Axios Codebook

Google is squaring off again against familiar competitors like Microsoft and Amazon — but this time it's for lucrative contracts with the federal government, Axios' Ashley Gold and I report.

Why it matters: Google sees an opening to chip away at Microsoft's dominance in federal government contracting, to keep making more money off its cloud service, and to nip at the heels of its other main competitor, Amazon Web Services.

• Google is already battling Microsoft on a number of fronts over tech antitrust issues and gaming.

Driving the news: Google's cloud and public sector arms are aggressively trying to market their cloud and workplace services as they vie for a Pentagon cloud computing contract, the Joint Warfighting Cloud Capability, which is set to be awarded before the end of the year.

• Google wants governments to use its products, from artificial intelligence and data analytics to standard email services and document sharing, boasting of faster, more nimble and more secure systems than the competition.

State of play: Cloud is key to Google right now, as Google's earnings report this week showed lower-than-expected revenue as digital advertising cratered. Google Cloud had a 38% year-over-year increase in growth, posting $6.9 billion in revenue, though it still trails rivals AWS and Microsoft Azure.

Flashback: In June, Google Cloud announced a new Google Public Sector division to "focus on helping U.S. public sector institutions — including federal, state, and local governments, and educational institutions — accelerate their digital transformations."

• "The government has asked for more choice in cloud vendors who can support its missions and protect the health, safety and security of its citizens," Google Cloud CEO Thomas Kurian wrote at the time.

The big picture: Google's full-throated embrace of public sector work and attempts to edge out incumbent Microsoft mark an evolution for a company that once faced employee uproar over a Department of Defense contract known as Project Maven.

• Google backed away from its AI work with the Pentagon in 2018 after employee outrage over the company's involvement in Project Maven, a military project analyzing video and images to improve targeting in drone strikes.

What they're saying: "We've actually had a commitment to serving the government for quite a while, but now we've just really accelerated the focus," Google Public Sector CEO Will Grannis tells Axios.

• Grannis said Capitol Hill, the Defense Department, and state and local governments were looking for "unequivocal commitment, and we've delivered on that."

Details: A key part of Google's strategy leading up to the creation of the new public sector subsidiary has been aggressively drawing attention to Microsoft's cybersecurity flaws to sway more government customers.

• In March, Google Cloud released a survey of both government and D.C.-area workers that was headlined: "Government Workers Say Microsoft Tech Makes Them Less Secure."
• Google's also backing a bill introduced last month by Sen. Gary Peters (D-Mich.) aimed at requiring government software vendors, like Microsoft, to make it easier for their software to interact with competitors'.

So far, standing up Google Public Sector — and pointing out competitors’ flaws — has helped Google secure contracts at the Pentagon, the Commerce Department and state entities like the New York City Cyber Command.

Yes, but: Besides the contract wins, many in Washington's tech and cyber communities aren't sure why Google is so aggressively pushing further into government work now and are doubtful the company can so easily brush off past perception problems.

• "Everyone has noticed Google is upping the noise level on cloud and the federal side of things," one tech industry lobbyist tells Axios.

The bottom line: Google says it is fully in when it comes to pursuing government work.

A set of new cybersecurity guidelines from the Cybersecurity and Infrastructure Security Agency (CISA) gives critical infrastructure operators details about what security issues they can afford to fix while operating on tight budgets and little staff.

Driving the news: CISA unveiled a highly anticipated list of voluntary "cybersecurity performance goals" on Thursday detailing what security practices critical infrastructure operators should follow — such as implementing multifactor authentication or changing default passwords on purchased technologies.

• Alongside the goals, CISA published a checklist measuring how much it will cost to implement each solution, the estimated impact of resolving each issue, and the complexity of the task.

Why it matters: Critical infrastructure operators like schools, water systems and hospitals often lack the financial and time investments needed to properly defend their networks against hackers.

• The checklist helps them cut through the noise and focus on what's possible.

What they're saying: "A small or medium business, a local water utility, a K-12 school district can say, 'We're budget-constrained, and this quarter we can only do the highest-impact and low-cost activities,'" said Eric Goldstein, executive assistant director for cybersecurity at CISA, in a press call.

• "Well, now they can look at this checklist and say, 'OK, we know where to start and we can undertake these activities,'" he added.

Threat level: 63% of those working at critical infrastructure companies said in a survey from Nozomi Networks and the SANS Institute released today that the cybersecurity risks they face are either "severe and critical" or "high."

• High-profile incidents like last year's Colonial Pipeline ransomware attack made tackling critical infrastructure cybersecurity a top Biden administration priority.

What's next: CISA Director Jen Easterly told reporters that the agency is planning to work on sector-specific cyber performance goals in the "coming months."

Researchers at Google-owned Mandiant said in a report Wednesday that they've detected a group attempting to sow division in the U.S. and "operating in support of the political interests of the People’s Republic of China."

Why it matters: Election officials have been on high alert for foreign disinformation campaigns aimed at further dividing the country and casting doubt on the U.S. political system in the weeks before the midterms.

The big picture: Mandiant's information adds to growing reports that pro-China actors are interested in influencing and disrupting next month's elections — although there's no evidence they've been successful.

Details: In its report, Mandiant said a threat group known as Dragonbridge is attempting to sway Americans to not vote during the upcoming election through fake social media accounts and falsified news articles.

• In its campaign, Dragonbridge has spread false narratives that a well-known hacking group based in China is actually a U.S. government group, and it claimed that the U.S. was responsible for the Nord Stream gas pipeline explosions.
• The group also "plagiarized, altered and otherwise mischaracterized" reporting and research from Mandiant and other cybersecurity firms to support its claims, according to the report.
• The report stopped short of linking Dragonbridge to the Chinese government, and Mandiant did not specify where the election-specific lies are being spread.

What they're saying: "They are aggressive, well-resourced, but ultimately failing to get engagement," said John Hultquist, vice president of threat intelligence at Mandiant, in a tweet.

• "Election interference is no longer just Russia and Iran," he added.

@ D.C.

🇨🇳 New research details how state and local governments continue to purchase Chinese telecom equipment. (Axios)

🧪 The White House and the Cybersecurity and Infrastructure Security Agency have launched a 100-day action plan to shore up chemical sector cybersecurity. (Axios)

📡 The Federal Communications Commission approved new rules requiring operators of public warning systems to report cyber incidents within 72 hours. (The Record)

@ Industry

🍎 Apple launched a new website where ethical hackers can participate in the bug bounty program and where the company will share details about the latest security trends. (Apple)

🤖 LinkedIn rolled out new tools to help people spot bot accounts on the social media site. (CNN)

📊 Credit-rating firms are starting to weigh how a company responds to a cyberattack in determining creditworthiness. (Wall Street Journal)

@ Hackers and hacks

📰 The New York Post said hackers hijacked its website and Twitter account on Thursday and published fake stories with inflammatory headlines. (Variety)

🏛 A hacker accused of operating the dark web marketplace The Real Deal was arraigned before a federal court Thursday. (The Verge)

📲 Twilio disclosed a second data breach stemming from a June security incident where attackers accessed customers' information. (BleepingComputer)

If you're still hunting for a Halloween costume ... why not go as a ransomware operator! All you need is a tracksuit and a fedora.