Name and shame policy

Name and shame policy

RSA Conference preview — Thailand passes controversial cybersecurity law

‘Name and shame’ bill returns

03/01/2019 10:00 AM EST

With help from Eric Geller, Jordyn Hermani and Martin Matishak

Editor’s Note: This edition of Morning Cybersecurity is published weekdays at 10 a.m. POLITICO Pro Cybersecurity subscribers hold exclusive early access to the newsletter each morning at 6 a.m. To learn more about POLITICO Pro’s comprehensive policy intelligence coverage, policy tools and services, click here.

Story Continued Below

— Lawmakers on both sides of the Capitol reintroduced legislation to require the Trump administration to designate the top nation-state cyberattackers against the U.S. It also would mandate new sanctions.

— The RSA Conference is almost here. We preview some of the bigger names and topics at the San Francisco confab next week.

— Huawei won a battle against the U.S. at a conference in Europe this week. The company hasn’t yet won the war to remain in European markets, however.

HAPPY FRIDAY and welcome to Morning Cybersecurity! That’s cold, yo. Send your thoughts, feedback and especially tips to, and be sure to follow @POLITICOPro and @MorningCybersec. Full team info below.

‘NAME AND SHAME’ BILL MAKES COMEBACK — A bipartisan group of lawmakers on Thursday re-introduced legislation that would require the president to designate countries that represent the nation’s top cyber threats and then sanction those that carry out malicious, state-sponsored attacks. The Cyber Deterrence and Response Act — sponsored by Sens. Chris Coons and Cory Gardner and Reps. Ted Yoho, Michael McCaul, Jim Langevin and Brad Sherman — would mandate the president label such hackers as “critical cyber threat actors” and mandate the imposition of a menu of sanctions. The bill passed the House by voice vote last year but no action was taken in the Senate before 115th Congress adjourned.

The resurrected measure provides the executive branch the ability to exempt nations that are identified as cyber threats from being hit with sanctions. It also calls on the administration to implement the cybersecurity provisions of the Asia Reassurance Initiative Act, which was signed into law last year and aims to establish long-term strategic U.S. policies for the Indo-Pacific region.

RSA CONFERENCE IS UPON US — Your MC host heads to the City by the Bay next week for the annual RSA Conference, where he’ll be one of the 45,000 or so taking in a full agenda of cybersecurity talks and meetings. Some of the top federal cyber officials in the land will be there, and we’ll be writing about them for Pros and in this space: U.S. Army Gen. Paul Nakasone, head of Cyber Command and the NSA; Chris Wray, director of the FBI; Chris Krebs, director of the DHS Cybersecurity and Infrastructure Security Agency; and Rob Strayer, the No. 1 cyber man at the State Department. Check in with Morning Cybersecurity each day to receive dedicated conference coverage and register here to attend RSAC 2019.

DHS and NIST have a particularly heavy presence at the conference, but even agencies as far-flung as the FDA are making an appearance alongside a bevy of other leaders from the aforementioned agencies. Also look for officials from Congress, state governments and foreign governments.

A popular topic around here, election security, gets a lot of attention at RSA this year. Bob Lord, chief security officer for the Democratic National Committee, is giving a talk, and election security will feature heavily in various sessions, including some on topics like cybersecurity law or malware or cryptography. Keep your eyes on this space for tons of coverage all next week.

POLITICO PLAYBOOK: The 2020 Election. The New Congress. The Mueller Investigation. … Keep up with POLITICO Playbook. Be in the Know. Sign up today here.

TRUMP ADMIN TAKES ‘L’ IN BARCELONA — Huawei fended off U.S. officials’ efforts at a trade show in Spain to get Europe to isolate the Chinese telecom company, our European colleague Laurens Cerulus will report in a story out today. That doesn’t mean it has won the fight entirely, since some European nations are looking at imposing new requirements on the company. “It doesn’t matter what happens in any single country in Europe. We will stay here,” Vincent Pang, the company’s president for the Western Europe region, told reporters in Barcelona, adding that the company considers Europe “the most powerful innovation house in the world.” Look for this story soon from POLITICO Europe.

GET ON THIS — The Electronic Frontier Foundation is imploring tech giants to fix major security issues with their platforms ranging from misuse of sensitive data to unnecessary third-party permissions. The “Fix It Already” requests to Facebook, Apple, Google and other companies reflect digital-rights activists’ years of pent-up frustrations with tech- and wireless-industry behemoths.

The activists want Facebook to stop using users’ phone numbers, which are often provided exclusively for security purposes like two-factor authentication, in non-essential ways. They want Apple to let customers encrypt their iCloud backups. And they want Google to offer more granular control over the data and services that Android apps can access. They also made urgent pleas to Twitter, Venmo, WhatsApp, Slack, Microsoft and Verizon.

“All the products on our list are supposed to be state-of-the-art,” Jeremy Gillula, EFF’s technology projects director, said in a statement, “but their failure to fix these obvious problems means that they aren’t taking users’ real needs to heart.”

RESECURITY DIGS IN — After Australian sources countered allegations from the cyber firm Resecurity that Iran appeared to be behind attacks on its parliament, saying China is still the main suspect, the company on Thursday offered additional evidence. Resecurity says the group responsible, which it dubbed IRIDIUM, also targeted the U.K. parliament in 2017. Not only does the group appear to go after similar targets, such as political and governmental officials, but the attack also came just after an official celebration of Australia’s relationship with Israel, according to the company. Resecurity also noted that the tactics used in the attack resemble those of groups with close ties to the Iranian Revolutionary Guard Corps.

THAILAND’S INTERNET ‘MARTIAL LAW’ — A controversial cybersecurity law unanimously passed in Thailand on Thursday giving the military-appointed parliament cybersecurity powers that internet freedom activists are calling “cyber martial law.” The law allows for Thailand’s National Security Council to “override all procedures with its own law” should a state cybersecurity incident reach a “critical level,” Reuters reports. Thailand’s National Cybersecurity Committee can now summon individuals for questioning and enter private property without court orders should they suspect it’s the location for a potential cyber threat. An additional cyber panel will be able to to access computer data and networks, make copies of information and seize any private device, per Reuters.

Opponents of the bill say it gives the Thai government too much power, even considering some alterations. “Despite some wording improvements, the contentious issues are all still there,” Arthit Suriyawongkul, an advocate with the Thai Netizen Network, told Reuters.

RECENTLY ON PRO CYBERSECURITY The Senate Intelligence Committee once more approved William Evanina for the job of counterintelligence chief. … The Senate Judiciary Committee approved the two final members of the Privacy and Civil Liberties Oversight Board. … The SEC hired Gabriel Benincasa as its chief risk officer.

TWEET OF THE DAY — Senators getting sassy about security with memes!

Jason Matheny is the founding director of Georgetown University’s Center for Security and Emerging Technology. He previously served as director of the U.S. Intelligence Advanced Research Projects Activity.

FireMon announced Thursday that it has named Don Closser, former general manager and vice president of Trend Micro’s TippingPoint Network Security Product Group, to the role of chief product officer.

“US wiped some hard drives of Russia’s ‘troll factory’ in last year’s hack.” ZDNet

The New York Times reports that President Donald Trump did indeed order his chief of staff to grant a security clearance to Jared Kushner, despite intelligence officials’ concerns about his business ties to foreign countries, including Russia.

Facebook, Telegram and Signal are getting in on the cryptocurrency business. The New York Times

Trend Micro demonstrates how a hacking group is stealing Instagram profiles.

The NSA’s Rob Joyce talks about disrupting foreign hackers. CyberScoop

America’s cities are running software from 30-plus years ago. Bloomberg Businessweek

The cyber czar for Massachusetts warned about threats to the state. Newburyport Daily News

A misinformation campaign raged as India and Pakistan neared war. BuzzFeed


Name and shame policy


Name and shame policy

Apartments News Auto News Car News Credit News Insurance News Loan News Top News Pharma News Real Estate News Rental News Travel News USA News Name and shame policy

Written by American News

Leave a Reply