With help from Eric Geller, Martin Matishak and Bryan Bender
Editor's Note: This edition of Morning Cybersecurity is published weekdays at 10 a.m. POLITICO Pro Cybersecurity subscribers hold exclusive early access to the newsletter each morning at 6 a.m. Learn more about POLITICO Pro's comprehensive policy intelligence coverage, policy tools and services at http://www.politicopro.com.
Story Continued Below
Encryption and corporate cybersecurity are on the congressional calendar this week, both on Tuesday, one a hearing and one a markup.
A top intelligence official with some cybersecurity responsibilities is leaving, part of a broader exodus.
How much is the White House doing on election security? Two officials, one current and one recently departed, offered their viewpoints in recent days.
HAPPY MONDAY and welcome to Morning Cybersecurity! Your MC hosts inbox hasnt been flooded with best of 2019 music stuff as requested, but I discovered this one elsewhere. Pleasant little track, that one. Send your thoughts, feedback and especially tips to tstarks@politico.com. Be sure to follow @POLITICOPro and @MorningCybersec. Full team info below.
CLOSED, OPEN The Senate Judiciary Committee this week explores the pros and cons of encryption, the first time Congress has dipped into the subject in a long time. While the panel hasnt announced Tuesdays witness list yet, the hearing comes two months after Attorney General William Barr joined British and Australian officials to initiate a big push against warrant-proof encryption centered on fighting child exploitation.
Senate Judiciary Chairman Lindsey Graham (R-S.C.) is worth watching: From 2015 to 2016, he said he underwent a change of heart, evolving from an end-to-end encryption critic to someone who saw the wisdom of it, but since then hes also become a staunch ally of the president.
Also Tuesday, the House Financial Services Committee is scheduled to mark up legislation (H.R. 1731) that would require the SEC to issue a rule requiring publicly traded companies to disclose cybersecurity expertise on their boards of directors. The legislation, sponsored by Rep. Jim Himes (D-Conn.), would require that, in the event a board had no cyber expertise, the company must explain why.
WE NEVER SLEEP One of the Pentagons top intelligence officials will step down next month, our Defense colleague Connor OBrien and Martin scooped on Saturday. Kari Bingen, who as principal deputy undersecretary of Defense for intelligence, helps oversee the NSA and other organizations within the so-called Defense Intelligence Enterprise, will leave DoD on Jan. 10. She sat down with Martin earlier this year on the sidelines of the 2019 GEOINT Symposium and chatted about a host of topics, including cybersecurity.
Her departure marks yet another departure of a senior intelligence official in recent months. Former Director of National Intelligence Dan Coats and his deputy, Sue Gordon, stepped down in August. Joseph Maguire has served as the nations spy chief on an acting basis ever since. Last month, ODNI announced that Andrew Hallman, who most recently served as the Deputy Director of CIA for Digital Innovation, is the I.C.'s new "principal executive" who will serve as the country's No. 2 intel official.
MORE PERSONNEL NEWS Bryan Ware is the pick to take the job of assistant director for cybersecurity at CISA, one of the top cyber gigs in the federal government, CyberScoop reported Sunday evening. He would replace Jeanette Manfra in the DHS vacancy, with Manfra set to head to the private sector at years end. Ware is the current assistant secretary for cyber, infrastructure and resilience policy, and is a former tech entrepreneur. His selection is still pending White House approval, according to CyberScoop. DHS officials that MC reached out to Sunday night did not confirm the news.
NIAC WANTS CYBER COMMAND CENTER A federal advisory council made some unsurprising recommendations to President Donald Trump for improving public-private cybersecurity partnerships in a newly published draft report.
The president should create a command center to improve intelligence information sharing, protect companies from lawsuits stemming from their decision to blacklist risky vendors and create an independent commission to mitigate catastrophic cyber risks to critical infrastructure that have potential national security impacts, the National Infrastructure Advisory Council said in the report. The council, a collection of industry executives and local government officials, also said the Justice Department should determine whether existing legal authorities permit the feds to order companies to implement certain defensive measures.
The report is the result of a tasking from the National Security Council, which asked the NIAC in September to examine how the federal government and private industry can collaborate seamlessly to manage urgent cyber risks in the most critical and highly targeted private infrastructures. It cites increasing nation-state cyber capabilities, along with digital strikes such as the Ukrainian grid outages and the NotPetya malware outbreak, to argue that the need to act is urgent.
The report recommends a two-tiered approach, coupling urgent action with longer-term comprehensive policies, and it says that all work should adhere to six principles, including that regulation should be a last resort. The draft is dated Dec. 12, making it likely that the NIAC will deliver it to Trump this week.
THE OTHER NSA ON ELECTION SECURITY A White House often accused of neglecting the subject of election interference considers it a big priority, national security adviser Robert OBrien told reporters at a roundtable this weekend. That's something we're concerned about. It's something we watch and it's something we're working on very, very hard, he said. And there are people across the U.S. government and across state governments that are working on these issues. It's a priority. It's important. We're monitoring very closely.
OBrien touted the NSCs resilience group, and mentioned four countries that present a particular threat given their cyber capabilities: China, Iran, North Korea and Russia, the last of which Trump has faced particular criticism over for downplaying its 2016 meddling.
WAIT, HOLD UP ON THAT A recently retired senior CIA operations officer on Friday wrote that the president poses a real threat to federal efforts to fend off Russian election interference. In response to 2016 meddling, the CIA published a call to arms for its workforce to counter the Kremlin, Marc Polymeropoulos wrote for Just Security. The idea was for the entire government to think creatively and offensively about what to do about Russia, he wrote. There was widespread interagency support for the idea.
The wild card was sitting in the Oval Office, wrote Polymeropoulos. With President Donald Trumps puzzling admiration for Russian President Vladimir Putin, it was not clear that he had accepted and internalized the Intelligence Communitys conclusions of Kremlin malfeasance and incessant desire to harm the United States. If anything, the president repeatedly questioned the findings of the IC, preferring instead to accept Putins denials. Former national security advisers H.R. McMaster and John Bolton helped keep the agenda moving forward, however.
Since retiring in June, though, two things swayed Polymeropoulos toward doubt for the future. My fear stems primarily from the president, who has, in a matter of several months, quite overtly set back the overall U.S. government effort with his unfortunate meddling in Ukraine, as well as the pullback of U.S. troops from Syria, he wrote. Trump has provided Putin a massive gift on both fronts. Its not all a lost cause, but it will likely take congressional action to stay the course, he asserted.
BYENET Two members of a Romanian cybercrime gang earned lengthy prison sentences on Friday from a federal judge for their role in overseeing a botnet that prosecutors say infected 400,000 computers primarily in the United States. Romanians Bogdan Nicolescu and Radu Miclaus, both 37, received 20 years and 18 years, respectively. The Bayrob Group schemes origins date back to 2007, when it developed proprietary malware distributing malicious emails purportedly from the likes of the IRS, Norton AntiVirus and Western Union, according to DOJ. In April, a federal jury in Ohio convicted them of all 21 charges.
TWEET OF THE WEEKEND Thats two needs, and counting.
RECENTLY ON PRO CYBERSECURITY Reddit said it uncovered a suspected Russian disinformation campaign targeting the U.K. election. Republican senators are deepening their pursuit of evidence of Ukrainian election interference, despite intel officials saying theres none to be found. Cambridge Analytica engaged in deception in a couple different ways, the FTC said. Rep. Pramila Jayapal (D-Wash.) pressed Google executives about the company's data sharing deal with health system Ascension in a letter today amid sharpening concern over the use of big health data among patient and privacy advocates. European Commission Vice President Vra Jourov said social media companies need to do more to counter manipulation campaigns.
One of the accused Evil Corp leaders is the son of a former Russian mayor. Meduza
British cybersecurity officials are investigating whether leaked U.S.-U.K. trade papers were hacked. Reuters
Industry groups want more time to give feedback on the information and communications technology supply chain rule. Inside Cybersecurity
The head of the FBI Criminal, Cyber, Response, and Services Branch is headed to Louisville for a job as chief of public services. CyberScoop
More than 100 dental offices were affected by a ransomware attack on a Colorado IT provider. Krebs on Security
The election security fights continue in Pennsylvania. The Wall Street Journal
Morning Consult sought to analyze the congressional districts most vulnerable to Facebook misinformation.
Thats all for today.
Stay in touch with the whole team: Mike Farrell (mfarrell@politico.com, @mikebfarrell); Eric Geller (egeller@politico.com, @ericgeller); Mary Lee (mlee@politico.com, @maryjylee) Martin Matishak (mmatishak@politico.com, @martinmatishak) and Tim Starks (tstarks@politico.com, @timstarks).
Continued here:
Encryption back on the congressional agenda - Politico
- WhatsApp overhauling status tab with encrypted Snapchat Stories-like feature - 9 to 5 Mac [Last Updated On: February 21st, 2017] [Originally Added On: February 21st, 2017]
- GOP demands inquiry into EPA use of encrypted messaging apps - CNET [Last Updated On: February 21st, 2017] [Originally Added On: February 21st, 2017]
- Encryption Apps Help White House Staffers Leakand Maybe Break the Law - WIRED [Last Updated On: February 21st, 2017] [Originally Added On: February 21st, 2017]
- World Wide Web Creator Calls for Internet Decentralization & Encryption - The Data Center Journal [Last Updated On: February 21st, 2017] [Originally Added On: February 21st, 2017]
- What It Means to Have an 'Adult' Conversation on Encryption - Pacific Standard [Last Updated On: February 21st, 2017] [Originally Added On: February 21st, 2017]
- Confide in me! Encryption app leaks sensitive info from Washington DC - SC Magazine UK [Last Updated On: February 21st, 2017] [Originally Added On: February 21st, 2017]
- Gmail v7.2 Prepares to Add Support for S/MIME Enhanced Encryption - XDA Developers (blog) [Last Updated On: February 26th, 2017] [Originally Added On: February 26th, 2017]
- Top 6 Data Encryption Solutions - The Merkle [Last Updated On: February 26th, 2017] [Originally Added On: February 26th, 2017]
- Your Guide to the Encryption Debate - Consumer Reports - ConsumerReports.org [Last Updated On: February 26th, 2017] [Originally Added On: February 26th, 2017]
- Google helps put aging SHA-1 encryption out to pasture - Engadget [Last Updated On: February 26th, 2017] [Originally Added On: February 26th, 2017]
- Decipher your Encryption Challenges - Infosecurity Magazine [Last Updated On: February 28th, 2017] [Originally Added On: February 28th, 2017]
- How the Politics of Encryption Affects Government Adoption - Freedom to Tinker [Last Updated On: February 28th, 2017] [Originally Added On: February 28th, 2017]
- How Encryption Makes Your Sensitive Cloud-Based Data an Asset, Not a Liability - Security Intelligence (blog) [Last Updated On: February 28th, 2017] [Originally Added On: February 28th, 2017]
- Set up VMware VM Encryption for hypervisor-level security - TechTarget [Last Updated On: February 28th, 2017] [Originally Added On: February 28th, 2017]
- How The Media Are Using Encryption Tools To Collect Anonymous Tips - NPR [Last Updated On: February 28th, 2017] [Originally Added On: February 28th, 2017]
- Encryption patent that roiled Newegg is dead on appeal | Ars Technica - Ars Technica [Last Updated On: February 28th, 2017] [Originally Added On: February 28th, 2017]
- Research proposes 'full-journey' email encryption - The Stack [Last Updated On: March 1st, 2017] [Originally Added On: March 1st, 2017]
- Database-as-a-service platform introduces encryption-at-rest - BetaNews [Last Updated On: March 1st, 2017] [Originally Added On: March 1st, 2017]
- Encrypted Messaging Service 'Signal' Adds Video Call Option - Top Tech News [Last Updated On: March 2nd, 2017] [Originally Added On: March 2nd, 2017]
- Germany, France lobby hard for terror-busting encryption backdoors ... - The Register [Last Updated On: March 2nd, 2017] [Originally Added On: March 2nd, 2017]
- How to Send Encrypted Nudes, a Guide for the Discerning Lover - Inverse [Last Updated On: March 2nd, 2017] [Originally Added On: March 2nd, 2017]
- Ironclad Encryption Corporation Announces New Ticker Symbol OTCQB: IRNC - Yahoo Finance [Last Updated On: March 2nd, 2017] [Originally Added On: March 2nd, 2017]
- The Best Email Encryption Software of 2017 | Top Ten Reviews [Last Updated On: March 2nd, 2017] [Originally Added On: March 2nd, 2017]
- No, you shouldn't delete Signal or other encrypted apps - TechCrunch [Last Updated On: March 11th, 2017] [Originally Added On: March 11th, 2017]
- Best encryption software: Top 5 - Computer Business Review [Last Updated On: March 11th, 2017] [Originally Added On: March 11th, 2017]
- Encryption Backdoors, Vault 7, and the Jurassic Park Rule of Internet Security - Just Security [Last Updated On: March 11th, 2017] [Originally Added On: March 11th, 2017]
- That Encrypted Chat App the White House Liked? Full of Holes - WIRED [Last Updated On: March 11th, 2017] [Originally Added On: March 11th, 2017]
- What the CIA WikiLeaks Dump Tells Us: Encryption Works - New York Times [Last Updated On: March 11th, 2017] [Originally Added On: March 11th, 2017]
- Snake-Oil Alert Encryption Does Not Prevent Mass-Snooping - Center for Research on Globalization [Last Updated On: March 11th, 2017] [Originally Added On: March 11th, 2017]
- Customer Letter - Apple [Last Updated On: March 11th, 2017] [Originally Added On: March 11th, 2017]
- Don't Let WikiLeaks Scare You Off of Signal and Other Encrypted Chat Apps - WIRED [Last Updated On: March 12th, 2017] [Originally Added On: March 12th, 2017]
- BT to offer customers encryption service for data - Capacity Media (registration) [Last Updated On: March 12th, 2017] [Originally Added On: March 12th, 2017]
- Encryption - technet.microsoft.com [Last Updated On: March 12th, 2017] [Originally Added On: March 12th, 2017]
- Use FileVault to encrypt the startup disk on ... - Apple Support [Last Updated On: March 12th, 2017] [Originally Added On: March 12th, 2017]
- Viber launches secret chats to go beyond encryption - SlashGear [Last Updated On: March 13th, 2017] [Originally Added On: March 13th, 2017]
- Zix wins 5-vendor email encryption shootout - Network World [Last Updated On: March 13th, 2017] [Originally Added On: March 13th, 2017]
- A lesson from the CIA WikiLeaks dump: Encryption works - The Seattle Times [Last Updated On: March 13th, 2017] [Originally Added On: March 13th, 2017]
- What the CIA WikiLeaks Dump Tells Us: Encryption Works - NewsFactor Network [Last Updated On: March 18th, 2017] [Originally Added On: March 18th, 2017]
- Panicked Secret Service Says It Lost Encrypted Laptop But It's Fine, Everything's Fine - Gizmodo [Last Updated On: March 18th, 2017] [Originally Added On: March 18th, 2017]
- Google Cloud adds new customer-supplied encryption key partners ... - ZDNet [Last Updated On: March 18th, 2017] [Originally Added On: March 18th, 2017]
- Preseeding Full Disk Encryption - Linux Journal [Last Updated On: March 18th, 2017] [Originally Added On: March 18th, 2017]
- Bypassing encryption: 'Lawful hacking' is the next frontier of law enforcement technology - Boston Business Journal [Last Updated On: March 18th, 2017] [Originally Added On: March 18th, 2017]
- SecurityBrief NZ - Gemalto introduces on-prem encryption key solution for 'highly regulated' organisations - SecurityBrief NZ [Last Updated On: March 21st, 2017] [Originally Added On: March 21st, 2017]
- 'Always Be Concerned': US Court Slaps Down Fifth Amendment Defense of Encryption - Sputnik International [Last Updated On: March 21st, 2017] [Originally Added On: March 21st, 2017]
- Quantum Key System Uses Unbreakable Light-Based Encryption to Secure Data - Photonics.com [Last Updated On: March 21st, 2017] [Originally Added On: March 21st, 2017]
- Wikileaks Only Told You Half The Story -- Why Encryption Matters More Than Ever - Forbes [Last Updated On: March 21st, 2017] [Originally Added On: March 21st, 2017]
- EPA Sued For Withholding Info On Encrypted Text Messages | The ... - Daily Caller [Last Updated On: March 22nd, 2017] [Originally Added On: March 22nd, 2017]
- Opinion Data encryption efforts ramp up in face of growing security threats - Information Management [Last Updated On: March 22nd, 2017] [Originally Added On: March 22nd, 2017]
- Bypassing encryption: Lawful hacking is the next frontier of law enforcement technology - Salon [Last Updated On: March 22nd, 2017] [Originally Added On: March 22nd, 2017]
- NeuVector Announces Container Visualization, Encryption, and Security Solution for NGINX Plus - DABCC.com [Last Updated On: March 23rd, 2017] [Originally Added On: March 23rd, 2017]
- Is encryption one of the required HIPAA implementation specifications? - TechTarget [Last Updated On: March 23rd, 2017] [Originally Added On: March 23rd, 2017]
- Paper Spells Out Tech, Legal Options for Encryption Workarounds - Threatpost [Last Updated On: March 23rd, 2017] [Originally Added On: March 23rd, 2017]
- Encryption debate needs to be nuanced, says FBI's Comey - TechTarget [Last Updated On: March 25th, 2017] [Originally Added On: March 25th, 2017]
- Comey Renews Debate Over Encryption - 550 KTSA [Last Updated On: March 25th, 2017] [Originally Added On: March 25th, 2017]
- UK minister says encryption on messaging services is unacceptable - Reuters [Last Updated On: March 28th, 2017] [Originally Added On: March 28th, 2017]
- The why and how of encrypting files on your Android smartphone - Phoenix Sun [Last Updated On: March 28th, 2017] [Originally Added On: March 28th, 2017]
- UK targets WhatsApp encryption after London attack - Yahoo News [Last Updated On: March 28th, 2017] [Originally Added On: March 28th, 2017]
- Critical flaw alert! Stop using JSON encryption | InfoWorld - InfoWorld [Last Updated On: March 28th, 2017] [Originally Added On: March 28th, 2017]
- SecureMyEmail is email encryption for everyone - TechRepublic - TechRepublic [Last Updated On: March 28th, 2017] [Originally Added On: March 28th, 2017]
- Apple iOS 10.3 will introduce encryption which makes it MORE difficult for cops and spooks to crack into ISIS nuts ... - The Sun [Last Updated On: March 29th, 2017] [Originally Added On: March 29th, 2017]
- How to Analyze An Encryption Access Proposal - Freedom to Tinker [Last Updated On: March 29th, 2017] [Originally Added On: March 29th, 2017]
- Questions for the FBI on Encryption Mandates - Freedom to Tinker [Last Updated On: March 29th, 2017] [Originally Added On: March 29th, 2017]
- Justice Department anti-terror chief keeps pressing on encryption - Politico (blog) [Last Updated On: March 29th, 2017] [Originally Added On: March 29th, 2017]
- UK government can force encryption removal, but fears losing, experts say - The Guardian [Last Updated On: March 29th, 2017] [Originally Added On: March 29th, 2017]
- Encryption FAQs [Last Updated On: March 29th, 2017] [Originally Added On: March 29th, 2017]
- Why isn't US military email protected by standard encryption tech? - Naked Security [Last Updated On: April 9th, 2017] [Originally Added On: April 9th, 2017]
- How have ARM TrustZone flaws affected Android encryption? - TechTarget [Last Updated On: April 9th, 2017] [Originally Added On: April 9th, 2017]
- Keeping the enterprise secure in the age of mass encryption - Information Age [Last Updated On: April 9th, 2017] [Originally Added On: April 9th, 2017]
- Lack of encryption led to Dallas siren hack - WFAA [Last Updated On: April 12th, 2017] [Originally Added On: April 12th, 2017]
- Internet Society tells G20 nations: The web must be fully encrypted - The Register [Last Updated On: April 12th, 2017] [Originally Added On: April 12th, 2017]
- Make Encryption Ubiquitous, Says Internet Society - Infosecurity ... - Infosecurity Magazine [Last Updated On: April 12th, 2017] [Originally Added On: April 12th, 2017]
- Can we encrypt the web while giving governments a backdoor to snoop? - SC Magazine UK [Last Updated On: April 12th, 2017] [Originally Added On: April 12th, 2017]
- Why we need to encrypt everything - InfoWorld [Last Updated On: April 12th, 2017] [Originally Added On: April 12th, 2017]
- Hacked Dallas sirens get extra encryption to fend off future attacks - Computerworld [Last Updated On: April 12th, 2017] [Originally Added On: April 12th, 2017]
- SHA-1 Encryption Has Been Broken: Now What? - Forbes [Last Updated On: April 14th, 2017] [Originally Added On: April 14th, 2017]
- Hewlett Packard Enterprise touts encryption tool for federal clients - The Hill [Last Updated On: April 14th, 2017] [Originally Added On: April 14th, 2017]
- Encryption on the Rise in Age of Cloud - Infosecurity Magazine - Infosecurity Magazine [Last Updated On: April 14th, 2017] [Originally Added On: April 14th, 2017]
- Lawmaker Pushes Bill That Requires Encryption by Pennsylvania State Employees - Government Technology [Last Updated On: April 14th, 2017] [Originally Added On: April 14th, 2017]
- Disk encryption - Wikipedia [Last Updated On: April 14th, 2017] [Originally Added On: April 14th, 2017]
- The apps to use if you want to keep your messages private - Recode [Last Updated On: April 15th, 2017] [Originally Added On: April 15th, 2017]