Top State cyber official to exit, leaving myriad questions

With help from Eric Geller and Martin Matishak

STATE DEPARTMENT LOSES TOP CYBER OFFICIAL — The global cybersecurity community is still struggling to process the news that Christopher Painter, the Trump administration’s top cyber diplomat, will leave his State Department job at the end of the month, as Eric first reported on Monday. Painter, the coordinator for cyber issues at State, has been leading American delegations to international cyber meetings since 2011, negotiating joint agreements with other countries on issues like protecting critical infrastructure and developing cyber norms. “Chris has been a tireless defender of American interests in cyberspace,” Jason Healey, a senior cyber researcher at Columbia University, told MC, “flying hundreds of thousands of miles a year to push our views of freedom online, conduct countless bilateral meetings with allies and friends and [champion] international engagement in multilateral settings.”


“The U.S. government didn’t have many like Chris,” Healey said, “and his departure will be a major loss.” Painter previously served in top cyber roles at the National Security Council, the FBI and the Justice Department. He may return to DOJ, where he is technically an employee on detail to State. DOJ did not respond to a request for comment on his status. “Chris will be hard to replace,” said James Lewis, a cyber expert at the Center for Strategic and International Studies. “This will be an easy one to mess up.” Michael Sulmeyer, a former senior Pentagon cyber policy official, told MC that Painter accumulated invaluable experience in his previous jobs. “You weren’t just ‘working with State,’” he said of interagency meetings with Painter. “He and his colleagues understood the broader concerns and priorities of everyone else in the room.”

— WHAT’S NEXT AT STATE: Painter’s departure may complicate the State Department’s task of delivering an international cyber strategy to President Donald Trump by late September as part of his cyber executive order. Tim Maurer, co-director of the Cyber Policy Initiative at the Carnegie Endowment for International Peace, said the tight deadline made appointing a successor “an important and urgent task.” More generally, he said, the world needs U.S. cyber leadership: “The security environment continues to deteriorate while geopolitical tensions remain high and diplomatic efforts to tackle cyber threats are stalling or making only slow progress.” A State Department official said the agency “will continue to address and prioritize these important cyber issues.”

But Secretary of State Rex Tillerson is considering closing the cyber office or merging it with another office and downgrading the cyber coordinator’s rank, according to a source familiar with internal planning. “It’s a step back from everything done over the last ten years,” said the source, who added that Tillerson was also considering “limiting the number of people who work on cybersecurity” at State. “They basically gave [Painter] two weeks notice,” the source told MC. “It’s clear they’re thinking about reorganizing it. … Clearly they don’t think it’s that important.” A State Department spokesman did not provide a comment on the fate of the cyber office. Painter’s deputy, Michele Markoff, is also an experienced cyber diplomat. When MC reached her by phone, she declined to comment on her status. “If she leaves as well,” Healey said, “it might take State years to rebuild.”

Cyber policy experts urged Tillerson not to eliminate State’s dedicated cyber mission. Doing so “would mean the United States would be the only major country without a lead diplomat to discuss cyber norms and trying to reduce the ever-escalating cyberattacks we see around the world,” Healey said. The U.S. was the first country to create a high-level cyber diplomat role, and since then dozens of other countries have followed suit. “It is not just a shame if the U.S. were to surrender that leadership, but would mean the future internet will have more Russian and Chinese characteristics.”

HAPPY TUESDAY and welcome to Morning Cybersecurity! Your MC host’s name is always at the top of the World’s Greatest Cybersecurity Newsletter , but remember that I’m just the host. Writing it is a team effort, and some days (like today) the other names that provide “help” do most of the heavy lifting. So send your thoughts, feedback and especially tips to [email protected] , and be sure to follow @timstarks , @POLITICOPro , and @MorningCybersec . But always keep in mind the full team info that’s below.

TOP DEM WEIGHS IN ON NSA-CYBERCOM SPLIT — The Trump administration should proceed cautiously with a reported plan to split the “dual-hat” leadership structure that governs the National Security Agency and U.S. Cyber Command, according to Rep. Adam Smith. If the organizations are broken up “we need to ensure it is done the right way. We must avoid leaving either organization with diminished capabilities or creating institutional gaps that could endanger national security,” Smith, the top Democrat on the House Armed Services Committee, told POLITICO in an email statement.

Smith noted that while the fiscal 2017 defense policy bill called for the elevation of Cyber Command to a unified combatant command, lawmakers directed the GAO to study the risks and benefits of breaking up the two organizations. That assessment is still underway. Smith also emphasized a provision prohibiting the Defense secretary from ending the leadership arrangement unless he and the Chairman of the Joint Chiefs of Staff jointly determine and certify to Congress that doing so won’t impact the military effectiveness of the much-younger Cyber Command.

KEEP CALM AND ENCRYPT EVERYTHING — IBM claims it has come up with a new approach to mainframe security technology that will allow businesses of all shapes and sizes to encrypt their customer data, potentially signaling a new chapter in the policy debate that has gripped Washington for years. “The last generation of mainframes did encryption very well and very fast, but not in bulk,” Ross Mauri, general manager of IBM's mainframe business, told The Washington Post. The key to the strategy is utilizing new IBM Z mainframe that can run 12 billion encrypted transactions per day, tapping artificial intelligence for cryptography to make sure communications are scrambled and unbreakable at the same level the U.S. government trusts to transmit classified information, according to Wired. "So for any type of transaction system we can now get the safety that we’re all after, which just hasn’t really been attainable up to this point,” said Caleb Barlow, vice president of threat intelligence at IBM Security.

UPGUARD STRIKES AGAIN — UpGuard has been on a spree of demonstrating how major companies — like Verizon (via a vendor) or Booz Allen Hamilton — have left customer data exposed to the public. On Monday, the firm struck again , this time revealing that Dow Jones left data on millions of customers exposed via a cloud configuration that allowed “semi-public access.” Said UpGuard: “The revelation of this cloud leak speaks to the sustained danger of process error as a cause of data insecurity, with improper security settings allowing the leakage of the sensitive information of millions of Dow Jones customers. The data exposed in this cloud leak could be exploited by malicious actors employing a number of attack vectors already known to have been successful in the past.” A spokesman for Dow Jones told The Hill, “This was due to an internal error, not a hack or attack. We have no evidence any of the over-exposed information was taken.”

BATTLING BOTNETS — Internet service providers cannot be expected to singlehandedly defeat the armies of infected devices, known as botnets, that have plagued the internet for years, the cyber coordinating group for telecom companies argued in a white paper published Monday. “It is a fallacy to believe that any single component of the internet ecosystem has the ability to mitigate the threat from botnets and other automated systems,” the Communications Sector Coordinating Council declared. “While ISPs, as infrastructure owners and operators, play an important role in this ecosystem, so do the manufacturers of devices, developers of software, system integrators, edge providers, cloud service providers, and others.”

Fighting botnets, which are armies of infected devices that hackers can use to overload websites with traffic, is a key priority for the Trump administration’s cyber agenda. But early drafts of the president’s cyber executive order caught flak from telecom companies for singling out their industry in the botnet provision. The new white paper, which surveys the landscape of anti-botnet technologies and suggests areas for future research, offered the group a chance to fight back against the perception that it should be the primary line of defense against botnets and the digital security crises they can create. Only through a “concerted effort of all members of this ecosystem,” the CSCC said, will the world be able to “address fully the threats from bots and botnets.”

TRANSATLANTICISM — A European Parliament delegation hit D.C. Monday and will be here throughout the week, discussing cybercrime and protecting sensitive personal data. The Committee on Civil Liberties, Justice and Home Affairs will will meet with, among others, members of Congress and representatives from agencies like the Homeland Security, State and Justice departments. “Its objective is to obtain up-to-date information on the state of play and progress in the US on major topics” in the areas where the panel has jurisdiction.

TWEET OF THE DAY — A plea for cyber clarity!

PEOPLE ON THE MOVE

— Laura Jehl has joined BakerHostetler as a partner member of the privacy and data protection team, the firm announced Monday. She previously served as co-leader of Sheppard Mullin Richter & Hampton’s privacy and cybersecurity practice, and in the late 1990s and early 2000s led America Online’s response to numerous government investigations into privacy matters.

— Matthew McFadden will serve as CSRA’s cybersecurity service area director within its digital consulting group, the company announced Monday. He most recently worked as chief technologist for the company’s defense innovation cell.

QUICK BYTES

— The United Arab Emirates denies it was behind the disruptive Qatari hack. CBS .

— “Iranians charged with stealing U.S. software and reselling it in Iran.” POLITICO .

— New info’s out on a government-wide program to defend federal networks. FedScoop .

— FedEx says its full-year results will be damaged by a cyber attack last month. Reuters .

— A hacker allegedly made off with $7.4 million in a cryptocurrency with a simple trick. Motherboard .

— “Former AVG Executives Beef Up Cyber Security Investment Fund.” Reuters .

— Fortune has details about the new cyber startup, Awake Security.

— Tesla’s Elon Musk says that avoiding a fleet-wide hack is his company’s top security priority. Electrek .

— A security researcher found that it’s really easy to get into old MySpace accounts. The Register .

— One fifth of organizations suffer breaches because former employees still have access to networks, per OneLogin. Infosecurity Magazine .

— “Watch this extorted money get lost in the expanse of the blockchain.” Quartz.

— A British spy agency acknowledged that hackers have probably compromised U.K. energy sector targets. Motherboard .

— The BBC takes a longer look at the U.K. Parliament hack.

— Japan’s Defense Ministry is looking at an increase in its number of cyber troops. Japan Times .

That’s all for today. Here they are, just beneath!

Stay in touch with the whole team: Cory Bennett ([email protected], @Cory_Bennett); Bryan Bender (bbend[email protected], @BryanDBender); Eric Geller ([email protected], @ericgeller); Martin Matishak ([email protected], @martinmatishak) and Tim Starks ([email protected], @timstarks).

Follow us on Twitter Heidi Vogt @HeidiVogt



Eric Geller @ericgeller



Martin Matishak @martinmatishak



Tim Starks @timstarks