With help from Eric Geller, Martin Matishak and Adam Behsudi
Editor’s Note: Morning Cybersecurity is a free version of POLITICO Pro Cybersecurity’s morning newsletter, which is delivered to our subscribers each morning at 6 a.m. The POLITICO Pro platform combines the news you need with tools you can use to take action on the day’s biggest stories. Act on the news with POLITICO Pro.
— Security researchers are turning up all sorts of cybercriminal exploitations of coronavirus, as hackers go after public health websites and CISA tests telework capabilities.
— The Cyberspace Solarium Commission is getting the word out, but more skeptics have surfaced.
— President Donald Trump signed into law legislation designed to help rural telecoms rid themselves of Huawei equipment.
HAPPY FRIDAY and welcome to Morning Cybersecurity! Yeah, dinosaurs and birds are related, but… that’s just a bird, right? Send your thoughts, feedback and especially tips to [email protected]. Be sure to follow @POLITICOPro and @MorningCybersec. Full team info below.
HACKERS BUSY EXPLOITING CORONAVIRUS FEARS — Cybersecurity researchers are working overtime to keep track of how criminals are taking advantage of the coronavirus outbreak. In a blog post out today, Digital Shadows took a big-picture look at three major categories: phishing and social engineering scams, sale of fraudulent or counterfeit goods, and misinformation. Companies including Check Point, CrowdStrike, FireEye, Fortinet, Tenable and Recorded Future all recently produced work on cyber criminals exploiting fears about the virus, too.
Complicating matters is that hackers are attacking, or using attacks based on, legitimate sources of information. One scheme involves using a Johns Hopkins University real-time map of virus cases and deaths to spread malware. An apparent ransomware attack also took down a website in Illinois, hosted by the Champaign-Urbana Public Health District, at a pretty inconvenient time.
CISA Director Chris Krebs, meanwhile, “approved an Agency-wide federal employee telework event” today, spokeswoman Sara Sendek confirmed to MC. “This telework event will evaluate the current remote capabilities available if CISA-wide telework becomes necessary in response to the outbreak of the COVID-19 virus.”
Sign up for POLITICO Nightly: Coronavirus Special Edition, your daily update on how the illness is affecting politics, markets, public health and more.
A BIT MORE SOLARIUM SKEPTICISM — Folk are still reading through the Cyberspace Solarium Commission’s big report, and some are not impressed. Dave Aitel, a former NSA research scientist and the CEO of Immunity, faulted it for “cowardice” on end-to-end encryption. He also doubted whether CISA is ready for the extra workload, called “unworkable” an idea to hold software vendors liable and said the report overemphasizes norms. Justin Sherman, a senior fellow at the Atlantic Council’s Cyber Statecraft Initiative, wrote that the recommendations fall under three categories — “the common-sense and specific, the decidedly vague, and the absent” — and Jeremy Blackthorne of Boston Cybernetics threw in some criticism, too.
The commissioners have begun an ambitious campaign to turn the report’s recommendations into action; you can read writings from some of its staffers over at Lawfare. And the Senate Armed Services Committee booked a hearing for March 25 to hear testimony from the co-chairs. It won’t be the last.
HUAWEI WE GO — Trump signed a bill Thursday that will help rural telecom companies replace equipment from Chinese telecom giant Huawei and other firms deemed a threat to national security. The Secure and Trusted Communications Networks Act (H.R. 4998) establishes a reimbursement fund to offset replacement costs for telecom companies with fewer than 2 million customers, creates a program to share threat intelligence with those and other telecoms and prohibits the FCC from offering Universal Service Fund subsidies for risky equipment.
The bill will “help protect our Nation’s vital communications network and also ensures the United States reaches its 5G potential,” the White House said in a statement. It added that the Trump administration “will not risk subjecting America’s critical telecommunications infrastructure to companies that are controlled by authoritarian governments or foreign adversaries.”
The leaders of the House and Senate commerce panels expressed confidence that the “rip and replace” bill would reduce vulnerabilities in the telecom supply chain. “This legislation lays the foundation to help U.S. firms strip out vulnerable equipment and replace it with secure alternatives,” said Senate Commerce Chairman Roger Wicker (R-Miss.). In a joint statement, House Commerce Chairman Frank Pallone (D-N.J.) and ranking member Greg Walden (R-Ore.), along with two colleagues, said the government could now “take steps to protect our communications networks from bad actors, while helping small and rural providers remove and replace suspect network equipment.”
Huawei blasted the law as “an unrealistic attempt to fix what isn’t broken.”
LAWMAKERS WANT TO CRACK DOWN ON HUAWEI’S BANKING — From our friends at Morning Trade: Lawmakers want to place Huawei on a Treasury Department blacklist, cutting it off from the U.S. financial system. A bipartisan, bicameral bill introduced Thursday by Sen. Tom Cotton (R-Ark.) and Rep. Mike Gallagher (R-Wis.) comes after efforts to further curb Huawei’s access to U.S. technology appear to have failed.
The Neutralizing Emerging Threats from Wireless OEMs Receiving direction from Kleptocracies and Surveillance states (NETWORKS) Act would add any company producing 5G technology to Treasury’s Specially Designated Nationals List if they engage in economic or industrial espionage or violate U.S. sanctions. Huawei has already been placed on a Commerce export blacklist for posing a national security risk.
I SEE WHAT YOU DID THERE — Rep. Jim Langevin (D-R.I.) says he’s finally viewed the Trump administration’s top-secret guidance from over a year ago that gave DoD greater flexibility to launch cyber strikes. “Having reviewed the relevant National Security Presidential Memorandum, I am now more confident that the necessary checks are in place to ensure that our actions in cyberspace contribute to stability of the domain rather than undermining it,” Langevin, who chairs the House Armed Services Intelligence, Emerging Threats and Capabilities Subcommittee, said in a statement about the 2018 National Security Presidential Memorandum 13, or NSPM-13. The administration had been stalling on sharing the guidance, which it was required to do under last year’s defense policy bill.
Langevin said he would “continue to press the Administration for meaningful metrics for success that go beyond simply the number of operations conducted so that Congress can be sure we continue to strike an appropriate balance with our more forward-leaning posture.”
MY BRANIUM, MY DOME — U.S. CyberDome, the nonprofit that provides free or low-cost election security services to political campaigns, will now share cyber threat data with them too, the organization announced Thursday. It marks the first such political campaign information sharing and analysis organization. “The PC-ISAO is a neutral and nonpartisan venue where technologists can share critical cybersecurity alerts and best practices,” said former DHS Secretary Michael Chertoff, who serves on the CyberDome board of advisers. “The PC-ISAO helps members collaborate on critical cybersecurity challenges.”
I AM NOT OKAY WITH THIS — Microsoft on Thursday released an emergency patch for a wormable Windows 10 security bug that antivirus vendors accidentally disclosed online earlier this week. The vulnerability, dubbed EternalDarkness or SMBGhost, sparked fears that it could potentially allow attacks to spread as they did via the EternalBlue exploit.
TWEET OF THE DAY — Just the worst.
RECENTLY ON PRO CYBERSECURITY — Three domestic surveillance programs are set to expire this weekend with the Senate unable to extend them until next week. … A draft executive order would ban federal agencies from using Chinese drones. … The Election Assistance Commission re-hired Joshua Franklin to serve as deputy chief information security officer. … Two GOP senators introduced legislation to ban federal employees from using TikTok on work phones. … Two more GOP senators endorsed the idea of an airline portal for monitoring coronavirus contacts. … “The Pentagon ‘wishes to reconsider’ the award of its controversial cloud computing contract that Microsoft won in October, according to court documents.”
— Facebook took down Russia-linked inauthentic accounts that targeted the U.S.
— DEF CON is still figuring out whether to cancel.
— The Guardian: A judge ordered Chelsea Manning’s release from jail.
— ESET: Russian government-linked hacking group Turla targeted high-profile Armenian websites.
— Computer Weekly: Turla also was opportunistically exploiting Iranian infrastructure, Recorded Future researchers found.
— The Information reports on something sure to go down well with election security experts: “Virus fears spark calls for online voting.”
That’s all for today.
Stay in touch with the whole team: Eric Geller ([email protected], @ericgeller); Bob King ([email protected], @bkingdc); Martin Matishak ([email protected], @martinmatishak); and Tim Starks ([email protected], @timstarks).