Your home is watching you

Jan 08, 2024

— With help from Ari Hawkins

Driving the day

— At CES this week, White House official Anne Neuberger will be making a case for the administration’s urgent mission to shield you from your own smart home.

HAPPY MONDAY, and welcome to MORNING CYBERSECURITY! Everyone on the Hill is back to work this week, which means I should start hearing back on some emails, right?

Have any tips or secrets to share with MC? Or thoughts on what we should be covering? Find me on X at @JGedeon1 or email me at jgedeon@politico.com. You can also follow @POLITICOPro and @MorningCybersec on X. Full team contact info is below.

Tune in on Wednesday, Jan. 10, as POLITICO explores Taiwan's upcoming presidential election. Hear from our panel on the potential outcomes to the race and the profound implications for U.S.-China relations depending on who wins. REGISTER HERE.

Want to receive this newsletter every weekday? Subscribe to POLITICO Pro. You’ll also receive daily policy news and other intelligence you need to act on the day’s biggest stories.

THE CONFERENCE CIRCUIT

TRUST THE MARK — Among the glitz and gadgetry of CES 2024 this week in Las Vegas, one senior cyber official at the White House has a critical vulnerability warning topping her agenda: insecure smart devices.

Anne Neuberger, the deputy national security adviser for cyber and emerging technologies, told Morning Cyber that she plans to use CES as a platform to push for broader adoption of the Cyber Trust Mark, a government-backed program designed to identify and certify secure devices. To Neuberger, it’s not just a consumer protection play, but a matter of national security.

“We're really worried about criminals recording kids or baby monitors or changing home security locks, but we want consumers to have a way to know what they're buying is secure,” Neuberger said. “So it’s kind of like ENERGY STAR for cyberwar.”

— Who’s on notice?: At CES, the administration will be talking to companies that produce toys, home security systems and infrastructure for industrial products — some that may be affected by breaches such as the Iranian-linked cyberattacks on water facilities late last year.

— Incoming global news: Neuberger’s focus at CES isn’t just on domestic security: She plans to announce a key international partnership to expand the program’s reach and influence.

“I don’t want to scoop ourselves but it’s so that products that are tested here can also be sold in other parts of the world,” Neuberger said, “which is what private companies are really interested in.”

— Flashback: The U.S. Cyber Trust Mark, still in early stages after being launched in the summer, is the administration’s next logical step to prepare for cyberattacks that may hit too close to home and address cyber standard challenges for manufacturers. Devices that meet those standards earn “the mark” — signaling to consumers and businesses that they can be trusted.

— Meanwhile, a health care policy drop to come: Hospitals, the next short-term target for the White House’s cyber defense strategy, are teaming up with the Department of Health and Human Services for a policy approach in the final stages of development.

The move comes after a surge of devastating ransomware attacks last year exposed hospitals as sitting ducks for cybercriminals, such as the Ardent hit that caused the health care chain to divert patients from some of its emergency rooms. The administration’s strategy is tied to a comprehensive analysis conducted by the HHS, which has been taking the lead in crafting sector-specific cyber standards.

“We're finalizing a set of policies to accelerate the work hospitals need to do to be more secure,” Neuberger told Morning Cyber.

Industry Intel

FIRST IN MC — Kemba Walden, the Biden administration’s former acting national cyber director, is trading the public sector for the world stage, taking the helm of a brand-new cybersecurity institute at venture capital firm Paladin Capital Group.

— Immediate priorities: Paladin’s self-described goal is to coordinate between the public and private sector to protect critical infrastructure from cyberattacks, as well as invest in cyber and advanced tech.

Walden’s new role running the Paladin Global Institute, which launches today, will go a step further: to protect global digital infrastructure, to enhance safety online and to influence startups to align with and collaborate on the National Cybersecurity Strategy.

“It’ll be focused initially on cybersecurity risks, AI risks and digital biology,” Walden said. “Those are the three topics I’m thinking through, and thinking about how to bring together government policymakers and technologists.”

— The four Ws: What will Walden watch? While election security for myriad global elections this year is on everybody’s radar, Walden is also paying attention to another interconnected vulnerability: supply chains.

“Supply chain security is going to be picking up some steam this year,” Walden said, adding that it’s “going to be a big deal” in 2024.

— Passing the baton: When asked about the next chapter of the ONCD, Walden acknowledged that she’s met and chatted with new national cyber director Harry Coker — who will be shepherding the White House’s ambitious and largely still-to-be-implemented cyber strategy — but didn’t disclose details of the conversation.

Over the last few months, a growing number of GOP lawmakers have been increasingly lashing out over the Biden administration’s cyber and disinformation efforts, which lawmakers allege has become a smokescreen to censor conservative voices online. With a looming election in November, those voices may grow louder.

Still, Walden said she’s “not concerned” about the backlash or a break in its bipartisan nature.

“The work of the National Cyber directorate, I fully expect to transcend any administration, regardless of the political persuasion.”

— Dream gig redefined: Walden was a fan favorite during her time leading the office, from rolling out the Biden administration’s first national cybersecurity strategy, to spearheading the follow-up cyber implementation plan and unveiling a cyber workforce and education strategy.

Looking back, she told MC it was her “dream job.”

“It really spoke to what my passions are, and I was very pleased to be a part of the president’s vision,” she said.

“The throughput in my passion is still being served at the Paladin Global Institute,” she added. “This is where I get to continue the nation’s vision.”

On the Hill

— QUECTEL UNDER SCRUTINY: Quectel Wireless Solutions is pushing back against claims from congressional China hawks alleging the company, which produces modules that enable devices to connect to the internet, could be helping to fuel the Chinese military.

“We are disappointed that members of the U.S. Congress would sign a letter making false accusations about Quectel. Our products are designed only for civil use cases and do not pose any threat to the national security of the United States. There is no basis to add Quectel to any U.S. Government restricted list,” Norbert Muhrer, president and chief sales officer, said in a statement to Morning Cyber.

— Reminder: The House’s top China hawks sent a letter last week pressing the Pentagon and Treasury Department to add the IOT giant to its “blacklist” over its alleged ties to Beijing’s military-industrial complex — and its growing footprint in American smart devices.

Among the accusations, Select Committee on CCP Chair Mike Gallagher (R-Wis.) and ranking member Raja Krishnamoorthi (D-Ill.) wrote that Quectel is a major Huawei supplier, even developing modules specifically for the tech giant currently under sanctions.

The company did not respond to a question on whether it would be open to meeting with the Select Committee to sort out concerns.

Tweet of the Day

This is so ’90s that I bet the cursor is a Tamagotchi.

Source: https://twitter.com/HackingLZ/status/1744001189233017119

Quick Bytes

LEBANON’S AIRPORT HACKED — Beirut's Rafic Hariri International Airport was hacked, disrupting flight information and baggage handling. The attack also displayed messages blaming Hezbollah and Iran for potentially bombing the airport, Pierluigi Paganini writes for Security Affairs.

STOP THE ADS — Cybercriminals are exploiting X's advertising system to bombard crypto users with scam ads leading to wallet-draining malware and fake airdrops, reports Lawrence Abrams for BleepingComputer.

ICYMI — Sea Turtle, a Turkey-based espionage APT targeting information theft, shifted tactics after 2019 for better stealth, focusing on European/Middle Eastern governments, Kurdish groups, and data-rich companies in telecom, IT, and media, according to Hunt & Hackett’s research team.

Chat soon.

Stay in touch with the whole team: Joseph Gedeon (jgedeon@politico.com); John Sakellariadis (jsakellariadis@politico.com); Maggie Miller (mmiller@politico.com); and Heidi Vogt (hvogt@politico.com).

GLOBAL PLAYBOOK IS TAKING YOU TO DAVOS! Unlock the insider's guide to one of the world's most influential gatherings as POLITICO's Global Playbook takes you behind the scenes of the 2024 World Economic Forum. Author Suzanne Lynch will be on the ground in the Swiss Alps, bringing you the exclusive conversations, shifting power dynamics and groundbreaking ideas shaping the agenda in Davos. Stay in the know with POLITICO's Global Playbook, your VIP pass to the world’s most influential gatherings. SUBSCRIBE NOW.