Trump, Putin set to meet one-on-one

With help from Eric Geller, Martin Matishak and Brianna Milord

TEN DAYS AWAY — President Donald Trump will meet privately with Russian President Vladimir Putin during their highly anticipated summit July 16, a senior administration official told reporters Thursday. “The president has determined that now is the time for direct communication,” the official said. After the one-on-one session, the two leaders will hold meetings with delegations of senior officials. The White House tried to keep expectations for the summit in check, with the senior official telling reporters that “there are a lot of issues to be discussed.”


Cybersecurity experts and interested lawmakers will be closely watching the meeting for signs that Trump either pressed Putin on Russian cyberattacks or re-embraced the Kremlin’s talking points about the election meddling story being a hoax. During their previous meeting in November, Trump and Putin discussed the 2016 election meddling, and Putin repeatedly argued that Russian hackers were too smart to get caught. Trump told reporters afterward that he thought this explanation made sense.

Trump and Putin are expected to discuss not only the 2016 cyberattacks, but also opportunities to cooperate on catching cyber criminals. Russia and the U.S. have all but ceased cooperating in this area, but a senior Russian official said this week that cybercrime could come up “as a bilateral relations issue.” It’s unclear whether Trump will press Putin on Russia’s refusal to extradite alleged cyber criminals charged in U.S. courts, or whether he will urge Putin to abandon his attempt to undercut a key cybercrime treaty.

The summit will follow a visit to Moscow by a delegation of Republican lawmakers who held what Sen. John Kennedy called “no-holds-barred” discussions with Russian officials. During the meetings, Kennedy told reporters, he “asked our friends in Russia not to interfere in our elections this year.”

HAPPY FRIDAY and welcome to Morning Cybersecurity! Take THAT, soccer. Send your thoughts, feedback and especially tips to [email protected], and be sure to follow @POLITICOPro and @MorningCybersec. Full team info below.

WATCH THIS SPACE, MAYBE — Trump’s tweet earlier this week that tried to tie the NSA’s decision to delete years of call records wrongly collected under the Foreign Intelligence Surveillance Act to special counsel Robert Mueller’s investigation has, thus far, failed to spark the level of bipartisan controversy he often generated in the past when chiding the U.S. intelligence community.

But the Fourth of July holiday didn’t stop some from weighing in. “If the President wanted to know what happened, which was self-reported by the NSA, he could ask,” Rep. Adam. Schiff, the top Democrat on the House Intelligence Committee, tweeted. “Instead he watches TV and tweets nonsense, as if he’s a Fox pundit, and not head of the Executive Branch.” A spokeswoman for Sen. Mark Warner, the ranking member on the Senate Intelligence Committee, said: “It’s disturbing that the President seems to get his information from cable television, and not from his own intelligence experts.”

It’s unclear if Trump’s tweet was a one-off or the beginning of a new tirade against intel agencies. During efforts to renew a different section of FISA, he routinely implied it had been used to spy on his aides during the 2016 election, a claim for which the president has provided no evidence.

ENGINEERING DIGITALLY — The Pentagon on Thursday issued guidelines detailing how the agency will use digital engineering to build and maintain the country’s defense systems. The Digital Engineering Strategy lays out five goals, some of which touch on cyber, including creating and protecting IT infrastructures that foster collaboration. “Given the amount of information residing in models, the DoD must mitigate cyber risks and secure digital engineering environments against attacks from internal and external threats,” the new report states. DoD “will integrate cybersecurity into all phases of digital engineering planning and execution,” it adds. The services “should develop corresponding digital engineering implementation plans during 2018 to ensure the department advances this timely,” wrote Michael Griffin, undersecretary of defense for research and engineering.

BIG UH-OH FOR NSO — The Israeli spyware firm NSO Group has sold its surveillance malware to a wide range of governments, but now the company itself has become the victim. An NSO Group employee stole his company’s software and offered it up on the dark web, Israeli media outlets reported Thursday. The stolen material included the source code for NSO Group’s tools, which would enable sophisticated actors to reverse-engineer and thwart the software’s capabilities. The rogue employee asked for $50 million in cryptocurrency in his dark web advertisement, but CyberScoop reported that NSO Group valued the stolen code at “hundreds of millions of dollars.” NSO Group managers told the employee in April that they were about to fire him, the Israeli paper Haaretz reported. The government indicted him last week, and a court unsealed the indictment on Thursday. Police arrested him shortly after he spoke with a potential buyer, who reported the theft to NSO Group.

ULTIMATE WEAPON OR ‘NOT MUCH TO SEE HERE?’ — A former top defense and intelligence official contended Thursday that the most alarmist estimates of cyber weapons emphasize the wrong dangers. Joseph Nye, a former assistant defense secretary and chairman of the National Intelligence Council, said the “cyber Pearl Harbor” premonition of cyber weapons wreaking widespread damage including loss of life have yet to come to fruition. “Thus far, however, cyber weapons seem to be more useful for signaling or sowing confusion than for physical destruction — more a support weapon than a means to clinch victory,” Nye, now a Harvard University professor, wrote. The U.S. doctrine of retaliating to a cyberattack with either cyber or physical weapons might explain the lack of such devastating assaults. “Then again, maybe we are looking in the wrong place, and the real danger is not major physical damage but conflict in the gray zone of hostility below the threshold of conventional warfare,” Nye wrote. As such, the United States might need to take more modest measures, from diplomacy to training state and local government officials, he argued.

PREVENTING PHONE PHISHING — DHS announced a plan Thursday to ramp up mobile phone protections against phishing schemes in a project available to both government and the private sector. The department touted the new phishing protection feature as the first of its kind to block malicious mobile attacks designed to steal users’ personal information and install destructive malware. The partially DHS-funded system, Lookout Mobile Endpoint Security, will alert users in real time of phishing attacks that can hide in text messages, mobile apps, social media messages and emails, according to the announcement.

The new mobile threat protections come as a response to the rapid growth of mobile device and app use. The anti-phishing technology, now available for both Android and iOS systems, will combat vulnerabilities in mobile technologies by ensuring that devices also “have mobile endpoint security that alerts IT and security personnel to potential attacks,” Vincent Sritapan, the DHS Science & Technology directorate’s mobile security research and development program manager, said in a statement. “Simply managing a mobile device is not enough to protect sensitive government information,” Sritapan said. “Without proper mobile security, agencies cannot adequately protect against data compromises.”

RECENTLY ON PRO CYBERSECURITY — Tracy Mitrano, who bills herself as a cybersecurity expert, won a five-way Democratic primary for a congressional district in New York... "The Bank of England, its Prudential Regulation Authority, and the Financial Conduct Authority today published a discussion paper on the financial sector’s operational resilience in the face of new technologies and cyber threats."

TWEET OF THE DAY — I mean, some hackers may also be wizards.

QUICK BYTES

— German security services raided the homes of board members of a nonprofit group that supports anonymity projects. ZDNet

— Chinese telecom company ZTE replaced more executives as part of its deal with the U.S. The Wall Street Journal

— Motherboard seeks documents on an iPhone hacking tool based on leaked emails, then gets leaked emails about law enforcement trying to hide the documents.

— Someone’s been paying Indian and Indonesian bloggers to downplay Trump’s Russian business ties. Daily Beast

— The Pirate Bay is using cryptocurrency mining code without informing users. HackRead

— A Japanese man who became the first sentenced for using the Coinhive Javascript library for malicious reasons made $45. Bleeping Computer

That’s all for today. Not that the NBA is doing much good for your MC host lately.

Stay in touch with the whole team: Mike Farrell ([email protected], @mikebfarrell); Eric Geller ([email protected], @ericgeller); Martin Matishak ([email protected], @martinmatishak) and Tim Starks ([email protected], @timstarks).

Follow us on Twitter Heidi Vogt @HeidiVogt



Eric Geller @ericgeller



Martin Matishak @martinmatishak



Tim Starks @timstarks