Landing teams land with some cyber experience
With help from Eric Geller and Martin Matishak
LANDING WITH CYBER KNOWLEDGE — President-elect Donald Trump’s transition “landing teams” — deployed to manage his transition at various federal agencies — are peppered with a few names with cyber expertise. Here’s the rundown:
Story Continued Below
Marshall Billingslea, a senior employee at the professional services firm Deloitte, has been assigned to Trump’s National Security Council landing team. In 2007, as President George W. Bush’s deputy undersecretary of the Navy, Billingslea formally announced the United States’ intent to join NATO’s cyber defense center in Tallinn, Estonia, in a letter to that country’s defense ministry. Billingslea vowed the U.S. Navy would send Estonia “one of its top cyber defense experts,” and said America’s participation “testifies to the good relations of Estonia and the United States.”
Thomas Higgins, another NSC landing team member, leads homeland security operations at the payment solutions company First Data. His job touches on cybersecurity, crisis management and business resiliency. A Navy veteran, Higgins serves on the boards of several national security-related charities.
J. Patrick Rowan, a member of Trump’s Justice Department transition team, was former President George W. Bush’s last assistant attorney general for national security, the top DOJ official overseeing cyber-related prosecutions. In 2014, he wrote a letter of recommendation for John Carlin, who had been nominated to take that job. “John has a long-standing interest in cybersecurity, an area in which the government continues to struggle over the most effective set of responses,” Rowan wrote of Carlin, who was later confirmed unanimously.
— Rounding out the list: Retired Col. Greg Gardner, the former deputy CIO for the intelligence community, who is on the Defense Department landing team; Jim Carafano, a homeland security expert at The Heritage Foundation who has written about cybersecurity, is a member of the Homeland Security Department team; Alexander Gray, a former aide to Rep. Randy Forbes who has advocated an aggressive stance toward China, is on the State Department landing team; and Jackie Wolcott, another State team member who has served as the executive director of the U.S. Commission on International Religious Freedom, which during her tenure criticized the Iranian “cyber police force.”
HAPPY TUESDAY and welcome to Morning Cybersecurity! Among the many recent miseries of your MC host’s 2016 is a fantasy basketball team that couldn’t win a game if it tried. Pray for those guys, please. Send your thoughts, feedback and especially tips to email@example.com, and be sure to follow @timstarks, @POLITICOPro and @MorningCybersec. Full team info is below.
PROGRAMMING NOTE — Due to the Thanksgiving holiday, Morning Cybersecurity will not publish on Thursday, Nov. 24, and Friday, Nov. 25. Our next Morning Cybersecurity will publish on Nov. 28.
SYMPHONY NO. 41 — A coalition of civil liberties groups, trade organizations and companies wrote a letter to congressional leaders Monday supporting legislation that would delay a pending change to government hacking powers. Under the amendments to Rule 41 of the Federal Rules of Criminal Procedure, judges could authorize search warrants for devices outside their district and for several devices at a time. “The bottom line is that the rule change would increase the use of government hacking by removing jurisdictional requirements,” they wrote. “This would create three problems: First, it would invite forum shopping. Second, it could be abused to obtain a single warrant to search millions of targets, raising a host of constitutional concerns. Finally, the rule change would allow a judge to issue a warrant that would permit law enforcement to search the computers of hundreds of entirely innocent crime victims without their consent.” Sen. Chris Coons’ bill, which the groups wrote to support, would delay implementation of the change from Dec. 1 to July 1.
Earlier in the day, Leslie Caldwell, the assistant attorney general in charge of the Justice Department’s Criminal Division, defended the rule change. “The amendments do not create any new law enforcement authority, or make any change to what constitutes a crime or what must be shown to a court in order to investigate crime,” she wrote in a blog post. The need for the update is also serious, she added. “When a child abuser has successfully anonymized their identity and location online, investigators do not know where the abuser’s computer is located,” Caldwell wrote. “So in those cases, the Rules do not clearly identify which court the investigators should bring their warrant application to.”
BEFORE IT’S TOO LATE — More than two dozen civil liberties groups have asked President Barack Obama to take a series of steps to keep the government’s investigatory techniques in check before he leaves office. The coalition is imploring Obama to disclose Justice Department legal opinions, review government policies for destroying surveillance data and protect the Senate Intelligence Committee’s torture report, along with other similar actions, before Trump is inaugurated. “As your administration winds down and our democracy faces strong headwinds, we urge you to take the following important steps to empower citizens, Congress, and the courts to protect our system of separated powers and make sure that our government continues working as the founders intended,” write the groups, which include the Electronic Frontier Foundation, Demand Progress and the Government Accountability Project. “No less than our shared legacy of a vibrant democratic government is at stake.” The groups also want Obama to publish the number of Americans who have been surveilled under a foreign spying statute, inventory secret inspector general reports and publicly admit that intelligence community contractors face more limited whistleblower protections than other contractors.
NOT MUCH CYBER CONFIDENCE IN TRUMP — Nearly three-quarters of a 160-member panel of digital security and privacy experts told Passcode that cybersecurity won’t improve under Trump. “I voted no simply because the president-elect himself has shown no interest in understanding the issue,” said retired Gen. Michael Hayden, a former CIA and NSA director. Hayden, now a principal at The Chertoff Group, said that “there may be some hope, however, that the government under him will continue to move albeit slowly in the right direction.” Among the optimists was one anonymous expert: “Yes, I think The Cyber will continue to enjoy more attention from both the executive and legislative branch under the new administration.”
SMARTPHONES, SAFE NETWORKS — The National Institute of Standards and Technology is seeking public feedback on a draft guide to 4G cell network security. The guide explores “the fundamentals of how LTE networks operate” and how security factors into the system’s construction. It also reviews “threats posed to LTE networks” and how they can be addressed. “Exploring and enabling the [security solutions] included within this document will be a coordinated effort between mobile OS vendors, baseband firmware developers, standards organizations, mobile network operators, and end users,” the authors write. “Developing solutions to the problems identified here, and continuing to perform relevant research, is an important task since LTE is the nation’s dominant cellular communications technology.” The public has until Dec. 22 to comment.
ERIN GO BRAGH FOR YAHOO? — Ireland’s Data Protection Commissioner is looking into whether Yahoo broke European law when it allegedly mass-scanned its users’ emails, Reuters reports. “We are in regular contact with Yahoo! EMEA (Europe, Middle East and Africa) in clarifying certain facts of this case and will then proceed to take appropriate next steps,” a DPC spokeswoman told the news service. The internet giant has come under intense scrutiny from privacy advocates and Capitol Hill lawmakers for allegedly using software to scan millions of emails for specific information related to national security on behalf of the U.S. government. Yahoo has pleaded with the government to unseal the secret court order that made the company start snooping for a still undisclosed digital signature, but the chances of the order seeing the light of day any time soon remains remote.
CYBER MONDAY SHOPPING SPREE COMES EARLY — Oracle announced that it plans to acquire Dyn, the domain name system provider that was the target of a massive distributed denial-of-service attack in October that crippled some of the world’s biggest and most popular websites. Meanwhile, Symantec said it would buy LifeLock, an identity protection service, for a cool $2.3 billion. “This acquisition marks the transformation of the consumer security industry from malware protection to the broader category of digital safety for consumers,” according to Symantec CEO Greg Clark.
TWEET OF THE DAY — None of this makes any sense.
RECENTLY ON PRO CYBERSECURITY — Trump said he would ask the Defense Department and Joint Chiefs of Staff to develop a plan to protect U.S. infrastructure from cyberattacks. … The Pentagon unveiled a new cyber vulnerabilities disclosure policy. … The Defense Department inspector general will audit the NSA’s networks.
— The Office of Personnel Management’s inspector general says the agency is still falling short on information technology security. Federal News Radio.
— Measuring the cost of a cyber weapon. Council on Foreign Relations.
— Hackers are targeting ATMs in Europe. Reuters.
— Could cybersecurity fall down the list of Homeland Security Department priorities? Inside Cybersecurity.
— The Canadian privacy commissioner believes no one country can weaken encryption policy. The Star.
— The European Union is developing a hybrid warfare center to focus on, among other things, cyberattacks. ABC.
— Head of a payday loans company paid American hackers to attack a consumer rights website. The Guardian.
— Cyber DARPA! CyberScoop.
That’s all for today. This is what evil looks like.
Stay in touch with the whole team: Cory Bennett (firstname.lastname@example.org, @Cory_Bennett); Bryan Bender (email@example.com, @BryanDBender); Eric Geller (firstname.lastname@example.org, @ericgeller); Martin Matishak (email@example.com, @martinmatishak) and Tim Starks (firstname.lastname@example.org, @timstarks).