At a glance.
- Seeking clarity about US cybersecurity leaders' roles.
- US infrastructure bill allocates about $1 billion for grants to local governments.
- Proliferation, cyber capabilities export control, and the NSO affair.
Members of US Congress seek clarity about Federal cybersecurity leaders’ roles.
Representatives from the House Homeland Security Committee have asked National Cyber Director Chris Inglis to report back in a month on the orbits of his office, the Cybersecurity and Infrastructure Security Agency (CISA), and the office of Deputy National Security Advisor Anne Neuberger, BankInfoSecurity reports. There seems to be particular concern that CISA isn’t sidelined. The lawmakers weren’t pleased, for example, that the Department of Energy was put in charge of the Colonial Pipeline incident response. CI Security CISO and former Homeland Security official Mike Hamilton commented, “Roles and responsibilities need to be clearly delineated. And to date, that's not effectively been done."
Infrastructure bill allocates $1 billion for local governments.
American City and County summarizes the Senate-approved infrastructure bill’s State and Local Cybersecurity Improvement Act and Cyber Response and Recovery Act. If the bill passes the House, the two Acts would establish the following:
- a four-year, $1 billion cybersecurity grant program housed in the Department of Homeland Security (DHS) and overseen by the Federal Emergency Management Agency (FEMA) with advice from CISA, eighty percent of which would go to local governments, and twenty-five percent of which would go to rural regions
- a CISA and DHS-administered Cyber Response and Recovery Fund for public and private victims
- an authority for the DHS Secretary to call a Significant Cyber Incident
- a requirement for states to write cybersecurity plans
Israeli diplomacy and the NSO Group affair.
Foreign Policy spotlights an episode of Haaretz Weekly, a production of “probably the last left-wing newspaper in Israel,” about NSO Group’s role in Jerusalem’s diplomacy. As we’ve seen, NSO tech, like weapons up for export, was used as a bargaining chip in Israeli outreach to prospective pals of varying repute. Selling dangerous tools to “dubious regimes” is “nothing new,” Haaretz notes, and has been going on since at least the 60’s.
The resultant abuse was to be expected, the speakers said, on the analogy of spending the night in a fleabag motel, where bites should be anticipated. While acknowledging lingering uncertainty about the notorious 50 thousand numbers, Haaretz thinks France, for instance, wouldn’t pick a fight with Israel without secondary confirmation that President Macron’s phone was compromised.
The solution, Haaretz says, would be stricter export controls, for the sake of human rights as well as Jerusalem’s reputation. Pegasus already uses geofencing as a kill switch when infected devices enter regions like Russia or the US, and similar protections could be expanded—but Haaretz isn’t holding its breath.
A quick note on intercept tools and weapons. A great deal of comment on the NSO affair has called Pegasus a "weapon," and one of Haaretz commentators said it was "just like a missile." That, we think, is misleading. While intercept tools and other collection technology can be abused and become tools for repression, to compare what amounts to a new-age wiretap to a missile carrying, say fifty kilograms of TNT or RDX is to push the metaphor pretty far.