| Welcome to The Cybersecurity 202! I've gotten sort of addicted to these "(expert) weighs in on how realistic (x thing) in movies is" videos. Happy to have happened across one for our world. I saw "Skyfall" again recently and had a similar reaction. … Dude, don't just hook up the evil guy's gear to yours! In other news, we're off Monday. We'll be back to you on Tuesday. Was this forwarded to you? Sign up here. Below: Officials are working to expand cyber protections to key sectors, and critics push back against a draft E.U. law that would permit spying on journalists. First: | Former congressman Will Hurd, with a deep cyber background, enters GOP presidential field |  Rep. Will Hurd (R-Tex.) arrives to the Marcelino Serna Port of Entry naming ceremony on the U.S. border with Mexico in Tornillo, Tex., in 2017. (Melina Mara/The Washington Post) | | | The presidency got arguably its most cyber-qualified candidate ever on Thursday when former congressman Will Hurd (R-Tex.) threw his hat into the crowded 2024 Republican field. Hurd graduated college with a major in computer science, is a former CIA officer and was a senior adviser for a cybersecurity company before he became a member of Congress in early 2015. While in Congress through early 2021, he sponsored or co-sponsored key cybersecurity bills that became law, sat on important cyber-related committees and chaired a subcommittee with cyber oversight. He won't be the first candidate for the presidency with a significant cyber background. | - For example, 2020 Democratic candidate Beto O'Rourke secretly joined an influential hacktivist group as a teenager and once worked for software and internet service provider businesses before beginning a political career, as my colleague Joseph Menn first revealed.
- John McAfee, who sought the Libertarian Party's nomination in 2016 and 2020, was an internet pioneer who founded the eponymous anti-virus firm. Later in life, he associated himself with some fringe and/or start-up cyber companies and engaged in some questionable cyber stunts.
| | But in terms of the diversity of his track record and recent experience, you can make the case that Hurd is more qualified on cyber than either O'Rourke or McAfee when they entered the race. O'Rourke and McAfee had long since left serious cyber work behind as a part of their lives by the time they ran for the highest office in the United States. | | Hurd enters the race as the 12th GOP candidate, pitching himself as a moderate proclaiming "common-sense leadership," per a story by my colleague John Wagner. "For the past 20 years, I've been on the front lines of the most pressing fights facing our nation," Hurd said. "I hunted down terrorists in the Middle East after 9/11. In Congress, I fought to lower taxes, secure our border and provide more opportunities for the middle class. I've worked at the highest levels of business to harness technology and innovation for the future of America. These experiences have shown me that this moment, that this election has never mattered more." A critic of former president Donald Trump, the long-shot Hurd also took aim at President Biden in his announcement. "President Biden can't solve these problems — or won't," Hurd said. "And if we nominate a lawless, selfish, failed politician like Donald Trump — who lost the House, the Senate and the White House — we all know Joe Biden will win again." Still, Hurd faces an uphill battle. Trump still has a hold over Republican primary voters, and the former president appears to be leading Florida Gov. Ron DeSantis by around 20 points in polls. | | Hurd touted his bipartisanship while in Congress. He was a key player in at least two pieces of important cybersecurity legislation that became law, in each case working with Democrats to enact the bills. One created the Technology Modernization Fund in 2017, a program meant to upgrade the federal government's aging information technology systems — with one of the main arguments for doing so being that it would reduce federal agency cybersecurity vulnerabilities. | | In practice, the program has sometimes struggled to get the funding its backers have sought, and this year faces similar obstacles. Interestingly, given Hurd's criticisms of the former president, winning the Trump White House seal of approval was one of the main things that helped push it through Congress. Hurd also was a chief sponsor of legislation signed into law in 2020 aimed at improving the security of internet-of-things (IoT) devices such as smart refrigerators or doorbells. It did so by directing the Commerce Department's National Institute of Standards and Technology to develop baseline security standards for IoT manufacturers that contract with the federal government, and to require them to implement vulnerability disclosure policies. (A Biden executive order in 2021 similarly sought to use the federal government's purchasing power to influence industry more broadly.) "It is arguably the most significant U.S. IoT-specific cybersecurity law to date, as well as the most significant law promoting coordinated vulnerability disclosure in the private sector to date," said Harley Geiger, then-director of public policy at cybersecurity company Rapid7, said at the time. Beyond legislative achievements, Hurd was a voice elsewhere on cybersecurity issues. He was one of the chief congressional critics of legislation that might weaken encryption, amid pushes to create back doors in response to fears that terrorists and criminals could use encrypted communications to hide their activities. "My take on encryption is that you make it stronger, not weaker," Hurd told me in 2016. "Hopefully we don't need to be talking about any kind of legislation." He chaired a House panel devoted to information technology, where he pressed industry and government witnesses on cybersecurity — as he did in other hearings, as well. He served tenures on the Homeland Security and Intelligence panels. He was one of the first lawmakers, if not the first, to make himself a presence at hacker conferences. Despite that, he wasn't always a welcome presence; in 2019, the Black Hat conference revoked an invitation in response to political backlash over his voting record on abortion. Hurd has stayed active on cybersecurity since, appearing at cyber events and expressing his views on the issue on Twitter. For instance, he has weighed in on whether NATO's Article 5, which expresses the principle that an attack against one member is an attack against all of them, should apply to cyber. He says it should. | | |  | The keys | | Neuberger: Education, health-care and agriculture sectors are key focus for cyber protections |  Ransomware and other cyberthreats have significantly increased, said Anne Neuberger, the deputy national security adviser for cyber and emerging technology. (Jabin Botsford/The Washington Post) | | | Anne Neuberger, the deputy national security adviser for cyber and emerging technology, said that Biden cyber officials are pivoting their focus toward expanding cyber protections in the education, health-care and agriculture sectors. Ransomware and other cyberthreats have significantly increased, she said, adding that those three sectors are now a "key concern" among officials. She was speaking at the Financial Times Cyber Resilience Summit in D.C. | - For education, Neuberger said the administration hopes to run workshops to help schools set up cybersecurity best practices.
- The administration is also calling on educational technology firms to encrypt student data by default, she said.
| - Critical infrastructure has mandated requirements in place to protect against hackers, but they are undergoing an "all hazards" rewrite due for the end of the year, National Security Council official Caitlin Durkovich said this week.
- The Biden administration signaled in November that it planned those revisions to 2013's Presidential Policy Directive 21, also known as PPD-21. That directive outlined which agencies were responsible for steering protection of each of the 16 critical sectors, known as sector risk management agencies (SRMA).
| Critics warn against draft E.U. plans to enable spying on journalists |  The original law intended to prevent governments from detaining, sanctioning and surveilling journalists for information about their sources, but France spearheaded the changes that enabled the current draft. (Frederick Florin/AFP/Getty Images) | | | Critics are pushing back against draft E.U. legislation that would allow bloc nations to spy on journalists in the name of national security, Lisa O'Carroll reports for the Guardian. "On Wednesday, the European Council — which represents the governments of EU member states — published a draft of the European Media Freedom Act that would allow spyware to be placed on journalists' phones if a national government thought it necessary," the report says. Media and civic society groups, as well as Dutch MEP Sophie in 't Veld — who wrote a recent report by the European Parliament committee investigating spyware — are pushing back against the draft bill, it adds. | - "I think what the council is doing is unacceptable. It's also incomprehensible. Well, it's incomprehensible if they are serious about democracy," she said.
- The European Federation of Journalists called it a "blow to media freedom" and argued it would put more journalists at risk.
| | The original law intended to prevent governments from detaining, sanctioning and surveilling journalists for information about their sources, but France spearheaded the changes that enabled the current draft. "As it stands, member states would be able to hack into journalists' phones if they suspect their sources could be talking to criminals involved in anything the state perceives to be a threat," O'Carroll writes. | Surveillance authority enabled search of deputy attorney general's data to disrupt threat |  Deputy Attorney General Lisa Monaco said her data was searched as part of an FBI effort to dismantle a foreign hacking campaign. (Jabin Botsford/The Washington Post) | | | Deputy Attorney General Lisa Monaco said her data was searched when investigators several years ago used a surveillance power known as Section 702 to investigate a foreign hacking campaign that was targeting her and other officials, Dustin Volz reports for the Wall Street Journal. | - A few years before Monaco returned to government work in her current role, the FBI "was able to understand the attack and warn her, allowing her to 'take very swift action to protect myself,'" Volz writes.
- The Justice Department declined to comment on the foreign adversary in question.
| | The remarks come amid debates over whether the FBI should seek a warrant to authorize searches through a trove of data that Biden administration officials say is essential for security purposes but critics say has been heavily abused. | - "A Justice Department official said Monaco's disclosure of the episode showed how a warrant requirement would have hampered the FBI from quickly disrupting a threat," the report adds.
| | Section 702 of the Foreign Intelligence Surveillance Act (FISA) allows the FBI and National Security Agency to gather electronic data without a traditional warrant based on probable cause when the target is a foreigner overseas and it's for foreign intelligence purposes. It also "collects data on an unknown number of Americans," Volz notes. | - Civil rights groups called for a warrant requirement earlier this month, your newsletter host previously reported.
- FISA is set to expire at the end of this year unless Congress reauthorizes it. Some key lawmakers, including Sen. Richard J. Durbin (D-Ill.), say they will only reup it if their concerns about warrantless surveillance are addressed.
| | |  | Hill happenings | | | |  | Securing the ballot | | | |  | Industry report | | | |  | National security watch | | | |  | Global cyberspace | | | |  | Cyber insecurity | | | |  | Privacy patch | | | |  | On the move | | - CISA hired Andrew Scott to serve as associate director for China operations and David Carroll to serve as associate director for mission engineering, the agency announced Thursday.
| | |  | Daybook | | - A coalition of civil liberties groups holds a discussion on surveillance reform Monday at 4 p.m.
| | |  | Secure log off | | | Thanks for reading. See you next week. | | |
No comments:
Post a Comment