WHILE I HAVE YOU … If President Donald Trump sits down with North Korean leader Kim Jong Un later this year, lawmakers want Pyongyang’s long history of malicious cyber activities to be on the agenda, Martin and Eric report.
“I think you’ve got an opportunity to do some good things here,” said Sen. Cory Gardner (R-Colo.), who chairs a Senate Foreign Relations subcommittee overseeing East Asia and international cybersecurity. The Kim regime has marshaled its limited resources to become a notable digital power, launching strikes such as the trashing of Sony Pictures’ networks in 2014, as well as a slew of online bank robberies, ransomware attacks and other schemes that have netted tens of millions of dollars.
Cyber diplomacy has worked before. In 2015, then-President Barack Obama struck a deal with Chinese President Xi Jinping to end the hacking of private companies for commercial gain. Yet some were skeptical of broadening the Trump-Kim summit to include hacking, saying a deal on denuclearizing the Korean peninsula will be hard enough as it is. “I’m not opposed to it going on the agenda,” said Senate Intelligence Committee Chairman Richard Burr. “The question is, how many things can you ask them to eliminate in one negotiation?”
Congress has so far been largely silent in pushing for any of this to be on the agenda when Trump and Kim meet, in part because the administration was without a top diplomat until ex-CIA Director Mike Pompeo was confirmed to as secretary of State last week. Still, some experts aren’t holding out too much hope for a significant U.S.-North Korea hacking bargain. Sue Mi Terry, a senior fellow for Korea at the Center for Strategic and International Studies, predicted that Trump and his team will address hacking with Kim “in a general sense.” “They’ll bring it up, but it’s not going to be part of any kind of a deal,” she said.
HAPPY MONDAY and welcome to Morning Cybersecurity! Your MC host was a bit torn about the Pacers versus the Cavs. As a Hoosier, I was rooting for the Pacers. As an NBA fan, seeing LeBron a little longer… Send your thoughts, feedback and especially tips to firstname.lastname@example.org, and be sure to follow @POLITICOPro and @MorningCybersec. Full team info below.
POLITICO’s Ben White is bringing Morning Money to the Milken Institute Global Conference to provide coverage of the day’s events and evening happenings. The newsletter will run April 29, 2018 – May 2, 2018. Sign up to keep up with your daily conference coverage.
OUT TODAY: ONLINE FRAUDSTERS MOVE AROUND — The shutdown of top dark web marketplaces has been a good cybersecurity news story. But a new report out today from cybersecurity company RSA finds that fraudsters are stepping up their work on popular social media and messaging platforms. “The shutdown of large fraud marketplaces, including Infraud, AlphaBay Market and Hansa Market, combined with the rise in popularity of social media across the globe, has resulted in many fraudsters extending their presence on social media beyond Facebook to a much wider variety of platforms, including WhatsApp, Telegram, Instagram, Snapchat and others,” the report concludes.
For instance, “fraud groups using Facebook have continued popping up and their member counts continue to grow significantly” since 2016, the report states. Instant messaging client ICQ is among the most popular outlets, according to RSA, since it doesn’t limit the size of any particular group. Fraudsters also like WhatsApp thanks to its popularity, but some find Telegram more appealing because of the perception that the platform is more secure, RSA found.
LET’S SEE WHAT YOU’VE GOT — The technical standards agency NIST is inviting all interested parties to demonstrate software that fulfills the needs of two “data integrity” projects the agency is studying, according to a Federal Register notice published late last week. The first project focuses on identifying the assets on one’s network and protecting them from ransomware, while the second focuses on detecting and countering specific strains of ransomware. Organizations can submit proposals to enter into cooperative R&D agreements with NIST, with the goal of developing market-ready ransomware defense solutions. The agency laid out the specific requirements for organizations’ proposal letters in the Federal Register notice.
VICTORY! — A team of cyber experts representing various NATO agencies won a major international cyber defense exercise last week. Teams from many NATO member-states participated in the Locked Shields live-fire drill, hosted by the alliance’s major cyber hub, known as the Cooperative Cyber Defence Centre of Excellence in Tallinn, Estonia. The NATO team “excelled in all categories” of the drill, Aare Reintam, technical exercises project manager at the NATO-accredited cyber defense center, said in a statement. France and the Czech Republic took second and third place, respectively.
The exercise involved more than 2,500 attacks on approximately 4,000 virtual systems standing in for the control networks of critical infrastructure around the world. NATO, France and the other participants played “blue teams” defending the virtual systems from “red team” attackers. Each team had to protect more than 150 virtual systems. “The Blue Teams had to be efficient in reporting incidents, executing strategic decisions and solving forensic, legal and media challenges,” said Reintam.
SURVEILLANCE ON THE ROPES — The United Kingdom may be forced to scale back its digital mass surveillance programs after a court ruled that some its current powers are unlawful, TechCrunch reported. The U.K. High Court concurred with several parts of a legal challenge to the 2016 Investigatory Powers Act, which allowed the government to force communications companies and service providers to collect and retain web activity, location information and other data on all their users for a year. Lawmakers have been given until Nov. 1 to tweak the portions of the law the court found unlawful.
UNDER THE GUISE — A new U.S. Trade Representative report maintains the assertion that China needs to clean up its act on intellectual property enforcement, saying that the country continues to have problems in the areas of trade secret theft and forcing companies from other countries to transfer their tech to domestic firms. “China has taken additional steps backward by its repeated invoking of cybersecurity as a pretext to force U.S. IP-intensive industries to disclose sensitive IP to the government, transfer it to a Chinese entity, or both, in order to address purported security concerns,” reads the report, released late last week Bulgaria and the United Arab Emirates, however, received praise for stepping up their enforcement in cyberspace to crack down on piracy.
RECENTLY ON PRO CYBERSECURITY — A House Intelligence Republican report ruled out theories that anyone other than the Russians hacked Democratic political targets in the 2016 election. … President Donald Trump liked the same report because it concluded his campaign had not colluded with Russia. … The total cost of Equifax’s huge data breach last year has climbed to $243 million, the company declared. … Europol announced that the United States, European Union and Canada conducted a successful operation to crack down on propaganda by the Islamic State in Iraq and Syria.
This article originally appeared on Politico.com