There’s something in the water

Delivered every Monday by 10 a.m., Weekly Cybersecurity examines the latest news in cybersecurity policy and politics.

Dec 04, 2023 View in browser   By Joseph Gedeon — With help from Antoaneta Roussi and Clothilde Goujard  Driving the day — Concerns are erupting over Iranian state-linked hackers targeting water facilities in the United States, but how should the government respond? HAPPY MONDAY, and welcome to MORNING CYBERSECURITY! I always thought the end of the world had something to do with a global cyberattack shutting down every corner of our internet, slowly eating away at our essential services. That was until I watched “Godzilla.” Have any tips or secrets to share with MC? Or thoughts on what we should be covering? Find me on X at @JGedeon1 or email me at jgedeon@politico.com. You can also follow @POLITICOPro and @MorningCybersec on X. Full team contact info is below. Let’s dive in. Today's Agenda University of Virginia professor Renée Cummings, Oxford Internet Institute visiting policy fellow Mutale Nkonde and Rutgers University visiting scholar Fay Cobb Payton are heading to the Brookings Institution for a panel on an inclusive future for Black women in AI. 2 p.m. Acting deputy chief information officer for information enterprise at the Department of Defense, Lily Zeleke is part of a virtual discussion on lessons learned from DOD on the government’s innovation accelerator for software factories. 2 p.m.   GET A BACKSTAGE PASS TO COP28 WITH GLOBAL PLAYBOOK: Get insider access to the conference that sets the tone of the global climate agenda with POLITICO's Global Playbook newsletter. Authored by Suzanne Lynch, Global Playbook delivers exclusive, daily insights and comprehensive coverage that will keep you informed about the most crucial climate summit of the year. Dive deep into the critical discussions and developments at COP28 from Nov. 30 to Dec. 12. SUBSCRIBE NOW.     Want to receive this newsletter every weekday? Subscribe to POLITICO Pro. You’ll also receive daily policy news and other intelligence you need to act on the day’s biggest stories. Critical Infrastructure DROP IN THE BUCKET— The cyber front of the simmering war in the Middle East is now spilling into the West, and federal agencies are sounding the alarm on Iranian state-linked hackers hitting water facilities in the United States. A joint advisory issued Friday by the FBI, CISA, NSA, Environmental Protection Agency and the Israel National Cyber Directorate warns that the government-linked Cyber Av3ngers “are actively targeting and compromising” Israeli-made programmable logic controllers widely used in U.S. water and wastewater treatment facilities. An unnamed source told CNN that CISA held meetings with Congress on Thursday, telling staffers that computers at “less than 10” water facilities across the country had been breached. — Finding a deterrent: The question now lies in how the U.S. government could respond. The decades-long tactic of sanctioning Iran back to the Stone Age is unlikely to yield meaningful results, considering how its economy remains resilient and its cyber capabilities have only gotten to be more sophisticated (and emboldened). Because of the number of newly exposed vulnerabilities in the water sector Mark Montgomery, executive director of the influential CSC 2.0, suggests appropriate “cyber cost imposition actions” are necessary. That might involve blocking internet access for the hacking group — a similar tactic CYBERCOM pulled with the Internet Research Agency in 2018. “While the U.S. reserves the right to respond to cyber attacks with any type of weapon, in this case, given the limited impact of the IRGC cyber attacks, a cyber response is probably best warranted,” Montgomery shared. — Deal with it: Despite not causing significant harm, the attacks triggered a wave of concern from cyber leaders in the industry and on the Hill. That includes former CISA director Chris Krebs posting on X with the hashtag “#ImposeCosts that the government “needs to hold Iranian actors accountable” and House Homeland Security cyber subcommittee Chair Andrew Garbarino (R-N.Y.) urging “the Biden administration to hold these actors accountable.” “The United States cannot turn a blind eye to malign foreign actors who jeopardize the safety, security and well-being of Americans and our allies,” Garbarino said in a statement. — A more restrained view: The attacks amount to little more than public defacement, more symbolic than a prelude to a devastating disruption. James Lewis, a senior vice president at the Center for Strategic and International Studies and former diplomat, told MC that the recent attacks looked to be “pretty low budget hacks … against non-strategic targets.” Lewis argues that Iran’s primary motivation for the attacks is likely to send a message of defiance rather than inflict serious damage. “So not really a big deal,” he summed up. — Who are the attackers?: Shmuel Gihon, security research team leader at Israel-based Cyberint, told MC he’s been tracking Cyber Av3ngers since it emerged around September — and the group has been quite active since the start of the conflict between Israel and Hamas. It’s even been involved in targeting water facilities in Israel, including a recent breach of Mekorot, Israel’s national water company. While disruptions by the group have so far been limited in scope and tend to focus on leaking data, Gihon warns its link to other hacktivists is a serious problem. “Despite being a relatively unsophisticated and new group, they are very connected to other groups within the hacktivist community,” Gihon explained. “And that’s the main threat they pose — the potential recruitment of other, more sophisticated groups.” On the Hill WAITING GAME — The timeline for the passage of the annual defense policy bill is hanging in the balance as the Senate looks to prioritize debate on an emergency funding package for ongoing global conflicts. Rep. Adam Smith (D-Wash.), the ranking Democrat on the House Armed Services Committee, told POLITICO’s Joe Gould he’s confident the NDAA goes through before the end of the year. But the Senate’s focus on the supplemental funding package, which includes aid for Ukraine, Israel Taiwan, and the southern border casts some complications. — Let’s see what happens this week: The "Big Four" leaders of the Armed Services panels in both chambers have reached an agreement on the NDAA, potentially paving the way for its introduction this week. Still, sequencing looks to be fluid and the game plan is up in the air. While the Senate plans to vote on the NDAA first, Majority Leader Chuck Schumer is targeting this week for a vote on President Joe Biden's $106 billion supplemental funding request. The supplemental push hinges on a bipartisan deal on border policy, which Republicans have deemed essential for supporting more funding. If senators cannot strike a deal, action on the security package could stall quickly. — Other deals in the mix: There are some gamechangers for cyber tie-ins in this year’s defense funding, starting with Senate Intelligence Chair Mark Warner (D-Va.) telling Maggie last week that “everyone has signed off” on the inclusion of the Intelligence Authorization Act in the conferenced version of the NDAA. Senate Foreign Relations Chair Ben Cardin (D-Md.) added that the State Department Authorization Act, which would establish a cyber fund at the department to help foreign governments strengthen their networks, “by and large” would make it in. Outstanding cyber issues outside the NDAA's core focus on the military could however delay the bill's passage. That includes a potential extension of foreign surveillance authority Section 702 and cryptocurrency regulation. Election Security CREDIT STRIKE — Approximately 60 credit unions across the U.S. are experiencing system outages affecting member account availability due to a ransomware attack at a third-party service provider. The attack targeted the aptly-named cloud services provider Ongoing Operations, which notified affected credit unions on Nov. 26 that it had been hit with ransomware. It also reported the cyber incident to federal agencies. “The National Credit Union Administration continues to monitor the situation and coordinate with affected credit unions,” NCUA spokesperson Joseph Adamoli confirmed to MC, adding that affected member deposits remain insured up to $250,000. — Warning shots: NCUA is not new to dealing with cyberattacks, with Chair Todd Harper saying in October that in the first 30 days after a new incident reporting rule went into effect, the NCUA received 146 incident reports — a number previously only seen in an entire year. The International Scene HOT DOC — EU justice ministers are set to push the Commission to focus on global data exchanges under the bloc’s privacy rules during a meeting today, according to a draft statement obtained by POLITICO. Similar to what POLITICO’s Cyber Insights reported in early October, EU countries will present their conclusions on the General Data Protection Regulation. — GDPR benefits unknown: GDPR is said to bring a ton of benefits to companies — but the Commission has not fully assessed them, according to Justice Commissioner Didier Reynders. In response to a question, the politician said the EU executive had “not made ex post quantitative estimates of the benefits of the GDPR for businesses following its the entry [sic] into application in May 2018.” Tweet of the Day What came first, the doomsday cyber apocalypse or “Black Mirror”? Quick Bytes ‘A MASS ASSASSINATION FACTORY’ — The expanded authorization for bombing non-military targets, relaxed constraints on civilian casualties, and the use of artificial intelligence in target selection have contributed to the destructive nature of Israel's current war on the Gaza Strip, reports Yuval Abraham for +972 Magazine. THIRD TIME’S NOT THE CHARM — Israel’s Ziv Medical Center was allegedly hit by Iran-linked hackers, who claim to have stolen more than500 gigabytes of data, including hundreds of thousands of IDF medical records. It’s the third time Ziv has been hacked in four months, writes Yinon Ben Shushan for Walla! HOSPITAL NOT SPARED — The Fred Hutchinson Cancer Center in Seattle was the target of a Thanksgiving week cyberattack, writes Seattle Times reporter Elise Takahama. Chat soon.  Stay in touch with the whole team: Joseph Gedeon (jgedeon@politico.com); John Sakellariadis (jsakellariadis@politico.com); Maggie Miller (mmiller@politico.com); and Heidi Vogt (hvogt@politico.com).   JOIN WOMEN RULE ON 12/12: For centuries, women were left out of the rooms that shaped policy, built companies and led countries. Now, society needs the creativity and entrepreneurship of women more than ever. How can we make sure that women are given the space and opportunity to shape the world’s future for the better? Join POLITICO's Women Rule on Dec. 12 for Leading with Purpose: How Women Are Reinventing the World to explore this and more. REGISTER HERE.       Follow us on Twitter Heidi Vogt @HeidiVogt Maggie Miller @magmill95 John Sakellariadis @johnnysaks130 Joseph Gedeon @JGedeon1   Follow us

To change your alert settings, please log in at https://www.politico.com/_login?base=https%3A%2F%2Fwww.politico.com/settings This email was sent to salenamartine360.news1@blogger.com by: POLITICO, LLC 1000 Wilson Blvd. Arlington, VA, 22209, USA Unsubscribe | Privacy Policy | Terms of Service