THE KEY

Long-shot presidential candidate Rep. Seth Moulton (D-Mass.), has an unusual comeback to President Trump's demands for a border wall: Build a "cyber wall" for the country instead.

The big idea, as Moulton explained to me this week, is that a physical structure that extends across the border with Mexico won’t actually do much to protect the nation’s security -- but a dramatic government investment in digital security instead to protect the nation in cyberspace would make a big difference.

“The cyber wall is investing money in protecting our country, our infrastructure, our economy from cyberattacks … from Russia meddling in our election and China stealing our business ideas and military secrets and from terrorist organizations like ISIS that are using the Internet to recruit followers online,” Moulton told me.

He's thinking an influx of about $50 billion annually for cybersecurity across the government would do the trick. That’s about a threefold increase over the Trump administration’s 2019 budget request for government and civilian cybersecurity programs. And the extra cash would go toward improving digital protections for government agencies and making the Defense Department better at offensive hacking, Moulton told me.

The money for those cybersecurity investments would come from canceling Trump’s border wall, he told me, and also reducing traditional military spending. He recommends cutting the size of the military and slashing money spent on tanks, aircraft carriers and modernizing the nation’s nuclear arsenal in order to better prepare for what he considers the threats of the future.

The former Marine Corps officer who served four tours in Iraq would also “seriously consider” launching a military “cyber force." That's basically a military service on the same level as the Army, Navy and Air Force for cyber warriors, he told me. And he’d similarly consider launching a Cabinet-level civilian government agency focused solely on cybersecurity.  

“The problem is we just don’t know who’s really responsible now,” Moulton said. “There’s a lot of confusion in the federal government as to who actually bears responsibility for different aspects of cybersecurity.”

The "cyber wall" is one of the boldest cybersecurity proposals of the 2020 campaign trail so far -- and, of course, quite the metaphor. 

But the moniker has taken a lot of flak from security pros who consider it either simplistic or meaningless in the asymmetrical battle with hackers who can never be fully blocked from finding a way into their targets' computer networks.

Here’s Jake Laperruque, a senior counsel at the Project on Government Oversight who focuses on technology and surveillance policy:

And Sergio Caltagirone, a vice president for threat intelligence at the cybersecurity firm Dragos:

But Moulton is happy to defend the analogy as a simple way of talking about a complex topic -- and making cybersecurity an issue voters can understand and appreciate. 

“It’s a simple metaphor, but it refers to a complex defense,” he told me. “It definitely strikes [voters] as something new,” he said. “The response is an enthusiastic nodding of the head, but also with an ‘uh hunh.’ They’re not hearing this from everybody else, and it’s a smarter way to look at the challenges we’re facing.”

And piggybacking off Trump’s border wall, Moulton told me, can only help. “Using the metaphor of a wall says, ‘This is something we truly do need to stop from coming into our country,’ ” Moulton said, drawing a contrast with immigrants migrating across the southern border, which most Democrats say presents far less of a threat than Trump claims.

“We are literally getting attacked through the Internet every single day but, because it happens in the shadows, Americans don’t feel the effects until their credit card [information] gets stolen,” Moulton told me. “It’s important to remind the country how serious a national security threat this is.”

Still, metaphors have a spotty history as a way of explaining cybersecurity threats to the broader public.

In 2012, top government officials including then-Defense Secretary Leon Panetta warned of a coming cyber Pearl Harbor or cyber 9/11 — basically an attack of huge magnitude that would change the American way of life.

By 2015, though, they were warning that a 9/11-style cyberattack was unlikely and there was a general sense that the focus on a massive attack that was still to come had distracted the public’s attention from the thousands of smaller attacks that were pummeling American businesses and consumers.

More recently, cyber pros and companies have used the metaphor of maintaining "good hygiene" to describe the basic protections and practices that guard against those daily cyberstrikes.

And in Moulton's case, his focus on cybersecurity -- which also includes supporting more election security funding for states, mandating that elections use paper ballots, and signing a pledge not to campaign using hacked and leaked material about his opponents -- has not exactly translated into high poll numbers. 

He’s polling at less than 1 percent in the majority of national polls and was one of three candidates who didn’t qualify for the first Democratic debates later this month.  

PINGED, PATCHED, PWNED

PINGED: A new United Nations report recommends governments should put a “moratorium” on the sale of commercial surveillance tools called spyware until there are rules governing how governments and other customers can use those tools without violating human rights, according to a report by Reuters's Tom Miles.

“Surveillance of specific individuals — often journalists, activists, opposition figures, critics and others exercising their right to freedom of expression — has been shown to lead to arbitrary detention, sometimes to torture and possibly to extrajudicial killings,” David Kaye, the U.N. special rapporteur on freedom of expression, wrote.

NSO Group, an Israeli company that produces the Pegasus spyware, objected to the report, telling Reuters that it has a “high bar” for customer use and is “not a tool to be weaponized against human rights activists or political dissidents.” Kaye noted, however, that government oversight of spyware “hardly exists” and there is an “extraordinary risk of abuse.”

In a related story Wednesday, the Guardian reported that its reporters were targeted with spyware by a group inside Saudi Arabia after reporting on the murder of Washington Post journalist Jamal Khashoggi. The CIA has concluded that Saudi Crown Prince Mohammed bin Salman ordered Khashoggi’s assassination.

PATCHED: Moderate Democrats are hoping to redirect their party’s interest in impeaching Trump to election security instead, Politico’s Sarah Ferris reported Wednesday. Lawmakers in the Democrats’ Blue Dog Caucus hope that by focusing on election security concerns raised by the report from special counsel Robert S. Mueller III, they can steer clear of the more politically charged obstruction of justice portions of the report that are driving many of their colleagues to call for impeachment, Sarah reports.

The group has agreed to endorse nearly a dozen bipartisan election security bills and will unveil their plans at a Friday news briefing, Sarah reports.

“We haven’t been talking about the fact that we were attacked by a foreign adversary,” Rep. Abigail Spanberger (D-Va.) told Sarah. “If we’re only talking about allegations of conspiracy and all of the other discussion topics [in the Mueller report], then we’re leaving out a really important element.”

PWNED: About half of Americans are “extremely or very concerned” about foreign interference in the 2020 election, the Associated Press’s Eric Tucker and Emily Swanson report, citing a poll AP conducted with the NORC Center for Public Affairs Research. Their concerns include that foreign hackers will alter election results or undermine voting systems, the AP reports. The respondents also cited concerns about “hacking candidate computer systems to steal information.”

Democrats are more likely to be concerned about election interference than Republicans, but respondents from both parties expressed fears, according to the poll, which was conducted two months after the Mueller report, which detailed an expansive Russian effort to undermine the 2016 contest, and to help the Trump campaign and damage Hillary Clinton’s campaign.

PUBLIC KEY

-- Washington Gov. Jay Inslee’s presidential campaign is protecting itself against digital attacks using Microsoft’s new 365 for Campaigns product. The announcement, which came via Microsoft, makes Inslee’s campaign the first among the presidential hopefuls to offer product-level details about its digital protections.

The product, which Microsoft officially launched Wednesday, includes digital protections, such as encrypting data and locking devices with a PIN code — many of which the Democratic National Committee recommended to campaigns in a cybersecurity checklist this year. Microsoft told me other campaigns are also buying the product but declined to name names.

Microsoft got Federal Election Commission approval last year to offer campaigns cybersecurity services at a steep discount without it counting as a campaign contribution — partly because it offers a similar price model to schools and nonprofit organizations.

— More cybersecurity news from the public sector:

Legal Issues
The fired aide carried out the largest known theft of electronic data in U.S. Senate history.
Spencer Hsu
The US's largest election equipment manufacturer has begun quietly lobbying Congress to force all voting equipment to create a paper trail, a sharp departure after years of selling paperless digital machines that can't be fully audited.
CNN
National
A Florida city agreed to pay $600,000 in ransom to hackers who took over its computer system, the latest in thousands of attacks worldwide aimed at extorting money from governments and businesses
AP
A Senate committee on Wednesday advanced legislation aimed at securing government-purchased devices against cyber threats, a move that comes just weeks after a companion bill moved forward in the House.
The Hill
The department seeks a new platform to identify people using fingerprints, irises and faces, and eventually DNA, palm prints, scars and tattoos.
NextGov
PRIVATE KEY

Cybersecurity news from the private sector:

The debt collection agency responsible for a data breach that compromised information on at least 20 million people has declared bankruptcy.
CyberScoop
Florida ad agency leaks the keys to its entire kingdom, including invoices, campaign metrics, and all collected data.
ZDNet
Cybersecurity is a year-round concern for the league, but big events like the draft bring a heightened focus on keeping data locked away.
Wall Street Journal
Google's Private Join and Compute will let companies compare notes without divulging sensitive information.
Wired
THE NEW WILD WEST

-- Researchers at Symantec have spotted something interesting: A major hacking group named Turla appears to be stealing computing power from another nefarious hacking group known as APT 34 to launch its attacks. Turla is using that infrastructure to hack "governments and targets in the IT and education sectors across the Middle East, Europe, South Asia and Latin America," Symantec found.

Other researchers have attributed Turla to government-backed hackers in Russia and APT 34 to Iran. You can read more here

More cybersecurity news from abroad:

Vice president Hamilton Mourao welcomes infrastructure investment despite US requests to exclude the Chinese giant from its 5G suppliers.
ZDNet
ZERO DAYBOOK

 Coming up:

  • The House Administration Committee will mark up HR. 2722, the Securing America's Federal Elections Act, on Friday at 9 a.m. 
  • The House Homeland Security Committee will host a hearing on Artificial Intelligence and Counterterrorism on June 25 at 10 a.m.
  • The House Homeland Security Committee will bring in representatives from Facebook, Google, and Twitter to discuss their company's efforts to address terror content and misinformation on June 26 at 10 a.m.