House bill would create cyber director — CISA briefs senators on China's Covid-19 hacking — Intel agency chiefs could testify in July

Jun 26, 2020

Presented by the NYU School of Professional Studies

Programming announcement: Our newsletters are evolving. Morning Cybersecurity will continue to publish daily for POLITICO Pro subscribers, but will publish once weekly for other readers starting on July 13. There will be no changes to the policy newsletters available to POLITICO Pro subscribers. To continue to receive Morning Cybersecurity daily, as well as access POLITICO Pro's full suite of policy tools and trackers, get in touch about a Pro subscription. Already a Pro subscriber? Learn more here.

Quick Fix

— House Democrats and Republicans introduced a bill to establish a National Cyber Director, a key Cyberspace Solarium Commission recommendation.

— CISA briefed two senators about the agency's work to protect Covid-19 vaccine research from Chinese hackers.

— The Senate's long-delayed Worldwide Threats hearing could happen in July, before the planned August recess.

A message from the NYU School of Professional Studies - MS in Global Security, Conflict, and Cybercrime:

The MS in Global Security, Conflict, and Cybercrime is a STEM-designated, graduate degree offered by the NYU School of Professional Studies Center for Global Affairs (CGA). It prepares students for leadership, management, analytical, and advocacy positions within organizations that are ready to confront the threat of cyber conflict. LEARN MORE.

HAPPY FRIDAY and welcome to Morning Cybersecurity! Send your thoughts, feedback and especially tips to mmatishak@politico.com. Be sure to follow @POLITICOPro and @MorningCybersec. Full team info below.

HOUSE MEMBERS GO BIG ON CYBER DIRECTOR — A bipartisan group of House lawmakers on Thursday introduced legislation that would create the position of National Cyber Director within the White House. There has been a bipartisan desire for a Senate-confirmed position that could coordinate the various digital missions at federal agencies ever since former Trump administration national security adviser John Bolton eliminated a similar White House cybersecurity coordinator, which didn't require Senate confirmation.

The creation of such an office was a key policy recommendation made by the Cyberspace Solarium Commission earlier this year. The Senate's annual defense policy bill, S. 4049, which could be passed as soon as next week, stopped short of creating the position, instead calling for an "independent assessment" of the proposal — language senators have dubbed a "'placeholder" until the commission responds to a request for additional information. The suggestion was left out of the House's version, H.R. 6395, due to what a House Armed Services Committee aide previously described as "cross-jurisdictional challenges" among committees.

The bipartisan roster sponsoring the bill — including House Oversight Chair Carolyn Maloney (D-N.Y.); Rep. Mike Gallagher (R-Wis.), who sits on Armed Services and served as a Solarium co-chair; Rep. Jim Langevin (D-R.I.) another Armed Services member who played a major role in the commission's work; and Rep. John Katko (N.Y.), the top Republican on the Homeland Security cybersecurity subpanel — suggests lawmakers have put their turf issues aside. "Only within the White House can we cohesively develop and implement a truly whole-of-nation cyber strategy that is commensurate with the threats we face," Langevin said in a statement. The Trump administration opposes the idea of establishing a National Cyber Director.

In Congress

FIRST IN MC: SENATORS BRIEFED ON CHINA'S RESEARCH HACKING — The FBI and CISA recently briefed senators who requested information about the agencies' responses to China's cyberattacks on U.S. coronavirus research efforts. Officials met on Tuesday with Sens. Thom Tillis (R-N.C.) and Richard Blumenthal (D-Conn.), the senators' offices confirmed to MC. The two lawmakers, along with Sens. Ben Sasse (R-Neb.) and John Cornyn (R-Texas), sent a letter in May asking the agencies if they needed more authorities or funding to help defend American companies from state-sponsored hackers, as well as how they notified high-value targets about these attacks. (Sasse's office didn't respond when asked if the senator attended the briefing, while a Cornyn spokesperson didn't answer the question.)

The lawmakers and agency representatives had "a productive conversation about what [resources the agencies] have now and where Congress could give them additional tools," Tillis press secretary Adam Webb told Eric. Webb declined to discuss the agencies' legal or budgetary requests but said Tillis understood the magnitude of the problem: "When it comes to the threat of foreign affiliated hackers that are backed by the government, and the amount of funding they have, we want to make sure that the funding to stop that is sufficient."

WATCH THIS SPACE — The leaders of the Senate Intelligence Committee want U.S. intelligence agency chiefs to publicly testify next month at an overdue Worldwide Threats hearing before the planned August recess. "We want there to be a hearing," Sen. Marco Rubio (R-Fla.), the panel's acting chairman, told Martin. "There will have to be some public component to it." He acknowledged the panel's request has been complicated by restrictions on congressional hearings due to Covid-19 and the White House's guidance barring senior officials from testifying unless chief of staff Mark Meadows approves.

House Intelligence Chair Adam Schiff (D-Calif.) has also requested Director of National Intelligence John Ratcliffe and other top officials testify sometime next month, but he says he's faced resistance. "ODNI has informed the committee that it is unlikely to schedule a World Wide Threats hearing this summer and that they will also likely refuse a hearing in the fall," Schiff said in a statement. Schiff called ODNI's response "unacceptable." He said the committee would include language in this year's annual intelligence authorization bill "to mandate the participation" of the intelligence community in the future.

A message from the NYU School of Professional Studies - MS in Global Security, Conflict, and Cybercrime:

As a student enrolled in the NYU SPS MS in Global Security, Conflict, and Cybercrime, you will explore cyber conflict through different facets of the social sciences, taking a deep dive into cyber espionage, crime, and warfare. The program prepares you to address the most pressing global security issues arising from cyber enabled malicious activities. It is designed for those individuals who wish to prepare for cyber-related careers in a job market that exhibits accelerating employer demand across the public and private sectors, and non-governmental organizations. The curriculum offers numerous opportunities for students to grow in their understanding of cyberspace, while exploring its vast impact on governments, corporations, and civilians around the world. Study remotely for Fall 2020 and continue earning your degree remotely or on-site in NYC in Spring 2021. Certain restrictions and requirements may apply for international students. LEARN MORE.

People on the Move

MAJOR FEDERAL IT VACANCY — Suzette Kent, who has overseen the federal government's IT modernization and cybersecurity initiatives since March 2018, will leave the administration in July, she announced on Thursday. As federal chief information officer, Kent leads a small OMB team that coordinates agencies' IT and security projects and releases guidance on topics such as asset protection, network design and identity management. While most IT professionals have praised those work products, Kent's tenure has been marred with controversy. In 2019, her office experienced severe morale issues, with employees criticizing her leadership and saying they felt overworked and rudderless. OMB reorganized Kent's team following POLITICO's reporting on the crisis.

"My commitment was to give 100% to improving government technology and citizen services," Kent said in a statement. "It is my hope that the outcomes achieved stand in evidence to that commitment." The White House has not announced a permanent successor, but Deputy Federal CIO Maria Roat is expected to temporarily fill the role.

Defense

PLANT THE FLAG — U.S. Cyber Command has wrapped its premiere cyber training exercise Cyber Flag 20-2. The exercise saw over 500 participants, including representatives from the National Guard and Five Eyes intelligence-sharing alliance. The drill, which spanned nine time zones, had teams defending IT and operational security networks at air bases across Europe from malware attacks that targeted devices responsible for things like fuel.

Due to the ongoing pandemic, Cyber Command employed a new remote digital training tool, dubbed the "Persistent Cyber Training Environment," to carry out this year's event and featured 25 interconnected digital ranges with over 3,000 virtual machines. "I would expect you to see a series of exercises throughout the year where we are reaching out to the different teams to test their capabilities or to focus on specific issues that are of concern or interest to us," Coast Guard Rear Adm. John Mauger, Cyber Command's chief of exercises and training, told reporters on Thursday. Cyber Command will hold its next exercise, Cyber Flag 20-3, in the fall.

TWEET OF THE DAY — That actually kinda works!

GO BEYOND OUR BORDERS FROM YOUR HOME: The coronavirus pandemic continues to devastate parts of the world, and a vaccine remains out of reach. Our Global Translations newsletter, presented by Bank of America, focuses on impactful global news, trends and decisions layered with critical contextual analysis from the world's sharpest minds. From how the world is reckoning with systemic racism to how different countries are combating the latest Covid-19 spikes, Global Translations offers a unique perspective that you won't find anywhere else. SUBSCRIBE HERE.

Quick Bytes

— The New York Times: Evil Corp. "is retaliating against the U.S. government, many of America's largest companies and a major news organization, identifying employees working from home during the pandemic and attempting to get inside their networks with malware."

— The new Suspicious Email Reporting Service from the United Kingdom's National Cyber Security Centre received 1 million reports from the public, with a daily average of 16,500 emails.

— CPO Magazine: The recent unmasking of a globe-spanning group called Dark Basin is an indication that the "hacker-for-hire" market may be significantly expanding.

— NASA's IG examined how the agency is complying with 2014's Federal Information Security Modernization Act.

— Bloomberg: Lobbyist Jack Abramoff charged in cryptocurrency case.

— Facebook will notify you if an article you're about to share is over 90 days old.

— ZDNet: "Telehealth data breaches to worsen as adoption skyrockets."

FOR CRITICAL NEWS AND CONTEXT YOU NEED IN 15 MINUTES OR LESS, LISTEN TO POLITICO DISPATCH: Coronavirus cases continue to spike as states take steps to reopen. Americans are demanding action from lawmakers to address racial injustice and police reform. How do you keep up with the never-ending news cycle? For quick analysis on the essential news of the day, listen to POLITICO Dispatch, our short daily podcast that keeps you up to date on the most important news affecting your life. Subscribe and listen today.

That's all for today.

Stay in touch with the whole team: Eric Geller (egeller@politico.com, @ericgeller); Bob King (bking@politico.com, @bkingdc); Martin Matishak (mmatishak@politico.com,@martinmatishak); Tim Starks (tstarks@politico.com, @timstarks); and Heidi Vogt (hvogt@politico.com, @heidivogt).