CISA’s coronavirus efforts on health care, diversity, election security — Research: Cybercriminals turn to instant messaging platforms — Traps await those returning to work, firm warns

Jun 25, 2020

Presented by the NYU School of Professional Studies

With help from Eric Geller, Martin Matishak and Cristiano Lima

Programming announcement: Our newsletters are evolving. Morning Cybersecurity will continue to publish daily for POLITICO Pro subscribers, but will publish once weekly for other readers starting on July 13. There will be no changes to the policy newsletters available to POLITICO Pro subscribers. To continue to receive Morning Cybersecurity daily, as well as access POLITICO Pro's full suite of policy tools and trackers, get in touch about a Pro subscription. Already a Pro subscriber? Learn more here.

Quick Bytes

— CISA officials said Covid-19 has prompted the agency to ramp up protections for vaccine makers, seize the chance to enhance workforce diversity and adjust how they approach election security.

— The Senate Judiciary Committee today will hold its first markup of the polarizing bipartisan bill targeting Section 230, the tech industry's prized liability shield.

— Change at the U.S. Agency for Global Media triggered congressional concern about a dearth of cybersecurity expertise.

A message from the NYU School of Professional Studies - MS in Global Security, Conflict, and Cybercrime:

The MS in Global Security, Conflict, and Cybercrime is a STEM-designated, graduate degree offered by the NYU School of Professional Studies Center for Global Affairs (CGA). It prepares students for leadership, management, analytical, and advocacy positions within organizations that are ready to confront the threat of cyber conflict. LEARN MORE.

HAPPY THURSDAY and welcome to Morning Cybersecurity! The top Republican on the House Intelligence Committee, ladies and gentlemen. Send your thoughts, feedback and especially tips to tstarks@politico.com. Be sure to follow @POLITICOPro and @MorningCybersec. Full team info below.

Homeland Security

CISA IN THE AGE OF COVID-19 — CISA officials fanned out across internet events on Wednesday to discuss a range of areas where coronavirus and cyber overlap and where the agency is going next:

— Health care cybersecurity: CISA has been working to protect Covid-19 vaccine and therapeutics manufacturers that are part of the White House "Operation Warp Speed" to develop a vaccine by January 2021, the agency's director, Chris Krebs, said at an event hosted by GovExec and Forcepoint. CISA has also been collaborating since March with Health and Human Services, DoD and the FBI to identify certain "tier one" companies and universities vital during the pandemic — under an initiative called "Project Taken" — to offer them vulnerability scans and educate them about threats.

"We've really picked up momentum up to now with significant uptake and enrollment from some of the most critical and large well-known pharmaceutical brands to smaller companies that are part of that critical supply chain," Krebs' cybersecurity deputy, Bryan Ware, said at a CrowdStrike event. They've also "seen an increase in vulnerabilities in that sector, but we've seen that sector — amongst all the others that we scan — is much more attentive and much faster at addressing the vulnerabilities that we find."

— Workforce diversity: The remote work trend could help CISA, as well as other cybersecurity-related employers, exceed hiring limitations caused by geography, Krebs said. "We have a distinct advantage in diversifying our workforce," he added. "That's going to give us advantages and perspectives our adversaries don't have."

— Election security: The 2018 election security effort helped prepare the nation for current collaborations on health care cybersecurity, Krebs said, because interagency and other coalitions in place for election security were able to turn their attention to the pandemic. But Covid-19 has shifted the cybersecurity stress on elections to voter registration databases, given the pivot to vote-by-mail, said Matt Masterson, CISA senior adviser on election security. Masterson said at the CrowdStrike event that his priorities include reaching out to small and mid-size counties with fewer resources to protect their systems.

SENATE JUDICIARY VOTE ON EARN IT ACT ON THE HORIZON — The Senate Judiciary Committee today will hold its first markup of the EARN IT Act, S. 3398 — the bill led by Chairman Lindsey Graham (R-S.C.) and Sen. Richard Blumenthal (D-Conn.) that seeks to curb child exploitation online by targeting the tech industry's liability protections. A Judiciary spokeswoman confirmed to our colleagues at Morning Tech that a vote on the legislation is expected to be held over until at least next week, per typical committee procedure. Still, today's hearing may show to what extent Graham and Blumenthal will look to assuage the bill's cacophony of critics — if at all.

The EARN IT has faced withering rebukes from the tech industry over fears it could allow federal regulators to link Section 230 legal protections with end-to-end encryption — a prospect Graham and Blumenthal have downplayed . Today's session could reveal whether its sponsors plan to tweak the language to address those concerns, MT forecasts. The bill would strip companies of their liability protections under Section 230 if they can't prove to a newly crafted commission, including regulators, that they're doing enough to combat online child abuse. Senate Republicans, including Graham, on Wednesday introduced legislation that offers a more explicit weakening of end-to-end encryption.

OTF MUSICAL CHAIRS — House and Senate Democrats on Wednesday pressed the recently appointed CEO of the U.S. Agency for Global Media to explain why he ousted leaders of the Open Technology Fund, which supports cybersecurity research and technology to protect journalists, political dissidents and others. "The new board you have installed has no one with any cybersecurity expertise, and instead is made up of partisan appointees with a concerning record on relevant human rights issues," wrote the group, led by Sen. Ron Wyden (D-Ore.). Lawmakers asked the agency chief to commit to hiring new leadership with digital security and technical backgrounds and continuing the organization's cybersecurity mission.

GO BEYOND OUR BORDERS FROM YOUR HOME: The coronavirus pandemic continues to devastate parts of the world, and a vaccine remains out of reach. Our Global Translations newsletter, presented by Bank of America, focuses on impactful global news, trends and decisions layered with critical contextual analysis from the world's sharpest minds. From how the world is reckoning with systemic racism to how different countries are combating the latest Covid-19 spikes, Global Translations offers a unique perspective that you won't find anywhere else. SUBSCRIBE HERE.

TURNING THE CORNER — Secretary of State Mike Pompeo proclaimed on Wednesday that the U.S. was winning its 5G battle to shun Chinese telecoms around the world. He cited successes in places like the Czech Republic, Denmark, Estonia, Greece, Latvia, Poland, Romania, Sweden, and Estonia. "The momentum in favor of secure 5G is building," Pompeo's statement said . "The more countries, companies, and citizens ask whom they should trust with their most sensitive data, the more obvious the answer becomes: Not the Chinese Communist Party's surveillance state."

CYBERCRIMINALS HEART TELEGRAM — Cybercriminals have upped their usage of instant messaging platforms, IntSights said in a report out today. Telegram seems to be experiencing the phenomenon the most: More than 56,800 Telegram invite links have been shared on cybercrime forums and there were 223,000 general mentions. Next up is Discord, with more than 392,000 general mentions. The reasons? They view the platforms as an alternative dark marketplace and are taking advantage of enhanced features to interact instantaneously and receive information in real time, IntSights concluded.

'RETURN-TO-WORK TRAPS' — Countries resuming business as usual in their evolving response to the pandemic have seen a decline in coronavirus-themed cyberattacks compared to countries still struggling to contain it, Check Point said in research out today — but there are some interesting variants for the countries removing precautions. For instance, the company has seen scams tied to employee training for returning to "the new normal," or centered on the Black Lives Matter' movement.

EHH, WHAT'S UP, DOC(KER)? — Cybercriminals have been using Docker Hub accounts to host images laced with cryptomining code and have earned more than $36,000 in the process, the security firm Palo Alto Networks said in a report out today. Docker Hub is designed to store Docker container images, which are efficient ways to deploy software , but the six image files in question contained code for mining the Monero cryptocurrency, and researchers said they were designed to "evade network detection by using network anonymizing tools such as ProxyChains and Tor."

Before Docker deleted the six files, their cryptomining code had been activated more than 2 million times, with recent activity occurring in April and May. "Docker containers provide a convenient way for packaging software, which is evident by its increasing adoption rate," Palo Alto Networks researchers said. "This combined with coin mining makes it easy for a malicious actor to distribute their images to any machine that supports Docker and instantly start using its compute resources towards cryptojacking."

TWEET OF THE DAY — In fairness, "incident-doer" isn't great.

Report Watch

— The top five riskiest internet-connected devices for 2020, according to a Forescout report today, are the categories of physical access control; heating, venting and air conditioning; internet protocol cameras; programmable logic controllers; and radiotherapy systems.

— Less than half of U.S. K-12 students are getting some kind of cybersecurity education, according to research released today by the National Integrated Cyber Education Research Center, rebranding as CYBER.ORG. The research, conducted by the EdWeek Research Center, found that those receiving less cybersecurity education are disproportionately rural and poor.

— Akamai said in a blog post today that it mitigated the largest packet per second (809 million) DDoS attack ever recorded on its platform. Record-breaking DDoS attacks have been having a moment.

FOR CRITICAL NEWS AND CONTEXT YOU NEED IN 15 MINUTES OR LESS, LISTEN TO POLITICO DISPATCH: Coronavirus cases continue to spike as states take steps to reopen. Americans are demanding action from lawmakers to address racial injustice and police reform. How do you keep up with the never-ending news cycle? For quick analysis on the essential news of the day, listen to POLITICO Dispatch, our short daily podcast that keeps you up to date on the most important news affecting your life. Subscribe and listen today.

Quick Bytes

— The Information Technology Industry Council provided comment on developing an implementation plan for the National Strategy to Secure 5G.

— The National Election Defense Coalition won a partial court victory in Indiana in its bid to access communications on election security between Indiana Secretary of State Connie Lawson and the National Association of Secretaries of State.

— ZDNet: Zoom hired a new chief information security officer.

— Google changed its privacy settings.

— CyberScoop: Distributed Denial of Secrets won't change its mission despite a Twitter ban.

— Secureworks released three reports on a Chinese hacking group.

— Jerusalem Post: A hacker group from Eastern Europe stole a lot of money from Israeli cryptocurrency exchanges.

— The inspector general review you've been waiting for: of security controls for the Federal Deposit Insurance Corporation's Regional Automated Document Distribution and Imaging System.

— Here's more Palo Alto Networks on a variant of a cryptojacking malware.

— New York Post: DHS is expanding its policy on tracking its personnel.

A message from the NYU School of Professional Studies - MS in Global Security, Conflict, and Cybercrime:

As a student enrolled in the NYU SPS MS in Global Security, Conflict, and Cybercrime, you will explore cyber conflict through different facets of the social sciences, taking a deep dive into cyber espionage, crime, and warfare. The program prepares you to address the most pressing global security issues arising from cyber enabled malicious activities. It is designed for those individuals who wish to prepare for cyber-related careers in a job market that exhibits accelerating employer demand across the public and private sectors, and non-governmental organizations. The curriculum offers numerous opportunities for students to grow in their understanding of cyberspace, while exploring its vast impact on governments, corporations, and civilians around the world. Study remotely for Fall 2020 and continue earning your degree remotely or on-site in NYC in Spring 2021. Certain restrictions and requirements may apply for international students. LEARN MORE.

That's all for today.

Stay in touch with the whole team: Eric Geller (egeller@politico.com, @ericgeller); Bob King (bking@politico.com, @bkingdc); Martin Matishak (mmatishak@politico.com, @martinmatishak); Tim Starks (tstarks@politico.com, @timstarks); and Heidi Vogt (hvogt@politico.com, @heidivogt).