Langevin resorts to cyber measures even as he walks out the door
representative Jim Langevin (DR.I.), one of the most important cyber lawmakers in history, is not running for re-election – but he still has work to do.
He sees the annual must-pass Defense Authorization Act as an opportunity to build in cybersecurity regulations that weren’t even on the radar when he first joined Congress two decades ago.
The final version of the bill could include a range of cybersecurity measures, including recommendations from the Cyberspace Solarium Commission, of which Langevin was a member.
Langevin has at least five Commission recommendations in mind for the bill to consider. These include programs to foster cybersecurity collaboration and intelligence gathering, as well as other proposals aimed at reshaping the way the US government thinks about cybersecurity and risk.
- Codifying the definition of the major types of critical infrastructure for US society. The Cybersecurity and Infrastructure Security Agency (CISA) was work on identification these entities.
- Establishing centers to study important issues such as open source software, industrial technology and network security.
- Established a cyber statistics bureau to collect, analyze and share cyber security data.
- Adoption of the Cyber Diplomacy Act to codify an International Cyberspace Policy Office within the Department of State. The department opened the long-awaited office this year, a move, Langevin said, “hits the right mark … but I want it to be made into law, lest it be changed by a future government or dropped in relation to its or.” can be downgraded importance.”
- Build a system for the US government to share sensitive cybersecurity information with the country’s key infrastructure entities. This proposal is in a execution of the bill that the full committee will be discussing tomorrow.
“For the remainder of my time in Congress, I am committed to advancing the Cyberspace Solarium Commission’s key recommendations, and this year’s NDAA is an excellent opportunity to do so,” Langevin said in an interview with The Cybersecurity 202.
The annual defense bill comes under scrutiny at a critical time. For months, CISA has been urging organizations to pull up their “shields” and prepare for potential cyberattacks in the wake of Russia’s war in Ukraine. While US organizations haven’t been hit by devastating public hacks recently, for more than a year, CISA and other federal agencies have been responding to a spate of ransomware that has hit hospitals, schools, small businesses, and other organizations across the country.
The Pentagon has also been busy. Regarding Ukraine, the US Cyber Command “has conducted a number of full-spectrum operations; offensive, defensive, [and] Information Operations”, US Cyber Command and NSA leader Gen. Paul Nakasone said Sky News this month.
Langevin announced in January that he would not be running for re-election this year, writing: “It’s time for me to embark on a new course that will allow me to stay closer to home and spend more time with my family and friends to spend.”
Cybersecurity has come a long way in the two decades since he joined Congress. Over the years, the US government has created and funded agencies to protect against cyber attacks and conduct hacking operations.
- “When I first came to Congress in 2001, the [defense authorization bill] didn’t even mention cyber or the internet,” Langevin said. “Now we have a whole department that deals with cyber-related issues, and so cyber is becoming more and more important,” he said, noting that funding followed, but oversight was also vital is.
In the more than 10 years since the US Cyber Command began operations, it has been involved in major operations such as hijacking a ransomware gang’s website, disrupting a massive botnet, and fighting election jamming.
Cyber Command and the National Security Agency are both headed by Nakasone, a four-star general. The debate over whether a leader with two hats should lead both has simmered for years. But Langevin is adamant that now is not the time to talk about how they are changing their structure.
“In terms of splitting the double hat, we’re nowhere near ready to talk about splitting the hat at all. Maybe that will happen one day, but right now there are such important synergies between the NSA and the US Cyber Command: one informs the other’s actions and makes it more effective,” Langevin said. “If I split the hat, I think we’ll fight with one hand behind our back.”
Georgia’s top election official is due to testify at today’s committee hearing on January 6
Georgia’s Secretary of State Brad Raffensperger (R) and his deputy, Gabriel Sterlingwill testify at an afternoon hearing being held by the House Committee investigating the January 6, 2021 attack on the US Capitol committee said. It appears to be part of the committee’s effort to link former President Donald Trump’s false claims that the election was stolen to threats and pressure on election officials — and ultimately the attack on the Capitol.
Raffensperger played a significant role in repelling Trump’s false claims that Georgia’s election was stolen. In a January call, Trump urged Raffensperger to “find” enough votes in the state to overturn President Biden’s victory, but Raffensperger resisted.
Raffensperger won a primary last month against a Trump-backed candidate. He “rejected Trump’s false allegations of voter fraud to anyone who would listen,” but he “also gained in part by courting Trump’s base with promises of tighter poll security,” wrote my colleague Amy Gardner.
US officials expect Russia will try to interfere in the midterm elections
Interference in this year’s midterm elections is still hypothetical, but officials worry that interference — or even the perception of interference — could increase fears of stolen elections and erode trust in electoral systems. CNNby Edward Isaac Dovere reports.
The Department of Homeland Security warned this month that Russia would “likely” try to undermine this year’s election in retaliation for the US government’s response to Russia’s invasion of Ukraine, according to a report by CNN. “We anticipate Russian interference in the upcoming 2022 midterm elections, as Russia views this activity as a just response to perceived actions by Washington and as an opportunity both to undermine the US’s global image and to influence US decision-making,” the statement said Report.
Jury convicts former Amazon Web Services engineer for hacking Capital One
The jury found Paige Thompson guilty of six computer hacking charges and one wire fraud charge, the Seattle Timesis Maya Miller reports. Capital One’s 2019 hack compromised 100 million credit card applications. The bank later agreed to pay $190 million in settlement for a class action lawsuit filed by customers. It also agreed to pay an $80 million fine to regulators.
“We are delighted with the verdict,” said the prosecutor Nick Brown said Mueller. “Hopefully it’s a good deterrent for other people like Ms. Thompson who are pretending to be hackers in good faith but are actually involved in something much more dangerous.”
The case depended in part on what it means when someone accesses a computer system “without authorization.” Mueller reported.
- After Thompson left Amazon Web Services, she searched for misconfigured accounts and posed as a user authorized to access them, prosecutors argued. Because she didn’t have express permission to access those accounts, she didn’t have the proper authorization, prosecutors said.
- Thompson’s attorney, on the other hand, argued “that Thompson’s actions were legal because the affected companies’ systems operated as programmed and anyone with access to a web browser could have taken the same actions as Thompson did,” Miller writes.
In Thompson’s words: Prosecutors “also used a sample of Thompson’s tweets, Slack messages, and chat forum posts to argue that she was a calculated hacker motivated by greed and not a noble ‘white hat hacker’ trying to Identify and patch vulnerabilities in organizations’ online defense mechanisms. ‘ Miller writes.
- CISA director Jen Osterly and energy manager to discuss Cybersecurity today at the EEI 2022 conference.
- Third way host order an event on China and the digital world Tuesday at 11 a.m
- Sen. Angus king (I Maine) speaks Wednesday at 10 a.m. at a Reagan Institute on foreign information operations
- The House Judiciary Committee has oversight Listen for the National Security Division of the Justice Department on Wednesday at 10 a.m
- Michael Brownwho leads the Pentagon’s Defense Innovation Unit, speaks at the Center for a New American Security on Wednesday at 12:30 p.m
- CISA Cybersecurity Advisory Council meets at 1 p.m. on Wednesday.
- White House Special Assistants Tim Wu and Peter Harell to discuss the Biden administration’s statement on the future of the internet at a Brookings Institution event Wednesday at 2 p.m
- The House Management Committee holds a hearing on the threats to democracy posed by disinformation on Wednesday at 2:30 p.m
- A panel of the House Homeland Security Committee considers a Listen on securing new technologies on Wednesday at 2:30 p.m
- The R Street Institute host an event on water management cybersecurity on Wednesday at 4:30 p.m
Thank you for reading. See you tomorrow.