“Events sometimes drive these things,” said Norton — now an adjunct professor for national security studies at Johns Hopkins University — observing that one of the occasions when cyber came up in the presidential debate was when Chinese President Xi Jinping was preparing a high-profile visit. Another big hack might also push cyber into the spotlight again.
TPP text released
With help from Joseph Marks and David Perera
WHY HASN’T CYBERSECURITY TAKEN ROOT IN THE PRESIDENTIAL CAMPAIGN? — We’ve been asking this question as there have been some fleeting discussions during some of the presidential debates, but the mentions have slowly ebbed from even that low bar. One answer: It’s hard.
“It’s a complex topic,” Steve Morgan, founder and CEO of Cybersecurity Ventures, told NBC News, which asked the same question. “It’s like quicksand: Once they step into it, they’re going to sink. They just aren’t equipped to talk about it.” That echoes what we’ve been told by cyber experts.
Another explanation: Because debate moderators haven’t brought it up much — so it’s on the media to press the candidates on their cyber positions. James Norton, who once served in the Department of Homeland Security’s office of legislative affairs, told MC that he still thinks cybersecurity can take root in the 2016 race, depending on whether politicians recognize it as a potentially winning issue with millennials, who are more in tune with the digital world.
And: “Events sometimes drive these things,” said Norton — now an adjunct professor for national security studies at Johns Hopkins University — observing that one of the occasions when cyber came up in the presidential debate was when Chinese President Xi Jinping was preparing a high-profile visit. Another big hack might also push cyber into the spotlight again.
TPP TEXT REVEALED: The Obama administration has released the text of the Trans-Pacific Partnership agreement, according to our friends at Pro Trade. An administration summary of the deal says TPP would encourage cooperation on cyber threats and countries would establish criminal procedures for trade secret cyber theft. Read the full text here: http://1.usa.gov/1Pbxeru
HAPPY THURSDAY and welcome to Morning Cybersecurity! You know what they say about the fox guarding the penguinhouse (trigger warning/spoiler alert — story will be sad for penguin lovers): http://bit.ly/1MB2lWV Send your thoughts, feedback and especially your tips to email@example.com and follow @timstarks, @POLITICOPro and @MorningCybersec . Full team info is below.
WILSON, LIEU INTRODUCE SPY CAR STUDY ACT — Reps. Joe Wilson and Ted Lieu plan to introduce legislation today mandating a study of the appropriate cybersecurity standards for cars sold in the United States, including methods to isolate critical software systems inside cars and to shut out malicious code. The SPY Car Study Act is considerably less ambitious than Senate legislation introduced in July by Sens. Ed Markey and Richard Blumenthal. That bill, known as the Security and Privacy in Your Car, or SPY Car, Act, would mandate basic cybersecurity standards for new cars manufactured in the U.S. and would require the cars to carry a label describing their cybersecurity bona fides. In a statement provided to MC, Wilson said he’s proposing the study bill because “it is irresponsible to mandate changes in a developing field before accurately assessing the situation.”
The House bill would also require a study of best practices to ensure the privacy of driver information. Both bills come in the wake of reports about cyber vulnerabilities in cars, most notably a July exploit by cyber researchers Charlie Miller and Chris Valasek in which they remotely hacked into a Jeep Cherokee and brought it to a stop on a St. Louis highway. The bill: http://bit.ly/1NQHulT
HOUSE-SENATE DISPUTE OVER EXISTING DHS INFO SHARING — House Homeland Security Chairman Mike McCaul is worried about a provision in the Cybersecurity Information Sharing Act that he said could cut off existing information sharing through the Department of Homeland Security that’s authorized by a law he sponsored last year. The Senate bill puts DHS "on sort of a probationary status" until it gains certification for an information sharing process, McCaul said Tuesday at the Council on Foreign Relations. http://politico.pro/1GMtJ8n
McCaul, the sponsor of a House-passed cyber info sharing bill, expects the issue can be resolved in conference negotiations, but not everyone sees it as a problem. A source familiar with the Senate bill told MC that there’s “no conflict” between the bills. “CISA requires the Department of Homeland Security to create an information sharing pathway. It is generally expected that DHS will do so at the NCCIC, which was formally codified by the legislation that Mr. McCaul references,” the source said, referencing DHS’s National Cybersecurity and Communications Integration Center. “But his legislation did not authorize the type of sharing that CISA allows — if it did, there would be no need for this new information sharing legislation.”
Speaking at the same event, Homeland Security Secretary Jeh Johnson said CISA and the McCaul bill are in harmony on one key element, namely in elevating DHS as an information sharing portal.
DHS PRIVACY ASSESSMENT ON INFO SHARING INITIATIVE HITS THE STREETS — In a little-noticed move, DHS last week posted a privacy impact assessment of its Automated Indicator Sharing initiative, which is meant to “enable the timely exchange of cyber threat indicators among the private sector and government departments and agencies” — a sort of pre-CISA. The study was prompted because some personally identifiable information might be shared via the initiative, the assessment notes. Read it here: http://1.usa.gov/1H9Odba
JOHNSON TALKS WEED AND CYBER WORKERS — When a questioner pressed Homeland Security Secretary Jeh Johnson at CFR’s event Wednesday on whether the department was shutting out some of its most promising cyber hires with restrictive background requirements and drug policies, Johnson acknowledged the questioner was “making a decent point.” Johnson went on to say that “speaking for myself, if somebody comes to me and says, ‘I’ve never smoked a joint in my life or taken … any illegal drug,’ I’d say, ‘Are you sure?’” and that “a moderate, minimal use is kind of within the range of normalcy in one’s life experience.” FBI Director James Comey acknowledged that government policies on past marijuana use are sometimes a barrier to hiring. Background: http://politi.co/1GMrB0y
** A message from Northrop Grumman: Today’s enemy threats have taken on forms like never before. That’s why our full-spectrum cyber capabilities enable our military to tackle challenges at the push of a button. See how at http://bit.ly/1LenDw5 **
DHS WANTS TO SELL YOU SOMETHING — Want to test your employees’ cyber savvy like the nation’s top civilian cyber agency does? Then try out this “neat little exercise” Johnson described during Wednesday’s CFR event. “We send out these test emails to people to see if they will open them,” Johnson said. “There was one that went out to a large number of people [that said] ‘Free Redskins tickets; click here.’ And the attachment says show up in room 120 or whatever it is on Monday, Nov. 2, for your free Redskins tickets. So a lot of people showed up and then got a cybersecurity lecture.” Johnson’s description got a laugh, but he closed with a lesson: “I can’t stress enough that cybersecurity is a hugely complex subject, but there’s a real basic element of education you can give to people about the hazards of spear phishing.”
FARENTHOLD HITS BACK ON ASBESTOS BILL AND ID THEFT — Wednesday’s Morning Cybersecurity spotlighted a letter to leaders of the Congressional Cybersecurity Caucus from a number of advocacy groups opposing legislation introduced by caucus member Rep. Blake Farenthold, the Furthering Asbestos Claim Transparency Act. The groups said the bill could enable identity theft. Farenthold, in a response to MC, labeled the letter a “B.S. move by trial lawyers” and denied any potential for ID theft. “My first and only concern is for the victims and making sure that there is enough money in the trust for those who need it,” he said in an emailed statement. “The claim that this bill will threaten victims’ privacy is absolutely false. The FACT Act forbids any disclosure of confidential medical records. Further, federal bankruptcy courts zealously guard asbestos victims’ personal information, and they will ensure that reports filed under the FACT Act are properly protected.”
-- CONGRESSIONAL CYBERSECURITY CAUCUS ALSO COUNTERS — Caucus co-chairs Reps. Jim Langevin and Mike McCaul are none too happy with the coalition of advocacy groups that sent the letter to them decrying Farenthold’s legislation. “We regret that you chose to write this letter without taking the time to familiarize yourselves with the Caucus,” reads a letter sent Wednesday afternoon in response. The Cybersecurity Caucus maintains a bipartisan membership by eschewing specific policies or positions, and by not supporting or opposing specific legislation, the letter notes. Rather, it is an impartial “space for discussion and education,” McCaul and Langevin wrote. “In the future, we invite you to discuss your concerns and desires regarding the policy positions of particular members of Congress with those members directly, rather than implicating a neutral forum,” the letter concludes. Read the letter: http://politico.pro/20vfpYs
McCAUL BILL CALLS FOR UPDATE ON INTERNATIONAL CYBER STRATEGY — Recent legislation introduced by McCaul would require a review of everything the State Department has done so far to support its 2011 International Strategy in Cyberspace along with an action plan “to develop the norms of responsible international behavior in cyberspace.” The bill was first posted online Wednesday. The report would also look at other nations’ views of cyberspace norms and the major cyberthreats to U.S. public and private infrastructure. The State Department has been pressing a series of cyberspace norms, or peacetime “rules of the road,” including that nations shouldn’t launch destructive attacks against each other’s critical infrastructure and that they shouldn’t hack for the economic gain of their companies. The bill: http://1.usa.gov/1MJciId
CHINA STRIKES AGAIN (BY NOT STRIKING) — FireEye CEO Dave DeWalt is blaming China in part for a corporate growth slowdown. The security company disclosed a third-quarter loss of $135.5 million, or 88 cents a share, on sales of $165.6 million, notes MarketWatch. The company is also downwardly revising its annual revenue projections to between $620 million and $628 million, from $630 million and $645 million. DeWalt told MarketWatch that attacks from Chinese groups have slowed down amid cybersecurity talks between the U.S. and China, leading to shorter contracts and smaller deals. More: http://on.mktw.net/20vgnDU
TOOLS YOU CAN USE: POLITICO PRO CONGRESSIONAL DIRECTORY – Not Mr. Smith’s 1930s Rolodex. Did you know that POLITICO Pro subscribers have full access to Pro’s Congressional Directory as part of their subscriptions? From staffer issue areas, to work and education history, party, committee affiliations and/or caucuses — Pro users have all the details they need to build strategic relationships in one, easy-to-use tool. Interested in becoming a Pro and having full access to the Congressional Directory? Schedule your demo today.
— In a survey of 276 board directors and C-level company officers, 89 percent said they believe that companies should be held liable if they don’t make reasonable efforts to secure data, Veracode and NYSE Governance Services discovered. The Federal Trade Commission’s action against Wyndham hotels influenced 44 percent of them in their discussions about corporate liability on cyber. The full survey is out this morning.
— The House Oversight and Government Reform Committee gave out poor grades to federal agencies on implementing FITARA: http://1.usa.gov/1WB8FU6
— The hackers who went after CIA Director John Brennan’s personal AOL account are targeting other U.S. officials. Motherboard: http://bit.ly/1MAZDkg
— “Lethal cyber weapons have arrived.” NextGov: http://bit.ly/1QenoEO
— The British Parliament announced an inquiry into the TalkTalk hack. The New York Times: http://nyti.ms/1ku8MVo
— John McAfee got a tattoo for his presidential campaign. Forbes: http://onforb.es/1WAZrHo
View Original Article Here