It's a story that has everything, except a reporter ready to tell it. A hostile state attacking the US power grid is a longstanding and quite plausible national security concern. The Trump administration was galvanized by the threat, even seizing Chinese power equipment when it arrived in the US to do a detailed breakdown of the gear and then issuing an executive order and follow-up rulings designed to cut Chinese products out of the US grid supply chain.
Yet now the Biden administration has suspended this order for 90 days – the only Trump cybersecurity order to be called into question so far. Industry lobbying? Chinese maneuvering? Tech uncertainty? No one knows, but Brian Egan and I sketch the outlines of an irresistible story that will surely reward a persistent journalist.
The SolarWinds story, meanwhile, needs a new moniker, as the compromises spread beyond SolarWinds distributions, reaching victims like Malwarebytes. Increasingly, it looks as though Microsoft and its cloud are the common denominators, Sultan Meghji and I observe, but that's one moniker the story will never acquire.
In other cyber TTP news, the Chinese are stealing airline passenger reservation data, Sultan notes. Maybe they're just trying to find out when Mike Pompeo next plans to come to China so they can meet him at the airport and enforce their latest sanctions – no Great Wall tours for you, Mr. Secretary!
This is our last week of Trumpian cyber news, so we wallow in it. President Trump also issued a last-minute order calling for an assessment of the security risks of Chinese drones, Maury Shenk tells us. And Brian unpacks the other last-minute Trump administration order requiring U.S. U.S. cloud providers to know which foreigners they are selling virtual machines to.
I claim victory in my short letter to Secretary Mnuchin, suggesting that, instead of jamming a cryptocurrency regulation through on his watch, he concentrate on convincing Secretary-designate Yellen to carry the project through. If he took my advice, it seems to have worked. Sultan reports that she is showing signs of wanting to "curtail" cryptocurrency. In other news, Sultan boldly predicts the advent of interplanetary cryptocurrency in Elon Musk's lifetime.
Brian and I unpack the latest Cyberspace Solarium Commission product -- its persuasive Transition Book for the Biden administration. I predict that the statutorily mandated cybersecurity director it recommends will have to be subordinated to the Deputy National Security Adviser for cybersecurity if the office is to be accepted in the White House.
And in quick hits: Maury covers the surprisingly robust European enforcement of employee protections against video surveillance. I explain Parler's loss in trying to overturn the AWS ban that pushed it off the internet. Sultan explains why the Biden Peloton is a cybersecurity risk, and I tip my hat to the President's physical fitness. I summarize the Mike Ellis story; he held the job NSA's general counsel for about a day before a political witch-hunt caught up with him, and he may never serve another day.
And, finally, a little schadenfreude for the European Parliament, which is being investigated by the EU's lead data regulator for poor cookie notices on a website it set up for MEPs to book coronavirus tests. The complainant? Max Schrems, who is now well on his way to becoming as unpopular with European politicos as he is in the U.S.
Download the 346th Episode (mp3)
You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!
The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.