White House cyber coordinator position might be eliminated

With help from Eric Geller and Martin Matishak

R.I.P. CYBER COORDINATOR? — National security adviser John Bolton and his aides are pushing to eliminate the White House cyber coordinator job, which oversees the U.S. government’s entire cyber policy agenda and leads interagency discussions on issues like encryption, election security and digital warfare, Eric reports. Rob Joyce, the current coordinator, is leaving the White House on Friday and returning to the NSA, where he spent nearly 30 years before joining the Trump administration. Current and former U.S. officials told Eric that Bolton’s deputy Mira Ricardel is interested in taking on the duties once Joyce leaves. While several sources said the decision was not final, one argued it was all but done. “There’s a serious concern on the [NSC] right now, particularly the [cyber team], of what the fate of their directorate is moving forward,” that source said. Morale on the team, they added, “is definitely low.”


Joyce, a widely respected expert, is leaving his role in part due to frustrations with how Bolton has approached the topic since taking over last month, two former officials said. Bolton, according to one source, does not consider cybersecurity a priority. “He’s not interested in it. He doesn’t see the point in it,” they said. Meanwhile, as MC previously reported, Josh Steinman, one of Joyce’s deputies who joined the NSC under Michael Flynn, spent months criticizing Joyce’s leadership and has been angling to replace him. The White House did not directly deny that Bolton was considering eliminating Joyce’s position. A spokesman said cyber remained “a key priority.”

People who served on the NSC cyber team were dismayed at the idea of abolishing the post, saying it was vital for a high-level White House official to wrangle all the agencies involved in cyber policy and resolve their sometimes conflicting perspectives. “Left to their own devices, the agencies will likely put themselves, their interests, and their authorities above others,” said Megan Stifel, who handled international cyber issues for the NSC.

Giving the cyber portfolio to Bolton’s deputy would substantially diminish the amount of attention it receives, experts said. The coordinator role is “a much more public-facing role [than other NSC team leaders] in a sector of national security that requires close coordination with the private sector, even far more so than incident response on the physical side,” said Rob Knake, a former cyber policy director for the NSC. Pros can read Eric’s story here.

HAPPY THURSDAY and welcome to Morning Cybersecurity! Alan Turing remains a hero of your MC host. Send your thoughts, feedback and especially tips to [email protected], and be sure to follow @POLITICOPro and @MorningCybersec. Full team info below.

FIRST IN MC: PRO ENCRYPTION BILL REVIVED — Rep. Zoe Lofgren today will reintroduce legislation that would prohibit the government from mandating U.S. companies build “backdoors” in their products for the purpose of surveillance. The resurrected Secure Data Act from Lofgren — along with fellow Democrats Jerry Nadler and Ted Lieu and Republicans Thomas Massie, Ted Poe and Matt Gaetz — would differ from versions of the bill introduced in the 113th and 114th Congress by prohibiting judges from issuing an order to create encryption backdoors, according to a House Democratic aide.

The lawmakers were part of a group that sent a letter to FBI Director Christopher Wray last month after an inspector general report raised new questions about the agency’s handling of a locked iPhone used by one of the San Bernardino, Calif., shooters and claims that the bureau can’t access nearly 8,000 encrypted devices. An FBI spokesperson recently told POLITICO that “a response will be provided to the members who sent” the April missive. Earlier this week Attorney General Jeff Sessions indicated that lawmakers may need to pass encryption-piercing legislation if tech companies don’t voluntary build backdoors in their products. “Ultimately, we may need Congress to take action on this issue,” he said.

SOMETHING TO WATCH FOR — DHS and OMB will issue new advice to agencies on topics like cloud migration and protecting important IT systems, a top official said Wednesday. “Over the next 30 days, both OMB and DHS will be sharing updated and enhanced guidance on cloud, Trusted Internet Connections, and high-value assets,” Federal Chief Information Officer Suzette Kent said at a Justice Department cyber conference. A Trusted Internet Connection is a connection between an agency’s network and the outside world, and DHS and OMB have been trying for years to reduce the number of TICs across the government and improve their security. Kent, who started as federal CIO in February, said the government needed to “create an environment where cybersecurity is constantly embracing new technologies and we’re constantly enhancing not only our policies and our practices but how we go about those implementations.”

The Trump administration is focused on moving as many systems to the cloud as is feasible and secure, but Kent said that before an agency makes the transition, it should establish clear goals ahead of time and communicate those to vendors for the best accountability. Kent also addressed the administration’s IT modernization report, saying that it was only the first stage of a long process. “We’re building a foundation to move the government back into a position of a technology leader, not a laggard behind industry,” she said. This will mean “creating and reinvigorating a culture of IT modernization and innovation that we can sustain.”

WHAT’S NEXT FOR CDM — DHS wants to change how it helps agencies monitor their networks for cyber threats, moving from an approach based on what the monitoring software is looking for to an approach based on the platforms being monitored. The agency has deployed its Continuous Diagnostics and Mitigation program across the government in phases: The first was dubbed “What is on the network?” while the second focused on “Who is on the network?” But at the DOJ conference on Wednesday, CDM program manager Kevin Cox said, “What we want to do is start to shift away from those phases and look at capability areas.” Future iterations of CDM might be tailored to functions like cloud security, mobile device security and network access control, he said. “As the threat evolves, as technologies evolve, we can issue a new capability area and work to get support out to” agencies using those technologies. DHS’ goal, he added, is to “get in a position to be able to keep up with” emerging threats.

IRAN MIGHT GO BIG, BAD ON CYBER — The pullout from the Iran nuclear deal might lead Tehran to increasingly target America’s most vital digital networks, as it did before the agreement, FireEye told MC Wednesday. “These efforts did not entirely disappear with the agreement, but they did refocus on Iran’s neighbors in the Middle East,” John Hultquist, director of intelligence analysis, said in an email. “With the dissolution of the agreement, we anticipate that Iranian cyberattacks will once again threaten Western critical infrastructure.” Another cyber firm, Recorded Future, anticipated that the attacks would take on a more reckless nature now, too.

FILLING IN THE DEFENSE BILL — The House Armed Services Committee on Wednesday began the marathon markup of its annual defense policy bill (H.R. 5515) by making quick work of a bunch of cyber-related amendments. Additions to the Emerging Threats and Capabilities subpanel portion of the sprawling measure include requiring the Defense secretary to submit a plan to Congress detailing how the Pentagon partners with universities and private industry on cyber education; directing DoD to brief lawmakers on the status of automated cyber defense capabilities, like the kind that detect malware; and briefing the committee on what the agency is doing protect autonomous systems from cyberattacks. Panel members also want a “detailed” brief on the security technologies the Pentagon uses to protect the official unclassified email and official unclassified mobile communications of its personnel. The bill was headed toward passage late Wednesday night.

SIX WITH ONE BLOW — A House Appropriations subcommittee on Wednesday approved a draft fiscal 2019 spending bill that the panel said would boost funding for the FBI and U.S. attorneys to fight cybercrime. It would also steer additional National Science Foundation funds for research into cybersecurity. The bill would require "agencies to conduct supply chain reviews before procuring sensitive information technology systems." It won approval by voice vote.

Elsewhere Wednesday, the House Foreign Affairs panel approved legislation (H.R. 5433) to create a bug bounty program at the State Department that invites ethical hackers to probe Foggy Bottom’s information technology in exchange for pay. The bill won approval as part of a solitary vote for a package of bills that received one voice vote. “I’m pleased by the excitement we’re seeing around ‘the Hack Your State Department Bill’ and appreciate the support of my colleagues on the House Foreign Affairs Committee,” sponsor Rep. Ted Lieu told MC in a statement. “Congress is coming around to recognizing that cyber vulnerabilities pose a unique and pressing threat to our national security.”

The House Energy and Commerce Committee also on Wednesday approved four cybersecurity bills — (H.R. 5175), (H.R. 5239), (H.R. 5240) and (H.R. 5174) — aimed at power supply, which we outlined in MC here. All four bills won approval by voice vote.

RECENTLY ON PRO CYBERSECURITY — The Senate Rules Committee plans to look at election security legislation once new chairman Roy Blunt finishes staffing his panel. … “The technical standards agency NIST today released an update to its landmark guidance on designing technology with risk in mind.” … The U.S. government is struggling to organize itself for cybersecurity, CIA Director pick Gina Haspel told senators at her nomination hearing. … Haspel also told senators she wouldn’t use products from Chinese telecommunications company Huawei. … Chinese telecom company ZTE is halting operations during a U.S. ban that it’s seeking to reverse or modify. … Huawei and ZTE also could face restrictions under a European Union push.

TWEET OF THE DAY — So do we think ISIS is mad that Russia stole good branding or …?

REPORT WATCH

— Cybersecurity pros in North America make about 50 percent more in salary than their peers in Europe and Asia, a new report out from threat management company Exabeam found. Compensation also tended to vary based on the size of the company, with firms of 101 employees are more having a median salary of $75,000 to $100,000, while smaller firms have a median salary of $50,000 to $75,000. Security professionals in the retail industry do best, while those in the education and telecommunications industries do worst, according to Exabeam.

QUICK BYTES

— “Indicted Russian firm tied to ‘Putin’s chef’ pleads not guilty in U.S. court.” The Washington Post

— House data breach legislation is ready to roll, pending leadership approval, its chief sponsor said. Inside Cybersecurity

— A food stamp recipient database is prompting hacking concerns. Nextgov

— Signal messages might not disappear like you think, at least for your Apple desktop. Motherboard

— “For the last year, Qatar and the United Arab Emirates have been leaking emails to journalists.” BuzzFeed

— A bike share service in Copenhagen was hacked. Motherboard

That’s all for today. And that “Turing Test” …

Stay in touch with the whole team: Bryan Bender ([email protected], @BryanDBender); Mike Farrell ([email protected], @mikebfarrell); Eric Geller ([email protected], @ericgeller); Martin Matishak ([email protected], @martinmatishak) and Tim Starks ([email protected], @timstarks).

Follow us on Twitter Heidi Vogt @HeidiVogt



Eric Geller @ericgeller



Martin Matishak @martinmatishak



Tim Starks @timstarks