With help from Eric Geller and Tim Starks
Editor’s Note: Morning Cybersecurity is a free version of POLITICO Pro Cybersecurity’s morning newsletter, which is delivered to our subscribers each morning at 6 a.m. The POLITICO Pro platform combines the news you need with tools you can use to take action on the day’s biggest stories. Act on the news with POLITICO Pro.
Advertisement
— Voters in eight states and Washington, D.C., went to the polls on Tuesday under the watchful eye of CISA and others, with no major digital hiccups reported.
— CISA hasn’t forgotten about that distributed denial of service attack on Minneapolis, and plans to issue new guidance to providers and state and local governments.
— The U.S. intelligence community should build on its coronavirus-inspired telework, according to its outgoing CIO.
HAPPY WEDNESDAY and welcome to Morning Cybersecurity! Send your thoughts, feedback and especially tips to [email protected]. Be sure to follow @POLITICOPro and @MorningCybersec. Full team info below.
Calling all China watchers: The trajectory of the U.S.-China relationship will determine whether this century is judged a bright or a dismal one. POLITICO’s David Wertime is launching a new China newsletter that will be worth the read. Sign up.
PRACTICE MAKES PERFECT — In one of the last warm-ups before November’s general election, eight states and Washington, D.C., held their primaries on Tuesday. It also marked the biggest voting day since the coronavirus pandemic upended the election calendar in March. And while voters cast their ballots during a time of crisis, Election Day went off without a hitch — not that agencies responsible for election security weren’t watching.
“Every state and the District of Columbia has Albert, the intrusion detection system, in place. So we’re in a good posture for visibility and every state is receiving some kind of service,” a senior CISA official told reporters Tuesday afternoon. The official noted that Covid-19 and the civil unrest gripping several American cities were new factors to overcome, but election officials felt prepared based on past experiences.
A second senior CISA official said the agency hadn’t seen anyone trying to leverage the ongoing social unrest to stoke concerns about voting, nor had it seen a “connection or widespread disinfo involving [Covid-19] and the elections.” “At this time there’s no indication of any disinfo campaigns targeting elections today,” the official said. “No reports from the states of widespread issues with disinfo or social media posts.”
The first official explained that CISA utilizes an unclassified situational awareness room for major voting days and that on Tuesday, 46 state or local agencies cycled through, as did representatives from the Election Infrastructure Information Sharing and Analysis Center, the Election Assistance Commission, the FBI and others. Tuesday was “good practice” for November, the official said.
DENYING DDoS — A senior CISA official also said on Tuesday’s call that “we’re in the process of pushing out guidance and recommendations” on distributed denial of service attacks. The idea is to focus on state and local governments, with election officials also receiving the information, the official said. CISA is “keeping an eye” on the DDoS attacks aimed at Minnesota governments amid the protests over the weekend; a DDoS attack hit the city of Minneapolis’ websites and Gov. Tim Walz said Minnesota fended off a “sophisticated denial of service” assault on state computers. “We’re getting the right mitigation recommendations out across the country to our state and local partners,” the official said.
INTEL TELEWORK — John Sherman, the intelligence community’s outgoing CIO, predicted spy agencies will have to devote more resources to allowing telework after the Covid-19 pandemic subsides. “Looking across the landscape at the agencies of how unclassified capabilities have really ramped up on relatively short notice, enabling telework capabilities has been nothing short of impressive,” Sherman said Tuesday during an Intelligence and National Security Alliance webinar. “A lot of quick start has happened on this and I think it’s going to have to endure. My successor … is going to need to bolster this. I think there’s going to need to be innovation, investment with the same focus we’ve had” at the secret and top-secret levels.
Sherman, who will start as the Pentagon’s deputy CIO next week, declined to describe the telework status of the nation’s 17 intelligence agencies because “things are constantly evolving there with the personnel and the phases they’re in.” But he stressed that “as with the rest of the country,” the clandestine community is “in a new paradigm now.” “We’re going to have to be able to enable folks to work remotely … consistent with proper classification and so on. This isn’t going away,” he said.
NO END IN SIGHT — Data breaches exposed 5.05 billion individual records in 2019, nearly double the number from 2018, and the total cost of breaches also nearly doubled in 2019 to more than $1.2 trillion, the identity management firm ForgeRock said in a report published today. Nearly half of all breaches targeted health care firms, according to the report. More than a third of the exposed data consisted of Social Security numbers and birthdates, though that marked a decline from 2018, when those records accounted for more than half of all breached records. Unauthorized access accounted for the most common cause of breaches (it led to 39 percent of incidents), followed by miscellaneous vulnerabilities, phishing attacks and malware.
REVIL-BAY — Ransomware gang REvil launched its own auction site where it intends to sell stolen sensitive data. First up for bid are files purloined from a Canadian agricultural company last month that chose not to pay the ransom demand. The starting asking price for the files is $50,000, payable in Monero, a cryptocurrency. Last month the gang, which previously targeted a prominent entertainment law firm and leaked information from private documents involving pop star Lady Gaga, threatened to auction off Madonna’s personal legal documents and claimed to possess a trove of data about President Donald Trump worth $42 million in ransom.
TWEET OF THE DAY — “Happy birthday, son. We got you this snazzy bracelet.”
RECENTLY ON PRO CYBERSECURITY — A senior CISA official said the agency would provide security services to states that expand mail-in voting, despite Trump’s stance. … NATO countries intend to jointly condemn cyberattacks on health care organizations.
— Rear Adm. (lower half) Daniel W. Dwyer, who has been tapped for a promotion to rear admiral, will be assigned as director, plans and policy at U.S. Cyber Command, Navy Secretary Kenneth Braithwaite and Chief of Naval Operations Adm. Michael Gilday announced.
— Motherboard: “Hackers plan to use stolen cryptocurrency exchange data for SIM swapping.”
— Just Security looks at Canada’s revamped foreign intelligence and cybersecurity laws.
— Ars Technica: Google shipped security patches for vulnerabilities in its Android mobile operating system.
— The Pentagon awarded a nearly $14 million contract for “cyber hardened infrastructure support” at two facilities.
— ZDNET: Cisco warns of Nexus switches hit by a serious security flaw.
— Barron’s: “CrowdStrike posts surprise profit, as customers bulk up on security software.”
That’s all for today.
Stay in touch with the whole team: Eric Geller ([email protected], @ericgeller); Bob King ([email protected], @bkingdc); Martin Matishak ([email protected], @martinmatishak); Tim Starks ([email protected], @timstarks); and Heidi Vogt ([email protected], @heidivogt).
