Welcome to The Cybersecurity 202! Thanks for the love, CyberScoop and Bruce Schneier. Right back atcha. Was this forwarded to you? Sign up here. Below: Apple rolls out another security update in the wake of a report by a Russian cybersecurity firm, and Norway warns of a vulnerability to critical infrastructure. First: | Support and questions arise over Harry Coker getting the national cyber director nod | President Biden delivers remarks on artificial intelligence in the White House on Friday. (Demetrius Freeman/The Washington Post) | | President Biden announced his choice Tuesday for the second-ever national cyber director: former CIA and National Security Agency official Harry Coker. A White House announcement heralded Coker's "distinguished career in public service," and his nomination won universal public praise. But it's a nomination that follows the bitter aftertaste left in the cybersecurity community by the administration's decision to pass over acting national cyber director Kemba Walden, and a long delay in finalizing the pick. And privately, some question whether Coker is the right pick for this particular job at this particular time. "Harry is a very good leader well-liked by those who work with and under him, highly regarded," said one former national security official who, like others in this story, spoke on the condition of anonymity to candidly discuss Coker's nomination. "He is not recognized as someone who has deep cyber experience within government or industry." | Coker's nomination won support from some key corners of Capitol Hill. They include lawmakers who were key supporters of Walden getting the full-time position, such as the leaders of the Cyberspace Solarium Commission, a panel that recommended creating the job. | - "We are relieved to hear that the Biden administration has finally nominated the permanent replacement for the National Cyber Director and strongly support the decision to select Harry Coker, as we see him as being a natural choice for this position," Sen. Angus King (I-Maine) and Rep. Mike Gallagher (R-Wis.) said in a written statement.
- "Coker's long and distinguished career in government has led him to posts in the National Security Agency, Central Intelligence Agency and the U.S. Navy," they continued. "We firmly believe that this experience — and the expertise and skill set it imbued him with — makes him highly qualified for the position of National Cyber Director."
| Ellen Nakashima and I first reported that Walden was told in recent weeks that she wouldn't receive the nomination because of personal debt issues, an explanation that didn't go over well among top names in the cyber world. In the same story, we also first reported that Coker was the White House's favored candidate. Walden has served as acting national cyber director since February, after news surfaced in December that the first national cyber director, Chris Inglis, was set to depart. Walden withdrew from consideration for the nomination but has indicated she will continue serving in the acting position. Inglis, who was a Solarium Commissioner and is an adviser to its successor organization CSC 2.0, told me that he worked with Coker for years and that "he's got the requisite cyber experience." "He's been a strategic leader for many years, a graduate of the Naval Academy, experienced in the intelligence community," said Inglis, who now is a strategic adviser at the Paladin Capital Group. "He's worked cyber specifically. So I think following on the heels of an excellent performance by Kemba Walden, he can sustain the forward momentum of the office." | - The White House announcement noted that Coker currently "serves as a Senior Fellow at Auburn University's McCrary Institute for Cyber and Critical Infrastructure Security and as an outside advisor for private cyber and technology companies."
| Another Solarium official also weighed in. "The bad news is that this was a ridiculously late nomination, but the good news is that they landed on Harry Coker, a leader with superb qualifications and a distinguished record in government, who should be quickly confirmed by the Senate," Mark Montgomery, who was executive director of the Solarium panel and directs CSC 2.0, said in a statement. "We were fortunate that Kemba Walden showed the Administration more grace then they showed her, and I just hope she stays in the acting NCD job until Mr. Coker gets there." Another top cyber lawmaker, Senate Cybersecurity Caucus co-chair and Intelligence Committee Chairman Mark R. Warner (D-Va.), said: "This is a critical position at a critical time. I look forward to working with Harry and Kemba, and I hope that the Senate can move quickly to consider this nomination." | One person familiar with Coker said that if there's a knock on him, it's his lack of "deep and sharp cyber experience." | Walden, unlike Coker, was involved early on with the Office of the National Cyber Director, joining as principal deputy in June of last year. Walden "understood something about the formative moments of the office, knew what was fragile, knew what was durable and could distinguish between the two," the person said. "Harry will have to learn that." The former national security official who also spoke with The Post said "the job is difficult for anybody," but would be more so for Coker, who would inherit a national cybersecurity strategy implementation plan he didn't have a hand in writing, atop a still-young part of the federal bureaucracy. "You're climbing up a sheer granite cliff," they said. "Even Chris Inglis had challenges in establishing the new role. … You'd want a really strong figure who is well-recognized in industry as a leading cybersecurity expert [as a nominee]. The administration has not picked that person." | | | The keys | | Apple rolls out third security update linked to cyberattacks | Apple this week rolled out its third security update in a month that seeks to remedy an exploit that allowed a spyware campaign to target iMessage users in Russia. (Carolyn Fong for The Washington Post) | | Apple this week rolled out its third security update in a month that seeks to remedy an exploit that allowed a spyware campaign to target iMessage users in Russia, AJ Vicens reports for CyberScoop. "The Russian arm of cybersecurity firm Kaspersky on June 1 revealed the details of a zero-click iOS exploit. The company's researchers said they discovered it while monitoring the company's own corporate Wi-Fi network dedicated to mobile devices," Vicens writes. | - The attacks worked by sending a malicious iMessage attachment that allowed hackers to run code without the message needing to be opened.
- Russia's Federal Security Service at the time accused the United States of colluding with Apple to carry out the attack and did not provide evidence as to how it made that determination. The company has vehemently denied any involvement in crafting back doors into its products for governments.
| The report adds: "Monday's security patch addressed a vulnerability tracked as CVE-2023-38606 and had been actively exploited against versions of Apple's mobile operating system before version 15.7.1, the company said in the notice, an iteration of the operating system that was replaced with the release of iOS 16 in September 2022." Kaspersky has for years come under scrutiny for its ties to Russia. The Federal Communications Commission last March added the company to its national security threat list. | Thales $3.6 billion deal for Imperva signals willingness to shore up cyber offerings | Thales said it will purchase American cybersecurity company Imperva for $3.6 billion. (Sarah Meyssonnier/Reuters) | | France-based multinational IT and aerospace company Thales said it will purchase American cybersecurity company Imperva for $3.6 billion, a move that "signals the group is ready to spend large sums to beef up its digital identity and security (DIS) division and take market share in the United States," Tim Hepher and Mathieu Rosemain report for Reuters. | - The deal value is significant, according to Nicolas Arpagian of cyberconsulting firm HeadMind Partners. "Now, there's the whole question of integration: software is a living product, you need well-trained people to steer it, drive it and constantly adapt it," he told Hepher and Rosemain.
- The report adds: "Thales said the price of the acquisition from buyout firm Thoma Bravo implied an enterprise value of 17 times 2024 operating earnings forecasts."
| Thales CEO Patrice Caine defended the purchase price, telling analysts it's a move that "changes our scale in civil cybersecurity." | - Companies are increasingly pouring resources to protect their assets as they recognize how cyberattacks may affect their overall financial posture, The Cybersecurity 202 previously reported.
| Norway security officials warn of U.S.-based Ivanti vulnerability exposing critical infrastructure | Email and mobile service has been cut off in the 12 affected Norwegian ministries. (iStock) | | Norwegian cybersecurity authorities are warning a handful of critical infrastructure companies and other entities of possible exposure to a cyberattack that hit 12 government ministries, Catherine Stupp reports for the Wall Street Journal. The attack disclosed Monday is linked to a "newfound vulnerability in management software from Utah-based company Ivanti" that's being exploited by unknown hackers, Stupp writes, citing remarks from Sofie Nystrøm, director general of the Norwegian National Security Authority. | - "The primary risk that we are focusing on at the moment is the initial compromising of victims," Nystrøm said, "and all the vulnerable infrastructure we can find in the Norwegian space."
- Email and mobile service has been cut off in the 12 affected Norwegian ministries in response to government-mandated security measures put in place. Ivanti on Sunday issued a patch for the flaw, though organizations' software should be taken offline if it cannot be patched, the government warned.
| The U.S. Cybersecurity and Infrastructure Security Agency released a notice Monday recommending that exposed entities follow steps to implement the fix. Notably, "Norwegian law enforcement authorities haven't publicly disclosed details about their investigation into the Ivanti cyberattacks," Stupp writes. | | | Government scan | | | | Hill happenings | | | | Securing the ballot | | | | Industry report | | | | Global cyberspace | | | | Cyber insecurity | | | | Daybook | | | | Secure log off | | Thanks for reading. See you tomorrow. | | |
No comments:
Post a Comment