President Donald Trump’s State of the Union snub of cybersecurity didn’t escape notice, and it wasn’t just Democrats offering the criticism. Sen.
Bernie Sanders was one of the first to call attention to it. “How can Trump not talk about the reality that Russia, through cyber warfare, interfered in our election in 2016, is interfering in democratic elections all over the world, and according to his own CIA director will likely interfere in the 2018 midterm elections?” the former Democratic presidential candidate tweeted.
Story Continued Below
Nicholas Burns, a former top State Department official under President George W. Bush, joined the criticism. “One hour and twenty minute speech and not one word of criticism of Russia for trying to undermine our democracy,” he tweeted. Added GOP Rep. Charlie Dent: “In hindsight, in retrospect, he should have talked about the bad behavior of Russia and Putin in particular and how they’re trying to undermine American power and influence.” Others also pointed out the omission.
Some, though, were more forgiving, suggesting that the administration’s cyber achievements were separate from the speech. “Although the president did not touch on this issue in his speech tonight, we remain committed to following through on the Modernizing Government Technology (MGT) Act,” said Linda Moore, CEO of the tech trade group TechNet, referring to the major IT overhaul legislation Trump recently signed into law (H.R. 2810).
HAPPY THURSDAY and welcome to Morning Cybersecurity! There were some fine animals among the guesses from Wednesday’s newsletter question about which emotional support animal your MC host would pick — Honey badger! Mole rat! — but only one person got it right. It was, of course, the mighty, noble octopus. Send your thoughts, feedback and especially tips to email@example.com and be sure to follow @POLITICOPro and @MorningCybersec. Full team info below.
GOWDY OUTTIE — Rep. Trey Gowdy, who as chairman of two panels locked his jaws on former Secretary of State Hillary Clinton’s private email server and never let go, announced Wednesday he would not run for reelection this year. Gowdy’s special Benghazi panel revealed the existence of the private server and raised questions about the digital security risks it posed if foreign governments were to obtain classified information from it. Even as recently as last month, as head of the House Oversight Committee, Gowdy was pursuing questions about the FBI probe of Clinton’s server. Democrats often pressed him to further investigate Russia’s 2016 election interference, including last week. Gowdy has also served as one of the leaders of the House Intelligence Committee Russia investigation, and he sits on the panel’s cybersecurity subcommittee.
SOMETHING TO CONSIDER — It might be time to create a “National Cybersecurity Safety Board” akin to the National Transportation Safety Board, two Indiana University researchers wrote in a paper published Wednesday. The safety board model “separates fact-finding proceedings from any questions of liability, allowing attribution to be established, for example, without parties initiating litigation,” wrote Scott Shackelford, an Indiana University business law professor, and Austin Brady, a J.D. candidate at IU’s business school. “Funding could come from interested stakeholders, such as insurance companies,” the researchers said, because these “secondary markets would benefit from greater clarity surrounding the attribution of claims, as well as more information about the utility of various cybersecurity best practices.” Shackelford and Brady acknowledged that the safety board model faced several limitations. For example, given the rapidly evolving environment, a cyber safety board’s conclusions might be out of date by the time they’re issued.
CYBER DIPLOMAT HEADS TO BRUSSELS — The State Department’s top cyber official is in Brussels this week discussing ways that the U.S. and European Union can work together to tackle digital crime, improve online privacy and generally make the internet safer for everyone. At a forum with members of the private sector on Wednesday, Rob Strayer, the deputy assistant secretary of State handling cyber policy, discussed “the importance of the transatlantic partnership and shared core values on digital issues reflected on both sides of the Atlantic,” he told MC through a spokeswoman.
Beginning today, Strayer will represent the Trump administration at the EU-U.S. Information Society Dialogue. Strayer’s presence is a sign that the State Department intends to continue participating in global discussions about how to defend the internet from hackers, even as senior officials say that the effort will be increasingly bilateral rather than multilateral. “You’ll see us lead, work with a partner, and then ask coalitions to join [us] at our speed,” said White House cybersecurity coordinator Rob Joyce at the ICIT Winter Summit on Monday.
NO BAIL FOR WINNER — A federal appeals court denied bail on Wednesday to an NSA contractor awaiting trial on charges of stealing and leaking a top-secret agency document on Russia’s attempts to hack local election officials. The 11th U.S. Circuit Court of Appeals upheld a decision to deny bail to Reality Winner, who worked as a linguist at the clandestine organization before being arrested last year. In issuing its ruling, the court said the government’s case against Winner appears to be “relatively strong.” The court also noted statements she made in the past, such as, “I want to burn the White House down.” Winner also remarked: “We invented capitalism. The downfall of the planet.” Winner’s team has characterized the remarks as sarcastic jokes.
IT KEEPS GETTING WORSE — There are more than 130 different kinds of malware, and counting, that can exploit the security flaws known as Meltdown and Spectre, antivirus testing company AV-TEST told SecurityWeek. That number has risen steadily since Intel and other chip manufacturers disclosed the vulnerabilities early last month, according to the firm’s research. Hackers could soon use the malicious software on a widespread scale, or on a targeted basis, to extract personal data from computers. Until security patches for the two flaws are made, users can reduce their risk of being attacked by shutting down their computers when it’s not needed and closing the web browser during work breaks, said Andreas Marx, AV-TEST’s chief executive officer.
RECENTLY ON PRO CYBERSECURITY — The House Foreign Affairs Committee will hold a hearing on cyber diplomacy, featuring testimony from the former head of the State Department’s cyber coordination office. … House Energy and Commerce Democrats requested a briefing from Strava over the fitness app company’s privacy measures. … A bipartisan group of three senators asked the Trump administration to help Latin American countries defend their presidential elections against Russian interference. … “Twitter said today it’s now notified about 1.4 million people about their interactions with accounts of the Kremlin-linked troll farm known as the Internet Research Agency.”
Two top Democrats want answers from Twitter about the role of Russian bots in promoting an effort to release a House Intelligence Committee memo on alleged FBI misbehavior. … Trump supports releasing the memo. … The FBI has “grave concerns” about that memo. … White House chief of staff John Kelly said the memo release was imminent.