Welcome to Codebook, Axios's cybersecurity newsletter. Trust us. We're professionals.
Say hello by replying to this email.
Image: Caspar Benson/fStop Images via Getty Images
A White House advisory committee voted Wednesday to recommend an ambitious cybersecurity "Moonshot" program aimed at coping with future threats, including the formation of a council set to address the kinds of problems that might only emerge in a decade.
Why it matters: Peter Altabef, CEO of Unisys who co-headed the Moonshot report project, tells Codebook that the White House needs to act immediately to be ready in a decade. But the government has always found long-term planning a challenge.
What they're saying: "A lot of cybersecurity today is how can we patch this problem in the next five days or months, or legislate a solution before the next election," says Altabef, co-chair of the National Security Telecommunications Advisory Committee's Moonshot working group. "But what about the problems it takes time to prepare for?"
Background: This is not the first time a group has tried to look for long-term solutions to cybersecurity problems. It's not even the first time it's been done under the "moonshot" name.
Yes, but: A moonshot might not be the right metaphor. President Kennedy had two distinct advantages a cybersecurity moonshot does not.
Is the moon even big enough? "We'd argue it's as important as the moon program — I'd argue it's more critical to national security and to the economy," Altabef says.
Details: The report's major proposal is that the White House create a Cybersecurity Moonshot Council including a newly appointed executive director, experts and, since the problem spans most facets of government, Cabinet-level officials.
The report identifies "pillars" that the council will need to address, ranging from new technology to education.
The U.S. can't be flat-footed, the report argues.
The big question: Can the U.S. get out of its own way?
A telecommunications worker installs new hardware at a cell phone tower. Photo: morfous/Getty Images
A new Department of Homeland Security task force devoted to heading off supply chain cybersecurity threats against communications infrastructure will meet for the first time Thursday.
Why it matters: Supply chain attacks — hackers sabotaging the security of hardware or software to attack the system in which it's installed — have been at the top of mind for many in the government, with recent dustups involving allegations against ZTE and Huawei as well as a widely disputed Bloomberg story.
Details: The Information and Communications Technology Supply Chain Risk Management Task Force will include several representatives from industry, trade and threat-sharing organizations, and government agencies.
One company that's confirmed for the task force is Cisco.
Yoshitaka Sakurada, Japan's deputy chief of the government’s cybersecurity strategy office, told parliament on Wednesday that he has never used a computer. He appeared "confused by the concept of a USB drive," per the Guardian.
Why it matters: Cybersecurity often involves computers.
We've previously covered the woes of the National Protection and Programs Directorate, the Homeland Security team that desperately wants a name that describes what it does. A bill changing the name to the Cybersecurity and Infrastructure Security Agency fully cleared Congress Wednesday and now awaits President Trump's approval.
Yes, but: While a lot of attention focuses on the name change, other aspects of the bill could be more consequential. The legislation also elevates the NPPD in the Homeland Security organization chart, giving it the ability to shift around resources without Congressional approval.