Experts Nervously Eye Cyber Threats From China – Politico

Experts nervously eye cyber threats from China – POLITICO

Delivered every Monday by 10 a.m., Weekly Cybersecurity examines the latest news in cybersecurity policy and politics.
Delivered every Monday by 10 a.m., Weekly Cybersecurity examines the latest news in cybersecurity policy and politics.
By signing up you agree to allow POLITICO to collect your user information and use it to better recommend content to you, send you email newsletters or updates from POLITICO, and share insights based on aggregated user information. You further agree to our privacy policy and terms of service. You can unsubscribe at any time and can contact us here. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Loading
You will now start receiving email updates
You are already subscribed
Something went wrong
By signing up you agree to allow POLITICO to collect your user information and use it to better recommend content to you, send you email newsletters or updates from POLITICO, and share insights based on aggregated user information. You further agree to our privacy policy and terms of service. You can unsubscribe at any time and can contact us here. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
By ERIC GELLER 

PROGRAMMING NOTE: Morning Cybersecurity won’t publish from Monday, Aug. 29, to Monday, Sept. 5. We’ll be back on our normal schedule on Tuesday, Sept. 6.
With help from Maggie Miller

— U.S. cybersecurity experts and officials are closely watching developments between China and Taiwan, concerned that escalated tensions could lead to cyberattacks.
HAPPY MONDAY, and welcome to Morning Cybersecurity! I’m your host, Eric Geller, with some big news: POLITICO’s cyber team is thrilled to welcome John Sakellariadis as MC’s new author.
John starts at POLITICO as a cybersecurity reporter today, and he’ll be taking on MC full-time beginning in September. He just finished up a year in Athens studying European Union cybersecurity issues as a Fulbright U.S. Student Research Grantee, and he’s previously written for publications including Slate and The Record. Earlier this month, the Atlantic Council published his report on the rise of ransomware attacks. Welcome, John!
Have any tips or secrets to share with MC? Or thoughts on what we should be covering? Email your MC hosts Eric Geller ([email protected]) and Maggie Miller ([email protected]). You can also follow @POLITICOPro and @MorningCybersec on Twitter. Full team contact info is below. Let’s dive in.

The Women Rule series brings together rising stars, accomplished professionals, and women at the pinnacle of their careers to inform, empower and connect women across diverse sectors and career levels. Attendance to our quarterly in-person POLITICO Women Rule meetings, is by invitation-only. Join our interest list and learn more here.
Want to receive this newsletter every weekday? Subscribe to POLITICO Pro. You’ll also receive daily policy news and other intelligence you need to act on the day’s biggest stories.

WATCH THIS SPACE — The U.S. cybersecurity community is warning that China is laying the groundwork for cyberattacks in the U.S. as tensions rise over Taiwan, as Maggie reports in a story out this morning for Pros.
The ongoing conflict in Ukraine has spurred a major increase in Russian-linked cyberattacks against both Ukraine and NATO member states. And following visits by House Speaker Nancy Pelosi and other lawmakers to Taiwan, China appears to be mobilizing its cyber forces against the West.
— Warning: Former Cybersecurity and Infrastructure Security Agency Director Chris Krebs told attendees at the recent Black Hat conference in Las Vegas to prepare for any potential Chinese invasion of Taiwan to prompt cyberattacks on supply chains that would quickly impact Americans.
“Right now, every single company out there should be conducting simulations, scenarios, impact assessments, tabletop exercises at the objective level around what’s happening around the Strait of Taiwan,” Krebs said. “Based on the conversations I’ve had with national security officials, they are pretty confident that is going to come to a head, with China and Taiwan.”
He’s not alone in that assessment.
“I’m sure they have access to systems,” Christopher Painter, the former State Department cybersecurity coordinator, said in an interview. “They and Russia are the two most capable state actors other than the U.S.”
— Government attention: The U.S. government has not assessed that an invasion of Taiwan is imminent. But, while cyberattacks against the U.S. would be a tougher target and potentially lead to blowback China may not want to risk, Beijing is ramping up its espionage operation, which could put it in a good position to strike at U.S. computer systems.

WATER YOUR PLANS TO HELP? — As the EPA crafts new cybersecurity regulations for the water sector, all eyes are on the agency to see what kind of security assistance it plans to offer the United States’ key water systems amid fears of Russian attacks on critical infrastructure.
The bipartisan infrastructure law gave the EPA until today to send Congress a copy of its new Technical Cybersecurity Support Plan — which it was supposed to develop by Aug. 12 to describe plans for priority cyber support to vital water systems — along with a list of the water systems expected to receive that aid. The support plan, one of a bevy of infrastructure cybersecurity projects and grant programs in the massive bill, is supposed to describe the methodology for identifying key water systems, present timelines for supplying aid and list the specific EPA and CISA services that these systems can expect to receive.
The EPA didn’t provide a status update on the support plan in response to MC’s request.
The Biden administration is pushing Congress to grant the EPA explicit rulemaking authority for the cybersecurity of water systems, but in the meantime, the EPA is crafting basic cyber rules based on the TSA’s requirements for pipelines, rail networks and aviation systems.

DO WE HAVE YOUR ATTENTION? — Amazon and the National Cybersecurity Alliance are hoping that humor will help convince Americans to safeguard their digital data with basic cybersecurity measures like multi-factor authentication.
In a PSA for Amazon and the NCA’s new “Protect & Connect campaign,” actors Michael B. Jordan and actress Tessa Thompson play “internet bodyguards” who must save their client’s son from cyber criminals after he falls for a phishing scam. After Thompson uses a wireless keyboard to quickly create a stronger password for the boy, she flips it around and uses it to beat up the intruders. Eventually, MFA saves the day. “Protect yourself before you connect yourself,” the PSA intones.
The cheesy gimmick reflects an attempt to solve a serious problem facing the government, the tech industry and the expert community: Tens of millions of technologically unsavvy Americans are weak links into their employers’ computer networks, which sometimes control vital national functions. Many of these employees are busy and don’t want to spend time configuring a bunch of new security protocols.

FLEXING COORDINATION MUSCLES — The election community completed its fifth annual cyber incident tabletop exercise last week, setting the stage for a midterm campaign season in which disinformation is likely to test the relationships that federal agencies, election offices, social media giants and voting system vendors have spent years developing.
Officials from CISA, the FBI, the NSA and other agencies joined officials and representatives from more than a dozen election industry companies for a three-day event that simulated “a range of hypothetical scenarios affecting election operations” and tested participants’ “cyber and physical incident planning, preparedness, identification, response, and recovery,” according to a joint statement from multiple agencies and associations of election officials.
The preparations, and the messaging associated with them — the statement said “rigorous safeguards are in place to ensure the cyber and physical security of election equipment” — come amid public anxiety stoked by a coterie of Republican gubernatorial and secretary of state candidates who have promoted lies about the 2020 election.

KEEP THE LINES OPEN — Ukraine’s key cybersecurity and intelligence agency was able to successfully implement new methods for getting information out as national and international attention on the agency skyrocketed after the Russian invasion earlier this year.
Nataliia Pinchuk, an adviser at Ukraine’s State Service for Special Communications and Information Protection, reflected on lessons learned by the agency from the ongoing war as part of a blog post for the European Digital Diplomacy Exchange. Pinchuk described SSSCIP communications processes, such as social media and other outreach, as having been “built from the ground up” over the past 18 months as tensions with Russia escalated, and noted that followers of the SSSCIP’s Telegram and Twitter pages had massively increased.
— Lessons learned: Pinchuk pointed to SSSCIP’s decision to deliver content to Ukrainians in a way that even those with limited internet or electricity can be informed about developments as crucial for the SSSCIP’s success, and vowed that Ukraine is ready to share the communications lessons it has learned with the global community.
“The world’s first cyber war has only started and the communication area is one of its major aspects,” Pinchuk wrote.

Rob Joyce, the NSA’s director of cybersecurity, put a cyber spin on a popular meme: “HOW CAN NSA REALLY BE SURE OF THE ATTRIBUTION? I MEAN ANYONE CAN THROW RUSSIAN MALWARE!”

The U.K.’s Conservative Party is encouraging members to vote online when selecting their next leader. (Wall Street Journal)
“Erik Prince wants to sell you a ‘secure’ smartphone that’s too good to be true.” (MIT Technology Review)
Lawmakers’ move to ban the purchase of software with known vulnerabilities is proving controversial. (CyberScoop)
TikTok strongly denied a report claiming its iPhone app is stealing passwords. (Vice Motherboard)
China’s cyber agency wants to promote homegrown internet companies. (The Record)
Stay in touch with the whole team: Eric Geller ([email protected]); Konstantin Kakaes ([email protected]); Maggie Miller ([email protected]); and Heidi Vogt ([email protected]).

SUBSCRIBE TO POWER SWITCH: The energy landscape is profoundly transforming. Power Switch is a daily newsletter that unlocks the most important stories driving the energy sector and the political forces shaping critical decisions about your energy future, from production to storage, distribution to consumption. Don’t miss out on Power Switch, your guide to the politics of energy transformation in America and around the world. SUBSCRIBE TODAY.
© 2022 POLITICO LLC

source

Leave a Comment

Leave a Reply

Your email address will not be published.

An Interview with MFB Solicitors discussing global Shipping trends – Lexology

Know About CISA and Their Roles and Responsibilities – Wales 247

Investing in Cybersecurity: Long-Term – Morgan Stanley

Jet2 issues Covid cyber security warning to passengers flying from Stansted – Essex Live