By Eric Geller
With help from Martin Matishak and Tim Starks
FRIENDS CLOSE, ENEMIES CLOSER? — President Donald Trump’s plan to form “an impenetrable cybersecurity unit” with Russia turned a quiet weekend into a frenzy of speculation, condemnation and uncertainty. “It’s strategic idiocy,” Chris Finan, a former White House cyber policy official, told Cory for a story that ran last night. “Would we form a unit with the Russians to study how we prevent a Russian nuclear attack on the U.S.? We wouldn’t,” said Rep. Ted Lieu, a California Democrat and leading voice on cyber issues, in an interview. The White House did not respond to requests for details on the plan, including how it meshed with a previous cyber cooperation effort that was launched in 2013 but quickly abandoned amid the tumult of Russia’s invasion of Ukraine.
Independent cyber experts and former officials cautioned that asking for a dialogue and increased information sharing was Russia’s go-to tactic when the West cornered it for malicious behavior like meddling in elections. “It has rarely been in their interest to cooperate in the past,” said former Obama White House cyber official Ari Schwartz, “and I can’t imagine that on … election issues it will ever be in their interest to cooperate.” Senior Trump officials defended the step, with Treasury Secretary Steven Mnuchin saying the goal was to develop “capabilities to make sure that we both fight cyber together.” Secretary of State Rex Tillerson added that recent events show that cyberspace needs sustained international attention. “We have to find a way to begin to address that, and it’s not going to be only about Russia,” he said. “It’s going to be about an international engagement as well.”
Lawmakers rushed to condemn the move, including several Republicans. The cyber working group is “akin to partnering with Assad on a ‘Chemical Weapons Unit,’” tweeted Florida Sen. Marco Rubio. South Carolina Sen. Lindsay Graham added that the plan was “not the dumbest idea I’ve ever heard — but it’s pretty close.” Illinois Rep. Adam Kinzinger likened it to “letting the fox guard the henhouse” and added a GIF to illustrate his point. Democrats piled on as well, with House Intelligence Committee ranking member Adam Schiff calling it “dangerously naïve.”
By late Sunday, even Trump seemed to recognize that the idea was not a political winner. “The fact that President Putin and I discussed a cybersecurity unit doesn’t mean I think it can happen,” he tweeted. “It can’t — but a [Syrian] ceasefire can, and did!”
THOSE BEARS, THEY’RE EVERYWHERE — The NSA has detected signs that Russian government hackers breached nuclear power companies and a manufacturer of industrial control equipment, according to the Washington Post. The paper reported over the weekend that the NSA’s analysis of the hacks uncovered “specific activity” by Russia’s Federal Security Service, or FSB, whose operatives are accused of previously participating in the digital break-in at the Democratic National Committee. As representatives of the energy industry stressed to reporters, there is still no evidence that the intrusions affected grid operations. But the fact that Russia may have compromised power company computers reflects the dangerous potential for digital adversaries to hold America “at risk” in cyberspace.
“We are certainly vulnerable in that [area],” a former senior Obama White House official told Eric for a story co-written with Martin and Pro Energy’s Darius Dixon that ran over the weekend. “That has to affect your calculus when you’re a decision-maker.” According to the official and others who spoke on the condition of anonymity to discuss internal deliberations, the Obama team considered the potential for Russian escalation as it debated responses to the Kremlin’s digital meddling. Specific threats to America’s energy grid did not come up in those discussions, multiple officials said, but the general vulnerability of the grid was on their minds.
Security experts have been cautious about blaming Russia for the newly revealed hacks, which according to the cyber firm FireEye are part of a campaign dating back to 2015. But Robert Lee, the co-founder of the security firm Dragos and a skeptic of early attribution claims, said the NSA’s reported confidence was significant. “Attribution is doable but hard. And takes time. The ‘it’s Russia’ aspect … of intrusion analysis requires lots of analysis,” he tweeted. “But specifically tying FSB makes me wonder if NSA has direct access to their systems or if they’ve been doing campaign analysis since 2015.”
HAPPY MONDAY and welcome to Morning Cybersecurity! Your temporary MC host saw the new “Transformers” movie last night and highly recommends it if you’ve been having trouble laughing. Tim will be back tomorrow, so send your thoughts, feedback and especially tips to firstname.lastname@example.org, and be sure to follow @timstarks, @POLITICOPro, and @MorningCybersec. Full team info is below.
DEFENSE POLICY BILL ON THE MOVE — The House Rules Committee meets this week to sift through nearly 400 amendments to the annual National Defense Authorization Act, which is likely to go the the floor on July 12. Among the cyber centric addendums are a provision from Rep. Brian Fitzpatrick directing the Defense secretary to define “deterrence” in a cybersecurity landscape and assess how the definition impacts DoD’s overarching cyber strategy; a proposal from Rep. Marc Veasey requiring the Pentagon to conduct a review of its existing “authorities, structures, and capabilities needed to protect overall civilian and government infrastructure networks and systems” in the U.S.; and bipartisan measures like the one from Rep. Brendan Boyle expressing that the U.S. should help Ukraine augment its digital capabilities and the amendment from Rep. Gregg Harper that would allow the House Speaker and Minority Leader to request additional funds from the executive branch should the chamber fall prey to a cyberattack.
Other amendments would direct the Pentagon to update its cyber strategy and request the president tap an existing federal official to be the “Interagency Cyber Victim Response Coordinator,” responsible for overseeing efforts to respond to the hacking of federal employees’ personal data. The Rules Committee typically approves dozens of amendments for debate, but often keeps more contentious proposals off the House floor. The bulk of the approved amendments will likely be debated on July 13.
WE COULD BE DOING SO MUCH MORE — Information sharing programs are all the rage in the cybersecurity industry, but how well do they work, and what could be done to improve them? The University of Tulsa has won a $220,209 Department of Homeland Security grant to study these questions, DHS announced late last week. The university’s research project, “The Economics of Cybersecurity Research Data-Sharing,” will review cyber research “to identify what data is available, how the research community is failing to exploit the wealth of data it produces, and ultimately recommend how data-sharing can be improved to enhance evidence-based policy and technology solutions,” DHS said in a statement. The department’s Science and Technology Directorate awarded the grant through its Cyber Risk Economics, or CyRiE, program. “Quantifying what data is being used and produced by cybersecurity researchers and developers is critical to measuring the gaps and value proposition for data-sharing,” said Erin Kenneally, CyRiE’s program manager.
RECENTLY ON PRO CYBERSECURITY: Donald Trump Jr. acknowledged he spoke with a woman who had Kremlin ties offering to arrange a meeting with someone who had damaging information on Democratic presidential candidate Hillary Clinton. … Rep. Ruben Gallego is pushing for a House vote next week on an amendment that would endorse the intelligence community’s conclusion that Russian hackers meddled in the 2016 elections. … Former Obama administration Director of National Intelligence James Clapper said there’s no evidence that anyone other than Russia interfered in the U.S. elections.
TWEET OF THE DAY — Well, this analogy isn’t Alde-wrong …
Donald Trump Jr. met with a Russian lawyer under the pretense of receiving damaging information about Hillary Clinton. New York Times.
— The Department of Energy has stepped in to help firms repel the latest wave of intrusions. Reuters.
— North Carolinians aren’t too focused on the Russia investigation their senator, Richard Burr, is leading. New York Times.
— The spearphishing attacks on nuclear power companies used a slightly unusual technique. Cisco.
— What we can learn from cyber comments by the Chinese head of Interpol. CyberScoop.
— WikiLeaks suggested founder Julian Assange might be a good leader for a Russia-U.S. cybersecurity unit. Newsweek.
— Germany said the NotPetya malware campaign did more damage to its companies than it first realized. Reuters.
That’s all for today. Did you know the Transformers’ planet is called Cybertron? True story.