GOP presidential candidate Will Hurd talks Chinese cyberattacks, protecting U.S. networks and more

Former congressman Will Hurd (R-Tex.) brings arguably the most significant cyber background that a presidential nominee has ever had, as The Cybersecurity 202 recently outlined. But what does he want to do if he gets the job?

I interviewed him about that this week with my Technology 202 colleague Cristiano Lima, since Hurd’s track record on tech broadly is also pretty significant. We discussed the cyberthreat from China, how to protect U.S. networks, the international dynamic to cybersecurity and more.

It’s early, of course — when we chatted, he’d only been seeking the GOP nomination (alongside nearly a dozen other contenders) for a little more than a week. “My policy shop is evolving, shall we say,” he told us. “But these are all the things that I care about, making sure that we’re continuing to make these issues a focus, but then being able to explain it — why it matters — is even more important.”

Taking care of the United States

One of the key differences for Hurd compared to the last three presidents (Barack Obama, Donald Trump and Joe Biden, the last two of whom he’s running against one way or another) is that he wants to empower federal chief information security officers and federal chief information officers to be able to do more to protect their networks, he said.

“I wish I could sit and say, ‘Hey all these people were terrible,’ but they put really good people in positions to advocate for cybersecurity policy,” Hurd said of the trio of presidents.

But, right now, “the disconnect that happens is that CFOs within agencies can have a veto authority of what CIOs are able to do,” he said.

Hurd also would like to improve government attribution of who’s behind cyberattacks. “I don’t need to know it was Col. Oleg in this unit, but saying it was Russian intelligence is enough,” he said. “Attribution has improved since Obama, but I think there’s a level that we can potentially be doing better in that area.”

The Obama administration launched a “sprint” to focus on fixing cybersecurity problems within the federal government, and Hurd thinks that would be a good idea for tackling the Government Accountability Office’s annual high-risk list, which features a number of cyber and tech woes. (The Biden administration has also launched cyber sprints.)

As far as the Biden administration taking more of a regulatory approach on cyber, Hurd said he favors some of the administration’s goals related to requiring breach victims to notify agencies, but “I think you’re seeing these agencies doing more because Congress has failed in its duty to pass some basic legislation.”

How to structure the federal bureaucracy to handle cyber is something that has changed in each of the last three administrations. The latest iteration features a National Security Council official, a national cyber director and a Cybersecurity and Infrastructure Security Agency among the top positions, and it hasn’t always gone smoothly.

As someone who co-sponsored the original legislation to create CISA, Hurd said he was “proud of the role and how CISA has evolved,” and would like to see CISA stay protecting the .gov domain with NSA responsible for the intelligence and military communities.

Chris Inglis, finding someone who has that gravitas, having them have the authority within the White House is not a bad place to be,” he said of the former national cyber director. (The permanent job There should be someone in the White House pressuring agencies to follow through, too, he said. “I think, finding someone who has that gravitas, having them have the authority within the White House is not a bad place to be,” he said of the former national cyber director. (The permanent job has been left open since Inglis’s departure in February without a nominee.)

He also said that background checks for security clearances — often cited as an impediment to the ability to hire cyber personnel — should be something the federal government ought to be able to do in a week rather than in months, a problem that a tech emphasis could help solve.

Acting abroad

The United States is in a “new Cold War with China, period, full stop, and if somebody doesn’t recognize that or understand that, they need to understand they don’t understand the world,” Hurd said. The threat of China has solidified into a bipartisan view, and the winner of the new Cold War will be the nation that wins in the tech race on issues like 5G, artificial intelligence and quantum computing, he said.

To respond to Chinese cyberattacks, “you have to deliver consequences for negative behavior,” Hurd said. He would want to pressure every country to have stricter rules about punishing cyberattacks that originate from within their borders, and then use international bodies like the World Trade Organization to enforce economic penalties. He’d also like to see the United States team up more with allies on sanctions.

Hurd stopped short of calling for a ban on TikTok, even though he considers it a national security threat.

“We should have reciprocity with the Chinese. If an American company can't do something in China, then why are we allowing a Chinese company to do it here?” he said.

“I would like to not get to a point where you have to ban something if you can work things out, but I don’t think the Chinese are going to change their policy to allow American companies to operate,” he added, “and this is something that Congress should be evaluating.”

He also said the United States could learn from what other countries have done on cyber and privacy, such as with Europe’s General Data Protection Regulation. “I think there’s some lessons from GDPR that could go into a national breach standard here in the United States,” he said.

For more from our interview, check out today’s Technology 202 and subscribe to that here.

The keys

State Dept. cancels meetings with Facebook following ‘censorship’ ruling

The State Department canceled a Wednesday meeting with Facebook to discuss 2024 election preparations and hacking threats, following a judge’s decision this week to impose limits on the Biden administration’s communications with tech firms, our colleagues Will Oremus, Joseph Menn, Cat Zakrzewski and Naomi Nix report, citing a person at the company.

They write: “State Department officials said all future meetings, which had been held monthly, have been ‘canceled pending further guidance,’ said the person, who spoke on the condition of anonymity to preserve working relationships.”

“Waiting to see if CISA cancels tomorrow,” the person added in reference to the Cybersecurity and Infrastructure Security Agency.

The development comes following a Tuesday decision from a Trump-appointed judge that sided with a view alleging the Biden administration colluded with technology firms to suppress First Amendment rights online.

The judge “issued a preliminary injunction that prohibits several federal agencies and their employees” from meeting with social media platforms “for the purpose of urging, encouraging, pressuring, or inducing in any manner the removal, deletion, suppression, or reduction of content containing protected free speech,” our colleagues write.

The Justice Department on Wednesday evening filed a notice saying it would appeal the ruling

Prince Harry alleges secret deal between media publisher and royal family amid phone hacking claims

Prince Harry claimed the royal family agreed in private to not sue the Sun tabloid newspaper and the News of the World over phone hacking allegations, Jim Waterson reports for the Guardian.

“Harry is attempting to take the publisher of the Sun to trial, alleging journalists working for the tabloid hacked his voicemails and illegally targeted him using private investigators over several decades,” Waterson writes.

The publisher, Ruport Murdoch’s U.K. newspaper arm, “is trying to block the case on technical grounds, arguing that Harry waited too long to file his legal paperwork,” the report says.

It adds: “ David Sherborne , Harry’s barrister, told the high court the prince’s case was delayed by the existence of this secret deal, which was known by senior figures such as Rebekah Brooks ,” who was an editor at the Sun.

The Duke of Sussex said the alleged deal would see royal family members receiving apologies and payouts in exchange for staying out of court.

Harry has launched multiple cases against British newspapers alleging they used illegal tools to invade his or his wife’s privacy over several decades.

Murdoch’s “News Group Newspapers has found itself in the unusual position of denying that the Sun engaged in illegal activity while arguing on a procedural point that Prince Harry should have suspected illegal activity at the Sun at an earlier date,” the report notes.

U.K. cyber officials investigating Russia-linked hospital breaches

British cybersecurity officials are investigating an alleged Russia-linked cyberattack on several London hospitals that have led to sensitive documents being leaked online, Ryan Gallagher reports for Bloomberg News.

“A gang of Russian-speaking cybercriminals known as ALPHV, or BlackCat, claimed on its website last week that it had obtained seven terabytes of internal documents from the Barts Health NHS Trust, and threatened to post them online unless a ransom is paid,” according to the report, which later added that the damage caused by the incident is not fully clear.

The trust manages some 2.5 million people across five hospitals in London, making it one of the largest organized health care entities in the U.K.

The U.K.’s National Cybersecurity Center is “working with Barts Health NHS Trust and partners to fully understand the impact of an incident,” a spokesperson said Wednesday.

This is the third cyberattack the Barts trust has faced in the last six years. “In January 2017, the trust’s systems were infected with malware, which disrupted hospital pathology departments, according to an internal report on that incident,” Gallagher writes.

“Months later … Barts was hit by the so-called WannaCry ransomware outbreak and had to divert emergency ambulance services to other hospitals, according to a government review of the attack,” the report adds.

