The fun to be done at Billington

Sep 05, 2023

Driving the day

— The Billington Cybersecurity Summit is raking in big government names for its annual convention, including a certain acting cyber director who will face some pointed questions on how exactly federal agencies will advance the White House’s national cyber strategy.

HAPPY TUESDAY, and welcome to MORNING CYBERSECURITY! We’re back after a week off, which I spent visiting family, going to weddings and waking up every morning thinking I missed some important cyber developments. There’s something about paranoia that always keeps you on your A-game.

Have any tips or secrets to share with MC? Or thoughts on what we should be covering? Email Joseph at jgedeon@politico.com. You can also follow @POLITICOPro and @MorningCybersec on X. Full team contact info is below. Let’s dive in.

Today's Agenda

Former National Security Council legal adviser John Eisenberg is joining a virtual forum hosted by the Federalist Society on the possibility of nation-state cyber operations attacking big data. Noon.

National Security Agency and U.S. Cyber Command head Gen. Paul Nakasone, the White House’s acting cyber director Kemba Walden, CIA cyber director Daniel Richard and others are taking part in the first day of the Billington Cybersecurity Summit. Starts at noon.

Shh, it’s a closed door Senate intelligence committee briefing. 2:30 p.m.

DOWNLOAD THE POLITICO APP: Stay in the know with the POLITICO mobile app, featuring timely political news, insights and analysis from the best journalists in the business. The sleek and navigable design offers a convenient way to access POLITICO's scoops and groundbreaking reporting. Don’t miss out on the app you can rely on for the news you need. DOWNLOAD FOR iOS – DOWNLOAD FOR ANDROID.

Want to receive this newsletter every weekday? Subscribe to POLITICO Pro. You’ll also receive daily policy news and other intelligence you need to act on the day’s biggest stories.

THE CONFERENCE CIRCUIT

CYBER CONFAB — Cyber big wigs in the federal government are assembling close to their stomping grounds Tuesday for the annual Billington Cybersecurity Summit in Washington, as lawmakers get set to reconvene on the Hill after their August recess. Here’s what we’re watching for on Day 1.

— Walden on the cyber strategy: White House acting cyber director Kemba Walden is joining ZeroFox’s Bryan Ware for an afternoon fireside to discuss the national cybersecurity strategy and how it falls in line with the Biden administration’s overall national security goals.

— What could come: Expect Walden to be prodded about how things will move forward now that we are a few short months out since the unveiling of the 57-page implementation plan — which divides the strategy’s 27 objectives into 69 initiatives.

That includes defining what a “data-driven approach” would look like, some of the “major hurdles” the office has so far noticed with the implementation, as well as the type of pushback they’ve so far received and how they plan on addressing it, according to some questions MC reviewed from Ware’s team.

The plan has been both applauded and viewed with trepidation, with cyber watchers happy to see an emphasis on wide cross-agency collaboration and noteworthy goals, while also being wary of the ambitious timeline for department’s tasked with initiatives that don’t necessarily have cyber backgrounds. The majority of outcomes are marked to be delivered by 2024, in 14 months.

— Forward motion: Ware, who notes that Walden’s favorite part of the strategy “is found within its last few pages” within the “next steps” section, plans to ask her what three or four actions are the most important for forward progression, MC has learned.

— State of play: Also attending the week-long conference is National Security Agency and U.S. Cyber Command chief Gen. Paul Nakasone, who is prepping for a discussion on the state of cyber threats against the United States.

Watch for the discussion to cover details on how the U.S. will work on more international collaboration to curb cyberattacks. Breaches have contributed to Nakasone’s heavy workload as he remains in office — with Russian and Chinese hacking groups having recently penetrated the systems of several federal agencies.

And don’t forget the looming threat from cybercriminals and foreign governments likely to target next year's presidential election.

— Indefinitely staying: The conversation comes a few weeks after Nakasone said he’d be staying put as the dual-head of the agencies as a result of Alabama Republican Sen. Tommy Tuberville’s block on military appointments.

— A 702 plug: And like his likely successor, Lt. Gen. Tim Haugh, Nakasone is actively seeking the reauthorization of the contentious foreign intelligence collection law Section 702 above other policy initiatives.

While it’s recently been prone to misuse, Nakasone has publicly stressed its essential role in U.S. intelligence gathering, noting that the NSA’s capabilities would diminish without it.

Encryption

ENCRYPTION IS KEY — As the Senate gears back up post-summer break, Sens. Richard Blumenthal (D-Conn.) and Marsha Blackburn's (R-Tenn.) hotly-debated Kids Online Safety Act — aimed at social media companies' responsibility for harmful content to minors — faces imminent scrutiny.

But one of the lesser-discussed concerns is what effect the bill may have on undermining privacy and encryption practices.

While KOSA doesn’t mention encryption per se, critics are finding similarities between the bill and one across the ocean — the U.K.’s Online Safety Bill, which includes provisions that would allow regulators to force messaging platforms like WhatsApp and Signal to scan their apps for child sexual abuse content.

But one person in the know on the Hill argues the encryption complaints are just part of an elaborate ploy to keep regulation at bay for the tech sector.

“The idea that [KOSA] will limit the usage of end-to-end encryption is a false narrative being advanced by the tech industry and its allies to manufacture opposition to the legislation and has no basis in fact,” a Senate staffer working on the bill, granted anonymity to freely discuss legislation in progress, told MC.

But the uncertainty over encryption may be rooted in real concerns, especially considering the “vague” aspects of the legislation, Wayne State University privacy and internet law professor Jonathan Weinberg told MC.

“KOSA is problematic in part because the rules it would impose on platforms are so unclear,” he said in an email. “The terms of the bill are (still) so vague that anything might be said to fall within them.”

The U.K. bill, which Senate staffers tell us has nothing to do with the American counterpart, is likely to pass this fall. KOSA could see a similar fate, as it attracted a whopping 43 co-sponsors in the chamber.

Vulnerabilities

SOFTWARE LOOKS TO AI — While implementing AI into the software landscape may be giving the majority of practitioners the heebie-jeebies around privacy and security concerns, even more are making it a permanent fixture in their industry.

— A permanent fixture: According to a new report from GitLabs, an estimated 90 percent of software development organizations are embracing AI implementation — with 23 percent leveraging AI in the development lifecycle while 67 percent have plans to do so in the near future. Those adopters point to a collective belief that AI is the key to staying competitive and avoiding obsolescence.

Three quarters of survey respondents who are in the AI adoption camp report that at least a quarter of their organization’s DevSecOps team have access to AI tools — with an estimated 60 percent using it on a daily basis.

— Challenges remain: Concerns remain around privacy, intellectual property and security, with about a third of respondents worried about the ramifications of introducing AI into the software development lifecycle. Researchers note 79 percent of respondents expressed concern about AI tools having access to sensitive information, such as customer data.

And while developers are mostly interested in using AI for code generation and productivity forecasting, the survey notes how current usage is mostly focused on chatbots and automated test generation.

Tweet of the Day

If someone like Microsoft Azure CTO and computer security phenom Mark Russinovich says he uses AI to code, then the floodgates to embracing the new tech are surely about to crack open.

Quick Bytes

FREECYCLE DATA FOR SALE— Around 7 million users who use the nonprofit Freecycle have been affected by a major data breach, with usernames, user IDs, email addresses and passwords stolen. The attack was only detected weeks after the stolen data was offered for sale on a hacking forum, writes Sergiu Gatlan for Bleeping Computer.

X GONNA GIVE IT TO YA — A new lawsuit is accusing social media platform X, formerly known as Twitter, of aiding Saudi Arabia in committing human rights abuses against its users by disclosing confidential user data upon Saudi authorities' requests at a higher rate than for other countries. Get the full story from The Guardian’s Washington-based Stephanie Kirchgaessner.

SHIPYARD UPGRADE — The U.S. Navy is considering a significant reduction in its fleet by decommissioning several ships whose systems could be more vulnerable to attacks — including cruisers and some combat ships — in an effort to reallocate funds for modernization, reports Eric Lipton for The New York Times.

OPERATION DUCK HUNT — The FBI conducted a successful operation to dismantle the QakBot botnet — responsible for a wide range of cybercrimes, including stealing sensitive personal and financial information from millions of victims worldwide. Carly Page and Zack Whittaker with TechCrunch break down how the agency was able to pull it off.

Chat soon.

Stay in touch with the whole team: Joseph Gedeon (jgedeon@politico.com); John Sakellariadis (jsakellariadis@politico.com); Maggie Miller (mmiller@politico.com); and Heidi Vogt (hvogt@politico.com).

Enter the “room where it happens”, where global power players shape policy and politics, with Power Play. POLITICO’s brand-new podcast will host conversations with the leaders and power players shaping the biggest ideas and driving the global conversations, moderated by award-winning journalist Anne McElvoy. Sign up today to be notified of the first episodes in September – click here.