By signing up, you acknowledge and agree to our Privacy Policy and Terms of Service. You may unsubscribe at any time by following the directions at the bottom of the email or by contacting us here. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Cyber Command picks a deputy

With help from Eric Geller and Martin Matishak

Editor’s Note: This edition of Morning Cybersecurity is published weekdays at 10 a.m. POLITICO Pro Cybersecurity subscribers hold exclusive early access to the newsletter each morning at 6 a.m. To learn more about POLITICO Pro’s comprehensive policy intelligence coverage, policy tools and services, click here.

Quick Fix

— Cyber Command has a new top deputy. The pick is a career naval aviator who has served as chief of staff in the organization.

— A “ghost key” to give law enforcement access to encrypted messages is a bad idea, according to a coalition of groups that includes a number of tech giants.

— The former head of President Barack Obama’s cybersecurity commission talked with MC about Facebook, helping small- and medium-sized businesses and more.

HAPPY THURSDAY and welcome to Morning Cybersecurity! Send your thoughts, feedback and especially tips to [email protected], and be sure to follow @POLITICOPro and @MorningCybersec. Full team info below.

Driving the Day

FIRST IN MC: CYBER COMMAND HAS A NEW NO.2 — While you were maxing and relaxing over the holiday weekend, U.S. Cyber Command chief Army Gen. Paul Nakasone made the organization’s chief of staff his brand new deputy, Martin reports. Nakasone promoted Navy Rear Adm. Ross Myers to the rank of vice admiral on Memorial Day, according to Cyber Command. The pick fills a critical vacancy as the military’s digital warfighting branch looks to build on the lessons it learned from Operation Synthetic Theology, its digital campaign to protect the 2018 midterm elections against foreign interference, particularly from Russia.

Myers, a career carrier naval aviator, has held a number of posts during his time in the military, according to his official biography. He previously served in various roles for the Joint Chiefs of Staff, as well as the director of plans and policy at Cyber Command. While he may not have a digital background, Myers’ resume shows experience running the day-to-day operations of large organizations and an intimate knowledge of Cyber Command itself. Pros can read the full story here.

GHOST IN THE MACHINE — A coalition of human rights groups, tech companies and security researchers today signaled opposition to a proposal from U.K. Government Communications Headquarters officials to give law enforcement the ability to to view encrypted messages. “The ‘ghost key’ proposal put forward by GCHQ would enable a third party to see the plain text of an encrypted conversation without notifying the participants,” wrote the coalition, which includes Apple, Google and Microsoft as well as organizations like New America’s Open Technology Institute, the Electronic Frontier Foundation and the Center for Democracy and Technology. The idea “poses serious threats to cybersecurity and fundamental human rights including privacy and free expression,” according to the coalition.

MINI-Q&A — Your MC host sat down this week with Kiersten Todt, the former executive director of the Commission on Enhancing National Cybersecurity. Among other pursuits, she now serves as managing director of the Cybersecurity Readiness Institute, which helps to enhance cybersecurity for small- and medium-sized businesses. The following mini-Q&A has been edited for clarity.

What has been left undone since the commission’s recommendations?

We need to look at the interdependency between [internet of things] devices and tech platforms. Google, Amazon, Uber and most specifically Facebook have an impact on the national and economic security not just of our nation but of the globe. This is a newly defined sector. Tech platforms are not considered critical infrastructure. The concern I have is the lack of management of what they hold. These platform companies are aggregating data at unprecedented rates in our world history, so we have to look at management of that data privacy. People don’t want privacy or they wouldn’t post so much information on Facebook. What they want is control over their data.

What’s next for the institute?

We are measuring who comes to the website, and how many register, and how many follow through. We actually reached the 1 million we sought to reach in 2019. Two thousand signed up [fully]. We’re now distilling the five-stage program into something more condensed, accessible, downloadable and process-focused to make it a one-stop shop — how do you access the policies that take less effort?

What kind of education campaign would it take to get people to do basic patching and other cyber hygiene steps that could solve a lot of security problems?

I’m struck by the continued lack of education and information on the basics. There was a time where we pushed back on the phrase “cyber hygiene,” where we said, “Don’t offend them by telling them they don’t know the basics.” With Smokey the Bear, or anti-drug campaigns, the interesting piece is, those are binaries. ... You either litter or you don’t. The seriousness of the the education campaign goes beyond the billboard [for cybersecurity]. You’ve got to do education around these issues without people making afraid of the technical piece of them. We focus on phishing, patching, authentication and USBs. Those things don’t require technical expertise.

COME TOGETHER, RIGHT NOW, CYBER THREATS — The FBI is concerned about a “convergence” of different types of cyber threats, a top official said Wednesday at an Aspen Institute event. Mass personal data thefts from sources like Equifax and OPM, “a broadening attack surface” as people buy more internet-connected devices, and “the proliferation of publicly available tools and capabilities” previously restricted to nation-state hackers have combined to “cause us the greatest concern,” said Tonya Ugoretz, the No. 2 official in the FBI’s Cyber Division. The bureau, she said, is beginning to see those interwoven vulnerabilities “manifested in attacks and intrusions that get at the very core of what underpins our trust in a lot of things,” from the 2016 election interference to the NotPetya malware’s exploitation of a software update mechanism.

Some cybersecurity experts say the U.S. government’s inability to protect its highly valuable hacking tools — NotPetya relied in part on a powerful leaked NSA exploit — has contributed to this crisis atmosphere. But Ugoretz disagreed, saying, “I don’t think threat actor sophistication is dependent on U.S. tools.” And former FBI official Erin Joe, who succeeded Ugoretz as director of the Cyber Threat Intelligence Integration Center, said those tools were a net positive for the country: “If there were no U.S. tools, the U.S. would probably not be as safe as we are today, either.”

AND NOW HIS WATCH HAS ENDED — Special counsel Robert Mueller closed up shop on Wednesday, and his final words were on election interference. “And I will close by reiterating the central allegation of our indictments, there were multiple systematic efforts to interfere in our election,” he said. “And that allegation deserves the attention of every American.” He also reiterated that Russian hackers used “sophisticated cyber-techniques” to penetrate Hillary Clinton’s campaign. Some Democrats found new ammunition for impeaching President Donald Trump, even if Mueller doesn’t want to testify.

RECENTLY ON PRO CYBERSECURITY — The Cyber Threat Intelligence Integration Center is studying sound practices for interagency incident response. … Hackers are impersonating local governments in an attempt to breach small- and mid-sized businesses, Lookout revealed. … A group of lawmakers said the New York City Metropolitan Transit Authority should not purchase parts from a Chinese rail manufacturer. … Trump’s trade war with China is harming the U.S. semiconductor business, an industry official said. … Sen. Josh Hawley (R-Mo.) criticized Facebook for not saying what kind of data it will collect from users’ encrypted messages. … A leading European cyber lawmaker declared that the continent needs more cyber offensive capabilities.

TWEET OF THE DAY — Mitch McConnell, call your office!

Quick Bytes

— Insight Partners bought Recorded Future for $780 million.

— New York is contemplating a General Data Protection Regulation-like law. CyberScoop

— A Commerce/DHS botnet initiative is on track. Inside Cybersecurity

— WannaCry still lives on 145,000 devices. Dark Reading

— A State Department official says 5G offers no distinction between “core” and “edge,” in a criticism of the U.K. approach to Huawei. Inside Cybersecurity

— A Chinese database exposed dating app records. CyberScoop

— Have a feature on the Defense Digital Service.

— Human rights groups are probing NSO Group’s private equity firm. CyberScoop

— “Saudi Arabia accused of hacking London-based dissident.” Guardian

That’s all for today.

Stay in touch with the whole team: Mike Farrell ([email protected], @mikebfarrell); Eric Geller ([email protected], @ericgeller); Martin Matishak ([email protected], @martinmatishak) and Tim Starks ([email protected], @timstarks).

Follow us on Twitter

Heidi Vogt @HeidiVogt
Maggie Miller @magmill95
John Sakellariadis @johnnysaks130
Joseph Gedeon @JGedeon1

Tim Starks has written about cybersecurity since 2003, when he began at Congressional Quarterly as a homeland security reporter. While at CQ Roll Call, he mainly covered intelligence, but he also had stretches as a foreign policy reporter and defense reporter. In 2009, he won the National Press Club's Sandy Hume Memorial Award for Excellence in Political Journalism.

He left CQ Roll Call in March of 2015. Before coming to Politico he spent several months freelancing, writing for the Economist, the New Republic, Foreign Policy, Vice, Bloomberg and the Guardian.

He grew up in Evansville, Ind. and graduated from the University of Southern Indiana with a degree in print journalism. His first full-time reporting job was covering city hall for the Evansville Press, the former afternoon daily. He was a Pulliam Fellow at the Indianapolis Star, and participated in the Politics and Journalism Semester at the chain of newspapers anchored by the Las Vegas Review-Journal. He also was the Statehouse Bureau Chief at the Evansville Courier & Press and established the Washington bureau of the New York Sun. Some of his other freelance work has been for the Chicago Tribune, Glamour, Deutsche Welle, Ring and BookForum.

He is the founder of The Queensberry Rules, dubbed an "indispensable boxing blog" by the Wall Street Journal. He's also fond of fantasy basketball and real-life basketball — he is from Indiana, after all — and gets way too bent out of shape over people rooting against the home team or not walking on the right side of the sidewalk.

Cyber Command picks a deputy

Quick Fix

Driving the Day

Quick Bytes

Follow us on Twitter

Follow Us

Monday, 5/6/24

Monday, 4/29/24

Monday, 4/22/24

Monday, 4/15/24

Monday, 4/8/24

Judge Cannon indefinitely postpones Trump’s classified docs trial

Unexpected warning signs for Trump in busy Indiana primary

Being Held in Contempt Might Not Be Trump’s Biggest Problem

Stormy spoke. Trump fumed. Jurors were captivated — but also cringed.

Kristi Noem snaps at Fox Business host over dog questions: ‘This interview is ridiculous’