joint attribution of a Russian cyberattack on Georgia as an example of the department’s work. “We think that the diplomatic aspect of the public attributions and the public statements may not work today for what we did last week,” she said, “but it is setting the expectation” that countries must respect international cyber norms, “and it will have an effect over time.”
China is gobbling up U.S. defense technology, and it has to stop, said Maj. Gen. Thomas Murphy, who heads the Pentagon’s Protecting Critical Technology Task Force. “We have to stop being the R&D base for our adversary’s capabilities,” Murphy said during a panel on Chinese economic espionage. Later, he added, “We need our stuff to work as deadly as it possibly can, and every time China and others steal our technology, that withers away a bit.”
ANOTHER CORONAVIRUS CYBER ANGLE — The House Judiciary Committee gavels in this afternoon to mark up the USA Freedom Act Reauthorization Act of 2020. The bill, drafted in negotiations with the House Intelligence Committee, would end the NSA’s call detail records program but make few changes to the overall Foreign Intelligence Surveillance Act — despite a DOJ inspector general report last year that found mistakes in the monitoring of former Trump campaign aide Carter Page.
All eyes will be on how much Republican support the bill gets today. If there’s enough bipartisan support, it would signal to the GOP-controlled Senate — which has its own, bipartisan reauthorization bill — to get on board with the House measure before a looming March 15 deadline. But even then, there’s only 13 working days left before the cutoff, which might not be enough time to come up with a compromise and force lawmakers to approve a short-term extension. And what’s pretty much the only must-pass legislative vehicle that could pass the Senate (which hasn’t done much in the ways of bills the last few years) before the deadline? The White House’s $1.25 billion emergency request to combat the coronavirus.
BONKERS ASSANGE CASE DEVELOPMENTS — It’s hard to even know where to start on what’s happening with WikiLeaks founder Julian Assange. Maybe with the news that his team will introduce evidence for his extradition hearing involving Richard Grenell, the German ambassador turned Trump’s latest acting DNI, aiding in the politicization of Assange’s handover to authorities? Then there’s The Hill reporting Assange’s lawyers saying he tried to warn then-Secretary of State Hillary Clinton about the forthcoming release of diplomatic cables. Or claims that the U.S. wanted to kill Assange and make it look like an accident, or that he was handcuffed and stripped naked.
TWEET OF THE DAY — Oh, RSA. Never change.
— POLITICO: Facebook didn’t find any evidence that suspicious content boosting the presidential campaign of Bernie Sanders was part of a coordinated disinformation effort.
— The New York Times: The aforementioned Grenell asked Shelby Pierson, who was at the center of a disputed House Intelligence Committee election security briefing, to stay on board.
— Most federal agencies charged with overseeing the nation’s 16 critical infrastructure sectors don’t have a way of determining adoption in those sectors of the NIST cybersecurity framework, a GAO report on Tuesday concluded.
— Motherboard: Internal and formerly secret documents shed further light on why Cyber Command is publishing Russian and North Korean hacking tools on VirusTotal.
— CyberScoop: Chinese hackers tried to make it hard on investigators of the Equifax breach but didn’t succeed, Assistant Attorney General for National Security John Demers said.
— The Washington Post: Demers said DOJ has given up on the notion of a truce with big tech over encryption.
— The Washington Post: A former Boeing manager accused of spying for Beijing said he was the victim of a flawed FISA investigation.
— The Hill: Krebs talked about being the “accidental director” of CISA and his 2020 election security goals.
— Fifth Domain: NSA and DHS coordinated on a critical Windows vulnerability, Krebs said.
— CyberScoop: Russian election meddling in 2020 spurred better information sharing, Krebs said.
— CyberScoop: “A special unit inside the FBI helped victims of cybercrime recover $300 million of the roughly $3.5 billion in reported losses in 2019, according to a top bureau official.”
— Motherboard: An authentication company used by banks suffered a breach.
— Microsoft is doing its security intelligence report as an interactive dashboard.
That’s all for today.
Stay in touch with the whole team: Mike Farrell (email@example.com, @mikebfarrell); Eric Geller (firstname.lastname@example.org, @ericgeller); Martin Matishak (email@example.com, @martinmatishak); and Tim Starks (firstname.lastname@example.org, @timstarks).