Cyber diplomacy bureau opens for business- POLITICO
With help from Eric Geller
— First in MC: The State Department’s new cyber diplomacy agency launches today, and MC has an exclusive look at its leadership and the challenges they face.
— A group of 23 former national security officials are warning of the cybersecurity challenges posed by Epic Games’ antitrust lawsuit against Apple.
—Lawmakers are preparing for a cyber-filled week of hearings, nomination votes and hackathons before heading out for recess.
HAPPY MONDAY, and welcome back to Morning Cybersecurity! I’m your host, Sam Sabin, and happy NCAA Championship game day to all who celebrate. Go Heels, Go America!
Have tips and secrets to share with MC? Or thoughts on what we should track down next? Send what you’ve got to [email protected]. Follow along at @POLITICOPro and @MorningCybersec. Full team contact info below. Let’s get to it:
FIRST IN MC: A NEW ERA FOR CYBER DIPLOMACY — The State Department’s Bureau of Cyberspace and Digital Policy is today kicking off the Biden administration’s effort to enhance its digital aid to allies and accelerate the U.S. role in setting global cyber standards.
The long-awaited new agency “will address the national security challenges, economic opportunities, and implications for U.S. values associated with cyberspace, digital technologies, and digital policy,” the department said in a statement shared first with MC. As Eric writes in, the bureau’s formation — the result of combining and reforming three existing teams, with plans to hire 50 additional staffers — comes amid heightened fears of Russian cyberattacks as part of the war in Ukraine, a conflict that has highlighted the importance of the cyber aid that the U.S. has been giving other countries for years.
Given the need for an international collective response to Russian aggression, “there has never been a time when State’s leadership on these issues has been more important,” Chris Painter, who served as the United States’ top cyber diplomat from 2011 to 2017, told Eric.
The new bureau will comprise three divisions. The International Cyberspace Security team will coordinate cyber aid to allies and represent State in cyber discussions between U.S. agencies. The International Information and Communications Policy team will represent the U.S. in meetings about technology standards at the International Telecommunication Union, the U.N. and other global bodies. The Digital Freedom team will promote technology that supports civil society and democracy, especially in repressive regimes.
President Joe Biden still needs to nominate a bureau leader — who will have the rank of ambassador-at-large — for Senate confirmation. For now, career diplomat Jennifer Bachus is leading the bureau as a principal deputy assistant secretary, according to the department press release. Michele Markoff, a State cyber diplomat since 1998 and Painter’s deputy during his tenure, is leading the cyberspace security team. Stephen Anderson is leading the communications and information policy team, a role he held under State’s previous org chart. And Blake Peterson, a State Department policy adviser since 2010, will serve as acting digital freedom coordinator.
Each of these officials will have plenty of challenges on their plates. Bachus will need to build the bureau’s stature inside the government and with foreign allies while waiting for Biden to name her permanent replacement. Markoff will need to coordinate increased cyber aid to countries likely to be targeted by Russia, China and other U.S. adversaries. Anderson will need to counter Chinese influence in the creation of standards around 5G, quantum computing and other cutting-edge issues. And Peterson will have to find ways to combat the internet restrictions and tech censorship of authoritarian countries like Hungary and Belarus.
But the bureau could also create new opportunities for tech experts at State, according to Lauren Zabierek, the executive director of the Harvard Belfer Center’s Cyber Project. “I would love to see the State [Department] expand the Foreign Service career tracks to include science and technology as a standalone track,” she said. The bureau could give mid-career tech and cyber professionals a new way to use their skills for global good, she added.
NATSEC OFFICIALS BACK APPLE — Nearly two dozen former national security officials made a familiar argument in an amicus brief filed late last week in the ongoing antitrust battle between Epic Games and Apple: allowing iPhone owners to download mobile apps outside of Apple’s App Store — something Epic is fighting for and Apple is resisting — could make their phones more vulnerable to hacking and espionage.
The group, led by former DHS official Paul Rosenzweig, argued in an amicus brief filed Thursday that allowing app downloads outside of the App Store will make it harder for Apple to prevent customers from accidentally downloading spyware, malware and other malicious apps onto their phones. That argument is similar to what Apple and other tech giants have been saying in recent months, as both U.S. and European lawmakers push to toughen their competition laws.
Rosenzweig organized the brief with his lawyers at Robbins Russell, who then circulated it among the other signatories. Rosenzweig told your MC host that the brief’s goal was to educate the courts on the ways these antitrust cases could possibly weaken the country’s cyber and national security landscape.
Signatories include a consortium of former officials at CISA, Cyber Command, the CIA, the NSA, the Pentagon, the White House and more. They don’t hold back, warning in the brief that “the world in which Epic prevails also immediately places individuals and the country at risk.”
“There’s some concern among antitrust advocates that this is all just sort of blown up by the tech companies and that this is a concern that only they hold,” said Tatyana Bolton, a former CISA official who also signed onto the brief, in an interview. “What we’re trying to do here is really signal that it’s not just tech companies. These cybersecurity concerns are real.”
— Counterpoint: Those on Epic’s side, advocates for changing the law to reign in “Big Tech,” have argued that these cybersecurity concerns have been blown out of proportion and that the companies’ current method of protecting user data still leaves much to be desired. And regulators and lawmakers continue to push forward plans to allow sideloading and other changes to services that have worried cybersecurity experts.
— Not the only group: The amicus brief is just the latest show of public support from former national security officials for the tech giants’ cybersecurity and national security arguments. In September, a group of about a dozen former national security leaders sent a letter to House leadership making similar arguments. (According to a POLITICO analysis, each of the signatories to that House letter had connections to the tech industry.)
Want to receive this newsletter every weekday? Subscribe to POLITICO Pro","link":{"target":"NEW","attributes":[],"url":"https://www.politicopro.com/act-on-the-news?cid=promkt_20q1_corenews_act_energy","_id":"0000017f-f5a3-d7e1-ad7f-fdbfec0b0001","_type":"33ac701a-72c1-316a-a3a5-13918cf384df"},"_id":"0000017f-f5a3-d7e1-ad7f-fdbfec0b0002","_type":"02ec1f82-5e56-3b8c-af6e-6fc7c8772266"}">POLITICO Pro. You’ll also receive daily policy news and other intelligence you need to act on the day’s biggest stories.
MARK YOUR CALENDARS — Before lawmakers head out for their two-week recesses next week, they’re planning to cross plenty of cyber items off their to-do lists. Here are the events to watch this week:
— Hearings: Gen. Paul Nakasone, head of both the U.S. Cyber Command and the National Security Agency, will testify before Congress twice on Tuesday — before the Senate Armed Services Committee in the morning and then with the House Armed Services’ cyber subcommittee in the afternoon. During both appearances, Nakasone will discuss the state of his agencies’ cyber capabilities and ongoing operations in cyberspace.
Later in the week, the House Homeland Security Committee’s cyber panel will hold two hearings: On Tuesday, it’ll host a rescheduled hearing on Russian cyber threats posed to U.S. critical infrastructure. On Thursday, members will then discuss the progress of ongoing public-private partnerships in defending critical infrastructure with officials from CISA and the Office of the National Cyber Director.
— Nominations heading to the floor: The Federal Trade Commission could also get its fifth commissioner this week, after the Senate teed up the last two procedural votes on Alvaro Bedoya’s nomination last week. While a final nomination vote hasn’t been scheduled so far, confirming Bedoya this week could let the FTC — which has been stuck in a 2-2 party line split since June — weigh in on more consumer data breach and privacy cases.
— Capitol hackathon: Lawmakers and congressional staff will also have an opportunity Wednesday to take on the feds’ own cybersecurity challenges firsthand at a hackathon that afternoon hosted by House Democratic and Republican leaders. Participants will brainstorm solutions to current challenges in legislative workflows, constituent casework and hearing modernization.
HIDING IN PLAIN SIGHT — Researchers at Lab52 warned in a blog post Friday that they’ve uncovered a new spyware strain targeting Android devices that’s similar to a strain used by Russian state-sponsored hacking group Turla. The spyware, once downloaded onto an Android device, routinely sends information about the user’s actions back to the hackers. Researchers are hesitant to attribute the malware to Turla, but it appears the collected information is sent to an IP address based in Russia.
A reminder from Dragos CEO Robert M. Lee: “It’s ok to admit the Ukrainians and the Baltic states know more about Russia than anyone else. Not only is it ok - but it’s a safe assumption. It’s very odd to see people try to explain Russia policy to Ukraine. It’s like international policy mansplaining. Russiasplaining.”
— Intelligence briefings from the Ukraine security service appear to suggest that China launched a cyberattack against Ukrainian military and nuclear facilities in the lead-up to the Russian invasion. (The Sunday Times)
— Two teenagers suspected of being in the Lapsus$ extortion gang were charged in a London court on Friday with hacking for the group. (BBC)
— Controversial facial recognition company Clearview AI is starting to sell its technology to banks and other businesses. (The Associated Press)
— The General Services Administration’s Login.gov is still exploring how it can add facial recognition to its secure sign-on service. (Federal Computer Week)
— A Mandiant shareholder is suing the threat intelligence company for allegedly misleading them about Google’s $5.4 billion acquisition proposal. (Bloomberg)
Chat soon.
Stay in touch with the whole team: Eric Geller (egeller@politico.com","link":{"target":"NEW","attributes":[],"url":"mailto:egeller@politico.com","_id":"0000017f-f5a3-d7e1-ad7f-fdbfec150008","_type":"33ac701a-72c1-316a-a3a5-13918cf384df"},"_id":"0000017f-f5a3-d7e1-ad7f-fdbfec150009","_type":"02ec1f82-5e56-3b8c-af6e-6fc7c8772266"}">[email protected]); Konstantin Kakaes (kkakaes@politico.com","link":{"target":"NEW","attributes":[],"url":"mailto:kkakaes@politico.com","_id":"0000017f-f5a3-d7e1-ad7f-fdbfec15000a","_type":"33ac701a-72c1-316a-a3a5-13918cf384df"},"_id":"0000017f-f5a3-d7e1-ad7f-fdbfec15000b","_type":"02ec1f82-5e56-3b8c-af6e-6fc7c8772266"}">[email protected]) ; Maggie Miller (mmiller@politico.com","link":{"target":"NEW","attributes":[],"url":"mailto:mmiller@politico.com","_id":"0000017f-f5a3-d7e1-ad7f-fdbfec15000c","_type":"33ac701a-72c1-316a-a3a5-13918cf384df"},"_id":"0000017f-f5a3-d7e1-ad7f-fdbfec15000d","_type":"02ec1f82-5e56-3b8c-af6e-6fc7c8772266"}">[email protected]); Sam Sabin (ssabin@politico.com","link":{"target":"NEW","attributes":[],"url":"mailto:ssabin@politico.com","_id":"0000017f-f5a3-d7e1-ad7f-fdbfec15000e","_type":"33ac701a-72c1-316a-a3a5-13918cf384df"},"_id":"0000017f-f5a3-d7e1-ad7f-fdbfec15000f","_type":"02ec1f82-5e56-3b8c-af6e-6fc7c8772266"}">[email protected]); and Heidi Vogt (hvogt@politico.com","link":{"target":"NEW","attributes":[],"url":"mailto:hvogt@politico.com","_id":"0000017f-f5a3-d7e1-ad7f-fdbfec150010","_type":"33ac701a-72c1-316a-a3a5-13918cf384df"},"_id":"0000017f-f5a3-d7e1-ad7f-fdbfec150011","_type":"02ec1f82-5e56-3b8c-af6e-6fc7c8772266"}">[email protected]).
Gloss