Cyber ambassador could soon take on a world of challenges

Welcome to The Cybersecurity 202. We’re mourning two civil rights pioneers, one a titan of science fiction (Nichelle Nichols) and one a giant on the basketball court (Bill Russell). 

Below: 2020 election deniers abound on the ballot in Arizona today, and an organ transplant system has security issues.

A Senate panel is about to kick the tires on Biden’s pick for top cyber diplomat

The first nominee for cyber ambassador at large is set to take center stage in the Senate this week.

If confirmed, Nathaniel Fick would have to juggle an incredibly complex international picture of cyberthreats, diplomatic agreements and conflicts. He would have to do it all while trying to establish a new office to replace a series of cyber organizations at the State Department and that must fit in with other federal agencies that harbor global ambitions.

The Senate Foreign Relations Committee has scheduled a hearing on his nomination for Wednesday.

“Given the urgency of the threats we face … we need someone there, both for dealing with and working with our friends to build collective action against threats, but also to stand up to our adversaries,” Chris Painter, the Obama administration’s top U.S. cyber diplomat who is now president of the Global Forum on Cyber Expertise Foundation, told me.

Fick is a cybersecurity executive, former Marine and best-selling author whose platoon served as the subject of the Iraq War book “Generation Kill” and HBO series of the same name. Just last month, the Council on Foreign Relations published a report he co-chaired, “Confronting Reality in Cyberspace: Foreign Policy for a Fragmented Internet.”

His background for the post has drawn plenty of raves. “He brought a sensitivity both from the U.S. offensive side and issues from the private sector,” Adam Segal, a cybersecurity expert at the Council on Foreign Relations, told me about Fick’s work on the report.

But Fick would inherit a difficult set of circumstances. The cyber role at State has had several incarnations.

• Most recently, the Trump administration restructured the Obama administration’s cyber coordinator office, then proposed another office in its waning days.
• The Biden administration followed with a revised Bureau of Cyberspace and Digital Policy. Fick would lead that office, which as of April had more than 60 employees, with 30 more slated this year.

And the range of international cyberthreats is multifaceted, said Rob Strayer, who left the top State cyber role almost exactly two years ago.

“We’re seeing nation-states as well as bad actors that are either working for nation-states or working on their own to get access to increasingly dangerous cyber tools that put at risk a larger and larger amount of our information technology infrastructure,” Strayer, now executive vice president of policy at the Information Technology Industry Council, told me. “And so how do you get governments to focus more sharply on addressing those bad actors that they might have?”

Fick also would oversee three separate international policy units focused on cyberspace security, communications, and information and digital freedom. “The key piece for this role will be casting them in a cohesive, coordinated light, such that they're swimming in the same direction, as opposed to having potentially conflicting priorities,” Lindsay Gorman, the emerging technologies fellow at the German Marshall Fund’s Alliance for Securing Democracy, told me. While Fick has leadership credentials, he’s also an outsider joining an entrenched State Department bureaucracy, she said.

If confirmed, Fick will have to find his way amid the larger federal bureaucracy as well. Deputy national security adviser Anne Neuberger and National Cyber Director Chris Inglis have traveled internationally, while the Cybersecurity and Infrastructure Security Agency has opened a London office. And U.S. Cyber Command conducts sensitive overseas military cyber operations.

Questions on the Hill

Sen. Edward J. Markey (D-Mass.), who chairs the Senate Foreign Relations cyber subcommittee, wants to hear Fick’s views on how he’ll prioritize cyber challenges and how he’ll coordinate with other cyber agencies and offices, according to Markey’s communications director Rosemary Boeglin.

Another potential area of questioning Wednesday is what Fick thinks the United States should do to deter cyberattacks by hostile foreign nations, said a congressional aide who spoke on the condition of anonymity because they were not authorized to speak on the record. “Whether we’re talking to Russia or China, we need to be making it clear to them that their current behavior is unacceptable,” the aide said.

Key lawmakers still want to pass a bill to write Fick’s office into law, too. “Even with creating a bureau, which is more permanent, a new secretary could come in and do a lot of stuff, and that's harder to do with legislation,” Painter said.

Fick also has close ties to Democrats. He spoke at the 2008 Democratic National Convention in favor of the Obama-Biden ticket. Those ties could give some Republicans heartburn, Painter said. And even if Fick thrives at Wednesday’s hearing, his nomination could run into other hurdles, like Sen. Josh Hawley (R-Mo.) slowing down some State and Defense nominees since last fall over the Biden administration’s approach to Afghanistan.

But it’s too important of a position to stall, Painter said.

Cyber is “not just the technical issues. It's not just the military issues,” he said. “The foreign policy issues are incredibly important as we're building the space to try to make it safer to promulgate norms, to promulgate accountability and to make sure that we're looking at this as a key national security and economic security and human rights policy.”

The keys

Election deniers vie for GOP nomination to run Arizona elections

Today’s Republican primary for Arizona secretary of state features state Rep. Mark Finchem, who sought to decertify the 2020 election, and state Rep. Shawnna Bolick, who proposed a bill that would let Arizona’s legislature override state voters’ picks for presidential electors, NPR’s Miles Parks writes. The state could become the sixth where a 2020 election denier has advanced to the general election for secretary of state, after Alabama, Indiana, Michigan, Nevada and New Mexico.

Arizona Secretary of State Katie Hobbs (D), who has pushed back on fraud claims and a partisan review of 2020 election results, is running to be governor of the state, which President Biden narrowly won in 2020. Former local television anchor Kari Lake wants to be the Republican nominee for the post, and she has already told her supporters to not trust the results of today’s election — unless she wins, my colleague Yvonne Wingett Sanchez reports. Lake has said she would replace electronic vote tabulators with people to hand count millions of ballots, and she also says she doesn’t recognize President Biden as the legitimate president. Gov. Doug Ducey (R) has endorsed Lake’s rival, Karrin Taylor Robson. Former vice president Mike Pence has also campaigned for Taylor Robson.

Organ transplant system faces security concerns

The United Network for Organ Sharing (UNOS) relies on outdated technology that has had hours-long crashes and has never been reviewed for security flaws by federal officials, according to a confidential government review obtained by my colleagues Joseph Menn and Lenny Bernstein. Leaders of the Senate Finance Committee, which has scheduled a Wednesday hearing on the issue, grew so concerned by its security during a briefing this year that they told the Department of Homeland Security and intelligence officials that they had “no confidence” in its security and asked the White House to step in.

“We request you take immediate steps to secure the national Organ Procurement and Transplantation Network system from cyberattacks,” committee chair Ron Wyden (D-Ore.) and Sen. Charles E. Grassley (R-Iowa) wrote to Federal Chief Information Officer Clare Martorana.

• An official at the Office of Management and Budget, which houses the team that reviewed the UNOS, told The Post that it has worked with the Department of Health and Human Services on working to “ensure the cybersecurity” of the system.

UNOS Chief Executive Brian Shepard told The Post that the report, which calls for the transplant system to be restructured, “reads more like an op-ed” than a research-backed paper. He said the system is secure and effective.

• UNOS was audited in 2020 by the Health Resources and Services Administration, which oversees it, and last year by the HHS inspector general, which is reviewing its security controls, UNOS said. A former HHS official familiar with the transplant network said HHS ran through a checklist but wasn’t able to access the system itself.
• UNOS will soon get a security penetration test by a firm recommended by HHS, and CISA will review its “cyber hygiene,” UNOS said.

Israeli police exceeded authority but didn’t hack phones without warrants, investigation finds

Israeli police used hacking tools once they got warrants, an Israeli government review concluded. But the data collection sometimes exceeded the scope of those warrants, and that amounted to a “violation of authority,” the review said, as the Associated Press’s Emily Rose reports. Israel’s government launched the investigation after Israeli news outlet Calcalist reported this year that the country’s police used NSO Group’s Pegasus spyware to hack devices belonging to high-profile politicians and activists. Israel’s Justice Ministry this year said it hadn’t found evidence to back up the report.

“The Association for Civil Rights in Israel said the latest findings show ‘major failures’ that raise concerns about privacy and the rights of suspects,” Rose writes. “It called on authorities to bar police from employing such technology until detailed legislation is implemented to govern its use.” Israel’s police welcomed the report, arguing that it showed that “no deliberate activity was carried out in violation of the law,” she reports.

Global cyberspace

Russian national charged with U.S. political influence operation (Devlin Barrett)

Austrian spy firm accused by Microsoft says hacking tool was for EU states (Reuters)

BlackCat ransomware claims attack on European gas pipeline (Bleeping Computer)

Privacy patch

These companies know you're pregnant—and they're not keeping it secret (Gizmodo)

Tim Hortons offers a free coffee and pastry for spying on people for over a year (Motherboard)

Cyber insecurity

‘Imma make u dig ur own grave’: He doxes ransomware hackers and gets death threats in return (Motherboard)

Nomad token bridge drained of $190M in funds in security exploit

On the move

• Dan Patterson, who was most recently a reporter at CBS News, has joined Cybersixgill as its editorial director.

Daybook

• The Senate Foreign Relations Committee holds a hearing on President Biden’s nomination of Nathaniel Fick to be ambassador at large for cyberspace and digital policy on Wednesday at 10 a.m.
• CISA senior election security adviser Kim Wyman, Assistant Attorney General Kenneth A. Polite Jr. and election officials testify before the Senate Judiciary Committee on Wednesday at 10 a.m.
• Officials from CISA and National Cyber Director Chris Inglis’s office speak at an R Street Institute event on Wednesday at 1 p.m.
• The Senate Finance Committee holds a hearing on the United States’ organ transplant network Wednesday at 2:30 p.m.
• The Senate Judiciary Committee holds a hearing on oversight of the FBI on Thursday at 10 a.m.

Secure log off

Exclusive and never-before-seen-footage of a computer hacking trying to evade a system administrator (2022, colorized) pic.twitter.com/O0AwstN310

— vx-underground (@vxunderground) August 1, 2022

Thanks for reading. See you tomorrow.