Welcome to The Cybersecurity 202! I'm back after a restorative vacation that included a week in Miami and its environs. Did you know October is about the worst month to view alligators in the Everglades? 

Below: Democrats want to boost CISA's budget, and China-linked hackers are going after telecoms. 

Chris Inglis touts voluntary industry cooperation even as the administration cracks down

Correction: This post has been corrected to state that DHS cyber regulations for railroads and rail systems have not yet been issued. 

The Biden administration's cyber czar is bullish that a groundswell of cooperation between government and industry can dramatically improve the nation's cybersecurity.

There’s a spotty history for such cyber collaboration efforts during the past decade, but things are ripe for better results now, National Cyber Director Chris Inglis told me in an interview yesterday.

What's different 

A wave of economy-rattling ransomware attacks has made it abundantly clear to companies that they could be the next victim of a devastating attack and they need all the help they can get. 

“We’re at a time and place where most people believe this is a shared problem,” Inglis said.

The government has also learned from mistakes of the past, which Inglis said have often been overly technical and focused too little on people in government and industry working together. 

Companies often resisted sharing information about hacking threats out of fear they would face legal consequences while government was slowed by bureaucracy and fear of exposing classified information.

“What we’ve been doing, while we’ve made some progress, is simply not meeting the need,” he said. “Information doesn’t collaborate, architecture doesn’t collaborate, people do.”

Inglis plans to hammer those points during a keynote address this morning at a conference focused on public-private cybersecurity collaboration hosted by Auburn University’s McCrary Institute for Cyber and Infrastructure Security. 

He won’t be alone. The event will also feature top officials from the Cybersecurity and Infrastructure Security Agency (CISA), NSA and FBI who’ve been banging the drum for industry to work more closely with government to prevent hacking. 

Cracking down

Yet for all the talk about collaboration, the Biden administration has essentially taken a carrot and stick approach with industry.

CISA launched a Joint Cyber Defense Collaborative (JCDC) in August, which is essentially a mechanism for the government to work with key companies on cybersecurity. Initial members of the JCDC include Google, Amazon and Microsoft and its first big project is focused on deterring ransomware attacks against cloud computing providers. (Amazon founder Jeff Bezos owns The Washington Post). 

The NSA launched a similar collaboration center, but it’s being more tight-lipped about the companies it’s working with and the sort of initiatives they’re tackling.

The administration has also ramped up cybersecurity rules for some companies in sectors that are critical to the economy and national security

Inglis described those mandates as focused on “functions critical to lives, health and safety,” similar to regulations imposed in the auto and airline sectors. 

  • The Department of Homeland Security imposed new minimum cybersecurity requirements on pipeline operators after the Colonial Pipeline ransomware attack.
  • DHS plans to mandate other basic requirements for railroad and rail systems.

Those are pretty mild as government regulations go, but officials in the Obama and Trump administrations had steered clear of such moves. They hoped companies would improve their digital protections in response to market incentives and feared government regulations would become outdated too quickly in the fast-moving world of cybersecurity. 

Congress is also tiring of relying on voluntary collaboration alone

House lawmakers passed a bill mandating that companies in critical sectors alert DHS when they’re hacked. A similar measure is working its way through the Senate. Inglis and CISA Director Jen Easterly have voiced support for those bills. 

Inglis said he doesn’t see a conflict between imposing new cyber regulations on industry and increasing collaboration at the same time. 

“What’s really going to be the heavy muscle movement here is collaboration,” he said, “using all our insights, capabilities and authorities in a collaborative fashion to crowdsource transgressors in a way that they’re already crowdsourcing us.”

The keys

Senate Democrats want to boost CISA’s budget

The Senate Appropriations Committee’s new proposed spending bill for the Department of Homeland Security would give CISA a total of $2.6 billion, which is more than $500 million above what the Biden administration requested.

The details of the bills could change after negotiations with the Biden administration and House lawmakers. Senate Appropriations Committee Vice Chairman Richard C. Shelby (R-Ala.) said he opposed the bills, calling them “partisan drafts.”

The largest increases for cybersecurity programs compared to the Biden administration’s request were:

  • $95 million for voluntary threat detection programs for critical infrastructure
  • $65 million to boost CISA’s ability to get visibility into how networks across the country are affected by major vulnerabilities
  • $36 million for CISA’s Continuous Diagnostics and Mitigation program aimed at helping to secure federal employees’ mobile devices
  • $24 million to hunt down threats from nation-state adversaries, including Russia, China, Iran and North Korea

China-linked hackers have attacked telecom companies worldwide for years, researchers say

The hackers have “been consistently targeting the telecommunications sector at a global scale since at least 2016, leveraging custom tools and an in-depth knowledge of telecommunications network architectures,” the cybersecurity firm CrowdStrike said in a report released this morning. The activity has a “nexus” to China, but researchers stopped short of attributing it to Chinese government hackers, CrowdStrike senior vice president of intelligence Adam Meyers told The Cybersecurity 202.

Hackers gained access to valuable information like subscriber data and call metadata, CrowdStrike said. That information would be valuable to a government like China, which has a history of targeting dissidents.

Some of the hacks targeted Huawei equipment, but there’s no evidence the Chinese tech giant was complicit in the hacks, Meyers said. The Biden administration has expanded Trump administration bans on investment into Huawei, saying the company sells surveillance technology and supports China’s military. Huawei has denied the allegations.

A major television company is still recovering from a ransomware hack

The cyberattack hindered some local television broadcasts by Sinclair stations Sunday and Monday, CNN’s Sean Lyngaas and Brian Stelter report. The conservative media giant is responsible for more than 180 television stations across the United States.

Sinclair began investigating the incident Saturday, the company told investors. The following day, the company determined that some “servers and workstations” were hit by ransomware. “Certain office and operational networks were disrupted,” the company said, and “data also was taken from the Company’s network.” The hack “has caused — and may continue to cause — disruption to parts of the Company’s business, including certain aspects of its provision of local advertisements by its local broadcast stations on behalf of its customers,” Sinclair said. 

It’s not clear how long the cyberattack will affect the company. “The reporters who spoke with CNN said they have not been told of any timetable for getting back to normal,” Lyngaas and Stelter write.

Hill happenings

A Senate bill would test how prepared critical companies and government agencies are to respond to hacks

The bill would set up a National Cyber Exercise Program to simulate hacks on critical infrastructure providers such as banks, energy firms and government networks. A similar bill has already passed the House. Sen. Jacky Rosen (D-Nev.) is introducing the Senate version with Sen. Angus King (I-Maine), a co-chair of the Cyberspace Solarium Commission, and Sen. Ben Sasse (R-Neb.), a member of the commission.

Cyber insecurity

  • A hacking group dubbed TA505 is sending large amounts of malicious emails targeting sectors across the economy, Proofpoint says. The group ramped up the emails in September and has expanded its targets to include victims in Germany and Austria, researchers said.

Global cyberspace

Industry report

Government scan

  • U.S. Air Force Lieutenant Colonel Kenyatta Ruffin has joined the office of National Cyber Director Chris Inglis as a White House Fellow.

Securing the ballot

Daybook

  • National Cyber Director Chris Inglis, CISA Director Jen Easterly, FBI Deputy Director Paul Abbate and NSA Director of Cybersecurity Rob Joyce speak at a McCrary Institute event on public-private cybersecurity partnerships today at 9 a.m.
  • Homeland Security Secretary Alejandro Mayorkas and Easterly speak at CISA’s annual cybersecurity summit on Wednesday.
  • CISA Executive Director Brandon Wales speaks at the Cyber Future Summit on Wednesday at 1 p.m.
  • Bob Kolasky, who leads the DHS’s National Risk Management Center, speaks at FAIRCON21 on Wednesday at 2 p.m.
  • Mayorkas testifies before the Senate Judiciary Committee on Thursday at 10 a.m.
  • Easterly speaks at the Capital Cyber Summit on Friday at 8 a.m.
  • Inglis participates in an American University Washington College of Law event on Friday at 10:30 a.m.
  • House Veterans' Affairs Committee Chairman Rep. Mark Takano (D-Calif.) discusses law enforcement algorithms at a Brookings Institution event on Oct. 25 at 3 p.m.
  • Senate Homeland Security and Governmental Affairs Committee Chairman Gary Peters (D-Mich.) and SolarWinds President and CEO Sudhakar Ramakrishna participate in a Washington Post Live event on Oct. 26 at 10:30 a.m.
  • Inglis and Neuberger speak at a Center for Strategic and International Studies event on Oct. 26 at 2 p.m.

Secure log off

How many arms does an alligator have? Depends on how much of his dinner he's eaten. Thanks for reading. See you tomorrow.