The ongoing government shutdown might not hit federal cybersecurity efforts as hard as other areas, but they won’t get off scot-free, either.
“Agencies will ensure that staff working on the maintenance and safeguarding of IT systems will continue to work during the lapse, and that systems will continue to get their critical updates,” Office of Management and Budget Director Mick Mulvaney said at a news briefing over the weekend. OMB recommendations issued late last week holds that agencies should keep any IT operations up if suspending them would create new “cybersecurity risk.”
Story Continued Below
But there are more subtle, long-term ways federal cybersecurity work could suffer from a government shutdown, even a short one. The risk of government cyber personnel fleeing their jobs for more stable organizations — places where they don’t have to worry about missing a paycheck — is real, especially considering how much more those same people can get paid in the private sector. BuzzFeed talked to some ex-NSA hackers who left after the last government shutdown in 2013. And Senate Armed Services Chairman John McCain, speaking about the risks posed by the lack of long-term, stable military funding, argued: “A depleted force will continue to shrink. And readiness will further suffer.”
Cory and Eric provided the department-by-department details for the main cyber agencies here. For example: There are 3,538 employees at the main DHS cyber office, the National Protection and Programs Directorate, and 1,944 employees will be retained during the lapse in appropriations, according to departmental guidance.
So how long will it last? As of late Sunday night, Senate leaders were still at an impasse, after a day of negotiations among a swath of moderates from both parties who believed they were close. A vote today could be telling.
HAPPY MONDAY and welcome to Morning Cybersecurity! This actually happened this weekend. Send your thoughts, feedback and especially tips to tstarks@politico.com and be sure to follow @POLITICOPro and @MorningCybersec. Full team info below.
JUST WHEN YOU THOUGHT YOU WERE OUT — President Donald Trump on Friday signed into law a bill extending powerful spying tools authorized under Section 702 of the Foreign Intelligence Surveillance Act. But get ready to hear a lot more about the 1978 law. House Republicans are debating how to handle a memo compiled by GOP members of the House Intelligence Committee that they say details FISA abuses by the FBI and the Justice Department. Panel Republicans last week authorized their colleagues to view the classified document, which Republican lawmakers say raises questions about how the FBI handled a fall 2016 application for a warrant to surveil a Trump campaign adviser, Carter Page, and whether agents were forthcoming about the role a controversial dossier alleging Kremlin influence over Trump played in their decision to seek the warrant.
The memo was a last-minute wildcard in the lengthy debate over Section 702, with some, including Rep. Ted Poe and the American Civil Liberties Union, citing the document as a reason for the president to delay signing the 702 renewal measure. Further adding fuel to the fire are Kremlin-linked Twitter bots, which are using the social media platform to push for the memo to be released, according to Hamilton 68, a website which tracks Russian propaganda online.
TWITTER UPDATES ON BOTS — Twitter announced on Friday that 677,775 Americans interacted with what the social media giant believes were over 50,000 automated accounts linked to the Kremlin during the last presidential election. The company also said that since briefing Congress in November, it has identified an additional 13,512 Russian-linked bot accounts that tweeted around the election, bringing the total to 50,258. “Any such activity represents a challenge to democratic societies everywhere, and we’re committed to working on this important issue,” Twitter wrote in a blog post. The company said it will share the account handles with congressional investigators looking at Russia’s 2016 meddling and offered several examples of Internet Research Agency content, including tweets with pro-Trump images and slogans.
One of those notified they had engaged with Russian accounts was none other than Senate Majority Whip John Cornyn. “Finally social media is waking up to manipulation of public opinion by our adversaries,” Cornyn, who serves on the Senate Intelligence Committee, tweeted. “All of us need to step up to meet this challenge, especially the Press.” Twitter also detailed its plans for the 2018 midterm elections, such as verifying major party candidates, communicating with federal and state election officials and applying anti-spam technology against automated networks. Sen. Mark Warner, one of the company’s biggest critics and the top Democrat on the Senate Intelligence Committee, welcomed the announcements. “I’ve been tough with Twitter on this, but I’m encouraged to see the company beginning to take responsibility and notify its users of Russia’s influence campaign on its platform,” he wrote.
SOME PRAISE, A NOTE OF CAUTION — Comments on the latest draft of NIST’s cybersecurity framework trickled in to meet the deadline at the end of last week, as the business community reacted to NIST’s December revisions to the document. USTelecom, a broadband industry trade group, praised the technical standards agency for tweaking language to clarify that the widely adopted framework is not meant as a prelude to regulation. “The approach to measurement taken in the first iteration” of the draft update “could create a perception that the Framework would lead to a path of compliance, benchmarking, or reporting” based on hard-and-fast metrics, the group said. The new draft “does much to address these concerns,” USTelecom said.
The new draft also added a section on how organizations can establish processes for researchers to report bugs in their products, known as vulnerability disclosure. The cyber firm Rapid7 praised that section. “We also urge NIST to list standards that are directly relevant to coordinated vulnerability disclosure as informative references” for that section, the group said in its comments. The framework already included barebones information related to vulnerability disclosure, but Rapid7 praised the new section for being “more explicit that organizations should be prepared to receive and respond to vulnerability disclosures.”
Not everyone was happy to see the framework directly incorporate advice about vulnerability disclosure. The U.S. Chamber of Commerce, which represents vast swaths of the business community, instead recommended that NIST move vulnerability disclosure to a separate roadmap document that outlines future work that may someday make it into the framework. “There are multiple uncertainties (e.g., liability) and complications (e.g., expenses) tied to the structure and utility of [vulnerability disclosure] processes,” the group warned, “and not all companies should be expected to have them.”
DECONSTRUCTING DEFACEMENT — A Pakistani hacktivist campaign against India generated far more website defacements than any other campaign in history despite drawing on far fewer hackers than other major defacement campaigns, according to new research from Trend Micro. The cyber firm today published a report that analyzed more than 13 million reports of websites being defaced with political messages over the past 18 years, and it found that the “Free Kashmir” campaign — protesting Indian Army abuses of people in the disputed territory of Kashmir — accounted for the lion’s share of the digital graffiti.
This was true even though the Pakistani activists had only around half as many hackers as the more famous #OpIsrael campaign, launched in response to ongoing tensions between Israel and the Palestinians. The anti-Israel defacements ranked second in quantity after the “Free Kashmir” defacements. Other major defacement campaigns targeted the Syrian government after the outbreak of the civil war there; France after the 2015 Charlie Hebdo attacks; and China in the wake of escalating tensions in the South China Sea.
RESEARCH FOR RESEARCHER SEARCHES — The Homeland Security Department last week awarded a $750,000 grant to improve how cybersecurity researchers can find other research. The grant, to InterLink, would go toward an advanced search function for the Information Marketplace for Policy and Analysis of Cyber-risk & Trust research portal, known as IMPACT. “Ensuring researchers have the most relevant information and data will greatly strengthen their ability to pinpoint emerging cybersecurity issues and speed development of new solutions,” said Douglas Maughan, director of the DHS Science and Technology Directorate’s Cyber Security Division. “With an enhanced search function, IMPACT will deliver to these researchers more relevant data and timely informational resources they can use to make key decisions in all phases of their research.”
SPECTRE OF A MELTDOWN IN TECH, MARKET, COURT — Intel and other chip manufacturers continue to wrestle with the Spectre and Meltdown security flaws in a host of ways. Last week, Intel revealed that some newer processors were also being affected by the patches, causing more frequent reboots. It also announced that it has gotten firmware updates out for 90 percent of Intel computers introduced over the past five years. Microsoft, too, issued some patches related to Spectre and Meltdown. Chip designer ARM expects some of its patches to affect performance as well. Intel specifically has taken a hit on the stock market, but the impact may not last long. But several lawsuits are proliferating over Spectre and Meltdown, including cases that target Apple and AMD.
RECENTLY ON PRO CYBERSECURITY — “The National Security Agency destroyed surveillance data it pledged to preserve in connection with pending lawsuits and apparently never took some of the steps it told a federal court it had taken to make sure the information wasn’t destroyed, according to recent court filings.” … Defense Secretary Jim Mattis said the U.S. advantage in cyberspace and elsewhere was “eroding,” and a new defense strategy focuses on China and Russia. … The strategy also emphasizes the need to quickly buy and deploy cutting edge cyber technology. … Here is a graphic of all the people involved in the Russia probe. … “A Chinese national has been sentenced to five years in prison for stealing pieces of code from his former employer and planning to give them to the Chinese government.”
TWEET OF THE DAY — Time to face some hard truths?
QUICK BYTES
— NBC News reports that a Chinese government penetrated the CIA’s clandestine communication system and shared the information with Russia.
— Cybersecurity is on the agenda this week for the World Economic Forum in Davos, but there are no easy answers. The New York Times.
— The Federal Energy Regulatory Commission voted to approve new cybersecurity rules. E&E News.
— Most companies’ stocks aren’t especially hurt by data breaches, according to a study . Schneier on Security.
— The hard part of the Trump administration’s plan for using shared services for cybersecurity, via Federal News Radio.
— Could we see hackers manipulate results at the upcoming Olympics? USA Today.
— The NSA is really good at voice recognition technology, according to The Intercept’s reporting on an Edward Snowden-obtained memo from 2006.
— “Kris Jenner’s Alleged Stalker Also Accused of Hacking Kourtney Kardashian.” E! News.
That’s all for today. Who’s gonna try to outdo Rob Joyce next Christmas?
Stay in touch with the whole team: Cory Bennett (cbennett@politico.com, @Cory_Bennett); Bryan Bender (bbender@politico.com, @BryanDBender); Eric Geller (egeller@politico.com, @ericgeller); Martin Matishak (mmatishak@politico.com, @martinmatishak) and Tim Starks (tstarks@politico.com, @timstarks).
