With help from Mike Farrell, Eric Geller, Mary Lee and Martin Matishak
PROGRAMMING NOTE: Morning Cybersecurity will not publish on Thursday, July 4, and Friday, July 5. Our next Morning Cybersecurity newsletter will publish on Monday, July 8. Please continue to follow Pro Cybersecurity.
Story Continued Below
Editor’s Note: This edition of Morning Cybersecurity is published weekdays at 10 a.m. POLITICO Pro Cybersecurity subscribers hold exclusive early access to the newsletter each morning at 6 a.m. Learn more about POLITICO Pro’s comprehensive policy intelligence coverage, policy tools and services at politicopro.com.
— The White House hosted a meeting this week of administration officials to discuss whether to outlaw end-to-end encryption. They didn’t reach a conclusion.
— A leading cybersecurity firm is warning that cyber conflict could swiftly escalate: Attacks on critical infrastructure could lead to death.
— An organization is forming today to combat real estate wire fraud. They’re also kicking off an advertising campaign.
HAPPY FRIDAY and welcome to Morning Cybersecurity! This cat is sure to devour the baguette like the Tasmanian Devil. Please send your thoughts, feedback and especially tips to tstarks@politico.com. Be sure to follow @POLITICOPro and @MorningCybersec. Full team info below.
POLITICO’s 2020: The Issues is the most comprehensive guide anywhere to the issues shaping the Democratic presidential primary, driven by dozens of expert journalists in the nation’s most robust newsroom covering policy and politics.
ANOTHER BYTE AT APPLE — The Trump administration is considering whether to push Congress for legislation outlawing end-to-end encryption, and the No. 2 officials from key agencies met this week to discuss it, Eric reported on Thursday. “The two paths were to either put out a statement or a general position on encryption, and [say] that they would continue to work on a solution, or to ask Congress for legislation,” said one person familiar with the National Security Council meeting on Wednesday. But the officials did not reach an agreement, three sources said, and no request went to the Hill.
Given that President Donald Trump threatened to boycott Apple when it defied a Justice Department request to help unlock a dead terrorist’s iPhone, and given the DOJ’s usual preeminence in encryption discussions, the lack of resolution at the NSC meeting suggests either an unusually persuasive argument from the agencies typically opposed to weakening encryption — Commerce and State — or a lack of confidence in lawmakers’ ability to pass a bill. Congress is unlikely to pass encryption-weakening legislation, owing to bipartisan opposition.
It’s unclear whether the deputies committee meeting — a rare occurrence in John Bolton’s NSC — signals a White House interest in encryption. But policy issues deemed unimportant rarely make it to that level, and one lobbyist familiar with government discussions described “a significant [administration-]wide effort underway on what to do about” encryption.
RUSSIA, YOU SAY — Two more Democratic presidential candidates on Thursday named Russia the top geopolitical threat to the U.S. because of its election meddling: tech entrepreneur Andrew Yang and Colorado Sen. Michael Bennet. “They’ve been laughing their asses off for the last couple years,” said Yang during the second Democratic debate. California Sen. Kamala Harris, meanwhile, criticized Trump because “he takes the word of Russia over our intelligence community.”
DEADLY RISKS OF ESCALATING CYBER TENSIONS — Sergio Caltagirone worries that cyber tensions such as those between Iran and the U.S. could quickly escalate, leading to devastating attacks on critical infrastructure that could risk human life. The former NSA cyber analyst and current vice president of threat intelligence at Dragos shared his thoughts with MC:
“Cyber threats to industrial control systems are growing, and the escalating rhetoric threatening these systems increases the risk that lives will be lost needlessly. Rhetoric and specific knowledge of ICS breaches is driving a global race to achieve more exacting weapons that can cripple electric utilities. Furthermore, it motivates a ‘first strike’ or ‘retaliatory strike’ mentality. This activity is inherently and unnecessarily risky — even when conducted with defensive intent.
“An example of the catastrophic effects grid disruptions was the March power outage in Venezuela. An event at or near the Guri Hydroelectric Complex, the source of approximately 80 percent of Venezuela’s electricity, resulted in near country-wide blackouts and caused a humanitarian crisis. There is no evidence to a cyberattack was involved — but a cyber-enabled event could cause similar consequences.
“Cyberspace is a domain across which states and non-states project power long distances and asymmetrically. Like, air and sea, it’s not a surprise when countries launch offensive operations. But cyberspace norms have not yet developed; this increases freedom of movement for militaries but also increases the potential risk. One hard lesson we can avoid is disrupting critical services. Policymakers worldwide must establish a red line disallowing all illicit access from within civilian industrial networks for any reason.” Read more.
THROUGH THE WIRE — A coalition is debuting today to combat wire transfer fraud that targets prospective home buyers, a fast-growing segment of victims. During such attacks, also known as business email compromise, fraudsters spoof emails to make convincing-looking requests. Stop Real Estate Wire Fraud will announce its formation at a press conference as it also launches an awareness campaign targeting three cities where millenial home ownership is increasing: Birmingham, Ala., Pittsburgh and Virginia Beach, Va.
The FBI estimated that thousands of U.S. victims lost $149 million to real estate wire fraud in 2018, a 166 percent increase from 2017. Sen. Doug Jones (D-Ala.) will join the group during its announcement today. Coalition members include the American Land Title Association, American Escrow Association, Community Mortgage Lenders of America and Real Estate Services Providers Council.
NOT AN EASY ‘A’ — The country’s No.2 intelligence official on Thursday gave efforts to protect critical infrastructure high marks, despite ongoing challenges. “Because I’m a hard grader, I’m going to give us a really good one of a ‘B,’” Sue Gordon, principal deputy director of national intelligence, said at Defense One’s Tech Summit in Washington. “When we know it’s critical infrastructure, I give us a good grade. The combination of how we understand the threats, what we know how to do to protect it and, quite frankly, what the private sector is doing in terms of being able to … detect and defend” factored in her assessment, she said.
The “far greater challenge” is recognizing what constitutes critical infrastructure, according to Gordon, noting that the cyber assault on the 2016 presidential election “highlighted the importance to us of protecting our election security infrastructure. Is that critical infrastructure? Yes.” Given “just how vast the threat surface, given our difficulty — despite how often we tell people about computer hygiene, which really and truly does make a difference, patch your damns systems — I think it’s just the vastness of that is harder to protect,” she said.
MAKING THEM WHOLE — The Senate on Thursday approved three members to serve on the Privacy and Civil Liberties Oversight Board, giving it its full membership for the first time in two years. The Senate approved Aditya Bamzai, Travis LeBlanc and Edward Felten by voice vote. Fellen had previously been confirmed to fill out another member’s term, and now gets his own.
TWEET OF THE DAY — Too bad it wasn’t a DRE Double.
RECENTLY ON PRO CYBERSECURITY — The U.S. is ill-equipped to deal with Russian political warfare, the Pentagon concluded. … Foreign digital adversaries are increasingly attempting to influence American decision-making. … An EAC survey found nearly one-third of states still use paperless voting machines. … Large election jurisdictions are outpacing smaller counterparts on election security. … The House passed another election security bill (H.R. 2722). … The Senate Intelligence Committee will release its Russia report after the July 4 recess.
The House Intelligence Committee approved a three-year intelligence authorization bill. … Lawmakers are urging Trump to not lift a ban on U.S. companies doing business with Huawei. … Facebook spelled out how it makes money off of users information. … These lawmakers are more inclined to endorse impeachment than the rest of the House.
— Western intelligence agencies hacked “Russia’s Google” and installed malware to spy on user accounts. Reuters
— Former Secretary of State Rex Tillerson told a House panel about a host of issues with the Trump administration approach to Russia. The Washington Post
— China is gonna want the Huawei ban lifted in any U.S. deal. The Wall Street Journal
— “Advanced Micro Devices Inc. transformed itself from a financially struggling company to an investor’s dream” quickly by helping “Chinese partners develop advanced computer-chip technology.” The Wall Street Journal
— Baltimore city officials approved $10 million for recovery from a major cyberattack. ABC News
— The director of the DHS Cybersecurity and Infrastructure Security Agency warned of Iranian cyberattacks. Jerusalem Post
— Hackers are turning Excel against itself. Wired
— Big cloud service provider PCM suffered a breach. Krebs on Security
— Scary granny zombies aren’t just a threat in the post-apocalyptic future, as a game featuring them trying to steal Google user info. CyberScoop
— Chronicle is joining Google Cloud.
— The European Union is holding cyber war games. Financial Times
That’s all for today.
Stay in touch with the whole team: Mike Farrell (mfarrell@politico.com, @mikebfarrell); Eric Geller (egeller@politico.com, @ericgeller); Mary Lee (mlee@politico.com, @maryjylee) Martin Matishak (mmatishak@politico.com, @martinmatishak) and Tim Starks (tstarks@politico.com, @timstarks).
