What to expect from NASS and NASED conferences – Politico
With help from Martin Matishak
Editors Note: Weekly Cybersecurity is a weekly version of POLITICO Pros daily Cybersecurity policy newsletter, Morning Cybersecurity. POLITICO Pro is a policy intelligence platform that combines the news you need with tools you can use to take action on the days biggest stories. Act on the news with POLITICO Pro.
State and local officials are meeting this week to discuss how to approach cybersecurity and election security issues in a chaotic time.
Two House panels announced the lawmakers who will lead key cyber subcommittees during this Congress.
Democratic lawmakers want answers from the NSA about an old scandal that they say has taken on new urgency in light of SolarWinds.
HAPPY MONDAY and welcome to Morning Cybersecurity! Cant believe we banished Pluto from the planet club when it was already dealing with this. Send your thoughts, feedback and especially tips to [emailprotected] and be sure to follow @POLITICOPro and @MorningCybersec. Full team info below.
STATES TAKE STOCK The 2020 election may (finally) be over, but election security remains a top issue for state officials, and its one of several cyber topics that they plan to discuss at a pair of conferences this week. The National Association of State Election Directors is meeting all week, while the National Association of Secretaries of State meets Tuesday through Friday. To say that officials have their plates full would be an understatement, but scattered in between panels about online notarization, corporate transparency and pandemic emergency orders are sessions that will help shape states cybersecurity priorities for the next year and beyond.
Secretaries of state will hear from the lawmakers whose committees oversee elections, including the Democrats pushing a sweeping election security and reform bill and the Republicans vehemently opposing it. House Administration Committee Chairwoman Zoe Lofgren (D-Calif.) and incoming Senate Rules Committee Chairwoman Amy Klobuchar (D-Minn.) are likely to receive a frosty reception as they discuss the For the People Act (H.R. 1 and S. 1), a Democratic bill that includes major election security provisions. State election officials have consistently opposed new federal rules covering voting technology and election administration.
NASS will also hear from Brandon Wales, the acting director of the Cybersecurity and Infrastructure Security Agency, which coordinates cybersecurity assistance to states on issues including ransomware and election security. And secretaries will meet behind closed doors to discuss the cybersecurity lessons from the 2020 election cycle.
Over at NASED, two top CISA officials overseeing election security work will discuss lessons from 2020 and priorities for 2021. Other NASED sessions will cover information sharing, incident response, misinformation and pandemic disruptions. Speaking of misinformation, NASS will hold a session about strategies for correcting false election claims.
NASS cybersecurity committee will hear about the value of collaborating with independent security researchers. State IT officials will discuss their collaborations with security companies, including two that run vulnerability disclosure programs. Researchers have spent years urging state officials to launch VDPs so good-faith experts can report flaws in state government systems, and officials are increasingly overcoming their doubts about trusting outside researchers.
Election officials across the country are committed to protecting the sanctity and integrity of the vote, and Im looking forward to this opportunity to share best practices with my colleagues, Iowa Secretary of State Paul Pate, a co-chair of the cyber committee, told MC.
A second panel discussion during the cyber committee meeting will look at the state and local cybersecurity landscape. From ransomware to pandemic-related digital services, state and local officials face a growing array of cyber challenges, and multiple organizations have repeatedly urged Congress to provide grant funding.
MEET THE GAVEL-WIELDERS We now know who will be leading two key cyber-related subcommittees in the 117th Congress, giving outside experts, federal officials and fellow lawmakers a sense of who theyll need to persuade to advance priorities from international norms to bolstering CISA.
Yvette Clarke (D-N.Y.) will chair the House Homeland Security Committees Cybersecurity, Infrastructure Protection, and Innovation Subcommittee, panel chair Bennie Thompson (D-Miss.) announced on Friday. Clarke, who previously led the subcommittee during the 111th Congress, is no stranger to cyber issues, having sponsored or cosponsored bills to improve critical infrastructure security and expand the cyber workforce. She has also urged a focus on cyber hygiene and a nuanced approach to regulation informed by industry input.
Andrew Garbarino (R-N.Y.), a freshman lawmaker, will be the cyber subcommittees top Republican, according to a statement from panel ranking member John Katko (R-N.Y.). Republicans promised to prioritize cybersecurity as the pre-eminent national security threat of our time that demands an evolved approach. Fun fact: Three of the four leaders of the full committee and cyber subcommittee now hail from the same state for what appears to be the first time.
The homeland panels cyber subcommittee will have its hands full in this Congress as it deals with the SolarWinds cyber espionage campaign, CISAs response to SolarWinds and the agencys overall readiness, the supply chain threats posed by foreign-linked telecom companies and many other issues.
William Keating (D-Mass.) will lead the House Foreign Affairs Committees Europe, Energy, the Environment, and Cyber Subcommittee, according to the panels chair, Gregory Meeks (D-N.Y.). Democrats just added cyber to this subcommittees name for the first time, although it already handled the issue as part of its previous emerging threats mandate. Keating hasnt said much about cybersecurity, but in 2017, he criticized then-President Donald Trumps refusal to acknowledge Russias responsibility for its 2016 election cyberattacks.
Among the issues on Keatings plate will be scrutinizing the State Departments creation of its new cyber diplomacy bureau. The outgoing Trump administration green-lit a plan to create the bureau in its final days, but Democratic lawmakers, the Government Accountability Office and some former officials have raised concerns about the plan, saying it fails to coordinate the full spectrum of cyber issues. Republicans have not yet announced their ranking member for the foreign affairs panels cyber subcommittee.
ONCE IS A FLUKE, TWICE IS A COINCIDENCE A group of House and Senate Democrats is pressing the NSA for answers about the spy agencys involvement in the creation of a digital vulnerability that made its way into the firewalls of technology vendor Juniper Networks. Their missive signals a growing awareness on the Hill of the dangers of supply chain attacks, in which hackers compromise software used by their real targets. In a Jan. 28 letter to NSA Director Gen. Paul Nakasone, the lawmakers led by incoming Senate Finance Committee Chair Ron Wyden (D-Ore.) and including new House cyber subcommittee chair Clarke asked for details about the NSAs probe of the Juniper breach.
The American people have a right to know why NSA did not act after the Juniper hack to protect the government from the serious threat posed by supply chain hacks, the lawmakers wrote. A similar supply chain hack was used in the recent SolarWinds breach, in which several government agencies were compromised with malware snuck into the companys software updates.
The group asked Nakasone to answer a series of questions and made requests for additional information, including a Juniper lessons learned report that an NSA official mentioned to Wyden, a senior member of the Senate Intelligence Committee, during a 2018 briefing. The spy agency has yet to make the report available.
MAKING GOOD PROGRESS A U.N. group charged with developing international norms of responsible behavior in cyberspace wrapped up its latest session last week, and the State Departments cyber team praised the groups chief for presiding over a valuable meeting. We appreciate Brazilian Ambassador Guilherme Patriota for effectively chairing the latest session of the @UN Group of Government [sic] Experts on #cyber this week, the cyber office said on Twitter, adding that the GGEs work will help all UN member states understand the importance of cyber norms and the value of helping developing nations build the capacity to defend themselves.
The GGE, a small group championed by the U.S. and other Western nations, faces competition from a separate U.N. body created in 2018 at the urging of Russia. The newer Open-Ended Working Group, or OEWG, has drawn criticism from Western diplomats and independent cyber experts, who accuse Russia of using it to launder dangerous policies that would restrict internet freedom.
HERES TO YOU Colorados chief election official has bestowed an award on former CISA Director Chris Krebs for his leadership of the governments cyber agency during the 2020 election cycle. Krebs fought back against election domestic and foreign misinformation, and fortified election cybersecurity, Colorado Secretary of State Jena Griswold (D) said in a statement. At times Krebs pushed back on misinformation spread by the former President, which ultimately cost him his job. His courage, commitment, and leadership are one of the reasons the 2020 Election was the most secure in our nations history.
PEOPLE ON THE MOVE:
Ian Wallace has joined the State Department as a senior adviser in its cyber office. Wallace previously served as a senior fellow in the digital innovation and democracy program at the German Marshall Fund.
TWEET OF THE DAY Patch your bodies as soon as possible!
Nearly a third of victims in the SolarWinds campaign didnt use SolarWinds software and were instead hacked through a different vector. (Wall Street Journal)
By breaching the federal court system, the SolarWinds hackers may have accessed highly sensitive sealed documents. (Associated Press)
A far-right activist with a security clearance helped Russian hackers spread hacked documents stolen during Frances 2017 election. (Southern Poverty Law center)
A social media campaign used fake, AI-generated profiles to attack Belgiums plan to ban Huawei from its 5G network. (CyberScoop)
If hackers stole your identity and used it to get unemployment benefits, you might soon get a shocking tax bill. (Krebs on Security)
Thats all for today.
Stay in touch with the whole team: Eric Geller ([emailprotected], @ericgeller); Bob King ([emailprotected], @bkingdc); Martin Matishak ([emailprotected], @martinmatishak); and Heidi Vogt ([emailprotected], @heidivogt).
Here is the original post:
What to expect from NASS and NASED conferences - Politico
- CISA, NSA, and Partners Issue Annual Report on Top Exploited Vulnerabilities - HSToday - December 5th, 2024 [December 5th, 2024]
- Where Will The Top Amateurs at NSA Yamaha Land After the Team Closes? - Vurbmoto - December 5th, 2024 [December 5th, 2024]
- CISA, NSA, FBI and International Partners Publish Guide for Protecting Communications Infrastructure - HSToday - December 5th, 2024 [December 5th, 2024]
- Main players backing Syrian government have been weakened by other conflicts, NSA Sullivan says - NBC News - December 5th, 2024 [December 5th, 2024]
- Trump's incoming NSA Mike Waltz wants US to dance cheek-to-check with India - The Times of India - November 14th, 2024 [November 14th, 2024]
- What Trump's NSA Nominee Said On India's Pivotal Role In The 21st Century - NDTV - November 14th, 2024 [November 14th, 2024]
- Exclusive: Nakasone on exploding pagers, life after the NSA and another possible government job - The Record from Recorded Future News - November 14th, 2024 [November 14th, 2024]
- FBI, CISA, and NSA reveal most exploited vulnerabilities of 2023 - BleepingComputer - November 14th, 2024 [November 14th, 2024]
- CISA, NSA, and Partners Issue Annual Report on Top Exploited Vulnerabilities - National Security Agency - November 14th, 2024 [November 14th, 2024]
- 6 Principles of Operational Technology Cybersecurity released by joint NSA initiative - Security Intelligence - November 14th, 2024 [November 14th, 2024]
- It's official FBI, CISA, and NSA reveal the most exploited vulnerabilities of 2023 - TechRadar - November 14th, 2024 [November 14th, 2024]
- Donald Trump picks Mike Waltz as US NSA: What it means for China and India - The Times of India - November 14th, 2024 [November 14th, 2024]
- Who is Mike Waltz, Donald Trump's new NSA pick? What are his ties to India Caucus? - Firstpost - November 14th, 2024 [November 14th, 2024]
- NSA should not oversee the management of national facilities RexDanquah - Citi Sports Online - November 14th, 2024 [November 14th, 2024]
- Trudeaus NSA admits to leaking secret intel alleging Indias interference to Washington Post - Firstpost - October 31st, 2024 [October 31st, 2024]
- White House dials NSA Ajit Doval: Here's what happened in the call - The Economic Times - October 31st, 2024 [October 31st, 2024]
- NSA Doval Stresses Need For Stable Indo-Pacific In Phone Call With US Counterpart Sullivan - News18 - October 31st, 2024 [October 31st, 2024]
- Director-General of NSA calls for continued support from government - GhanaWeb - October 21st, 2024 [October 21st, 2024]
- 5G Non Standalone Nsa Architecture Market to Reach USD 240.0 - openPR - October 21st, 2024 [October 21st, 2024]
- NSA meets with Minister Muir and DAERA to discuss industry concerns - Meat Management - October 21st, 2024 [October 21st, 2024]
- NSA cyber chief: Espionage is now Russias focus for cyberattacks on Ukraine - The Record from Recorded Future News - October 11th, 2024 [October 11th, 2024]
- NSA Investigating If Chinese Hackers Breached US Telecoms - Yahoo Finance - October 11th, 2024 [October 11th, 2024]
- NSA Issues Updated Guidance on Russian SVR Cyber Operations - National Security Agency - October 11th, 2024 [October 11th, 2024]
- News - Honoring the Stars and Stripes: NSA Philadelphia Hosts Dignified Flag Disposal Ceremony - DVIDS - October 11th, 2024 [October 11th, 2024]
- NSA's Program for Nursing Mothers in the Workplace Considered a Model for USG - National Security Agency - October 11th, 2024 [October 11th, 2024]
- NSA investigating hack of three major telecommunications companies - Baltimore Sun - October 11th, 2024 [October 11th, 2024]
- Honoring the Stars and Stripes: NSA Philadelphia Hosts Dignified Flag Disposal Ceremony [Image 8 of 8] - DVIDS - October 11th, 2024 [October 11th, 2024]
- NSA Hiring Over a Thousand in the Next Year - ClearanceJobs - October 4th, 2024 [October 4th, 2024]
- What Its Really Like to Work at NSA - National Security Agency - October 4th, 2024 [October 4th, 2024]
- US Elections: Former NSA John Bolton Claims Both Harris And Trump Do Not Qualify To Be President | NewsX Exclusive - NewsX - October 4th, 2024 [October 4th, 2024]
- Honoring the fallen: Bells toll for Americas heroes at NSA Mechanicsburg - American Military News - October 4th, 2024 [October 4th, 2024]
- How often should you turn off your phone? Heres what the NSA says - PCWorld - October 4th, 2024 [October 4th, 2024]
- NSA and Allies Issue Advisory about PRC-Linked Actors and Botnet Operations - HSToday - September 28th, 2024 [September 28th, 2024]
- NSA warns that Active Directory is an "exceptionally large and difficult to defend" attack surface - The Stack - September 28th, 2024 [September 28th, 2024]
- News - Honoring the Fallen: Bells Toll for Americas Heroes at NSA Mechanicsburg - DVIDS - September 28th, 2024 [September 28th, 2024]
- National Storage Affiliates Trust (NYSE:NSA) Given Average Recommendation of "Reduce" by Brokerages - MarketBeat - September 28th, 2024 [September 28th, 2024]
- Lack of Standard Stadiums: NSA boss sacked, facilities closed - What has been said and done so far - GhanaWeb - September 21st, 2024 [September 21st, 2024]
- NSA and Allies Issue Advisory about PRC-Linked Actors and Botnet Operations - National Security Agency - September 21st, 2024 [September 21st, 2024]
- UTEP Establishes Collaboration with DoD, NSA to Help Enhance U.S. Semiconductor Workforce - The University of Texas at El Paso - September 21st, 2024 [September 21st, 2024]
- The NSA advises you to turn off your phone once a week - here's why - ZDNet - September 21st, 2024 [September 21st, 2024]
- NSA Publishes Cyber Advisory on China-Linked Threat Actors - Executive Gov - September 21st, 2024 [September 21st, 2024]
- Former NSA Director Nakasone opens new institute at Vanderbilt to train right type of leader - Washington Times - September 21st, 2024 [September 21st, 2024]
- ACR lauds legislation that would fine insurers for delayed NSA payments - AuntMinnie - September 16th, 2024 [September 16th, 2024]
- NSA threatens lawsuit over election rigging allegation, demands apology - Pulse Nigeria - September 16th, 2024 [September 16th, 2024]
- NSA explains its work with private sector on election security and fighting foreign cyber threats - Washington Times - September 16th, 2024 [September 16th, 2024]
- NSA to debut podcast to boost public awareness of classified missions - Nextgov/FCW - August 31st, 2024 [August 31st, 2024]
- In Beijing, Bidens NSA Calls Out Chinas Destablising Actions, Openly Supports Philippines - Hindustan Times - August 31st, 2024 [August 31st, 2024]
- Why the NSA advises you to turn off your phone once a week - ZDNet - August 31st, 2024 [August 31st, 2024]
- Getting into rhythm: NSA places high expectations on themselves for 2024 - Suffolk News-Herald - August 31st, 2024 [August 31st, 2024]
- NSA readying podcast to share untold stories of codebreakers missions - Washington Times - August 31st, 2024 [August 31st, 2024]
- Trump govt stopped aid to Pakistan over ISI's 'undeniable complicity' with terrorists: Ex-US NSA - Hindustan Times - August 31st, 2024 [August 31st, 2024]
- Top NSA researcher tapped to lead Pentagons UAP investigation hub - DefenseScoop - August 27th, 2024 [August 27th, 2024]
- NSA Releases Guide to Combat Living Off the Land Attacks - Infosecurity Magazine - August 27th, 2024 [August 27th, 2024]
- With a little help from the National Archives, NSA finally releases Grace Hopper lecture. Watch it here. - MuckRock - August 27th, 2024 [August 27th, 2024]
- Trump administration NSA H.R. McMaster says there was "inconsistency" in foreign policy - CBS News - August 25th, 2024 [August 25th, 2024]
- 'Putin exploited Trump's ego and insecurities': Former NSA in new book - The Times of India - August 25th, 2024 [August 25th, 2024]
- NSA calls for urgent Government action on illegal sheep imports - Meat Management - August 14th, 2024 [August 14th, 2024]
- Sheikh Hasina Resignation LIVE Updates: Ex Bangladesh PM Sheikh Hasina Meets NSA Ajit Doval At Hindon Airbase - NDTV - August 5th, 2024 [August 5th, 2024]
- NSA Claims It Cant Watch an Important Tape It Recorded in the 1980s - Gizmodo - July 17th, 2024 [July 17th, 2024]
- Letter to NSA Sullivan Requesting Assessment of Information Russia Has Shared with the PRC on U.S. Weapons Capabilities in Ukraine - Select Committee... - July 17th, 2024 [July 17th, 2024]
- The NSA Is Defeated By A 1950s Tape Recorder. Can You Help Them? - Hackaday - July 17th, 2024 [July 17th, 2024]
- Letter to NSA on Microsoft's Billion Dollar Partnership with UAE Firm G42 - Select Committee on the CCP | - July 17th, 2024 [July 17th, 2024]
- NSA Fast Pitch World Series kicks off with Skills Competition & Heavy Hitters Camp, featuring College World Series Champions from the University... - July 17th, 2024 [July 17th, 2024]
- NSA contractor bilked government for hundreds of hours she never worked - Washington Times - July 6th, 2024 [July 6th, 2024]
- Signals intelligence has become a cyber-activity - The Economist - July 6th, 2024 [July 6th, 2024]
- OpenAI adds former NSA chief to its board - CNBC - June 15th, 2024 [June 15th, 2024]
- Former head of NSA joins OpenAI board - The Verge - June 15th, 2024 [June 15th, 2024]
- Former NSA Head Joins OpenAI Board and Safety Committee - RetailWire - June 15th, 2024 [June 15th, 2024]
- Former NSA head joins OpenAI board and safety committee - TechCrunch - June 15th, 2024 [June 15th, 2024]
- OpenAI Appoints Cybersecurity Expert And Retired US Army Genera With NSA Pedigree To Board, Enhancing AI ... - Benzinga - June 15th, 2024 [June 15th, 2024]
- Former NSA head Paul Nakasone to helm national security institute at Vanderbilt - The Record from Recorded Future News - May 15th, 2024 [May 15th, 2024]
- US is still chasing down pieces of Chinese hacking operation, NSA official says - The Record from Recorded Future News - March 18th, 2024 [March 18th, 2024]
- 6 CISO Takeaways from the NSA's Zero-Trust Guidance - Dark Reading - March 18th, 2024 [March 18th, 2024]
- St. John's M.S. in Cyber and Information Security Earns Key NSA Validation - St John's University News - March 18th, 2024 [March 18th, 2024]
- Senate votes to confirm Lt. Gen. Timothy Haugh to lead CYBERCOM and NSA/CSS - United States Cyber Command - December 23rd, 2023 [December 23rd, 2023]
- NSA Highlights AI, Partnerships in 2023 Cyber Review - MeriTalk - December 23rd, 2023 [December 23rd, 2023]
- NSA Publishes 2023 Cybersecurity Year in Review - National Security Agency - December 23rd, 2023 [December 23rd, 2023]
- Senate votes to confirm Lt. Gen. Timothy Haugh to lead CYBERCOM and NSA/CSS - National Security Agency - December 23rd, 2023 [December 23rd, 2023]
- NSA Reiterates Achievements in AI & Defense Against Russia, China in 2023 Cybersecurity Review - Executive Gov - December 23rd, 2023 [December 23rd, 2023]
- NSA appoints new Cyber Command head | SC Media - SC Media - December 23rd, 2023 [December 23rd, 2023]