| | | | |  | | By John Sakellariadis | — With help from Maggie Miller
| | | —CISA is starting the year laser-focused on enhancing cybersecurity at the corporate level, a top agency official tells MC. HAPPY MONDAY, and welcome to Morning Cybersecurity! Between the Sixers, the Phillies and the Eagles, the City of Brotherly Love is having a moment. … Which should infuriate me as a New Yorker. But between my editor (Philly native) and my in-laws (ditto), I’m ready to praise the Birds now so I don’t have to eat crow later. Fly, Eagles fly! Got tips, feedback or other commentary? Send them my way at jsakellariadis@politico.com. You can also follow @POLITICOPro and @MorningCybersec on Twitter. Full team contact info is below.
| | | | JOIN POLITICO ON 2/9 TO HEAR FROM AMERICA’S GOVERNORS: In a divided Congress, more legislative and policy enforcement will shift to the states, meaning governors will take a leading role in setting the agenda for the nation. Join POLITICO on Thursday, Feb. 9 at World Wide Technology's D.C. Innovation Center for The Fifty: America's Governors, where we will examine where innovations are taking shape and new regulatory red lines, the future of reproductive health, and how climate change is being addressed across a series of one-on-one interviews. REGISTER HERE. | | | | | Want to receive this newsletter every weekday? Subscribe to POLITICO Pro. You’ll also receive daily policy news and other intelligence you need to act on the day’s biggest stories.
| | | Nothing terabyte-sized on the agenda.
| | | AT THE BOARD LEVEL — A top priority for the Cybersecurity and Infrastructure Security Agency in 2023: cajoling corporations into better safeguarding their networks — including a potential laundry list of what that should include, Maggie reports in a story out this morning. Companies need to embrace the idea of “corporate cyber responsibility,” CISA chief of staff Kiersten Todt told POLITICO in an interview Friday at the agency’s headquarters in Arlington, Va. “The innovation of the car was a great asset, and with that though came this responsibility to take care of the car, to make sure it was safe and secure,” Todt said. “Similarly, cyber represents technology, represents innovation that every company benefits from.” — No orders here: Todt stressed that she’s talking about voluntary actions by companies and said CISA is exploring putting out guidelines to help them do that. That could include CISA creating a “series of best practices” on cybersecurity for boards and senior officials, she said. “What we're doing right now is exploring and examining and researching what makes the most sense to be able to put it in a straightforward, accessible way and that is something off of which we can build,” Todt said. She stressed that “this isn't intended to be ‘thou shalt,’ it's much more of the ‘we've got to work together.’” Todt said CISA would involve industry in any crafting of guidelines, and that there are no specific deadlines at the moment for the initiative. — Teamwork makes the dream work: CISA could work with other agencies in prioritizing corporate cybersecurity, such as with the Small Business Administration to help get smaller organizations involved, Todt said. More formally, the Internet Security Alliance and the National Association of Corporate Directors will be jointly involved in the program alongside CISA. — A silver lining: Companies have been more fixated on cybersecurity after a year in which CISA worked to ensure critical infrastructure groups were alert to potential threats from Russia as part of its “Shields Up” campaign. Todt noted the effort served as a “catalyst” for boards to invest more in cybersecurity, and that industry has made clear to CISA that it doesn’t want to go “shields down,” particularly due to ongoing ransomware attacks that have made cybersecurity a major concern for Americans. “People now accept this heightened level of vigilance without real fatigue because this is what's part of what we need to do,” Todt said. “That is an element of this corporate cyber responsibility, and being able to work more collaboratively with industry to help them demystify what we know.” Read the full story (for Pros!) here.
| | | GOP DRAWS STRAWS FOR HOUSE HOMELAND — An up-and-coming cyber lawmaker is set to lead an influential House committee with jurisdiction over CISA and the nation’s critical infrastructure protection efforts. Republican Rep. Andrew Garbarino (R-N.Y.) will take the gavel in the House Homeland Security Committee’s subcommittee on Cybersecurity and Infrastructure Protection, Republican leadership announced Friday. Building a resume — The second-term congressman has been vocal on cybersecurity issues since he entered Congress, sponsoring or co-sponsoring 14 pieces of legislation on the topic. More aggressive oversight — While in the minority, Garbarino frequently nudged DHS and White House cyber officials to provide more transparency about the administration’s cyber work or to giddy up on congressional priorities. For example, late last year, Garbarino and Rep. Mike Gallagher (R-Wisc.) pressed the White House to follow through on a new law directing CISA to draft a plan for how the government would maintain “economic continuity” in the event of a massive cyberattack. GOP depth problems? — None of the other four Republicans named to the subcommittee has a background in cyber policy, and with the exception of Garbarino and Rep. Carlos Giménez (R-Fla.), also a second-term congressman, all are freshmen on Capitol Hill. Likewise, while Chair Mark Green (R-Tenn.) has cited securing the “cyber border” as one of his top priorities for the committee, neither Green nor vice chair Michael Guest (R-Miss.) has previously been active on cybersecurity issues.
| | | TRANSATLANTIC CYBER COLLAB — The U.S. and European Union are eyeing tighter cooperation on cybersecurity governance, even as both pave the way for new — and likely inconsistent — regulatory regimes. In a joint statement released late Thursday, DHS and the European Commission's Directorate-General for Communications Networks, Content and Technology announced the launch of three cyber policy “workstreams” organized around information sharing and crisis response, critical infrastructure protection, and the security of hardware and software. Next steps — The statement highlighted a number of projects EU and U.S. officials would prioritize ahead of the next EU-U.S. cyber dialogue, expected in the second half of 2023. Those projects include examining ways to secure civilian space systems, finalizing a “working arrangement” between CISA and its EU equivalent, ENISA, harmonizing incident reporting regimes and developing more robust transatlantic threat sharing programs, among others. Tough road ahead? — The EU is moving more aggressively than the U.S. when it comes to cyber regulation, raising questions about whether some of those initiatives could quickly run into transatlantic headwinds. For example, the EU’s newly revised Network and Information Security Directive, or NIS2, designates cloud providers as essential entities, something U.S. lawmakers have thus far avoided. It also sets stricter and more robust incident reporting, corporate governance and vulnerability disclosure rules than equivalents that have gained traction in the U.S. Hold your horses, MC! — NIS2 will not bear real teeth until a member-state implementation deadline of fall 2024. In the meantime, the White House is gearing up to release its new national cyber strategy, which should help close the transatlantic regulatory gap by calling for tighter oversight of U.S. companies.
| | | Russia blocking access to the State Department’s Rewards for Justice website, hours after it asked for information on the operators of the Hive ransomware group? No, not suspicious at all.
| 
Twitter | | | | — The Atlantic Council has a new blog post out this morning on China’s cyber operations. — Ukraine blames a notorious Russian hacking group for another disruptive wiper attack. (CyberScoop) — Russia blocks access to the website of the State Department’s Rewards for Justice program. (The Record) — Inside TikTok’s plans to address U.S. national security concerns. (CyberScoop) Chat soon. Stay in touch with the whole team: Maggie Miller (mmiller@politico.com); John Sakellariadis (jsakellariadis@politico.com); and Heidi Vogt (hvogt@politico.com). ~~~~~
| | | | DOWNLOAD THE POLITICO MOBILE APP: Stay up to speed with the newly updated POLITICO mobile app, featuring timely political news, insights and analysis from the best journalists in the business. The sleek and navigable design offers a convenient way to access POLITICO's scoops and groundbreaking reporting. Don’t miss out on the app you can rely on for the news you need, reimagined. DOWNLOAD FOR iOS– DOWNLOAD FOR ANDROID. | | | | | | | | | Follow us on Twitter | | | | Follow us | | | | |
Comments
Post a Comment