October 18, 2022
Happy Tuesday! Welcome back to Codebook.
- Join me and Axios' Alayna Treene tomorrow at 12:30pm ET for a virtual event assessing cybersecurity and election security during the midterms. Guests will include Center for Strategic and International Studies senior adviser Suzanne Spaulding and former Texas Rep. Will Hurd. Come hang with us here.
- 📬 Have thoughts, feedback or secrets to share? [email protected]
Today's newsletter is 1,290 words, a 5-minute read.
1 big thing... Exclusive: Rep. Katko's vision for GOP cyber policy
A top Republican cyber lawmaker is making a plea for his colleagues to continue bipartisan policymaking after he retires later this year.
Driving the news: Rep. John Katko (R-N.Y.), ranking member of the House Homeland Security Committee, shares his vision in a strategic planning document being released today detailing how the Cybersecurity and Infrastructure Security Agency (CISA) should grow through 2025. Katko sees the plan, which was first shared with Axios, as a way of helping up-and-coming cyber lawmakers figure out the path forward.
- After CISA spent its first four years staffing up and drafting cyber incident operational procedures, the agency should focus its next phase on measuring its ability to keep the U.S. safe from cyberattacks, Katko argues.
Details: The plan lays out six tenets that CISA should focus on to grow, including maturing public-sector cyber workforce trainings, "aggressively" growing cybersecurity capabilities, and continuing to build relationships across the federal government and private sector.
- Of the six, Katko sees the focus on strengthening partnerships as the most critical, especially since the vast majority of critical infrastructure is privately owned.
- Katko says his plan — which is light on precise details, like how much funding CISA should receive — is focused on pushing CISA to create measurable performance metrics so it can better justify future funding and regulatory requests to Congress.
- "Are they going to need more to achieve these goals? Of course," Katko says of potential CISA budget increases. "But from a budget standpoint, we've already fluffed them up substantially many times. Now it's time to create the measurables."
The big picture: While CISA has received a steady stream of funding, Republican lawmakers have questioned what the money is going to and whether the agency deserves a nonstop funnel of new money.
- Several key lawmakers in cyber policy, including Senate Homeland Security GOP leader Rob Portman (Ohio), are also retiring later this year, creating a potential congressional brain drain in cyber.
- If Republicans take control of the House in the November midterms, experts have predicted that cyber policy could take a backseat to other homeland security issues like immigration and border policies.
Between the lines: Katko's plan is an attempt to encourage his colleagues to stick to the bipartisan dealmaking cybersecurity has seen in the last few years.
- That bipartisan work has led to the passage of significant pieces of cyber legislation, including the creation of the White House's Office of the National Cyber Director and the establishment of a mandatory cyber incident reporting program at CISA.
Yes, but: Cyber lobbyists tell Axios that dealmaking on key cybersecurity provisions in the annual, must-pass defense policy package is already stalled ahead of the elections — and it isn't clear if Republicans will come back to the table if they win the House.
- Michael Hettinger, a lobbyist focused on cyber and federal IT issues, tells Axios that congressional aides still seem optimistic that they can reach a deal on key bills, such as legislation surrounding new cybersecurity rules for agencies, before the end of the year.
What they're saying: "People will step up," Katko says. "No one in a million years thought I would be the guy interested in cyber when I came to Congress, but that's how it happened. The next person coming up will be able to do the job."
2. Global internet freedom takes another hit
The internet is more fragmented around the world than ever, a new report warns.
Driving the news: Freedom House released its annual "Freedom on the Net" report Tuesday, which measures how widely accessible the internet is in 70 countries around the world.
- Each country is given a score between zero and 100 based on the obstacles to accessing information on the country's internet, limits on the types of content people can access, and any instances of violating users' rights like surveillance.
- The report found that global internet freedom declined for the 12th consecutive year.
The big picture: The report's findings come as authoritarian governments and democracies have increasingly battled for control of the digital world.
- The U.S. went head-to-head with Russia during a key election to control the United Nations' International Telecommunication Union last month.
- During the first weeks of the war in Ukraine, Russia started restricting access to Facebook and Twitter inside its borders.
- Late last month, the Iranian government started restricting access to the internet amid growing protests and political unrest.
By the numbers: This year, 47 out of 70 countries limited users' access to information sources located outside of their borders.
- China ranked lowest — scoring 10 out of 100 — with the country's continued control over its tech sector and following censorship during the 2022 Beijing Olympics.
- Russia saw the biggest decline year over year, losing seven points to score a 23.
Between the lines: Increasing state control of internet infrastructure, government restrictions on information flows, and limits to cross-border data transfers are all contributing to an increasingly fragmented internet landscape.
Yes, but: Some improvements in internet freedom were still seen in the last year.
- The U.S. improved "marginally" for the first time in six years after fewer reported surveillance cases, the report notes.
- 26 countries also improved their internet freedom scores.
What's next: The report recommends policymakers continue to protect encryption, strictly regulate the use of surveillance tools, restrict exports of surveillance and censorship tech, and center their cyber diplomacy efforts in human rights.
3. Hikvision lobbyists register as foreign agents
The U.S. Justice Department has required lobbyists for Hikvision, a leading Chinese surveillance equipment company, to register as foreign agents, Axios' Lachlan Markay scooped on Monday.
Why it matters: The move comes amid a broader federal crackdown on Chinese industries deemed potential U.S. national security threats. The push is now reaching D.C. representatives for the world's largest manufacturer of video surveillance equipment.
Driving the news: Hikvision's top lobbying firm, Sidley Austin, registered under the Foreign Agents Registration Act (FARA) last week for its work on the company's behalf.
- It did so "solely in response to a request from [DOJ's] FARA Unit," the firm told Axios in a statement.
- Its FARA registration will require Sidley to disclose more information about its work on Hikvision's behalf and its compensation from the company going forward.
Between the lines: Sidley has helped Hikvision try to ward off aggressive attempts by Congress and federal agencies to limit its products' use domestically.
- A Pentagon funding bill in 2019 banned federal agencies from using Hikvision products, citing national security risks.
Hikvision denies complicity in human rights abuses and says it is not controlled by the Chinese government.
4. Catch up quick
🗳 The FBI has notified some Republican and Democratic state party headquarters that they could be the target of Chinese hackers. (Washington Post)
✈️ Secretary of State Antony Blinken traveled to Silicon Valley this week to share more details with companies about the department's tech and cyber diplomacy efforts. (Wall Street Journal)
🏥 A recent ransomware attack on the second-largest U.S. nonprofit health system is highlighting how vulnerable the health care sector remains. (Axios)
👔 Activist investor Starboard Value now has a nearly 5% stake in software maker Splunk. (Wall Street Journal)
📉 Microsoft has become the latest tech firm to cut staff. (Axios)
@ Hackers and hacks
🚗 Authorities in France, Latvia and Spain broke up a criminal ring that relied on hacking keyless technology to steal cars. (BleepingComputer)
🇨🇳 Researchers at Malwarebytes have uncovered a Chinese state-sponsored cyber espionage campaign that targeted the Sri Lankan government in August. (Malwarebytes)
👀 A former Wall Street Journal reporter is accusing law firm Dechert LLP of hiring hackers in India to steal emails between himself and one of his key sources in an effort to get him fired. (Reuters)
5. 1 fun thing
The memes keep on coming during Cybersecurity Awareness Month!
- Have one you want to share? [email protected]
☀️ See y'all on Friday!
Thanks to Peter Allen Clark for editing and Khalid Adad for copy editing this newsletter.
If you like Axios Codebook, spread the word.