— A Pennsylvania school district banned a young-adult series meant to inspire girls to pursue coding careers. MC takes a look at how the books got swept up in the culture wars.
HAPPY MONDAY, and welcome to Morning Cybersecurity! We’re less than a week from Cybersecurity Awareness Month, which is very much not the reason your MC host is giddy.
Yesterday, I became an uncle. Let’s hope I fare better than Benjen Stark.
Got tips, feedback or commentary for MC? Email me at [email protected]. You can also follow @POLITICOPro and @MorningCybersec on Twitter. Full team contact info is below — right beneath the world’s newsiest newsletter.
Want to receive this newsletter every weekday? Subscribe to POLITICO Pro. You’ll also receive daily policy news and other intelligence you need to act on the day’s biggest stories.
The National Infrastructure Advisory Council meets to discuss physical and digital threats to the country’s critical infrastructure. 1 p.m.
BOOK BAN — The Biden administration is facing an unexpected roadblock in its efforts to expand and diversify the cyber workforce: the Central York School District of York City, Pa., which banned a young adult fiction series that empowers girls of color to take up tech careers.
The suburban public school district serving 40,000 people removed the “Girls Who Code” series and a range of other children’s books with any tincture of off-white diversity from its classrooms for a 10-month period between 2020 and 2021 before local activists mounted a successful campaign to reverse the ban, according to Ben Hodges and Patricia Jackson, high school English teachers from the Central York district who helped fight the ban.
The backstory —- Jackson and Hodges told MC that a group of conservative activists on the school board opposed educators’ efforts to create a list of diversity resources for the school district in the aftermath of the George Floyd killing in spring 2020.
Even though that material was intended for staff development or for school libraries, not for curricular changes, the activists convinced the school board to ban a list of roughly 300 books they deemed problematic — among them, the “Girls Who Code” series, whose protagonists are Black, Latina, Asian and Muslim.
Why now? — The year-old ban resurfaced this weekend after Pen America published a nationwide index of banned books from the 2021-2022 school year. Realization that the gerfour-part “Girls Who Code” series featured in the list drew the ire of CISA Director Jen Easterly, who has made it a priority to increase the number of women in the cyber workforce.
“This effort to ban their book is dangerous to the security of our nation on so many levels,” said Easterly.
Scar tissue — Jackson and Hodges told MC that the ban has had a lasting impact on girls in the Central York School District.
“We have all kinds of programs where girls can get certified, where they can get involved, and we just cannot get girls interested,” said Jackson. “What sane person would ban such a book, particularly when we’re trying to get girls into tech?”
OUTSIDE HELP — An advisory body composed of leaders from industry and state and local government will meet today with the Biden administration to decide how it will review the federal government’s efforts to mitigate physical and digital threats to national critical infrastructure.
The 26 newly appointed members of the National Infrastructure Advisory Council will convene for the first time to receive a classified threat briefing from U.S. intelligence officers and decide what issue the advisory group will study next. NIAC typically examines one issue exhaustively over the course of a year, but it does not exclusively focus on cyber.
That means the decision could inform how the Biden administration shapes its approach to defending the nation’s critical infrastructure against malicious hackers — or not.
Placing bets — Chartered in the aftermath of 9/11, NIAC has nonetheless increasingly addressed the digital components of critical infrastructure protection: Two of the last three NIAC reports have concerned cybersecurity. And with increasing digitization, it may be hard for the group to separate cybersecurity issues from physical security ones.
My weakness is my strength — The NIAC, whose membership President Joe Biden appointed in August, only includes one cybersecurity or IT expert within its ranks. But Glenn Gerstell, who served on the council from 2011 to 2015, told MC that the council’s breadth of experience represents its greatest strength.
“I really do think it’s important that cybersecurity issues be understood by general industry representatives and not simply cyber experts,” said Gerstell, former NSA general counsel. “This will illuminate for the government the challenges you experience when industries don’t have strong cyber experience. I think that’s a healthy thing.”
LIGHTING THE BAT SIGNAL — Australia, India, Japan and the United States are teaming up to take on a common foe: ransomware.
On Friday, the top diplomats of the four countries — whose partnership is known as the Quad, or the quadrilateral security dialogue — issued a joint statement committing to addressing the threat of global ransomware.
What it says — Deeming ransomware “an obstacle to Indo-Pacific economic development and security,” the diplomatic demarche calls on the signees to prevent ransomware operations emanating from their territory.
What it means — The joint statement shows that the Biden administration continues to judge ransomware a priority — and international diplomacy a necessary tool for solving it. It also indicates that non-NATO untries share the U.S.’s concerns about ransomware.
Or at least, that they’re willing to pay lip service to U.S. interests.
A notable absence — The list does not include Russia, where many ransomware groups operate with the tacit approval of the government. On the other hand, none of the four countries who signed the statement is a notorious haven for ransomware, raising questions about how much of an impact the initiative will have.
IoT SECURITY— Researchers at the Atlantic Council are releasing a new report this morning with recommendations for policymakers on securing Internet of Things devices. Focusing on IoT devices within connected homes, the networking and telecommunications sector, and medical devices, “Security in the Billions: Towards a Better Strategy to Secure the IoT Ecosystem” examines the approaches four countries — the U.S., the U.K., Singapore and Australia —- have taken to mitigate IoT security risks. The researchers argue regulators should enforce minimum security standards for manufacturers of IoT devices, incentivize above-minimum security through public contracting, and pursue international alignment on IoT standards, such as international guidance on handling deployed connected devices that stop receiving security updates.
MASSIVE CARDING SCAM — Fraudsters have netted several million dollars operating more than 200 fake dating and adult websites, according to cybersecurity firm ReasonLabs. Acquiring stolen credit cards off the dark web, the cybercriminals managed to swindle victims by building an elaborate network of fraudulent websites and charging victims’ credit cards small fees on a subscription basis — a pattern that payment processors were less likely to recognize as fraud. The scam has operated since at least 2019 and the perpetrators appear to be based in Russia, write the researchers.
How to debunk unfounded social media conspiracy theories, Part I:
— Bulgarian authorities extradite the alleged operator of the RSOCKS botnet to the U.S. (Krebs on Security)
— City of London police arrest teenager for hacking Rockstar Games. The teen, who was previously charged for a series of hacks attributed to the Lapsus$ group, is also believed to be behind the recent Uber hack. (Bloomberg)
— Journalist Zach Dorfman unravels a massive Cold War-era bugging program that U.S. spies ran against the Soviet Union. (Project Brazen)
— Hackers are extorting Australia’s second-largest telco after pilfering 11 million customer records. (Bank Info Security)
Chat soon.
Stay in touch with the whole team: Eric Geller ([email protected]); Maggie Miller ([email protected]); John Sakellariadis ([email protected]); Konstantin Kakaes ([email protected]); and Heidi Vogt ([email protected]).
~~~~~~
