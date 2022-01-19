A cyber legend is leaving Congress
Rep. Jim Langevin (D-R.I.), who announced he won’t run for reelection yesterday, will go down as one of the most consequential cyber lawmakers in history.
Since joining Congress in 2001, Langevin has played a role in nearly every major cyber development including establishing the government’s main cyber offices in the White House and Department of Homeland Security and pushing to hold accountable U.S. adversaries including Russia and China for hacking U.S. targets.
Langevin was “a cyber guy before it was cool,” as the Obama administration’s top cyber diplomat Chris Painter noted on Twitter. He co-founded the Congressional Cybersecurity Caucus with Rep. Michael McCaul (R-Tex.) back in 2008, long before hacks at the Office of Personnel Management, the Democratic National Committee, SolarWinds and Colonial Pipeline turned cybersecurity into a hot policy issue.
He went on to lead the cyber-focused subcommittee of the House Homeland Security Committee and of the Armed Services Committee, where he’s been chairman or top Democrat for roughly the past decade. He also served on the congressionally created Cyberspace Solarium Commission, which has played a pivotal role in enacting major cyber reforms during the past two years.
“When I first began this journey, nobody in Congress really understood cybersecurity or cared, quite frankly,” Langevin told me. “Now, pretty much everyone is aware of the risk it poses to our country and our economy, and there’s much more sense of urgency.”
He added: “That’s been gratifying, but unfortunately it’s come at the cost of many cyber incidents and intrusions that either cost millions in economic damages or affected our personal information.”
Rep. Jim Langevin (D-R.I.) announces he won't seek another term in Congress.
Langevin was key to shepherding Congress through repeated cyber crises and helping turn some of the congressional panic and angst into worthwhile legislation. He was aided by the Solarium Commission, which helped build bipartisan consensus for many cyber reforms that took years to catch on, such as establishing a cyber czar in the White House to ride herd on efforts throughout the government.
Langevin's retirement is "a loss because he has such tremendous credibility on these issues,” Suzanne Spaulding, a top cyber official in the Obama administration who also served on the Solarium Commission, told me. “His colleagues know that he knows what he’s talking about.”
There’s concern that losing Langevin’s expertise and intense focus on cybersecurity could make it harder to get big priorities over the finish line.
That concern is compounded by several other top cyber lawmakers not seeking reelection, including Rep. John Katko (R-N.Y.) and Sen. Rob Portman (R-Ohio), the top Republicans on the House and Senate Homeland Security committees.
“I’m looking forward to 2022 with a highly motivated Langevin working on these issues, and I’m not looking forward to 2023 without him,” Mark Montgomery, the Solarium Commission’s executive director, told me.
Top 2022 priorities
Langevin told me his top cyber priorities for 2022 include passing bills that:
- Require companies in vital industry sectors to share cyber threat information with the government
- Codify critically important organizations that must be protected from cyberattacks
- Ramp up cyber cooperation between government and industry
- Establish a top cyber diplomat’s office in the State Department and a bureau of cyber statistics
Langevin’s biggest frustration: “It is frustrating that not enough has been done to deter enemies and adversaries,” such as Russia and China, along with criminal ransomware hackers working out of Russian territory, he told me.
That’s been a long-standing gripe among lawmakers who say the U.S. government’s ratcheting up of consequences such as sanctions and indictments hasn’t come close to making Russia, China, Iran and North Korea rethink their hacking tactics.
On the brighter side: The United States has not yet faced “a major cyberattack that has caused loss of life or done catastrophic damage to our economy,” Langevin noted. Though he said the ransomware attack on Colonial Pipeline last year, which prompted panic buying at gas stations, came close.
After Congress: Langevin declined to share any detailed plans for life after he leaves office but said he hopes to continue working on cyber policy in some form.
A broader legacy: Langevin, who was paralyzed in an accident as a teenager, has also pushed legislation expanding rights for people with disabilities.
In a Providence Journal op-ed announcing his retirement, he said he will “always cherish the moment that I became the first congressman in a wheelchair to preside over the House of Representatives as Speaker Pro Tempore, as we marked the 20th anniversary of the Americans With Disabilities Act.”
Felicia Sonmez has more on the retirement of Langevin and other Democrats.
The keys
The House Jan. 6 committee subpoenaed Rudy Giuliani and other Trump attorneys who pushed election fraud claims
In addition to Rudy Giuliani, the subpoenas targeted former White House aide Boris Epshteyn, as well as lawyers Jenna Ellis and Sidney Powell, Jacqueline Alemany and Tom Hamburger report. It comes as the committee investigates the events leading up to the Jan. 6 riot at the Capitol, including how Trump and his supporters boosted baseless claims that the election was stolen.
“The four individuals we’ve subpoenaed today advanced unsupported theories about election fraud, pushed efforts to overturn the election results, or were in direct contact with the former president about attempts to stop the counting of electoral votes,” Chairman Bennie G. Thompson (D-Miss.) said.
Israeli police reportedly used Pegasus spyware on domestic opponents of former prime minister Benjamin Netanyahu
Israeli police used Pegasus spyware to hack mayors, leaders of protests against then-prime minister Netanyahu and former government officials without required court orders, the business newspaper Calcalist reported.
This is the latest in a wave of improper uses of Pegasus spyware that prompted the Biden administration to block the company from from buying U.S. technologies. An investigation by The Washington Post and 16 media partners found Pegasus was used to target journalists, activists and executives around the world.
Another Pegasus investigation may scoop in the leader of Poland’s leading party.
Marian Banas, who leads Poland’s main government watchdog, wants to summon ruling party leader Jaroslaw Kaczynski to testify about Pegasus under penalty of perjury, Politico Europe’s Wojciech Kość reports. Kaczynski and his supporters have downplayed findings by cybersecurity researchers that at least three opposition figures were targeted with Pegasus.
An attack on Ukrainian government computers destroyed some data
Microsoft reported Saturday that sophisticated hackers had infected Ukrainian government computers with data-wiping malware but it wasn’t publicly known that the malware was activated.
“The attacks come as Kyiv braces for a potential invasion by Russia, which has close to 100,000 troops massed on its border with Ukraine,” Ellen and David write.
Ukraine’s government is also gearing up for potential cyberattacks on its energy sector, Serhii Demediuk, the Deputy Secretary of Ukraine’s National Security and Defense Council, told the Record. The U.S. government issued an alert last week warning energy companies and companies in other critical sectors to be on high alert for hacks.
Hill happenings
Ahead of committee debate, tech giants argue that antitrust bills will hurt cybersecurity, privacy
Apple and Google warned that two bills being considered by the Senate Judiciary Committee could make it harder for them to protect consumers’ cybersecurity and privacy, Axios’s Ashley Gold reports. For example, the reforms could make it harder to include default security protections in products, Google said.
The arguments mirror long-standing criticisms of antitrust proposals by groups aligned with Big Tech — many of which have been questioned by privacy and security advocates.
- One of the bills being considered would block tech giants from giving their products and services a leg up over rivals.
- Another would require companies that run app stores to let consumers download outside apps. Apple says that could introduce unvetted apps to iPhones. The committee could debate that bill as early as next week.
Sen. Richard Blumenthal (D-Conn.), one of the lawmakers who introduced the bill, in August said tech companies’ “crocodile tears about privacy are really just a pretext,” arguing that “they have no concern for privacy” and “use consumer information relentlessly and purposely simply to make money.”
Cyber insecurity
Ransomware hit at least 77 state and local governments in 2021, a cyber firm found
That’s huge by historical standards but actually a dip from 113 such attacks in 2020, according to a blog post from the cyber firm Emsisoft. Here are other big takeaways from the report:
- Ransomware attacks hit 1,043 schools in 2021, including 62 school districts and the campuses of 26 colleges and universities.
- Attacks also hit 1,203 health-care providers.
Global cyberspace
Securing the ballot
Industry report
- The cybersecurity giants McAfee Enterprise and FireEye, which merged in October, are renaming the newly formed company Trellix.
Chat room
Got the ransomware blues? Recorded Future’s Allan Liska’s got you covered.
Daybook
- Australian Ambassador for Cyber Affairs and Critical Technology Tobias Feakin and former Estonian Ambassador-at-large for Cyber Diplomacy Heli Tiirmaa-Klaar discuss accountability in cyber norms at a Center for Strategic and International Studies event on Thursday at 9 a.m.
- The House Oversight and Reform Committee holds a hearing on the federal government’s IT purchasing law on Thursday at 10 a.m.
- A House Homeland Security Committee panel holds a hearing on threats to election infrastructure on Thursday at 2 p.m.
- The Cyber Threat Alliance hosts a webinar for its fifth anniversary on Jan. 24 at 10 a.m.
Secure log off
“Nevermore.” Thanks for reading. See you tomorrow.