The Washington PostDemocracy Dies in Darkness

The Cybersecurity 202: Biden's pick for White House cyber director wants to see better relationship building with the private sector

with Aaron Schaffer

Cybersecurity experts stressed at a summit yesterday the urgency of ensuring that federal agencies and the private sector can effectively collaborate in taking on hackers.

In one of his first public appearances since being nominated as White House cyber director, former National Security Agency Deputy Director Chris Inglis said one of his top priorities would be to establish a collaborative environment for the private sector and federal agencies to share cyber threats and intelligence. 

The sharing of cybersecurity threats between the government and private sector has become a top national security issue in the wake of two massive hacks, including a wide-reaching Russian campaign that infiltrated at least nine government agencies using software made by SolarWinds. The months-long campaign was uncovered only after private cybersecurity firm FireEye discovered it has been ensnared in the breach and shared that information with government officials.

Inglis spoke yesterday at the virtual Billington Cybersecurity Defense Summit, and endorsed a recommendation made by the bipartisan congressional Cyberspace Solarium Commission of which he is a part.

Inglis cautioned, however, that creating a joint collaboration infrastructure will jump the shark if the government doesn't precede it by building relationships with the private sector.

“The human activity, the relationships on top of that, is where we can make a significant and transformative step forward such that if you're an adversary in cyberspace, you'll be faced with the prospect of having to beat all of us in order to beat one of us,” he said.

Other top Biden officials have also pushed for more collaboration between the private and public sector. In a recent 100-day plan to shore up security in the electricity industry, the administration outlined steps to set up a rapid information-sharing system. The administration intends to take similar approaches with other critical industries.

Congress also will need to act to create consistent information sharing, acting Cybersecurity and Infrastructure Security Agency director Brandon Wales said  at the summit.

“Without legislation, we are not going to have consistent information-sharing related to cyber activity that's hitting U.S. networks,” he said. That is essential to our ability to stop complex attacks from hitting our nation.

Wales noted the agency is ready to work with both the government and private sector. Lawmakers from both parties have supported the idea of legislation facilitating or possibly requiring greater information sharing between the government and private sector but nothing has been introduced yet. 

Legislation facilitating information sharing is a top priority for the Cyberspace Solarium Commission, co-chair Rep. Mike Gallagher (R-Wis.) said at the summit.

The Cyberspace Solarium Commission listed more than 30 other recommendations  in its sweeping report last year that it wants to push through Congress this year, Gallagher says.

That includes creating a federal cyber state of emergency that would trigger assistance for local governments and the private sector in event of severe cyberattacks and further defining what industries and services qualify as critical infrastructure.

The keys

Oracle resellers sold technology enabling police surveillance in China, raising human rights concerns.

Beijing’s city government said it bought Oracle database technology for a “smart policing” surveillance project to apply facial recognition technology to car drivers, the Intercept’s Mara Hvistendahl reports.  An Oracle document said the company’s servers were used by the People’s Armed Police, a domestic-focused paramilitary force, and procurement records show that the country’s Ministry of Public Security also bought its databases.

In a statement, Oracle touted its compliance with U.S. export control regulations. “We go beyond what one might anticipate from export control regulations,” Oracle Vice President Ken Glueck said. “We vet partners, and we have a track record globally of ending partner relationships where there has been some violation in our view.” Glueck also said that two companies listed on the company’s website are not current partners.

“We deny transactions for any unlawful or unauthorized military work, consistent with the export laws and regulations at the time of the original transaction, and applicable to any ongoing provision of product support," Oracle spokeswoman Jessica Moore said in a statement.

This item has been updated with an additional statement from Oracle.

Researchers discovered more servers used to launch cyberattacks on SolarWinds and other software.

The 18 servers, which hackers used to send additional malware to infected devices, could lead investigators to additional victims, journalist Kim Zetter reports. RiskIQ’s Atlas Team, which released a report on the servers, also noted that two of the hackers’ servers were active in February 2020, before SolarWinds’s earliest victims.

The findings came as the Cybersecurity and Infrastructure Security Agency said that a hacking group used popular virtual private network software to hack a victim, moved to its SolarWinds software, and installed malware on the server starting in at least March 2020. The agency said that a “separate actor” was behind the attack and that it should be treated as separate from the broader SolarWinds cyberattack, which the U.S. government blamed on Russia.

A student saved hacking victims $27,000 after he found a bug in hackers’ ransom payment system.

Stanford student Jack Cable was able to decrypt 50 people’s data by tricking a computer system into thinking that they had already paid ransoms, CyberScoop’s Sean Lyngaas reports. The hack is a small but potentially significant win over “ransomware” groups whose modus operandi is holding victims’ files hostage.

“It shows that even though we may think of all attackers as being very sophisticated, the reality is that since this is financially motivated, there’s going to be a range of sophistication levels,” said Cable, who has worked as a consultant for the Department of Homeland Security. Moreover, he said, sloppy hackers are “unlikely to have a robust security team.”

Chat room

Twitter lit up last night when some users noticed a phishy email from the company landed in their inbox. Privacy lawyer Whitney Merrill:

The company acknowledged that it was an internal error and told user not to click:

The snafu was a lesson in good judgement. As SocialProof CEO Rachel Tobac noted, the email was exactly the kind a cyber criminal might spend and should have raised red flags:

Cyber insecurity

Bugs allowed hackers to dox John Deere tractor owners (Motherboard)


  • 535 Group registered to lobby for VMware effective April 1. David Lugar and Jefferies Murray are registered to lobby on each of the accounts, and they plan to lobby on issues including cybersecurity.


  • Former acting Defense Intelligence Agency director David Shedd and former Undersecretary of Defense for Intelligence Steve Cambone speak at a Heritage Foundation event on the intelligence community today at noon.
  • New Mexico Secretary of State Maggie Toulouse Oliver speaks at an American Association for the Advancement of Science event on election security on April 26 at 3 p.m.
  • A Senate Commerce Committee panel holds a hearing on coronavirus-related scams and identity theft on April 27 at 10 a.m.
  • Senate Intelligence Committee Chairman Mark R. Warner (D-Va.) discusses cybersecurity legislation at a U.S. Chamber of Commerce event on April 27 at 10 a.m.
  • Secretary of Homeland Security Alejandro Mayorkas speaks at an Institute for Security and Technology event on hacks-for-ransom on April 29 at 1 p.m. 

Secure log off