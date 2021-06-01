The super-sized requests reflect a punishing past six months for the nation's cybersecurity, including major hacks from Russia and China, which stole reams of classified government information. It also reflects the government’s scrambling efforts to respond to a wave of criminal hacks, including a ransomware attack against Colonial Pipeline that played havoc with gas supplies in the southeastern United States.
The cyber proposal is part of a blockbuster $6 trillion administration budget request aimed at broadening the social safety net and reshaping the U.S. economy.
The proposed budget includes $750 million worth of fixes designed specifically to “respond to lessons learned” from the Solar Winds hack.
Another $110 million would go to the Homeland Security Department’s Cybersecurity and Infrastructure Security Agency, which is increasingly acting as a cybersecurity traffic cop across the government.
There’s also $500 million for a fund to retire outdated government technology systems that can make federal agencies more vulnerable to hacking and to replace them with updated systems with more modern cybersecurity protections.
The proposal also funds a raft of new programs and offices recommended last year by a congressional-led cybersecurity panel.
That includes funding a new cyber director’s office inside the White House tasked with creating a unified government response to cybersecurity challenges.
Members of the Cyberspace Solarium Commission described creating that office as one of their most important recommendations and it was later mandated by Congress. Biden nominated Chris Inglis, a former National Security Agency deputy director and a member of the commission to fill the role but he hasn’t been confirmed yet.
Here’s more from Christian Beckner, vice president at the National Retail Federation industry group:
And from Politico’s Eric Geller:
Here’s a full rundown from CyberScoop’s Tim Starks.
The White House request is just a blueprint for Congress, so the big new investments are far from guaranteed.
But congressional cybersecurity advocates are pushing for major investments along similar lines.
Reps. Mike Gallagher (R-Wisc.) and Jim Langevin (D-R.I.) are urging House appropriators to give a $400 million boost to DHS cybersecurity. Gallagher was a co-chair of the solarium commission. Langevin was a member of the commission and is co-founder of the Congressional Cybersecurity Caucus.
Rep. Dutch Ruppersberger (D-Md.) is pushing appropriators to add more funding for all of DHS’s defense-related activities, including cybersecurity. Ruppersberger, who was formerly top Democrat on the House Intelligence Committee, has long advocated for rejiggering arcane congressional budget rules, so there’s more money available for DHS's cybersecurity work.
Sen. Maggie Hassan (D-N.H.) also wrote to the White House, expressing concern that the president’s overall budget request for DHS isn’t enough for the agency to deal with cybersecurity and other threats. Hassan chairs the Senate Homeland Security Committee’s panel on emerging threats.
“I am concerned that the budget request for DHS is essentially flat, and as a result may not provide what is needed to address the myriad threats facing the United States today,” she wrote.
And some cybersecurity pros are also pushing for more funding.
Here’s Katie Moussouris, CEO of Luta Security and a consultant on government cybersecurity projects:
Jamieson Brown, senior director of global government affairs at Tenable Security:
The keys
A Danish intelligence agency helped the NSA spy on European politicians including German Chancellor Angela Merkel.
The NSA used the collaboration to target politicians in France, Germany, Norway and Sweden from 2012 to 2014, according to an investigation by Danish public broadcaster DR. European politicians including Merkel and French president Emmanuel Macron condemned the spying.
French President Emmanuel Macron declared that wiretapping "is not acceptable between allies" and asked the United States for clarity on the reports, Rick Noack and Ellen Nakashima report.
The report comes eight years after tensions first flared between the Obama administration and Merkel over reports U.S. spies tapped the chancellor’s cellphone. The revelations came from documents leaked by former NSA contractor Edward Snowden.
German President Frank-Walter Steinmeier, who was also reportedly targeted by the spying, and a spokesperson for Merkel said they did not know Denmark was involved in the spying until DR’s report, the BBC reported. The NSA and Denmark’s Defense Intelligence Service did not comment.
Colonial Pipeline delayed voluntary TSA cybersecurity reviews before it was hit with ransomware.
It’s not clear whether the review would have averted a ransomware hack on the pipeline last month, but the delays reveal weaknesses in the TSA’s voluntary approach to oversight of pipeline security, Ellen Nakashima, Lori Aratani and Douglas MacMillan report. The Biden administration scrapped the voluntary measures, which were used for two decades, in favor of a mandatory system last week.
A proposed cybersecurity assessment of Colonial was delayed three times since last year because the company was planning to move its headquarters and dealing with the effects of the pandemic, Colonial spokesman Kevin Feeney said. The TSA debuted its first pipeline security guidelines in 2010 and more detailed cybersecurity checks in 2018.
“The lesson, particularly in recent months, is that we need to step up the incentives for the critical infrastructure to strengthen cybersecurity,” former Secretary of Homeland Security Michael Chertoff said. “Positive incentives are important, but sometimes you need to be mandatory.”
A U.N. group including the United States, China and Russia agreed on new rules for cyberspace.
The agreement from a United Nations Group of Governmental Experts includes new guidance on how nations should respond to hacks inside their territories and how they should ask each other for help, the U.S. representative and acting State Department cyber coordinator Michele Markoff said.
There is no guarantee that nations will actually adhere to the broad rules outlined in the report. But the United States and other countries are championing the report as a step toward a safer cyberspace.
“Of course, it is only with implementation we can truly work out how international cyber stability can be achieved,” Markoff said. “With our new report, we are calling on all states to put this framework into practice.” The report itself hasn’t been released yet.
Cybersecurity professionals continued to debate a hack of USAID’s email marketing system. Rendition Infosec’s Jake Williams:
Bloomberg’s Joseph Menn and the New York Times’ Nicole Perlroth:
