China is everywhere all at once

Delivered every Monday by 10 a.m., Weekly Cybersecurity examines the latest news in cybersecurity policy and politics.
Nov 25, 2024 View in browser
 
POLITICO Weekly Cybersecurity Newsletter Header

By Maggie Miller

With help from Jordyn Dahl

Driving the Day

— Key lawmakers are sounding the alarm as loudly as possible about a recent Chinese hack of global telecommunications systems, which may be one of the largest attacks in history.

HAPPY MONDAY, and welcome to MORNING CYBERSECURITY! I’m your host, Maggie Miller, starting the official trade off back and forth with John for the next few weeks on authoring this newsletter now that Joseph has flown the nest. While we may not be able to match his banter, we promise to do our best to keep you informed while the search for our next official newsletter writer carries on. Happy hunting to our editor.

Follow me and John on X at @magmill95 and @johnnysaks130, on Bluesky at @maggiemiller.bksy.social, or reach out via email or text for tips. You can also follow @POLITICOPro on X.

Want to receive this newsletter every weekday? Subscribe to POLITICO Pro. You’ll also receive daily policy news and other intelligence you need to act on the day’s biggest stories.

Today's Agenda

Baking pumpkin pie and braving early online shopping for Black Friday sales. Otherwise, no (cyber) events to report.

China

THE LIGHTS ARE BLINKING RED — The recent hack of U.S. telecommunications systems is one of the most serious cyberattacks in the nation’s history and is an ongoing open national security threat, lawmakers are warning.

“Unless you are using a specialized app, any one of us and every one of us today is subject to the review by the Chinese Communist government of any cell phone conversation you have with anyone in America,” Sen. Mike Rounds (R-S.D.), ranking member of the Senate Armed Services Committee’s cyber subcommittee, said during a panel at the Halifax International Security Forum on Friday.

“They have access to every single one of our major telecommunications companies,” Rounds, who is also a member of the Senate Intelligence Committee, added.

— The details: The massive security incident, attributed to Chinese government hacking group Salt Typhoon last month, impacted up to 80 telecom companies, both in the U.S. and abroad, as John reported Friday (for Pros). These include Verizon, AT&T and T-Mobile, among others, and involved the infiltration of devices belonging to President-elect Donald Trump, Vice President-elect JD Vance and senior Biden administration officials.

“They’ve broken in, and they can read your texts and they can hear your conversations,” Rounds warned at the forum. “It’s just a matter of who they want to listen to, and who they don’t, and that is public information, and it doesn’t seem to make anybody concerned, and we ought to be.”

— Behind closed doors: The Senate Intelligence Committee received a classified briefing on the hack earlier this month, with members emerging shaken. Committee Chair Mark Warner (D-Va.) told your MC host the day after the briefing that it had “rocked them.”

“This is the most serious breach in our history, and I think the American people need to know how extensive, and frankly how many of our major cell comms have been compromised,” Warner said.

Warner made similar remarks to The Washington Post late last week, and these reverberated at the Halifax forum, where officials from the U.S. and other Western allied nations gathered over the weekend to discuss pressing global security challenges. Sen. Amy Klobuchar (D-Minn.), who attended the forum alongside Rounds and multiple other senators, said that making the case for boosting cyber defense was a key topic of conversation.

“We’re going to have to just continually invest, and part of our delegation here, one of our quests is to continue to push NATO countries to invest in defense, and that is certainly in a big way going to include cyber defense,” Klobuchar said.

 

Want to know what's really happening with Congress's make-or-break spending fights? Get daily insider analysis of Hill negotiations, funding deadlines, and breaking developments - free in your inbox with Inside Congress. Subscribe now.

 
 
Cybercrime

MISSION (SOMEWHAT) ACCOMPLISHED — Despite the rising threats from China, cybersecurity experts are feeling bullish on progress made to combat cyberattacks and disinformation efforts linked to Beijing and other nations — though they are warning to not let up defending against these foreign threats.

This was made clear during the annual CYBERWARCON event on Friday, which brought together some of the nation’s top cyber experts to discuss the latest threats in cyberspace.

Morgan Adamski, executive director of U.S. Cyber Command, kicked off the event by detailing some of her agency’s efforts to combat cyber threats, including sending teams from the Cyber National Mission Force to more than 30 countries in the past year to hunt for vulnerabilities in allied nations’ systems, and defending critical networks at home.

“All of these activities are having an effect, I know because we see it both publicly and in our own sources,” Adamski said. “Threat actors are changing their tradecraft, they’re second-guessing their operations, and they’re abandoning their infrastructure.”

She pointed in particular to efforts by Chinese government-linked hacking groups, such as Volt Typhoon and Salt Typhoon, to hack into U.S. critical infrastructure in recent years. While Adamski acknowledged that both groups are not slowing down their activities, she mocked how Chinese officials respond to U.S. and allied reports on Chinese cyber threats.

“I mean, Volt Typhoon was ransomware? Really appreciated everyone’s memes on that one,” Adamski said.

— From Silicon Valley: The Cyber Command official was not alone in expressing confidence. Mike Torrey, principal security engineer investigator at Meta, presented findings on how the parent company of Facebook and Instagram has combatted disinformation operations linked to Doppelganger, a prolific network of accounts with ties to the Russian government. The Justice Department took steps to disrupt the operation earlier this year.

Facebook was inundated with ads purchased by the Doppelganger group that pushed pro-Kremlin narratives ahead of the European Union elections this year. But Torrey said Meta is, at least at the moment, winning the war against Doppelganger, having mostly blocked its ability to post links to fake websites pushing pro-Kremlin narratives, and more recently driving the group to post about U.S. entertainment-linked issues.

He said Meta has blocked and reported on more than 6,000 domains tied to Doppleganger.

“The majority of what they have tried to do on Meta never sees the light of day,” Torrey said of Doppelganger’s activities. “That means what you see is less than half of what they are trying to do on a daily basis … the majority of the time, they are failing at what they are trying to do. We’ve taken down tens of thousands of their assets.”

He added a note of strong caution though, stressing that “even in the face of this limited success, they are coming back every day.”

— Can’t stop, won’t stop: Despite these positive steps at combating massive government-linked operations, officials agree: The U.S. government and the cybersecurity industry can’t slow down in fighting back.

“We, the U.S. government and all of you in this room, the U.S. private sector, are faster, stronger, and more equipped to counter them using all of our capabilities,” Adamski said. “Collective defense between U.S. government and industry is how we win.”

“Our adversaries are not ten feet tall; we are,” she added.

The International Scene

OMINOUS WARNING — The Russian government is prepared to launch massive attacks against NATO nations, United Kingdom Cabinet Secretary Pat McFadden will tell attendees at a NATO cybersecurity conference in London today.

As POLITICO’s Victor Jack reported Sunday, McFadden will warn that Moscow is now ready to cause “unprovoked attacks against our critical national infrastructure,” including power grids, which “can turn the lights off for millions of people,” according to prepared remarks. Russia has consistently targeted Ukraine’s energy grid for the past decade, plunging portions of the nation into darkness in 2015 and 2016, long before the full invasion in 2022.

This escalation in Russian cyber threats comes on the heels of the U.S. authorizing Ukraine to use long-range missiles to strike against Russia, which led Moscow to launch another hypersonic missile into Ukraine late last week.

The private sector is also observing this increase. Kent Walker, president of global affairs at Google, said during a talk at the Halifax International Security Forum on Saturday that his company is “seeing an increasing number of cyberattacks, NATO countries alone have seen a quadrupling in cyberattacks in the last few years.”

— Not sitting ducks: “Be in no doubt: the United Kingdom and others in this room are watching Russia,” McFadden will say. “We know exactly what they are doing.”

Russia was widely expected to use cyberattacks as a key component of its war against Ukraine in early 2022, and in many cases did, including disrupting a major satellite network used in Ukraine and across Europe. But Sen. Rounds at the Halifax conference was bullish about the NATO countries’ ability to counter Moscow.

“Putin, what he thought was a very powerful cyber system, we could take it down,” Rounds said.

 

Don't just read headlines—guide your organization's next move. POLITICO Pro's comprehensive Data Analysis tracks power shifts in Congress, ballot measures, and committee turnovers, giving you the deep context behind every policy decision. Learn more about what POLITICO Pro can do for you.

 
 
At the Agencies

PROTECT THE CRANES: The U.S. Coast Guard has new management requirements for Chinese ship-to-shore cranes, citing the cybersecurity and national security threat the cranes pose to American interests.

As POLITICO’s Jordyn Dahl writes in, the directive, unveiled last week, is an escalation of a previous mandate established in February 2024, though the public notice does not specify what the new requirements entail.

The risk: Around 80 percent of cranes operating in U.S. ports are manufactured by Chinese companies. The cranes can be “controlled, serviced, and programmed from remote locations,” leaving them “vulnerable to exploitation, threatening the maritime elements of the national transportation system,” according to the new directive. Under the original February directive, the cranes were referred to as a “Trojan horse” for the Chinese to access U.S. equipment.

This is similar to joint findings earlier this year from the House Homeland Security Committee and House Select Committee on China, which also concluded that Chinese-made cranes pose a national security threat.

Europe watching closely: While EU lawmakers have raised similar alarms over the use of Chinese technology in telecommunications, they focus on economic security when it comes to Europe’s ports. At the start of this year, the Parliament passed a resolution creating a comprehensive port strategy that aims to safeguard critical port infrastructure from foreign dependency.

Tweet of the Day

Those roads look completely normal (read the full thread for the breakdown).

Tweet of the Day for the Nov. 25, 2024 edition of the Morning Cybersecurity newsletter. https://x.com/jsrailton/status/1860714121651458064?s=46&t=7qgObawVR3sD59eITHivyA

X

Quick Bytes

HIRING UPDATE — Trump’s transition team has begun reaching out to candidates to fill key cyber policy roles, including Kevin Mandia, former CEO of cybersecurity group Mandiant, John reported Friday.

BIG BROTHER — A bipartisan group of a dozen senators are calling on the Department of Homeland Security to take a close look at the Transportation Security Administration’s plans to expand use of facial recognition technologies at U.S. airports, Suzanne Smalley reported for The Record.

Chat soon.

Stay in touch with the whole team: John Sakellariadis (jsakellariadis@politico.com); Maggie Miller (mmiller@politico.com); and Rosie Perper (rperper@politico.com).

 

Follow us on Twitter

Heidi Vogt @HeidiVogt

Maggie Miller @magmill95

John Sakellariadis @johnnysaks130

Joseph Gedeon @JGedeon1

 

Follow us

Follow us on Facebook Follow us on Twitter Follow us on Instagram Listen on Apple Podcast
 

To change your alert settings, please log in at https://login.politico.com/?redirect=https%3A%2F%2Fwww.politico.com/settings

This email was sent to salenamartine360.news1@blogger.com by: POLITICO, LLC 1000 Wilson Blvd. Arlington, VA, 22209, USA

Unsubscribe | Privacy Policy | Terms of Service

Post a Comment

Previous Post Next Post