Our interview is with Jeanette Manfra, DHS’s Assistant Secretary for Cyber Security and Communications. We cover her agency’s binding directive to other civilian agencies to purge Kaspersky software from their systems, and her advice to victims of the Equifax breach (and to doctors who think that Abbott Labs’ heart implants don’t need a security patch because no one has been killed by hackers yet). I also ask how she’s doing at expanding civilian agency security from intrusion prevention to monitoring inside networks – and the future of her agency at DHS.
CFIUS is back in the news as President Trump kills his first deal on national security grounds. Stephen Heifetz explains what he did and what it means for roughly 15 more deals caught in CFIUS’s toils.
For those who are following the 702 Upstream issue from last week’s episode, a bipartisan group of House Judiciary members have come down on Liza Goitein’s side of the debate, saying they’ll abolish upstream collection “about” terrorists. Whether they can sell the moderates of both parties on that, especially in the Senate, remains to be seen.
Jennifer Quinn-Barabanov explains how bad things have gotten for Equifax: a delayed patching process that will be cast as negligent, dozens of class actions, an FTC investigation, multiple Congressional committee hearings, possible SEC inquiries, and the state attorneys general too. I point out that no one has suffered harm from the breach yet and question whether this disaster will look quite so bad in three or four months.
The Trump administration imposes its first cyber attack sanctions, against Iranian hackers. Stephen and I note that three astonishingly different Presidents have managed to pursue cyber policies that are more or less indistinguishable from each other.
I suggest a surprising likely victim of the Russian probe: the effort to enshrine in law the requirement that electronic provider content only be provided in response to a search warrant, not a subpoena. The social media companies that dealt with Russian advertisers have provided less information to the Senate intelligence committee than to Robert Mueller. Why? Because the Senate doesn’t issue search warrants. So if Congress adopts a statutory warrant requirement to get electronic content, it will doom Congressional committees to perennial second-class status in future investigations. I doubt Congress is going to want to do that.
In fact, I predict, Silicon Valley is in for a bad half decade in Washington, as left and right grow increasingly suspicious of the power of social media companies.
Finally, to close out the news on a legal note, Jennifer unpacks two recent and, ahem, “divergent” opinions of the Eighth Circuit on breach lawsuit standing.