With help from Eric Geller, Martin Matishak and Darius Dixon
ROB JOYCE Q&A — Rob Joyce, President Donald Trump’s cybersecurity coordinator, has been on the job since March and he already has his hands full. He spoke with Cory and Eric this week for a wide-ranging Q&A session. In part one of the Q&A, Joyce talked about how busy he and his team are executing Trump’s cybersecurity executive order, and tackling the challenges posed by encryption and foreign cyber threats. He also talked about how the Trump administration is helping state election officials defend their voting systems.
“The first thing we’re doing is education,” Joyce said. “Awareness that there’s a problem and that there’s a threat is 50 percent of the battle. Because then you get the galvanizing focus on, what do we need to do going forward? That’s our first step. And I think that dialogue’s happening in spades. Whether it be the companies who provide some of the capabilities. Whether it be the states or the election districts that are responsible for [the voting process]. And there is a growing engagement through DHS, with their ability to reach out and engage the states and locals.” Pros can read the whole interview here and check out the rest soon.
SOME RECOMMENDATIONS FROM JEH — Former Homeland Security Secretary Jeh Johnson made headlines at a House Intelligence Committee hearing Wednesday over his dismay at the Democratic National Committee turning down his department’s help after it was hacked, and at the FBI for not sharing news of the DNC hack until months later. But he also had some prescriptions for what the United States should do about election vulnerabilities. He told the committee that Congress should consider establishing cybersecurity grants for state and local officials. He said the federal government should have one point person for cybersecurity, preferably within DHS. He said the government needs to amp up its education efforts about the hazards of spearphishing. It might even consider encouraging states to adopt minimum security standards. But there’s one thing it should avoid. “I would say to this Congress, if you want to try to federalize elections in this country, good luck,” Johnson told the panel.
IN ENGLISH, PLEASE — Tech industry representatives on Wednesday asked Congress to rein in and clarify the myriad cybersecurity regulations that affect their member companies and partners. “These regulations do not follow a common language,” said Christopher Feeney, the president of the Financial Services Roundtable’s tech arm, at a Senate Homeland Security Committee hearing. “This is counterproductive and introduces tremendous inconsistency and duplication of effort.” Because regulations sometimes overlap and are inconsistently applied, Feeney added, “firms already burdened by a shortage of skilled cyber professionals must take resources away from protecting their platforms to interpret” them.
The technical standards agency NIST’s cybersecurity framework “should be the foundational strategy for how we go about protecting cyberspace,” said Dean Garfield, president and CEO of the Information Technology Industry Council, which represents major tech players like Amazon, Apple, Facebook and Google. Garfield urged lawmakers to use it as a foundation for any regulatory reform. The framework’s main benefit, he said, is that it is “incredibly flexible, adaptable, in the same way that those who are attempting to create cyber insecurity are adapting all the time.” Garfield also said it was important for the government to designate a point person whose job would be “coordinating and advancing” the framework’s implementation “to avoid duplication.” At the same hearing, panel leaders and one industry witness questioned the need for the Health and Human Services Department to have a cybersecurity center.