With help from Eric Geller, Martin Matishak and Daniel Lippman
Editor’s Note: This edition of Morning Cybersecurity is published weekdays at 10 a.m. POLITICO Pro Cybersecurity subscribers hold exclusive early access to the newsletter each morning at 6 a.m. To learn more about POLITICO Pro’s comprehensive policy intelligence coverage, policy tools and services, click here.
Story Continued Below
HOUSE GOP ROSTER SET — The House Republican Steering Committee last week made its selections for ranking members in the 116th Congress. Here is your 2019 GOP starting lineup:
— Rep. Michael McCaul got the top slot on the Foreign Affairs Committee. McCaul was term-limited out of chairing the Homeland Security Committee after six years, where he spearheaded several cyber-related initiatives, including a bill to restructure the DHS cyber wing.
— Rep. Mike Rogers will succeed McCaul on the Homeland panel. The Alabama lawmaker will “spend considerable time discussing cybersecurity, including the security of cloud computing, artificial intelligence and hardening our critical infrastructure,” according a statement that accompanied his promotion.
— Rep. Doug Collins was elected to serve atop the Judiciary Committee. Collins is currently vice chair of the Courts, Intellectual Property and the Internet subcommittee.
— Rep. Jim Jordan was named ranking member on the Oversight Committee. One of President Donald Trump’s closest allies, Jordan has harried FBI and Justice Department officials involved in the investigation of Russian ties to the Trump campaign.
— Rep. Frank Lucas will lead Republicans on the Science Committee. He has served as the panel’s vice chair since 2015.
— Rep. Patrick McHenry will be the top Republican on Financial Services. In response to the historic Equifax data breach, he introduced legislation, H.R. 4028, that would, among other things, phase out the use of Social Security numbers by credit-monitoring businesses.
— Rep. Kay Granger was tapped for Appropriations, while Reps. Mac Thornberry and Greg Walden, the current chairs the Armed Services and Energy and Commerce panels, respectively, will become ranking members.
HAPPY MONDAY and welcome to Morning Cybersecurity! Your periodic reminder that the octopus is the best animal. Send your thoughts, feedback and especially tips to [email protected], and be sure to follow @POLITICOPro and @MorningCybersec. Full team info below.
SWIFT MARRIOTT CONSEQUENCES — The second biggest data breach ever, announced late last week by Marriott, has triggered lawsuits, investigations and congressional calls for action. Lawyers quickly filed a class-action lawsuit in Maryland over the breach, which exposed the information of 500 million people. In New York, Attorney General Barbara Underwood launched an investigation, and other states are doing the same, with a multistate team-up possible.
Senate Minority Leader Chuck Schumer said Marriott should pay for new passports for its customers, with the passport data an especially valuable cache of information for criminals. Sen. Ed Markey urged Congress to pass consumer privacy and data breach legislation in response to the Marriott news, although no major breach yet has prompted Congress to act on a data breach bill. Sen. Mark Warner also called for a congressional response. “We must pass laws that require data minimization, ensuring companies do not keep sensitive data that they no longer need,” he said. “And it is past time we enact data security laws that ensure companies account for security costs rather than making their consumers shoulder the burden and harms resulting from these lapses.”
CHINA, U.S. TO NEGOTIATE CYBER THEFT — The U.S.-China trade truce announced over the weekend comes with a side of cyber. A White House statement said Trump and President Xi Jinping would begin negotiations “on structural changes with respect to forced technology transfer, intellectual property protection, non-tariff barriers, cyber intrusions and cyber theft,” among other subjects. Some analysts have blamed Trump’s trade policies with China for an escalation of Chinese hacking against U.S. companies.
RESEARCHERS, START YOUR ENGINES — DHS plans to award grants to small businesses to study risk assessment processes and identity, credential and access management techniques, the agency announced late last week. DHS posted a pre-solicitation that invited interested parties to ask questions about the list of topics for its Fiscal Year 2019 grant program. One of those topics is “ICAM On-the-Fly,” and another is “Network Modeling for Risk Assessment.” A third is labeled “Cybersecurity Peer-to-Peer Knowledge/Lessons Learned Tool.” The pre-solicitation Q&A period ends at noon on Dec. 18.
SIGNAL RECEIVED — DHS late last week touted a new “multi-year program” to study the digital vulnerabilities of GPS and develop workarounds for situations when GPS is rendered unusable. The program, which will rely heavily on industry input, is part of the DHS Science and Technology Directorate. S&T developed one mitigation device called a Total Horizon Nuller antenna, an “anti-jam” antenna that reduces the effects of GPS interference. “This low‑cost solution enables critical infrastructure owners and operators to deploy such antennas more widely within parts of their networks that require resilience measures, but were not critical enough to warrant significantly higher priced solutions,” DHS said in a statement.
** A message from ManTech: With cyberattacks proliferating, organizations need real-time, dynamic cyber solutions to protect vital infrastructure and data from theft, compromise and destruction. Defense, Intelligence Community and federal civilian agencies look to ManTech for aggressive cyber solutions that stop criminal hackers, thwart nation-state attacks, and expose insider threats. Learn more at www.mantech.com **
RECENTLY ON PRO CYBERSECURITY — Defense Secretary Jim Mattis said Russian President Vladimir Putin attempted to interfere with last month’s midterms. … A court ruled that a federal law banning Kaspersky Lab products from government systems doesn’t violate the Constitution. … House Democrats will push for legislation providing federal election security funds to states and mandating a national strategy to protect elections. … The House overwhelmingly approved a federal IT consolidation bill.
PEOPLE ON THE MOVE
— Chris Farley is joining cybersecurity startup Expanse, Inc., which has a mix of U.S. government and commercial clients. He’ll be on the “post-sales” team and was previously an associate at Albright Stonebridge Group.
TWEET OF THE DAY — And yet.
— Reuters did a special report on Iranian disinformation.
— A lawsuit alleges that the NSO Group helped the Saudi government spy on journalist Jamal Khashoggi. The New York Times
— An imprisoned hacker ran a drone smuggling ring, according to new charges. Daily Beast
— Google shut out its privacy and security teams from the Chinese Dragonfly search engine. Intercept
— Moscow’s cable car system was infected with ransomware right after it started. Bleeping Computer
— A fake Vladimir Putin Twitter account fooled a lot of people. Mother Jones
— “ACLU wants court to release documents on the US’ attempt at backdooring Facebook Messenger.” ZDNet
— Endgadget goes inside Chronicle, Alphabet’s cybersecurity spinoff.
— A top presidential security adviser in South Korea may have been hacked. Korea Times
That’s all for today. It’s not much of a debate.
Stay in touch with the whole team: Mike Farrell ([email protected], @mikebfarrell); Eric Geller ([email protected], @ericgeller); Martin Matishak ([email protected], @martinmatishak) and Tim Starks ([email protected], @timstarks).
** A message from ManTech:
These days, the biggest threat to our national cybersecurity may not be around the world. It could be across the hall. No organization can afford to be hacked.
That’s why ManTech’s insider threat program blends data collection, aggregation and analysis with contextual clues to identify anomalies. We use our experience with Continuous Diagnostics and Mitigation (CDM) and advanced analytics to look for anomalies that indicate potential threats inside the network—like trends and weaknesses, indicators and alerts. Our integrated solution applies pre-security screening to an employee’s lifestyle, counterintelligence factors and suitability. We also provide continuous evaluations, measured monitoring and rapid response. And, of course, we analyze data from physical security safeguards including alarms, CCTV and entry-and-exit checks.
The result is a full-spectrum Insider Threat program that seamlessly integrates data analytics with the human factor – personnel training and processes. Just another ManTech advantage.
Find out more at https://www.mantech.com/capabilities/cyber/insider-threat-program **