By Tim Starks | 05/19/2017 10:00 AM EDT
With help from Eric Geller and Martin Matishak
WHY DIDN'T RANSOMWARE BLITZ HIT AMERICA HARD? - Save for some scattered cases, the ransomware outbreak that bedeviled many countries badly didn't really make big waves in the United States. Three opinions on why not:
"We were prepared for it," Rep. Will Hurd, who chairs the House Oversight Subcommittee on Information Technology, told MC. "The reality is we dealt with ransomware" when a number of domestic hospitals suffered attacks last year, he said. The medical sector was badly affected by the past week's ransomware attacks globally. But last year, "the medical industry saw that in the U.S., and there were conversations being had all around the country that said we need to be prepared," Hurd said. "I think because we were exposed to this months before, we were ready for this one."
Among federal agencies, a top Homeland Security Department official speculated this week that it was due in part to "aggressive" efforts to push patches within 30 days. Jeanette Manfra, acting deputy undersecretary for cybersecurity and communications, also said that the federal government has put in place strong "blocking mechanisms" to defend against such attacks.
Overall, the federal government partnership with industry has netted gains that girded everyone better for the crisis, said Amy Howland, chief information security officer for CSRA. "The partnership with industry and government has been taking off the last couple years," she told MC. Those gains include improved information sharing and better defenses, thanks to initiatives like technical standards agency NIST's cybersecurity framework.
HAPPY FRIDAY and welcome to Morning Cybersecurity! With Chris Cornell's departure, we've fallen on black days. Send your thoughts, feedback and especially tips to email@example.com, and be sure to follow @timstarks, @POLITICOPro and @MorningCybersec . Full team info is below.
TRUMP, LAWMAKERS MEET ON IT MODERNIZATION - President Donald Trump met Thursday with House Majority Leader Kevin McCarthy and other Republican lawmakers to discuss ways to upgrade government computer systems and networks. The meeting, first reported by Recode, comes as senior White House adviser Jared Kushner's Office of American Innovation gears up to tackle IT modernization and other technology issues. "POTUS spoke of his support for these initiatives and for Jared's work with OAI," a senior administration official told MC. "Rep. McCarthy provided a legislative snapshot for how we can make real, bipartisan progress in this area." The other lawmakers present were Reps. Patrick McHenry, Cathy McMorris Rodgers, Garret Graves, Brett Guthrie, Adam Kinzinger, Erik Paulsen, Thomas Reed, Mark Walker and Kevin Yoder. Kushner was present, as were OAI staffers Chris Liddell, Reed Cordish and Matt Lira. U.S. Digital Service co-founder Haley Van Dyck also attended.
SUGGESTION BOX - The National Security Telecommunications Advisory Committee on Thursday issued draft guidelines for the Trump administration to follow when it comes to the increasingly rapid developments in technology and cybersecurity. "The government must act with unprecedented speed and rigor to address cybersecurity challenges, making fiscal and regulatory commitments that enable upgrades in technology and security models and improvements to operational efficiency and governance," the 30-member panel warned.
The group recommends, among other things, establishing a "special fund" that agencies can tap to quickly replace legacy IT systems. NSTAC also stumps for the idea of a "Cybersecurity Moonshot" initiative that would "fundamentally reset the security of our digital landscape within a decade" by dubbing cybersecurity a "national strategic imperative" and tapping resources from the government, private industry and academia. The moonshot would try to hammer out a "shared vision" for cybersecurity "through accelerated research and action in at least four interrelated key areas, including: network design, machine learning, automatic orchestration, and quantum computing," according to the committee.
- JOYCE TOUTS CYBER EO'S AMBITIOUS SCOPE: The Trump administration considers IT modernization a priority because hackers are constantly looking for weak links in federal networks, Trump's cybersecurity coordinator told NSTAC on Thursday. "If we allow individual departments and agencies to fend for themselves, we often will get the lowest common denominator as our weakest link in what is an interlinked federal network," said Rob Joyce, the head of the National Security Council's cyber directorate, at a meeting of the committee. Joyce attended the meeting to brief NSTAC on the wide-ranging executive order that Trump signed last week.
In addition to discussing the order's focus on federal IT, Joyce said the administration wanted to redouble its effort to help critical infrastructure operators - like hospitals and utility companies - protect their assets from digital threats. The government rigorously plans for natural disasters, he pointed out, but the same rigor isn't applied to digital disasters. "We've done cyber exercises, but probably not to the level that we need to understand [what to do] when there's a major catastrophe," he told NSTAC members. "How do we know that we're going to play like we practice? And today I would say we don't practice enough."
- TRYING NOT TO CRY: At the same NSTAC meeting, DHS Secretary John Kelly shared more details about how the department responded to the WannaCry outbreak. In his prepared remarks, Kelly said the department compared notes with internet service providers and coordinated with state and local governments through the Multi-State Information Sharing and Analysis Center, which helps state governments share data on hacking threats. DHS also convened a working group with the IT sector, which suggested some specific ransomware guidance for small businesses, Kelly said. DHS and the Small Business Administration then worked together to develop that guidance, and posted it at SBA.gov by Sunday.
TRUMP FIGHTS PREVAILING WINDS - Trump on Thursday held his first press conference since firing FBI Director James Comey, where he said he had "respect" for the move to appoint a special prosecutor to look into alleged Russian 2016 election interference, but railed against what he called a "witch hunt" to connect his camp to Moscow. In an interview with TV anchors, he said the probe "hurts our country terribly." In other remarks Thursday, Trump vowed : "Believe me, there's no collusion" with Russia. He also denied pressing Comey to drop an investigation into former national security adviser Michael Flynn. But on the same day, Trump met with his legal team to discuss the Russia probe.
Meanwhile, former Sen. Joe Lieberman has emerged as the top candidate to replace Comey, although he may not win as much Democratic support as Trump might hope. The appointment of a special prosecutor could impede Comey's Senate-requested testimony, said Sen. Lindsey Graham, although Sen. Susan Collins still believes Comey should appear. House Oversight Chairman Jason Chaffetz bucked a movement from fellow Republicans toward supporting a special prosecutor, questioning whether it's necessary. House Speaker Paul Ryan sees it as no obstacle to the House's investigation. The Senate Intelligence Committee, however, is encountering resistance against its subpoena of Flynn. Also in the Senate, Deputy Attorney General Rod Rosenstein on Thursday faced a grilling over Comey's firing.
NEW WAY TO FOLLOW CYBER DIPLOMACY - The rapid proliferation of diplomatic agreements on cyber issues can be hard to track, but the Carnegie Endowment for International Peace wants to help. The think tank's Cyber Policy Initiative recently launched a Cyber Norms Index that tracks multilateral cyber agreements and compares the way they describe key principles and concerns. From the United Nations Group of Governmental Experts' reports to declarations after G-7 meetings and NATO summits, the cyber norms database is a comprehensive list of cyber agreements involving more than two nations. Tim Maurer, who co-leads Carnegie's Cyber Policy Initiative and spearheaded the creation of the database, told MC that his team started working on it more than a year ago and planned to update it every three to six months.
Maurer said he hopes diplomats, journalists and academics use the database to compare how countries have approached the topic. "Something that we haven't been able to do, in terms of the scope of the project, was comparing the various bilateral agreements and what kinds of regimes are emerging, in terms of what kinds of countries are cooperating on this specifically," Maurer said in an interview. "Essentially, you could do an analysis over time where you would map this, and you could do an analysis of the emerging security regime."
CYBER CASTING CALL - Next week, the Homeland Security Department's Science and Technology Directorate will outline what it's looking for in proposals for its latest digital project. The new effort builds on the department's Internet Measurement and Attack Modeling program, which is aimed at providing early notification warnings and defense against cyberattacks targeting the federal government. The program would also help bolster information sharing with state and local officials. The directorate's Cyber Security Division Program Manager will be on hand to explain the technical focus of the research project and answer questions from potential bidders.
ANOTHER MISSED WARNING ABOUT RUSSIA - The U.S. intelligence community picked up an early warning about Russia's cyber campaign to influence the 2016 presidential election, but officials didn't realize its significance at the time, according to Time magazine. "In May 2016, a Russian military intelligence officer bragged to a colleague that his organization, known as the GRU, was getting ready to pay [Hillary] Clinton back for what President Vladimir Putin believed was an influence operation she had run against him five years earlier as secretary of State," the magazine reported in its latest cover story. "The GRU, he said, was going to cause chaos in the upcoming U.S. election." American intelligence services intercepted the comments, "wrote up the conversation and sent it back to analysts at headquarters, who turned it from raw intelligence into an official report and circulated it," according to the Time story. But as a senior intelligence official told the magazine, "We didn't really understand the context of it until much later."
Time's story also revealed that Russian hackers tried breaking into Department of Defense Twitter accounts by sending spearphishing messages through the social media platform. The messages went to more than 10,000 Twitter users at DoD. "When clicked, the links took users to a Russian-controlled server that downloaded a program allowing Moscow's hackers to take control of the victim's phone or computer - and Twitter account."
TWEET OF THE DAY - Now that's quality coding.
RECENTLY ON PRO CYBERSECURITY - "Rep. Marsha Blackburn has quietly introduced legislation aimed at policing the privacy practices of both internet service providers and online companies by requiring them to obtain opt-in consent from users before sharing their browsing history." ... DHS's Kelly briefs the House today on possibly extending a large electronics ban in cabins on flights from Europe. ... Cybersecurity counts among the top management challenges for the EPA - again. ... Departing House Oversight Chairman Chaffetz is expected to leave Congress around June 30, before his term ends. ... Rep. Trey Gowdy stands as the likely successor for Chaffetz's gavel.
- POLITICO Magazine suggests Trump should be worried about Comey and special prosecutor Robert Mueller.
- "Comey, unsettled by Trump, is said to have wanted him kept at a distance." The New York Times.
- Trump might attack DHS's Automated Indicator Sharing program in retaliation for allegations that he shared classified information with Russia. Foreign Policy.
- How Comey prepped for his meeting with Trump. The Washington Post.
- Media leaders came to some conclusions about how to avoid breaches. Turner.
- "Devin Nunes continues reviewing Russia intelligence, despite recusal." CNN.
- The Senate Armed Services Committee grilled defense nominees on cyber. Federal News Radio.
- The Los Angeles Times profiles the Lazarus group.
That's all for today. A Sound Garden.
Stay in touch with the whole team: Cory Bennett (firstname.lastname@example.org, @Cory_Bennett); Bryan Bender (email@example.com, @BryanDBender); Eric Geller (firstname.lastname@example.org, @ericgeller); Martin Matishak (email@example.com , @martinmatishak) and Tim Starks (firstname.lastname@example.org, @timstarks).
To view online:
Please click here and follow the steps to unsubscribe.