With help from Eric Geller, Martin Matishak, Melissa Heikkil, Cristiano Lima and Daniel Lippman
Editors Note: Morning Cybersecurity is a free version of POLITICO Pro Cybersecuritys morning newsletter, which is delivered to our subscribers each morning at 6 a.m. The POLITICO Pro platform combines the news you need with tools you can use to take action on the days biggest stories. Act on the news with POLITICO Pro.
Advertisement
A coronavirus contact-tracing initiative from Apple and Google has some privacy and security landmines to navigate.
An advocacy group urged the Federal Energy Regulatory Commission to move ahead with cybersecurity standards despite calls to move back the timing.
A top U.N. official called for a digital cease-fire as the world contends with coronavirus, especially because of the need to safeguard health care organizations and employees.
HAPPY MONDAY and welcome to Morning Cybersecurity! So relatable. If a hacker gets a hold of a Zoom, what can they tell? Send your thoughts, feedback and especially tips to [emailprotected]. Be sure to follow @POLITICOPro and @MorningCybersec. Full team info below.
POLITICO Pro is here to help you navigate these unprecedented times. Check out our new Covid-19 Coverage Roundup, which provides a daily summary of top Covid-19 news coverage from across all 16 federal policy verticals as well as premium content, such as DataPoint graphics. Please sign up at our settings page to receive this unique roundup sent directly to your inbox every weekday afternoon.
Sign up for POLITICO Nightly: Coronavirus Special Edition, your daily update on how the illness is affecting politics, markets, public health and more.
TRACKING DOWNSIDES A joint Apple-Google project to track coronavirus exposure risks announced last week has sparked privacy and security fears even as some lawmakers are willing to give the tech giants some leeway. Tech companies new feature to contact trace coronavirus cases has positive potential, but we must ensure privacy concerns are considered, tweeted House Energy and Commerce Chairman Frank Pallone (D-N.J.). Ill be following this closely to ensure consumer privacy is protected. Rep. Jan Schakowsky (D-Ill.), who chairs E&Cs consumer protection subcommittee, echoed the sentiment.
Some security experts said that although the plan features safeguards, they arent adequate given the nature of the information at play. Phone data has NEVER been proven secure and the chance of release is above 0%, observed Sergio Caltagirone, vice president of threat intelligence for Dragos. In fact, this is so juicy I'd argue there will be lots of baddie[s] who are interested in finding ways to leak this. Matt Tait, a cyber fellow at the University of Texas at Austin, spelled out a slew of other potential problems.
Jennifer Granick, surveillance and cybersecurity council for the ACLU, credited the two companies for steps to mitigate risk but said there was room for improvement. These systems also cant be effective if people dont trust them, she said. People will only trust these systems if they protect privacy, remain voluntary, and store data on an individual's device, not a centralized repository.
Former Vice President Joe Biden, the presumptive Democratic nominee, broadly touched on the issue in his newly released proposal to safely reopen America. In a New York Times op-ed outlining his plan, Biden calls for a contact tracing strategy that protects privacy. And Apple and Google reportedly will work with the U.K., too.
NOT SO SLOW The coronavirus pandemic isnt a reason to significantly delay supply chain cybersecurity standards for electric grid utilities, the grid resilience advocacy group Protect Our Power told FERC late last week. The North American Electric Reliability Corp. wants FERC to delay the deadline for complying with the cyber rule and other new regulations, saying compliance could disrupt operations at a critical time. But in comments filed Thursday with FERC, Protect Our Power said NERCs requested three-month delay may not be justified or necessarily be in the public interest. Instead, it asked FERC to only grant a 30-day extension. This approach would acknowledge the time lost by utilities due to the coronavirus pandemic, the group said, but otherwise require the industry to continue to treat the supply chain security issue with the importance and seriousness it deserves.
In requesting a 90-day delay, NERC argued that the extra time would allow entities to recover from coronavirus-related strains, but Protect Our Power said such a long recovery window likely wasnt necessary. Given that FERC issued the supply chain standard 15 months ago, the group said, many or most utilities may already be prepared to comply with it by the current July 1 deadline. A shorter delay, it said, would also prevent us from having one crisis, the pandemic, unnecessarily cause us to lose focus and a sense of urgency about another crisis, supply chain risk.
CYBER CEASE-FIRE The United Nations undersecretary-general on Friday published an op-ed calling for a worldwide digital cease-fire during the coronavirus pandemic. When launched successfully, digital attacks are catastrophic and can lead to loss of life, wrote Fabrizio Hochschild. In particular, health care workers and hospitals battling Covid-19 shouldnt have to question whether their data and medical equipment is secure or worry about it being shut down. We must commit to an immediate digital cease-fire, and governments, civil society groups, and the private sector must set the tone. Without this step, our global response to the pandemic will be weakened, according to Hochschild.
ALL I WANNA DO IS ZOOM-A-ZOOM-ZOOM-ZOOM The top Republican on the House Oversight panel on Friday called for majority Democrats to abandon usage of the Zoom video conferencing service, citing security issues. Given the concerns surrounding Zooms security, it is clear Zoom is not an appropriate platform for Committee business, which may be particularly sensitive during the COVID-19 pandemic, wrote Rep. Jim Jordan (R-Ohio). Please immediately suspend any current or future use of Zoom systems for official committee activities and take immediate steps to evaluate the Committees internal cybersecurity preparedness to prevent hackers from accessing sensitive committee information through the Zoom platform.
Jordan cited the Senate sergeant at arms warning last week for offices to stop using it, broader hacking and malware concerns, and Zoom work done by employees in China as causes to suspend use. Jordan said House Oversight Democrats had been Zoom-bombed, something Democrats denied.
Rep. Jordans office was consulted directly and repeatedly about using Zoom and never raised any concerns, so its unfortunate that he is now putting out inaccurate information in this public letter, said Chairwoman Carolyn Maloney (D-N.Y.). Had his office consulted with us first, we could have clarified their misunderstandings and provided more information about the steps the Committee has already taken to address any potential issues. She said the committee would continue to use a number of different technologies to fulfill its responsibilities. The House was already reevaluating whether the chamber should switch to a government-specific form of Zoom.
EDGAR RIGHT The SEC announced last week that it has settled charges with two traders accused of profiting by exploiting sensitive corporate earnings information hacked from its EDGAR system. David Kwon of California settled for $165,474 that represented the profits from his alleged illegal trades, and $16,254 in interest; Igor Sabodakha of Ukraine settled for $148,804 in profits, prejudgment interest of $20,945 and a civil penalty of $148,804, plus the SEC said it would dismiss charges against his wife, Victoria Vorochek, whose accounts he allegedly used to conduct trades.
The EDGAR hack generated considerable interest from Congress when the SEC disclosed it in 2017, with some lawmakers pointing to their prior concerns about SEC vulnerabilities. The SEC charges against seven individuals and two entities filed in 2019 were accompanied by criminal charges against two other men.
CRITICAL SAFETY AND PRIVACY FLAWS IN CONNECTED CARS Drivers beware: Your rides are vulnerable to digital saboteurs. Some of Europes most popular connected car models have crucial security flaws that allow intruders to access personal data such as passwords and location history as well as components that control key functions such as collision-warning systems and tire air pressure, according to an investigation by British consumer group Which?.
By lifting the Volkswagen badge on the front of the car, researchers say they were able to access the vehicles front radar module, which controls its collision-warning system, according to our friends at POLITICO Europes Cyber Insights. Using a cheap laptop and a 25 gadget bought from online marketplace Amazon, the researchers also hacked into the Ford Focus system monitoring air pressure in tires. The investigators also got access to personal data such as Wi-Fi passwords, phone contacts and location history.
TWEET OF THE WEEKEND And then Zoom keeps doing stuff like this.
Kevin Zerrusen is now a managing director at EY where he works on cybersecurity and advisory services. He most recently was senior adviser to the chairman for cybersecurity policy at the SEC and is also a Goldman Sachs alum and served in the CIA for 30 years.
POLITICO: Small business loan effort might be less generous than advertised.
The Wall Street Journal: After Congress allowed surveillance tools to lapse, DOJ hasnt been able to obtain wiretaps or request business records between five and 10 times.
The Wall Street Journal: The FBI made errors in two FISA application filings last year.
Forbes: Cryptocurrency scammer revenue is down during the pandemic.
CyberScoop: Cyber criminal forums are also offering discounts during the pandemic.
Register: Cyber criminals leaked sensitive documents from contractors for Boeing, SpaceX, Tesla and other major companies in retaliation for an unpaid ransomware demand.
The Wall Street Journal: Travelex paid a $2.3 million ransom to hackers.
Bleeping Computer: San Francisco International Airport had a data breach.
gCaptain: Mediterranean Shipping Company may have suffered a cyberattack.
ZDNet: Online betting company SBTech will have to place $30 million in escrow as insurance for covering the fallout from a suspected ransomware infection.
Inside Cybersecurity: Two industry groups want more details from the Pentagon on its cybersecurity standards for contractors.
Forbes: Big data firm Palantir got some coronavirus emergency relief funds.
The New York Times: Burning Cell Towers, Out of Baseless Fear They Spread the Virus.
Thats all for today.
Stay in touch with the whole team: Eric Geller ([emailprotected], @ericgeller); Bob King ([emailprotected], @bkingdc); Martin Matishak ([emailprotected], @martinmatishak); and Tim Starks ([emailprotected], @timstarks).
See more here:
The security issues with the Apple/Google virus tracking project - Politico
- The Google One VPN service is heading to the Google graveyard - The Verge - April 16th, 2024 [April 16th, 2024]
- Google One is losing a lot of its appeal, but Photos has me locked in - Android Authority - April 16th, 2024 [April 16th, 2024]
- Google intensifies fight against YouTube adblockers - Ghacks - April 16th, 2024 [April 16th, 2024]
- Google One VPN Is Bound for the Google Graveyard Later This Year - CNET - April 16th, 2024 [April 16th, 2024]
- Google's next foldable could be the Pixel 9 Pro Fold and finally get flagship specs - TechRadar - April 16th, 2024 [April 16th, 2024]
- Meta and Google announce new in-house AI chips, creating a trillion-dollar question for Nvidia - Fortune - April 16th, 2024 [April 16th, 2024]
- Grow with Google launches a new generative AI course for educators in collaboration with MIT RAISE - The Keyword | Google Product and Technology News - April 16th, 2024 [April 16th, 2024]
- Google is shutting down Google One VPN because 'people simply weren't using it' - ZDNet - April 16th, 2024 [April 16th, 2024]
- Google's Pixel 8A leaks in all colors including a bold green - The Verge - April 16th, 2024 [April 16th, 2024]
- Milan Design Week 2024: Google and Chromasonic Transform Light Into Sound for Making Sense of Color Exhibition ... - Cool Hunting - April 16th, 2024 [April 16th, 2024]
- Something strange might happen to the Google Pixel Fold 2 - Digital Trends - April 16th, 2024 [April 16th, 2024]
- Google begins removing California news from search in response to Journalism Preservation Act - Sacramento Bee - April 16th, 2024 [April 16th, 2024]
- I tested the Google Pixel's Long Exposure photo mode and it's another reason to leave my pro mirrorless camera at ... - TechRadar - April 16th, 2024 [April 16th, 2024]
- iOS 18Apple Issues New Blow To Google With Bold AI Privacy Decision - Forbes - April 16th, 2024 [April 16th, 2024]
- Google Wallet 'verify it's you' request appears minutes after unlock - 9to5Google - April 16th, 2024 [April 16th, 2024]
- Google Will Open Its Magic Editor AI Photo Tools to Everyone for Free, With a Catch - CNET - April 16th, 2024 [April 16th, 2024]
- The Google Pixel 8a leaks twice, hinting at its design, and four color options - TechRadar - April 16th, 2024 [April 16th, 2024]
- Google Vids is Google's fourth big productivity app for Workspace - Ars Technica - April 16th, 2024 [April 16th, 2024]
- Google working to prevent accidental Circle to Search activations - 9to5Google - April 16th, 2024 [April 16th, 2024]
- Google Unleashes 'New Era Of Productivity' With AI Agents: Partners - CRN - April 16th, 2024 [April 16th, 2024]
- Did you even use the Google One VPN? [Poll] - 9to5Google - April 16th, 2024 [April 16th, 2024]
- Faced with possibly paying for news, Google removes links to California news sites for some users - ABC News - April 16th, 2024 [April 16th, 2024]
- Google Chrome removes side panel button in favor of pinning - 9to5Google - April 16th, 2024 [April 16th, 2024]
- Google and Chromasonic make sense of colour at Milan Design Week - Wallpaper* - April 16th, 2024 [April 16th, 2024]
- Google and MIT launch a free generative AI course for teachers - ZDNet - April 16th, 2024 [April 16th, 2024]
- The Google Pixel 7a is on sale for a new low of $349 - Engadget - April 16th, 2024 [April 16th, 2024]
- Here's how the Google Pixel 9's new modem will power satellite connectivity - Android Police - April 16th, 2024 [April 16th, 2024]
- Here's 16 pages of what Epic wants after winning its Google app store lawsuit - The Verge - April 16th, 2024 [April 16th, 2024]
- When Parkinson's anxiety, Google Maps, and texting collide - Parkinson's News Today - April 16th, 2024 [April 16th, 2024]
- Google Meet slides in time-saving UI update for its toolbar on desktop - Android Central - April 16th, 2024 [April 16th, 2024]
- Google AI podcast: 6 conversations with global leaders - The Keyword | Google Product and Technology News - April 12th, 2024 [April 12th, 2024]
- Nvidia, Google Expand Partnership With Nvidia Blackwell Coming to Google Cloud in 2025 - Investopedia - April 12th, 2024 [April 12th, 2024]
- Google partners with Bayer on new AI product for radiologists - CNBC - April 12th, 2024 [April 12th, 2024]
- Exclusive: Google Workers Revolt Over $1.2 Billion Israel Contract - TIME - April 12th, 2024 [April 12th, 2024]
- Google's new Arm-based CPU will challenge Microsoft and Amazon in the AI race - The Verge - April 12th, 2024 [April 12th, 2024]
- Google releases first Android 15 beta with improved performance and edge-to-edge display by default - SiliconANGLE News - April 12th, 2024 [April 12th, 2024]
- Google's Gemini 1.5 Pro can now hear - The Verge - April 12th, 2024 [April 12th, 2024]
- WPP and Google Cloud forge groundbreaking new collaboration to lead generative AI-driven marketing into its next ... - WPP - April 12th, 2024 [April 12th, 2024]
- These Google Photo Editing Tools Will Be Free Soon - Lifehacker - April 12th, 2024 [April 12th, 2024]
- I shot the eclipse with an iPhone 15 Pro Max, Google Pixel 8 Pro and a Samsung Galaxy S23 Ultra here's which one ... - TechRadar - April 12th, 2024 [April 12th, 2024]
- Responses To Google Search About Amarillo - 101.9 The Bull - April 12th, 2024 [April 12th, 2024]
- Google announces Axion, its first custom Arm-based data center processor - TechCrunch - April 12th, 2024 [April 12th, 2024]
- Google and world's largest ad group announce landmark AI collaboration - Search Engine Land - April 12th, 2024 [April 12th, 2024]
- Google releases 'prompting guide' with tips for Gemini in Workspace - 9to5Google - April 12th, 2024 [April 12th, 2024]
- Google Photos is making its AI photo editing tools available for all users - Mashable - April 12th, 2024 [April 12th, 2024]
- Orange Expands Partnership With Google Cloud to Use AI and GenAI Across Workstreams and Geographies With New ... - PR Newswire - April 12th, 2024 [April 12th, 2024]
- Google finally launches its Find My Device network. Here are the Android models that support it - ZDNet - April 12th, 2024 [April 12th, 2024]
- Google Store now accepts trade-ins for the Pixel Tablet - 9to5Google - April 12th, 2024 [April 12th, 2024]
- Google's Find My Device network has finally launched and the Pixel 8 gets special tracking powers - TechRadar - April 12th, 2024 [April 12th, 2024]
- Alphabet Stock Rises Amid Introduction of AI Products - PYMNTS.com - April 12th, 2024 [April 12th, 2024]
- Discover the Czech National Library's treasures with Google Arts & Culture - The Keyword | Google Product and Technology News - April 12th, 2024 [April 12th, 2024]
- Google's Gemini Pro 1.5 can now hear as well as see what it means for you - Tom's Guide - April 12th, 2024 [April 12th, 2024]
- Next Vision, or Vision Next? What we really thought about Google and Intel's AI events - The Register - April 12th, 2024 [April 12th, 2024]
- Google Wallet on Wear OS isn't as convenient as it could be - Android Police - April 12th, 2024 [April 12th, 2024]
- Google AI's Updates Show Its Ambitions To Go Beyond Automating Tasks As It Aims To Revolutionize Business ... - Yahoo Finance - April 12th, 2024 [April 12th, 2024]
- Google Workspace gets a game-changing security feature - Android Police - April 12th, 2024 [April 12th, 2024]
- Google Flights says these are the top summer travel destinations of 2024 - Fox Business - April 12th, 2024 [April 12th, 2024]
- Google Built Its Own Server CPU in Blow to Intel and AMD - The Motley Fool - April 12th, 2024 [April 12th, 2024]
- Google Photos on Android seems primed to pick up a 'recover storage' option - Android Central - April 12th, 2024 [April 12th, 2024]
- Former Google Deepmind Researchers Assemble Luminaries Across Music And Tech To Launch Udio, A New AI ... - PR Newswire - April 12th, 2024 [April 12th, 2024]
- Google parent Alphabet says AI helped it beat profit expectations - theSun - January 30th, 2024 [January 30th, 2024]
- Microsoft beats estimates, but Google gets slammed on ad revenue worries - FXStreet - January 30th, 2024 [January 30th, 2024]
- Google TV's homescreen video ads now include fast food too - 9to5Google - January 30th, 2024 [January 30th, 2024]
- Google partners on passkey upgrades, dropping Pixel exclusivity in the future - 9to5Google - January 30th, 2024 [January 30th, 2024]
- Google TV Has New Annoying Ads - How-To Geek - January 30th, 2024 [January 30th, 2024]
- Atropos Health partners with Google Cloud to rapidly generate insights from healthcare data using AI - VentureBeat - January 30th, 2024 [January 30th, 2024]
- Spring a leak? Google will find it through a new partnership aimed at saving water in New Mexico - El Paso Inc. - January 30th, 2024 [January 30th, 2024]
- Hugging Face and Google Cloud Announce Collaboration for Open AI Initiative - InfoQ.com - January 30th, 2024 [January 30th, 2024]
- Stock Market Today: Stocks mixed with Microsoft, Google earnings and Fed in focus - TheStreet - January 30th, 2024 [January 30th, 2024]
- Google's Parent Company Squeezes Its Moonshot Projects, 'Other Bets' - The Information - January 30th, 2024 [January 30th, 2024]
- Google parent Alphabet reports 52% surge in profit on strong business - The National - January 30th, 2024 [January 30th, 2024]
- Some advertisers are unable to access Google Ads - Search Engine Land - January 30th, 2024 [January 30th, 2024]
- How to get started with Side Panel on Google Chrome - Windows Central - January 30th, 2024 [January 30th, 2024]
- Google Cloud and Hugging Face Announce Strategic Partnership to Accelerate Generative AI and ML Development - PR Newswire - January 30th, 2024 [January 30th, 2024]
- How To Update Google Chrome To Its Latest Version - SlashGear - January 30th, 2024 [January 30th, 2024]
- Google wants to make it easier to disable Chrome's annoying notifications - Android Police - January 30th, 2024 [January 30th, 2024]
- Google app update reveals Google doesn't know what to call Assistant with Bard - Android Central - January 30th, 2024 [January 30th, 2024]
- Spring a leak? Google will find it through a new partnership aimed at saving water in New Mexico - The Caledonian-Record - January 30th, 2024 [January 30th, 2024]
- Google And Hugging Face Partner To Advance Generative AI With Open Models - Forbes - January 30th, 2024 [January 30th, 2024]
- Tech earnings preview: Microsoft, Apple, Google, Meta, and Amazon - Fast Company - January 30th, 2024 [January 30th, 2024]