— Former and current representatives from Twitter and other social media platforms will be grilled on data security and other issues at multiple Senate hearings this week.
HAPPY MONDAY, and welcome to Morning Cybersecurity! I’m your host, Maggie Miller, and Eric Geller and I will be subbing in for John Sakellariadis while he’s out for his wedding and honeymoon. The whole cyber and tech team sends their best wishes!
Got tips, feedback or commentary for MC while John is out? Contact me at [email protected] and Eric at [email protected]. You can also follow @POLITICOPro and @MorningCybersec on Twitter. Full team contact info is below — right beneath the world’s peppiest newsletter.
The American Enterprise Institute will host an event this afternoon on “A New Compact with Big Tech” featuring James Paterson, the Australian shadow minister for cyber security. Meanwhile, the Brookings Institution will host an event on “Technology and the security of democratic societies” featuring panelists including Paul Ash, New Zealand’s special representative on cyber and digital.
TWITTER IN THE HOT SEAT — Two Senate committees will put Twitter and other social media platforms in the spotlight this week, zooming in on potential threats to user data and the amplification of misinformation and disinformation.
The Senate Judiciary Committee will kick things off Tuesday with a hearing featuring testimony by former Twitter head of security Peiter “Mudge” Zatko, whose whistleblower complaint against the company exposed serious potential cybersecurity vulnerabilities and lax efforts to fight spam, among other issues.
In announcing the hearing last month, Senate Judiciary Chair Dick Durbin (D-Ill.) and ranking member Chuck Grassley (R-Iowa) said in a joint statement that the panel would “investigate this issue…and take further steps as needed to get to the bottom of these alarming allegations.”
— Elsewhere in the Senate hallways: Ongoing congressional concerns about Zatko’s allegations will likely play a role in a Senate Homeland Security and Governmental Affairs hearing on Wednesday on “social media’s impact on homeland security.” The hearing is set to examine issues including targeted advertising and social media algorithms, and current and former officials from Twitter and Meta will testify, along with senior officials from TikTok and YouTube. The two-panel hearing is set to go all day, giving committee members ample opportunity to raise a range of concerns around the social media platforms.
Senate Homeland Security Committee ranking member Rob Portman (R-Ohio) plans to focus specifically on concerns around TikTok.
“This hearing will examine ways that tech product development processes are at odds with user safety,” Portman said in a statement provided to your MC host. “I am deeply troubled about how TikTok, in particular, creates a gateway for China to extend its espionage campaign and exploit the data of the one hundred million Americans who use the app.”
— And there’s more: The Senate Judiciary Committee will dive back into concerns around data security with a hearing Wednesday afternoon on protecting American data from hostile foreign powers featuring experts on cybersecurity and China-related issues.
Want to receive this newsletter every weekday? Subscribe to POLITICO Pro. You’ll also receive daily policy news and other intelligence you need to act on the day’s biggest stories.
NOT (COMPLETELY) ALONE — As Russia loses ground in Ukraine, its cyberattacks continue, and in this effort the country may not be totally without assistance from beyond its borders.
Georgii Dubynskyi, the deputy minister of Ukraine’s Ministry of Digital Transformation, told reporters on the sidelines of the Billington CyberSecurity Summit last week that while Ukrainian officials “have no proof now,” they believe Russia is working with cybercriminals based in other countries.
“We know that Russia is actively using criminals for that,” Dubynskyi said. “I believe in part because they have the criminals not only in Russia, but they are also partners, and they are in deep contact with North Korea and Iran and others. We have no proof right now.”
Dubynskyi also warned that Ukrainian officials are expecting Russia to launch both cyber and kinetic attacks against Ukrainian energy and financial groups. Major Russian missile attacks on energy infrastructure left portions of Ukraine in the dark on Sunday.
Victor Zhora, deputy chairman of Ukraine’s State Service of Special Communications and Information Protection, sounded the alarm this week as well, warning that Russia is using “organized criminal gangs” to go after Ukraine.
— Lukewarm relations: In other ways though, Moscow has been heavily isolated by the international community following its invasion of Ukraine in February, even by China, despite Russian President Vladimir Putin and Chinese President Xi Jinping declaring ahead of the invasion that the two countries had a “no-limits” friendship. That has been walked back in the months since, though the two leaders are set to meet this week in Uzbekistan.
“The Russians are remarkably alone here, that’s been one of the biggest surprises,” Dmitri Alperovitch, co-founder and chairman of the Silverado Policy Accelerator, said during a panel at the Billington summit. “China could have helped Russia quite a bit, and thank God they were not.”
WHEELS ROLLING: CISA is moving forward with cyber incident reporting requirements put in place by a law signed by President Joe Biden earlier this year.
A request for information to allow CISA to get feedback on how to implement the law was formally published in the Federal Register on Monday, giving respondents 60 days to provide comments. CISA Director Jen Easterly said in a statement Friday that input from the public will help CISA “fill critical information gaps that will inform the guidance we share with the entire community, ultimately better defending the nation against cyber threats.”
The law requires CISA to publish an interim rule within two years outlining details on the incident reporting requirements that critical infrastructure companies must fulfill. As part of this effort, Easterly announced at the Billington CyberSecurity Summit last week that CISA will hold 11 listening sessions to gain further input from the public.
— Congressional approval: Senate Intelligence Chair Mark Warner (D-Va.), who sponsored the bill that created the incident reporting program, applauded the move by CISA, noting in a statement last week that it “will help us counter the growing threat of cyberattacks against our institutions and allies.”
“This is an important effort to shore up our nation’s information security and I’m glad to see CISA act with the urgency it merits,” Warner said.
SEEMS CONCERNING — Misconfigurations, such as unencrypted services, represent around 60 percent of risks seen online, software company Censys concluded as part of its State of the Internet report published Monday. Software vulnerabilities and data exposures made up 12 percent and 30 percent, respectively, of the risks observed by Censys in 2022.
Australian shadow minister for cyber security James Paterson puts pressure on the government of Prime Minister Anthony Albanese to hit back at TikTok: “It is essential that the Albanese government resists this pressure from TikTok and proceeds with meaningful regulation which actually protects Australian users from data-harvesters based in authoritarian countries like China.”
— ICYMI: “Treasury sanctions Iranian intelligence in retaliation for cyberattack on Albania.” (POLITICO)
— ICYMI: “Meet Killnet, Russia’s hacking patriots plaguing Europe.” (POLITICO)
— “When teens find misinformation, these teachers are ready.” (The New York Times)
— “20 years after 9/11, surveillance has become a way of life.” (Wired)
— The Department of Health and Human Services Office of Inspector General found that the Indian Health Service deployed a national telehealth system without certain required cybersecurity controls.
Stay in touch with the whole team: Eric Geller ([email protected]); Maggie Miller ([email protected]); John Sakellariadis ([email protected]); Konstantin Kakaes ([email protected]); and Heidi Vogt ([email protected]).