Once more, U.S. accuses Russia of high-profile hacking

With help from Eric Geller and Martin Matishak

CAN’T GET MUCH WORSE — The United States government on Monday, in conjunction with the United Kingdom, once again blamed Russia for a cyberattack on critical infrastructure, the latest of several recent accusations about the Kremlin’s cyberspace aggression. Paired with escalating tensions over Syria, the poisoning of a former Russian spy and more, the Trump administration that started with hopes of improved relations has degenerated severely. “Are we now entering not just a renewal of Cold War but are we also entering a cyber Cold War phase?” Malcolm Harkins, chief security and trust officer at cybersecurity firm Cylance, told MC. “That may be the case.”


The newest allegations center on Russian government hackers targeting routers and other “internet network devices” that control internet traffic. The U.S. and U.K. say Russia is trying to establish a foothold that could be used for espionage, intellectual property or even destructive cyberattacks. The hackers seek to exploit poor security practices rather than relying on undisclosed software vulnerabilities, according to a technical alert issued by the Homeland Security Department, FBI and the U.K.’s National Cyber Security Centre. “These factors allow for both intermittent and persistent access to both intellectual property and U.S. critical infrastructure that supports the health and safety of the U.S. population,” the alert reads.

Rob Joyce, the White House’s cybersecurity coordinator, left open the possibility of a wide range of responses, from sanctions to indictments to retaliatory cyber assaults. Christopher Painter, the former State Department cybersecurity coordinator, applauded the public finger-pointing: “There also needs to be follow through on the promise of imposing meaningful costs for disruptive behavior — and at least some should be public,” he tweeted. Others were puzzled in the opposite direction, wondering why the United States would call out Russia: There’s evidence that the U.S. conducts the same behavior it condemned Monday.

The Russian Embassy in the U.K., while not responding directly to Monday’s allegations, pointed to other warnings from U.K. officials about Moscow’s cyberattacks. “Given that in recent days the British media, instigated by official statements, has again started to exploit the issue of ‘cyberthreats from Russia’, impression grows that the British public is being prepared for a massive cyberattack by the U.K. against Russia, that will purport to be of a retaliatory nature, but would in fact constitute unprovoked use of force,” the embassy statement reads. “Russia is not planning to conduct any cyberattacks against the United Kingdom. We expect the British government to declare the same.”

HAPPY TUESDAY and welcome to Morning Cybersecurity! This would probably work. Send your thoughts, feedback and especially tips to [email protected], and be sure to follow @POLITICOPro and @MorningCybersec. Full team info below.

POLITICO Space is our new weekly briefing on the policies and personalities shaping the second space age. Sign up today.

JOYCE TO LEAVE WHITE HOUSE — Cyber policy experts reacted with dismay Monday as news broke that White House cybersecurity coordinator Rob Joyce was leaving his job. Joyce, the head of the National Security Council cyber unit, has completed his one-year detail to the council and will return to the NSA, where he spent 27 years before joining the Trump administration last March. The White House said he would remain at the NSC for a short period to manage the transition. His departure came six days after the resignation of his boss, homeland security adviser Tom Bossert, and one week into the tenure of Trump’s new national security adviser, John Bolton.

Joyce’s departure is “a huge loss for the White House,” said Andrew Grotto, who served on the NSC under former President Barack Obama and then briefly worked for Joyce as a senior director for cyber policy. Megan Stifel, a former NSC director of international cyber policy, said Joyce and Bossert’s departures “leave some large gaps in institutional knowledge and leadership in the critical half-decade of cyber.”

After leading the NSA’s elite hacking unit and helping lead the agency’s defensive arm, Joyce joined the NSC and, with Bossert, presided over a cyber agenda that largely continued the Obama team’s agenda. His biggest accomplishment was leading the codification and publication of the government’s process for deciding when to tell tech companies about digital flaws in their products, a system known as the Vulnerability Equities Process. He also helped the Trump administration call out Russia and North Korea for their malicious cyber activity, including Monday’s announcement about Russia’s cyberattacks on internet routers. And he regularly worked with DHS, the Office of Management and Budget and the intelligence community on issues ranging from election security to IT modernization.

The White House will struggle to find someone else capable of steering the cyber ship, according to some former officials. “Where will they go for candidates?” said one former NSC official. “It's not like the bench of senior people with meaningful experience in cyber policy was that deep to begin with, regardless of administration.”

FRAMEWORK WORK — The technical standards agency NIST on Monday published a major update to its popular cybersecurity framework, which helps organizations identify and mitigate security risks to their computer systems. Version 1.1 of the framework adds new language about verifying user authentication, setting up a vulnerability disclosure process and protecting one’s supply chain. NIST said in a statement that the new framework “demonstrates the benefits of public-private collaboration and reflects input received from hundreds of representatives in industry, academia, and government.” The agency will hold a webinar in two weeks to explain the new version.

“Today’s release marks an important evolution of the framework that will ensure it remains relevant as risk management practices change to keep pace with the threat,” Rep. Jim Langevin, co-founder of the Congressional Cybersecurity Caucus, said in a statement. “As demonstrated by the Russian government’s targeting of our election systems,” he added, “the cybersecurity threats to our critical infrastructure continue to evolve.” The U.S. Chamber of Commerce also praised the update. “NIST officials continue to do an admirable job convening many organizations to make the Framework a practical, living document,” wrote Matthew Eggers, the group’s vice president for cybersecurity policy.

FIELD TRIP — House Homeland Security Chairman Mike McCaul took time last week to swing by the Immigration and Customs Enforcement’s cyber crimes wing, the panel announced Monday. The Homeland Security Investigations Cyber Crimes Center works with law enforcement agencies at all levels — nationally and internationally — to provide digital support and training to combat cyber criminals on the web. The Texas Republican met with officials to discuss the center’s long-term goals and get an overview of its components, including the Child Exploitation Investigations Unit and the Computer Forensics Unit, according to the committee.

LOCK IT DOWN — NATO’s cyber hub next week will oversee the world’s largest “live fire” digital defense exercise. The Cooperative Cyber Defence Centre of Excellence will hold the annual exercise, dubbed Locked Shields, to help nations practice safeguarding national IT systems and critical infrastructure. The several day event will see the fictional country of Berylia come under coordinated cyberattacks against a major civilian internet service provider and a military airbase, which will severely disrupt the make-up of the nation’s electric power grid, 4G public safety networks, drone operation and other critical infrastructure components, according to the center.

RECENTLY ON PRO CYBERSECURITY — The White House’s Joyce attacked forthcoming European Union data regulations, saying they will make it easier for bad actors in cyberspace to hide. … The Energy Department announced $25 million in grants for next-generation technologies to protect the electricity grid against cyberattacks. … The Commerce Department is forbidding U.S. companies from doing business with Chinese telecommunications giant ZTE the same day the British National Cyber Security Centre issued a warning about the firm. … Democratic Federal Trade Commission member Terrell McSweeny plans to resign near the end of the month.

TWEET OF THE DAY — Forgive me, Siri, for I have sinned…

REPORT WATCH

— Nearly 3 out of 4 IT officials agree that investors are holding business leaders accountable for cyber incidents, according to a survey out today from Booz Allen Hamilton. But companies are dealing with a cyber workforce shortage in ways that can't continue forever, the management and IT consulting firm found: 56 percent are compensating with tools and software, 52 percent are training non-cyber employees to do the work, and 45 percent are asking their employees to work longer hours.

QUICK BYTES

— Facebook deleted cybercrime groups with almost 300,000 members. Krebs on Security.

— Russia blocked hundreds of thousands of Amazon IP addresses. Meduza.

— “Bangladesh eyes settlement in U.S. cyber heist suit ahead of its own case.” Reuters.

— John Bolton, the new national security adviser, will pick Joyce’s successor, said DHS Secretary Kirstjen Nielsen. CyberScoop.

— DHS offered some insights on the Cyber Storm exercise.

— “Microsoft Turns to Old Enemy Linux to Solve Vexing Tech Threat.” The Wall Street Journal.

— Six-digit iPhone passcodes aren’t good enough anymore, Motherboard writes.

— “Intel's security light bulb moment: Chips to recruit GPUs to scan memory for software nasties.” Register.

— Atlanta City Council members lost data in a ransomware attack on the city. Reporter Newspapers.

— Seth Rogen doesn’t believe North Korea hacked Sony in 2014. The Daily Beast.

— The director of technology policy at the Niskanen Center said that Facebook needs to do more to disassociate itself from Russian election interference. National Review.

That’s all for today.

Stay in touch with the whole team: Cory Bennett ([email protected], @Cory_Bennett); Bryan Bender ([email protected], @BryanDBender); Eric Geller ([email protected], @ericgeller); Martin Matishak ([email protected], @martinmatishak) and Tim Starks ([email protected], @timstarks).

Follow us on Twitter Heidi Vogt @HeidiVogt



Eric Geller @ericgeller



Martin Matishak @martinmatishak



Tim Starks @timstarks