– The FBI has to defend its email security this week after hackers breached the office’s email infrastructure and sent thousands of alerts of a fake supply chain attack.
– President Joe Biden and the Senate have two different strategies this week to tackle cyber competition with China: hold diplomatic talks and strengthen cyber defenses.
– Washington’s top cybersecurity officials are making the rounds this week to discuss what’s next in anti-ransomware penetration.
HAPPY MONDAY and welcome back to Morning Cybersecurity. I am your host, Sam Sabin. A busy week is ahead: Biden signs the bipartisan infrastructure package today, the Senate picks up the cyber-heavy approval package for the defense budget, and the FBI is investigating how hackers have accessed their email infrastructure. We’ll catch up on what’s going on below.
But first: do you have any tips and secrets that you would like to share with MC? Or thoughts of what to track down next? Submit what you have [email protected]. Stay up to date by following @POLITICOPro and @MorgenCybersec. (The full team contact information below.) Let’s get to that:
BUSY WEEKEND of the FBI – Several corporate private sector cybersecurity officials woke up Saturday to a frightening but fake warning: The FBI is investigating an “elaborate chain attack” and everyone is vulnerable.
But here’s the thing: The message was fake and sent by hackers who gained access to the office’s email system – underscoring the critical vulnerabilities that persist in federal systems nearly a year after SolarWinds’ cyber espionage campaign was discovered.
– How it started: Hackers sent thousands of emails to private sector organizations on Saturday morning via the fake cyber attack, email security guard Spamhaus reported first this day. The forged emails then sparked a wave of calls to managed security service providers, since Kevin Beaumont, Head of Security Operations at Arcadia Group, pointed this out over the weekend.
The FBI issued a detailed statement on Sunday that a “software misconfiguration” gave hackers access to its corporate law enforcement portal over the weekend, allowing them to send fake emails about an attack on the cybersecurity supply chain which did not actually take place.
– That’s how it’s done: The FBI provided several updates on the incident over the weekend. While the investigation is still ongoing, the FBI said it warned its partners about the fake news and “quickly fixed the software vulnerability” and “confirmed the integrity of our networks.” The office also said the hack did not compromise any data or personal information. KISA Director Jen Easterly also said the agency is “informed about this incident” and is “ready to provide support if necessary”.
– A problematic portal: The FBI’s LEEP system has caused several cybersecurity headaches over the years. In 2015, hacktivists claimed they could break into the system after discovering that only one password was required to access a variety of law enforcement and homeland security systems.
What’s next: All eyes will be on how transparent the FBI continues to be about the attack and how it happened, especially as FBI officials travel to Capitol Hill for two hearings this week (which we will talk more about below). The office also deals with issues similar to the private sector and could provide a roadmap for businesses.
But if the FBI decides to hide key details, it could further anger companies who said after the Kaseya attack they were left alone even though the FBI had access to the decryption key for about three weeks.
Would you like to receive this newsletter every weekday? Subscribe to POLITICO Pro. Plus, you’ll get the breaking political news and other information you need to react to the day’s major events on a daily basis.
ON THE FINISH IN BEIJING – President Joe Biden is expected to speak to China’s Xi Jinping on cybersecurity at his virtual summit tonight, but with a very different approach than lawmakers to envisaged legislation.
– Diplomacy first: Differences in the US and China’s approach to cyberspace are definitely on the list of topics Biden will raise with Xi, a senior administrator told reporters on Sunday evening. But despite intensified espionage campaigns against the US and other Western nations related to Beijing, Biden is still expected to emphasize the importance of maintaining diplomacy between the two countries in his talks. “Intense competition requires intense diplomacy,” said the official anonymously as a condition for the briefing.
– Home advantage: With Senate Majority Leader Chuck Schumer consider whether to add of the US Innovation and Competition Act in this year’s National Defense Authorization Act, Congress could be on the right track to provide even more money to CISA and the country’s cyber defense. As we noted in MC, several cybersecurity laws have also been pinned to USICA. Senator Jacky Rosen (D-Nev.) Would like to set up a grant fund to ensure continuous 5G radio communication. Senator Maggie Hassan (DN.H.) urges a cybersecurity and infrastructure security training program. And Senator Todd Young (R-Ind.) Wants $ 5 million a year to go to the Department of Commerce through 2024 to improve cybersecurity.
What they’re trying to get: The government told reporters that the main objective of the conversation with Xi on Monday was not to make any promises, but instead to establish “the terms of competition” between the two nations. However, lawmakers seem to have more concrete goals when they focus on strengthening U.S. cyber defenses to blunt espionage campaigns like the China-related Microsoft Exchange Server hack.
RANSOMWARE ON THE BRAIN – As Washington keeps its eyes on its year-end goals, Washington will revisit an issue of cybersecurity policy that has yet to be resolved: how to stop ransomware criminals from attacking US organizations.
From Congressional hearings to NDAA amendments, here’s what is planned in Washington this week in the fight against ransomware:
– Hearings in Congress: House lawmakers will hear from top government cybersecurity officials as well as a handful of other cybersecurity officials during two ransomware-focused hearings. CISA Director Jen Easterly, National Cyber Director Chri Inglis and Bryan Vorndran of the FBI will testify to the House Oversight Committee Tuesday morning. On Wednesday, CISA Executive Director Brandon Wales, DHS Chief Policy Officer Rob Silvers and Jeremy Sheridan, Assistant Director of Investigations for US Intelligence, testify at a House Homeland Security Committee hearing.
– Think tank events: Homeland Security Minister Alejandro Mayorkas will join Sheridan and Europol Executive Director Catherine De Bolle in a virtual discussion on international cooperation and ransomware at the German Marshall Fund of the United States event on Thursday.
– NDAA consideration: Some NDAA changes expected to be considered this week also focus on ransomware. Senator Marco Rubio (R-Fla.) Added his Sanction and Stop Ransomware Act as an amendment that introduces a 24-hour requirement for government contractors and critical infrastructure operators to report ransomware attacks. And Sen. Sheldon Whitehouse’s (DR.I.) International Cybercrime Prevention Act, which introduces new indictments for suspects who knowingly target critical infrastructure, is also an NDAA addition.
WHAT ABOUT EDUCATION – Following the passage of the K-12 Cybersecurity Act, both lawmakers and a state regulator urged the Department of Education and DHS on Friday to take further steps to help K-12 schools with their cybersecurity needs.
Senator Maggie Hassan (DN.H.) led a group of Democratic lawmakers in a letter to both departments urging officials to go beyond the recommendation in a Government Accountability Office report, also released on Friday, and set up a government coordinating council and subsector Coordination Council for the Critical Infrastructure Sector Educational Institutions. The councils would encourage the exchange of information between government agencies and private sector groups working with K-12 schools.
“Bringing together the K-12 stakeholders would help ensure that resources, services and other support can be prioritized so schools can use them effectively,” the lawmakers wrote.
– GAO recommendation: The watchdog agency recommended that the DOE and DHS work together to update the education sector’s specific cybersecurity policies and requirements, which the DOE has agreed to do.
– Former Federal Chief Information Officer Tony Scott is now the CEO of the cybersecurity firm Burglary.
Ransomware hackers targeted a brewery in Barcelona. The internet didn’t take it that well. From Brian Honan, CEO of BH Consulting: “This ransomware is getting really serious now!”
– The Treasury Department said it had partnered with Israel to combat the use of cryptocurrencies by ransomware and cybercriminals as part of its broader, new U.S.-Israeli task force.
The TSA estimates that its mandatory pipeline cybersecurity rules will affect 97 operators and will take the agency more than 4,400 hours to comply each year, according to a file released today on the Federal Register.
– Russian citizen Denis Dubnikov has been arrested and is at risk of extradition to the United States for alleged links to ransomware gang Ryuk, known for attacking hospitals. (The Wall Street Journal)
– China is considering cybersecurity review for companies planning to go public in Hong Kong (Bloomberg)
– Opinion: “Ex-security chief: We have privatized our cybersecurity. The winners are the hackers “(Prospect)
Stay in touch with the whole team: Eric Geller ([email protected]); Bob King ([email protected]); Sam Sabin ([email protected]); and Heidi Vogt ([email protected]).