By Tim Starks | 04/18/2017 10:00 AM EDT
With help from Eric Geller and Martin Matishak
KELLY STEPS OUT - Homeland Security Secretary John Kelly today makes his first big public speaking appearance, marking an emerging trend of top cybersecurity-related Trump administration officials increasingly stepping out into the world. Kelly's appearance at the George Washington University Center for Cyber and Homeland Security follows CIA Director Mike Pompeo's inaugural significant public speech last week, and even follows Kelly's own initial appearance on the weekend talk shows Sunday, where the DHS head discussed North Korea as a cyber threat. House Homeland Security Chairman Mike McCaul also has promised a Kelly appearance before his panel soon.
Although Kelly's speech is broader than just cybersecurity - it's titled "Home and Away: Threats to America and the DHS Response," and GW is billing it as a conversation on his strategic vision for the department - Kelly will discuss computer defenses this morning, a DHS official said.
"The secretary will highlight the importance of cybersecurity to the department's mission and the nation's security," the official said. "He will call for more effective partnership with industry and government to both defend federal networks and build resilience into the nation's infrastructure. He will also touch on the need to foster a culture that enables organizations to defend themselves against cyber threats."
HAPPY TUESDAY and welcome to Morning Cybersecurity! Saw "Colossal." Interesting film idea. Not sure it actually works. Send your thoughts, feedback and especially tips to firstname.lastname@example.org, and be sure to follow @timstarks, @POLITICOPro and @MorningCybersec. Full team info is below.
NUNES BACK IN THE SPOTLIGHT - Weeks after House Intelligence Committee Chairman Devin Nunes recused himself from the panel's inquiry into Russian hacking, a coalition of progressive groups is demanding he step down entirely. "So long as he serves in the position of
chairman, he receives notifications of sensitive intelligence matters as a member of the Gang of
Eight, hires and fires all Republican committee staff, and calls committee hearings," the groups said Monday in a letter to House Speaker Paul Ryan and Minority Leader Nancy Pelosi. They argue there is "no clarity" about the new arrangement and "his presence as the leader of HPSCI creates an atmosphere of distrust and detracts from the ability of the committee to do its work."
Nunes stepped aside from the high-profile investigation after the House Ethics Committee announced that it was considering allegations that he may have mishandled classified information. The California Republican blasted the complaints - which came after Nunes decided to brief President Donald Trump on evidence the government had incidentally surveilled the Trump transition team - as baseless partisan attacks.
IF YOU'RE LOOKING FOR THINGS TO DO - Trump should work with Congress to create a national electronic ID program to bolster the security of online activities, a leading tech think tank said Monday. "Without federal action, this market will remain stagnant in the United States, which will inhibit people from being able to complete transactions entirely online, such as purchasing a home," the Information Technology and Innovation Foundation said in a new tech policy to-do list . "The government should spur the supply of e-IDs by directing a federal agency to offer them to U.S. residents for a reasonable fee." ITIF said its to-do list was "intended to highlight a selection of new ideas that may not yet have received adequate attention." The group also urged Congress to create a national data breach notification standard, require federal agencies to disclose code flaws they discover and require private companies to publish details about their security practices. On the privacy front, ITIF stumped for reform of the Electronic Communications Privacy Act, a decades-old law that currently lets police obtain some personal communications without a warrant.
OH SNAP - Snap, makers of Snapchat, has hired a lobbying firm to represent it on cybersecurity. The company brought on Monument Policy Group, according to its latest filing , to work for Snap on technology, cybersecurity and lawful access issues. Snap has recently signaled a stepped-up focus on cybersecurity. In its debut filing with the SEC, it listed security among its chief risk factors. "If our security is compromised or if our platform is subjected to attacks that frustrate or thwart our users' ability to access our products and services, our users, advertisers, and partners may cut back on or stop using our products and services altogether, which could seriously harm our business," the company wrote . "Because of our prominence, we believe that we are an attractive target for these sorts of attacks." Snapchat suffered a major hack in 2014, and that same year settled with the FTC over charges related to security and data collection on its customers.
YOU AIN'T SEEN NOTHING YET - China's proposed law requiring companies to pass security reviews before moving data out of the country would dramatically expand the scope of Beijing's controls, according to a new analysis of the draft law. In a post on the Lawfare blog, Harvard Law School student Christopher Mirasola noted that the language in the proposed law was broader than the text of an existing law imposing cybersecurity requirements on companies. Specifically, the new law would require domestic storage of any data produced "by internet users," superseding existing requirements for data produced "by users of critical information infrastructure."
Mirasola said the language tweak could be an attempt by Beijing to "increase its jurisdiction over digital information," or "an admission that the term 'critical information infrastructure' is so broad as to not have any real meaning." Regardless, he wrote, "this discrepancy substantially diminishes any clarity the guidance was originally designed to provide."
PENTAGON STARTS NUKE REVIEW - The Pentagon on Monday kicked off its Nuclear Posture Review, a soup-to-nuts examination that could influence U.S. nuclear policy for decades to come. The review, ordered by Trump on Jan. 27, is meant to "ensure the U.S. nuclear deterrent is safe, secure, effective, reliable and appropriately tailored to deter 21st-century threats and reassure our allies." The last review was conducted in 2010.
The review, which will be led by Deputy Defense Secretary Bob Work and Vice Chairman of the Joint Chiefs of Staff Gen. Paul Selva, will also dig into the technology used in the country's atomic arsenal. The vulnerability of the nuclear arsenal to cyber threats has been noted before. Look for U.S. Strategic Command, which oversees both U.S. nuclear arms and - for the time being - U.S. Cyber Command to play a major role in the review.
'TIS THE SEASON FOR CYBER COMPETITIONS - The U.S. Naval Academy last week won NSA's annual Cyber Defense Exercise. Over the weekend, University of Maryland, Baltimore County, won the 2017 National Collegiate Cyber Defense Competition. It's also the final week to compete in the annual Cyber Quests competition.
TWEET OF THE DAY - Don't buy into the mystique.
PEOPLE ON THE MOVE
- Michelle Richardson has joined the Center for Democracy and Technology as deputy director of its Freedom, Security and Technology Project. She spent the past year consulting with the Electronic Frontier Foundation, Mozilla and the Open Policy Center, and before that spent 10 years at the American Civil Liberties Union.
- Alston & Bird's new national security and digital crimes practice will be led by Kim Peretti and Michael Zweiback.
- The latest Shadow Brokers leak appears to connect the NSA to Stuxnet. Motherboard.
- Manufacturers are turning to cyber insurance. The Wall Street Journal.
- A former top Obama White House official predicted more cyberattacks like the ones during the 2016 elections. CNN.
- NASA's chief information security officer is leaving. Federal News Radio.
- Cyber jurisdiction is a problem for a couple high-profile bills. Washington Examiner.
- The FBI says it's meeting its cyber personnel goals without altering standards. Motherboard.
- Ars Technica on Cylance and product testing.
- Mirai on steroids? PC World.
- "Kimpton Hotels can't check out of class data breach claims." Bloomberg BNA.
That's all for today. I always liked Mothra. Suppose I'd be Mothra.
Stay in touch with the whole team: Cory Bennett (email@example.com, @Cory_Bennett); Bryan Bender (firstname.lastname@example.org, @BryanDBender); Eric Geller (email@example.com, @ericgeller); Martin Matishak (firstname.lastname@example.org , @martinmatishak) and Tim Starks (email@example.com, @timstarks).
To view online:
Please click here and follow the steps to unsubscribe.