House members lob cyber amendments at defense bill — China ready to reemerge from cyberattack drop-off?
DEMS TRY TO SAVE, REPLACE CYBER COORDINATOR — Lawmakers are trying multiple strategies to reverse the Trump administration’s decision to eliminate the White House cybersecurity coordinator position. Reps. Seth Moulton and Beto O’Rourke are trying the compulsory route, offering an amendment to the new defense policy bill (H.R. 5515) that would bar President Donald Trump from abolishing the post. The White House “continues to leave us vulnerable to critical cyber threats,” Moulton tweeted after Eric broke the news about national security adviser John Bolton’s plan, which Bolton made official on Tuesday. Other Democrats have introduced a House bill (H.R. 5822) that would create a White House cyber office with a Senate-confirmed director.
A different group of House Democrats is trying to cajole Trump into reversing Bolton’s move. “America needs to send a strong message to allies and adversaries alike that we are committed to leading and solving complex cybersecurity issues,” the lawmakers, led by Rep. Debbie Dingell, told the president in a letter. The missive cited a wide variety of cyber threats and challenges, both foreign and domestic, that required the leadership of a cyber coordinator. “It is vital that we have the best people working on these problems,” they wrote, “with a visible figurehead that other government agencies, the private sector, and our allies can turn to for guidance.”
But most cyber experts have accepted that the Trump White House won’t reverse its decision and are looking to future administrations. “Eliminating the position,” wrote former White House cyber official Jay Healey in a history of the role, “is a step back and one that will certainly be reversed in future, whether by this president or the next.” Republican lawmakers, meanwhile, have mostly avoided criticizing Bolton’s decision. Oklahoma Sen. James Lankford, for example, urged the White House to “clearly define who is leading the mission of coordinating the cyber landscape full-time” but did not decry the elimination of the post.
HAPPY FRIDAY and welcome to Morning Cybersecurity! The universe is ever-so-slightly humbling, no? Send your thoughts, feedback and especially tips to email@example.com, and be sure to follow @POLITICOPro and @MorningCybersec. Full team info below.
OTHER CYBER AMENDMENTS IN THE NDAA — House members filed more than 500 amendments to the chamber’s annual defense policy bill including several cyber-related provisions. Rep. Lou Correa offered a measure that would require the Pentagon to update its cyber strategy, task the president with developing a strategy for the offensive use of cyber capabilities and allow for technical assistance to NATO members. An amendment from Rep. Sheila Jackson Lee directs the Defense secretary to “develop plans for early detection, mitigation, and defense against state sponsored cyberattacks targeting federal public election assets.” Meanwhile, Rep. Jimmy Panetta has an amendment that would establish a DoD Cyber Institute, funded through user fees paid by industry partners, that would facilitate cooperation between the Pentagon and outside entities. And Rep. Ron DeSantis has an amendment that would block the use of federal dollars for digital collaborations with China or Russia.
The House Rules Committee will meet twice next week to tee up the massive policy bill for floor debate. A Monday evening session will be devoted to general debate, while a Tuesday afternoon session will deal with proposed amendments.
CYBER-MANEUVERS OVER ‘ONE CHINA’ POLICY — Beijing is taking out its aggression on the web against companies that don’t include Taiwan as part of China in images or maps on its websites, apps and other products, Adam Meyers, vice president of intelligence at CrowdStrike, told MC. Recently, China lashed outat international airlines and Gap. “They blocked… people being able to access Marriott.com within China,” Meyers said in a recent interview. “Part of what they’re likely to do is block access to the impacted airlines.” He predicted: “You’re going to continue to see this against Western businesses.” Most companies are acquiescing under that pressure, Meyers noted.
There haven’t been active cyberattacks yet that CrowdStrike has detected, but the company is paying close attention to whether China will increase digital attacks amid burgeoning trade conflict with the U.S. What’s more, a decline in attacks against the U.S. that began after a 2015 agreement between President Xi Jinping and the Obama administration coincided with a period when the Chinese military was consolidating components affiliated with cyber operations, Meyers said. That could mean China could emerge rejuvenated in cyberspace, Meyers said.
TO THE MOON — Leaders of a “cybersecurity moonshot” project outlined their guiding conclusions for the initiative Thursday to a presidential advisory panel. Generated by a subcommittee of the National Security Telecommunications Advisory Committee, the conclusions are meant to lead to recommendations in a final report in November that the president would later sign off on, said Mark McLaughlin, CEO of Palo Alto Networks and co-chair of the subcommittee. The first conclusion: “The status quo is unsustainable,” said Peter Altabef, CEO of Unisys and the subcommittee’s other co-chair. Other principles emphasize being bolder and “aspirational,” fostering an effort that calls on everyone to join and generating some short-term gains in addition to long-term ones. McLaughlin said since beginning the moonshot in February, the subcommittee sought expertise from other moonshot-like programs, including the Apollo program itself, the Human Genome Project and others.
GETTING CLOSER — DHS and Commerce are close to submitting their botnet report to the White House, a top Commerce official told the NSTAC Wednesday. Trump’s cyber executive order tasked the two agencies with studying the impact of botnets on the resilience of the internet and recommending ways for the government and the private sector to block and dismantle these networks of hacked devices. “We expect to deliver the final report to the president soon,” David Redl, the assistant secretary of commerce for communications and information, told NSTAC members. Commerce and DHS released the draft version of the report in January and spent the intervening months modifying it based on stakeholder feedback.
Redl also revealed a new project that NTIA, the telecom agency he heads at Commerce, will take on in the next few months. “NTIA later this summer will begin working with stakeholders to examine what’s needed to foster a marketplace for greater software component transparency,” he told the NSTAC. “Knowing what software has been incorporated into a product is a fundamental step toward being able to keep it updated and to block threats from doing damage.”
GUESS WHO’S BACK — North Korea is trying to spy on citizens who defect to South Korea by bugging their smartphones with a new strain of malware, the security firm McAfee revealed Wednesday. Pyongyang’s hackers have tried this before, as McAfee explained in January. Now, North Korean operatives appear to be at it again, publishing infected Android apps designed to steal text messages, photos, contacts and other personal data. One of the fake apps offers a recipe database, while the other two are focused on security — possibly in an effort to ensnare defectors worried about North Korean eavesdropping. One of the bogus security apps, “AppLockFree,” appears to be a reconnaissance tool that lays the groundwork for future hacking. McAfee cautioned that it had seen “no public reports of infections” and noted that Google removed the apps from its app store once notified. The security firm linked this operation to North Korea’s last such campaign by analyzing the malware’s logs on Dropbox and Yandex. In addition, “the email addresses of the new malware’s developer are identical to the earlier email addresses associated with” the hacking group.
MAKING LIKE RABBITS — Variants of Mirai, the malware partially blamed for the massive DDoS attack in 2016 that knocked down major websites like Twitter and Netflix, are multiplying, according to fresh analysis from FortiGuard Labs. Malicious actors are customizing Mirai, however one author has been particularly prolific, creating new bots dubbed Wicked, Sora, Owari, and Omni. The creations can do everything from turning IoT devices into malware proxies to exploiting known and unknown vulnerabilities, the lab team found.
THE CHARTER, AND STUXNET — Four more companies on Thursday joinedan industry organization devoted to improving cybersecurity for critical infrastructure via a 10-step blueprint. Cisco, Dell Technologies, Total and TÜV SÜD AG brought the group’s total to 16 members. “By joining the Charter of Trust and partnering with other leading technology providers, we can help realize the promise of technology innovation to drive human progress while protecting people and securing their data in this digitally connected world,” said Michael Dell, CEO of Dell Technologies. At an event heralding the new members, Joe Kaesar CEO of Siemens — which initiated the charter — talked about the landmark Stuxnet attack that affected Siemens technology in Iran’s nuclear program.
RECENTLY ON PRO CYBERSECURITY — The House postponed a scheduled unclassified election security briefing Thursday and plans another that will be classified. … U.S. Cyber Command said that its more than 6,000 digital warriors have hit “full operational capacity” ahead of schedule. … Experts told a panel they worried that China could digitally meddle in future U.S. elections. … House appropriators included a provision in a bill to uphold past sanctions against Chinese telecom manufacturer ZTE in a rebuke of Trump. … Sen. Jeff Flake saidTrump’s bid to aid ZTE was “deeply troubling.”
This article originally appeared on Politico.com