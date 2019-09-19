House Homeland Security Committee chairman Bennie Thompson, D- Miss.

THE KEY

With a new official set to take the reins of the Trump White House’s national security strategy, some Democratic lawmakers are pushing for cybersecurity to get more top-level attention.

Just hours after President Trump named former hostage negotiator Robert C. O’Brien as his new national security adviser, House Homeland Security Committee Chairman Bennie G. Thompson (D-Miss.) and Sen. Mark Warner (D-Va.), the top Democrat on the Senate Intelligence Committee, both called on O’Brien to reinstate the White House cybersecurity coordinator role eliminated by O’Brien’s predecessor, John Bolton.

An aide for Sen. Gary Peters (Mich.), the ranking Democrat on the Senate Homeland Security Committee, told me he also supports restoring the position

By eliminating the cybersecurity coordinator’s job while the government is struggling to repel Russian efforts to hack the 2020 election, Chinese theft of American companies’ intellectual property and a surge in private-sector data breaches, Bolton and Trump left the nation dangerously underprotected, the lawmakers said.

“One of the worst decisions Mr. Bolton made right when he started in the White House was to get rid of the cyber coordinator position,” Warner said in a statement. “It showed a lack of seriousness in tackling the immediate national security threats facing our country and would be one of the first decisions I would recommend Ambassador O’Brien reverse.”

Thompson said that "with cyber threats becoming more sophisticated and growing by the day, including the persistent threat to our election systems, there is no reason that the White House should have allowed this position to be eliminated."

Bolton’s stated reason for eliminating the job in May 2018 was that it duplicated work already being done by policy wonks on the National Security Council. But critics said that vastly underestimated how important cybersecurity is to multiple parts of the government. Within months of Bolton’s actions lawmakers had launched multiple efforts to force Trump to reinstate the job.

As a result of eliminating the job, Bolton was able to largely run White House cybersecurity policy himself — including pushing a strategy to more consistently hack back against U.S. adversaries.

The White House declined to comment on O'Brien's plans for the White House job and O'Brien's law firm didn't respond to a message seeking comment.

The cybersecurity coordinator job, which was occupied until last year by top NSA cybersecurity official Rob Joyce, was responsible for guiding the government’s response to major cybersecurity events such as Russia’s hacking of the Democratic National Committee in 2016, North Korea’s 2014 hack of Sony Pictures Entertainment and the WannaCry and NotPetya malware attacks, which crippled computers around the globe.

The coordinator also helped manage confllicting cybersecurity priorities within the government, for example by ensuring that offensive hacking done by the Defense Department and intelligence community wasn’t prompting unnecessary retaliation by adversaries against U.S. businesses or unduly interfering with the State Department’s diplomatic efforts.

“What you want the [cybersecurity coordinator] to do is synthesize different viewpoints for the president and other senior leaders in the White House so that you can forge good policy that blends all of those different viewpoints," Michael Daniel, who served as White House cybersecurity coordinator during the Obama administration, told me.

Daniel, who leads the nonprofit Cyber Threat Alliance, noted the White House charges a similar official, the homeland security adviser, with leading high-level policy countering terrorism and biological threats.

“Cyber threats are out there and have been, if not the number one threat, then certainly in the top five for a very long time now,” Daniel said. “So, I think it makes sense to have somebody on the National Security Council in a senior position that has some profile to focus on this on this issue.”

Former federal chief information security officer and retired Brig. Gen. Gregory Touhill compared the job to someone who takes blurry and incomplete images from different federal departments and turns them into one clear picture that the government can act on.

“Having that coordinator who can look at all the different pixels and make sure that the picture is coming into sharp focus is critically important,” Touhill, who now leads federal business for the cybersecurity firm Cyxtera, told me.

PINGED, PATCHED, PWNED

Chair of the Democratic National Committee Tom Perez. (Scott Olson/Getty Images)

PINGED: The chairman of the Democratic National Committee says that President Trump’s repeated dismissals of Russian interference in the 2016 elections has made it more difficult for his party to partner with the government to address cyberthreats against the 2020 contest, my colleague Isaac Stanley-Becker reports.

“The president’s words and actions have made it difficult to develop a truly effective trust-based relationship with the Department of Homeland Security,” Tom Perez, the chairman of the Democratic National Committee, wrote in a letter Tuesday to Sen. Ron Wyden (D-Ore.). Wyden asked national party committees to submit the cybersecurity steps they had taken before the election. So far, no Republican committees have responded.

While the DNC has beefed up its cybersecurity since Russian hackers pilfered and released embarrassing emails from the party before the 2016 election — including introducing its first chief security officer and implementing cybersecurity checklists for campaigns — it’s still vastly under resourced compared to DHS, Isaac points out.

Raffi Krikorian, former DNC chief technology officer, expressed concerns the Trump administration might not take action against Russian interference for fear of upsetting the president. “I do not trust that these agencies are well funded, nor do I trust that they will act correctly given that their boss’s incentives seem to be to not admit that the Russians are trying to do anything,” he told Isaac.

A Huawei retail store in Beijing. (Andy Wong/AP)

PWNED: A global trade group that helps governments and companies respond to cyberattacks and share threat information has booted Huawei from its ranks, the Wall Street Journal's Anna Isaac reports. The Forum of Incident Response and Security Teams, or FIRST, whose members include DHS and the U.K.’s National Cyber Security Centre, suspended Huawei to avoid possibly violating a U.S. Commerce Department ban on U.S. companies exporting technology to the company over national security concerns, Anna reports.

The group, which was formed in the 1990s, provides members a forum to share cybersecurity threats and to help identify and respond to attacks. Huawei's removal from the group could make it more difficult for the company to patch its own vulnerabilities, Anna reports. The group says that the suspension is temporary and that it is working with U.S. officials to clarify whether sharing information with Huawei would violate the U.S. ban.

Grover Norquist. (Jeenah Moon for The Washington Post)

PATCHED: Anti-tax activist Grover Norquist and several other conservative leaders yesterday demanded that Congress take action to improve election security in advance of 2020. The calls add to growing pressure from leaders on the right on Senate Majority Leader Mitch McConnell (R-Ky.) to pass legislation to safeguard elections. Speakers at the event, hosted by the National Election Defense Coalition, called for specific election security improvements, including paper ballots and post-election cybersecurity audits.

“We must make sure than Americans’ votes are properly recorded and counted as cast. This is too important to not get right. Providing federal funding for states to update their election systems is an investment in our national security, and it’s worth every dollar,” said Anthony Shaffer, president of the London Center for Policy Research and a former intelligence officer. “As someone who has been on the front lines of cybersecurity attacks, I know this vulnerability demands a whole-of-government response.”

Norquist, president of Americans for Tax Reform, called paper ballots an “effective way to secure our elections in 2020 and beyond.” The group endorsed several election security bills that have won bipartisan support in recent years but never made it into law.

PUBLIC KEY

— Cybersecurity news from the public sector:

PRIVATE KEY

— Cybersecurity news from the private sector:

THE NEW WILD WEST

ZERO DAYBOOK

