— Congress and the commander of U.S. Cyber Command share a common visionfor the future of the nation’s cyber forces.
HAPPY MONDAY, and welcome to Morning Cybersecurity! When it comes to books, I follow a simple rule: Always judge them by their cover.
When I see browned pages, I think: knowledge! When I smell that musty old-book smell: enlightenment! And when I thumb a brittle page: my precious!
Yes, I was a little desperate for content yesterday. Why do you ask?
Want to receive this newsletter every weekday? Subscribe to POLITICO Pro. You’ll also receive daily policy news and other intelligence you need to act on the day’s biggest stories.
The Deputies Committee is expected to review the latest draft of the new national cyber strategy.
CYBER STARGAZING — If you are in the business of betting on the future of the Pentagon’s cyber warriors, there’s a clear, if curious, place to find answers: U.S. Special Operations Command.
Speaking to the press at a roundtable in Fort Meade last month, Gen. Paul Nakasone, the chief of U.S. Cyber Command, said the command is “trying to build our authorities much in the same way Special Operations Command did this.”
Long in the making — While it may sound curious to compare uniformed keyboard junkies to the country’s most physically gifted warfighters, lawmakers baked that connection into the legislative DNA of the command, a congressional aide familiar with the relevant law told MC.
“The evolution of Cyber Command to date has been modeled on the same legislative techniques used for SOCOM,” said the aide, who was granted anonymity to speak openly about how recent legislative changes are helping the command realize that goal.
What that means — Both Cyber Command and Special Operations Command represent “hybrids of a military service and a combatant command,” explained the aide.
While the military services are responsible for recruiting, training and equipping uniformed personnel, combatant commands like U.S. Central Command focus on deploying soldiers into the field.
Unique missions — Cyber Command wants to better emulate Special Operations Command because the latter’s service-like authorities help it field capabilities that the Army, Navy, Air Force and Space Force can’t deliver as well on their own.
While military cyber personnel also demand specialized training and equipment, the services have made uneven investments in their digital specialists. That’s one reason why many uniformed cyber trainees — who the services often rotate out of Cyber Command right when they start to build expertise — are leaving the military for the more lucrative private sector, a recent GAO report found.
Casting the die — While some experts believe the best way to solve those problems is to build a fifth service, the recent creation of a new assistant secretary of defense for cyber within the Pentagon shows lawmakers are increasingly invested in the SOCOM model, said Mark Montgomery, executive director of the CSC 2.0.
Included in the recent defense bill and designed after a similar Pentagon position for special operations, the new post will help the command make the most of the hybrid structure, argued Montgomery.
If you cannot create a cyber service, he said, “the next best option is to give Cyber Command significant senior leadership support inside the Office of the Secretary of Defense.”
Steaming ahead — Cyber Command’s need to find, train and retain personnel has grown alongside its expanding mission set, which now includes everything from election security to ransomware defense.
And that’s why lawmakers are so keen on legislative fixes — like the new ASD for cyber — that will help it mature into the hybrid model its architects envisioned.
Better civilian representation in the Pentagon “is a necessary first step towards ensuring all military services are properly organizing and resourcing their support of cyber forces for CYBERCOM,” Rep. Mike Gallagher (R-Wis.) told MC.
POLITICIZING INTEL — A proposal to grant a controversial new congressional panel unprecedented access to classified material risks politicizing intelligence and undermining congressional oversight of the intelligence community, warns a top intelligence lawmaker and former government officials.
The last-minute concessions proffered to the proposed House subcommittee on the Weaponization of the Federal Government “will only and inevitably enable certain members of the new House majority to further politicize what should be the non-partisan functioning of our nation’s intelligence community,” Sen. Mark Warner (D-Va.) told MC in response to an emailed request for comment.
“Setting up a special subcommittee to get classified information that’s only supposed to go to the intelligence committees formally charged with oversight seems like the very definition of politicization,” agreed Glenn Gerstell, former NSA general counsel.
Setting the scene — As part of Friday’s late-night negotiations to secure the speakership, Rep. Kevin McCarthy (R-Calif.) made two major concessions to hard-right backers of the new panel, which is set to operate within the House Judiciary Committee, my colleague Kyle Cheney reported Saturday.
The first would hand the select committee “sweeping investigatory powers that include explicit authority to review ‘ongoing criminal investigations,’” Cheney wrote. In addition, it would permit the subcommittee access to any information intelligence agencies shared with the House intelligence committee, or HPSCI.
Stemming intel? — Beyond the politicization risks flagged by Warner, the new provision could discourage the intelligence community from sharing information with HPSCI, said Tim Bergreen, former Democratic staff director of the committee.
“I can only imagine that there is going to be enormous reluctance to share intel beyond HPSCI, leadership and a handful of others,” said Bergreen, who explained that intelligence agencies and the committee could nonetheless try — at risk of a messy legal battle — to keep information between them.
Bad news for 702 — If codified, the proposed select committee’s authority would come at a particularly bad time for the intelligence community, with Congress facing a year-end deadline to reauthorize one of the NSA’s most valuable surveillance programs, Section 702 of the Foreign Intelligence Surveillance Act.
As MC covered last week, Republicans’ growing skepticism of federal law enforcement has eroded bipartisan support for the program, even though their concerns primarily relate to surveillance conducted under a different section of the law.
By creating a “false narrative” about intelligence abuse, said Bergreen, the committee will “likely lead to the erosion (temporary or longer) of a key intelligence tool.”
WHEREFORE ART THOU KYC? — A Trump-era executive order meant to prevent foreign hackers from abusing an intelligence “blind spot” has stalled, MC has learned.
Passed in the waning hours of the Trump administration, executive order 13984 would have required U.S-based cloud services providers to implement stricter procedures to verify the identity of their customers — so-called “know your customer,” or KYC, requirements — and maintain logs of users’ prior activity.
Why that matters — Foreign hackers routinely rent U.S. cloud infrastructure when conducting campaigns against American targets because the services are less likely to tip off defenders and the privacy protections available to (presumed) U.S. persons prevent intelligence agencies from getting quick or consistent access to the data.
That is one reason why Nakasone told lawmakers in 2021 that adversaries’ use of U.S. cloud services presents a “blind spot” for U.S. Cyber Command and the NSA.
Status update — The federal agency charged with implementing the EO, the Commerce Department, has not taken any action on it since October 2021, when it closed a public comment period for the proposal.
Representatives from the department did not reply to repeated requests for comment about the status of the EO. The White House and the National Cyber Director’s Office also did not respond to requests about the order.
Flawed solution — Asked whether he was disappointed with the apparent surrender of the EO, the Trump-era National Security Council official responsible for drafting it insisted something needs to be done to stem the “absolute torrents” of cyber theft plaguing the country, even as he acknowledged the specific order had significant flaws.
“I wish we had found a better answer,” said Joshua Steinman, alluding primarily to the privacy risks the order presents. “Our team spent years trying to think about how to do that, and this was the best option we could find.”
KREMLIN’S 2016 TWITTER DUD — On at least one major social media platform, Russian efforts to influence the U.S. electorate ahead of the 2016 presidential campaign appears to have fallen flat (as flat, perhaps, as an unpatriotic Muscovite standing near an open window), academic research published this morning in Nature Communications finds. The research, based on Twitter account data and opinion surveys of roughly 1,500 individuals conducted before and after the presidential election, determined there was “no meaningful relationship” between exposure to Russian foreign influence campaigns and changes in attitudes, polarization or voting behavior.
Christmas trees, rockets and the NSA’s Rob Joyce: Washington’s best Big Three since the Gilbert Arenas days.
— Der Spiegel has the story on a Russian mole in Germany’s foreign intelligence service.
— Are the recent hacks at LastPass, CircleCi and Slack a sign of something bigger? (Ars Technica)
— A new Russian hacking group targeted U.S. nuclear scientists. (Reuters)
— The FCC is proposing stricter data breach notification rules for telecommunications providers. (CyberScoop)
Friday’s newsletter offered the wrong abbreviation for CISA’s Cybersecurity Advisory Committee. It is the CSAC. It also mislabeled one of CSAC’s subcommittees. The subcommittee that conducts work on critical infrastructure protection is referred to as the subcommittee on building resilience and reducing systemic risk to critical infrastructure.