May 23, 2023
Happy Tuesday! Welcome back to Codebook.
- 📈 The annual Axios Harris Poll 100 brand reputation survey is out today! My colleagues and I have an exciting lineup of stories diving into the results throughout the week — stay tuned.
- 📬 Have thoughts, feedback or scoops to share? [email protected].
🚨 Situational awareness: The U.S. Treasury Department sanctioned four organizations and one individual today accused of being involved in malicious cyber activities connected to the North Korean regime.
Today's newsletter is 1,461 words, a 5.5-minute read.
1 big thing: Chris Inglis maps out life in the private sector
The first U.S. national cyber director is returning to Paladin Capital Group as a strategic adviser, the venture capital firm first shared with Axios.
The big picture: Chris Inglis stepped down from his White House position in February. His new gig at Paladin, a VC firm focused on cyber and advanced technologies, marks the first of what could be several private sector gigs for Inglis during what he's calling his "nominal retirement."
- Since leaving the government, Inglis — who spent nearly three decades at the National Security Agency — has also joined an advisory committee at the Cybersecurity and Infrastructure Security Agency, and he's looking at teaching part time at the U.S. Naval Academy and the U.S. Air Force Academy.
- Inglis told Axios he's also eyeing positions on a corporate board and roles tied to new technological research.
What they're saying: "When I was at the White House, and as when I was at the National Security Agency, it was a singular focus and a somewhat unitary obligation," Inglis told Axios. "I got up in the morning, and I ran to that daylight — I did that all day, every day, sometimes seven days a week."
- "Now that I'm back in the private sector, I can spread my time across multiple things, and I intend to do that," he added.
The intrigue: Inglis was Paladin's managing director before taking the national cyber director gig in 2021.
- Now, he's returned as a member of Paladin's strategic advisory group, which is made up of former government officials, former lawmakers and industry titans who help Paladin's investment team find new deals and fine-tune its investment strategy.
- "It's a real pleasure to come back, especially at this moment in time, where I am all the more convinced that what they do lies at the intersection of the various threads of how we're going to actually chart and deliver our cyber future," Inglis said.
Details: Members of Paladin's advisory group meet at least quarterly, Inglis said, but advisers are also in conversations throughout the week with Paladin's team to weigh in on broad strategy questions about various topics, like the realistic use cases for AI and what we know about quantum computing.
- Other members of the group include former Rep. Jim Langevin (D-R.I.), a leading cyber policymaker until he left Congress last year, and Ciaran Martin, former CEO of the U.K.'s National Cyber Security Centre.
Between the lines: Much of Inglis' retirement plans touch on the same goals he's had throughout his government career: bridging the gap between the public and private sector.
- One of the last projects Inglis worked on — the Biden administration's national cybersecurity strategy — leaned hard into encouraging public-private partnerships and technological innovation.
- During his two-year stint at the White House, Inglis' office regularly hosted forums with the private sector on a variety of topics, such as health care cybersecurity and electric vehicle security.
- "I like to describe the portfolio that I'm taking on as a horizontal portfolio," Inglis said. "Not that I'll be prone to lying on the sofa somewhere, but that [it's] broader more than it is deep and sharp."
Yes, but: Just because Inglis holds an advisory position in the public sector, don't expect him to be pulling too much weight in public debates or policymaking.
- In his private sector work, Inglis said he's now both "legal and honor bound to not make use of any prior access to advantage any company that I might be associated with."
- But Inglis noted that he's still pushing for Kemba Walden, his former principal deputy and the current acting national cyber director, to get his old White House job.
2. TikTok sues Montana over ban
TikTok filed a lawsuit Monday challenging Montana's new statewide ban of the popular social media platform, Axios' Sareen Habeshian reports.
Why it matters: The suit, which names Montana Attorney General Austin Knudsen as the defendant, alleges that the ban of the Chinese-owned app over security concerns would violate the First Amendment and other laws.
- The state is already facing a First Amendment legal challenge after five TikTok creators filed suit against the attorney general over plans to impose the ban.
Driving the news: The latest suit seeks to prevent the state from "unlawfully" banning the platform, which "empowers hundreds of thousands of users in Montana to communicate and express themselves."
- TikTok alleges that Montana enacted the "extraordinary and unprecedented measures based on nothing more than unfounded speculation," claiming that the state has not proven that the Chinese government can access user data.
- "Montana’s ban abridges freedom of speech in violation of the First Amendment, violates the U.S. Constitution in multiple other respects, and is preempted by federal law," the suit states.
The other side: Knudsen vowed last week to defend any legal challenges.
- "TikTok is a Chinese Communist Party spying tool that poses a threat to every Montanan," he said, thanking Gov. Greg Gianforte and the Montana Legislature "for working with me to protect Montanans' privacy and security."
- The Montana governor's and attorney general's offices did not immediately respond to Axios' request for comment.
Catch up quick: The law, due to take effect Jan. 1, would bar downloads of TikTok in Montana.
- Officials would issue a $10,000-per-day fine to internet service providers and companies each time someone "is offered the ability" to access the platform or download the app, per the law. Users would not be fined.
3. China targets U.S. chipmaker over security
China's government on Sunday told operators of "critical information infrastructure" to stop buying Micron Technology's products and claimed the U.S. chipmaker threatened national security, Axios' Rebecca Falconer reports.
Driving the news: The Cyberspace Administration of China said its claims — which a U.S. Commerce Department spokesperson in a statement to media Sunday said had "no basis in fact" — followed a security review of the Idaho-based firm.
- The CAC in a statement claimed Micron failed the review, which it said posed "a major security risk" to China's "key information infrastructure supply chain" and threatened the country's national security.
- The statement did not detail any specific risks.
What we're watching: Micron said in a statement to news outlets it's "evaluating the conclusion" of the CAC report, assessing next steps and looking forward to "continuing to engage in discussions with Chinese authorities."
What they're saying: The Commerce Department spokesperson said the department "firmly" opposed the restrictions on Micron.
- "This action, along with recent raids and targeting of other American firms, is inconsistent with [Beijing's] assertions that it is opening its markets and committed to a transparent regulatory framework," the spokesperson added.
The big picture: The CAC's investigation into Micron and its findings come as the U.S. and other democracies accelerate a tech decoupling from China, with the U.S., Japan and the U.K. last week announcing major chip and quantum computing investments.
- The Biden administration last October imposed export restrictions aimed at hobbling Beijing's ability to make advanced semiconductors, and the Netherlands and Japan later greatly curtailed their exports of leading-edge chipmaking gear to China.
- In December, the Biden administration added memory chipmaker YMTC and other Chinese firms to a trade blacklist.
4. Catch up quick
💸 The European Union officially fined Meta $1.3 billion for transferring EU users' data to the U.S. — marking the largest data privacy fine from EU regulators. (Axios)
📲 A leaked document shows that Spain has been pushing to ban end-to-end encryption within the EU as the bloc drafts new regulations to crack down on the spread of child sexual abuse materials. (Wired)
🪖 The Pentagon is working to release new cybersecurity requirements for defense contractors by November. (Defense One)
💰 Security chiefs are applying more scrutiny to how they're allocating their budgets amid broader economic challenges. (Wall Street Journal)
✅ LinkedIn is extending its verification tools to job listings. (Engadget)
👀 Mexico's top human rights official was reportedly a target of NSO Group's Pegasus spyware while investigating abuses by the nation's military. (New York Times)
@ Hackers and hacks
📡 Dish confirmed hackers stole nearly 300,000 individuals' personal information during a February ransomware attack. (TechCrunch)
🔓 The Royal ransomware gang is threatening to leak data stolen during a recent attack on the City of Dallas. (Cybersecurity Dive)
👾 Microsoft threat researchers believe the financially motivated cybercrime gang FIN7 has resurfaced, linking the group to a few ransomware attacks last month. (BleepingComputer)
5. 1 fun thing
My morning was a bit bleh until I found this first-person story from the Associated Press about adopting a desert tortoise, and now I am elated.
- On bringing home their new tortoise for the first time: "She was much zippier than we imagined, exploring the yard at a rapid pace. She was surprisingly friendly, trotting up to greet us when we would go out to visit her and even clambering into our laps when we sat cross-legged in her habitat."
☀️ See y'all on Friday!
Thanks to Peter Allen Clark for editing and Khalid Adad for copy editing this newsletter.
If you like Axios Codebook, spread the word.