| Welcome to The Cybersecurity 202! The first words were spoken by telephone on this day in 1876. Nice, but I think the first words spoken on film are more brassy and prophetic. Below: A GOP election clerk who embraced Trump-backed conspiracy theories was indicted on charges of violating election security, and Ukraine may ship its servers out of the country. | Bob Kolasky saw a sea change in cyber concerns during his tenure |  Bob Kolasky, director of the National Risk Management Center, is leaving government this week. Photo provided by the Cybersecurity and Infrastructure Security Agency. | | | When Bob Kolasky joined the Homeland Security Department in 2008, cybersecurity was still mostly an afterthought for the government. Officials remained laser focused on preventing another terrorist attack on the scale of 9/11. What a difference 14 years has made. Working to prevent a devastating cyberattack is now one of DHS's top missions led by the 4-year-old Cybersecurity and Infrastructure Security Agency. For the past three years, Kolasky, who ends his government service Friday, has been at the center of the effort as leader of CISA's National Risk Management Center (NRMC). Kolasky's job in a nutshell has been to dig as deeply as possible into all the most damaging cyberattacks that might hit the United States, then dig into all their second- and third-order consequences, and figure out how to make the damage less catastrophic. Think of Kolasky like the guy who shows up 45 minutes into a disaster movie and announces the problems are far bigger than everyone thought. "When an incident manifests itself, you want to know as closely as possible what that means, the impact it's having," he told me in an interview. | | The NRMC's biggest profile initiative is a project called the national critical functions — basically a map of everything super important that the United States does and what would happen if it got hit with a major cyberattack. The project also looks at other threats to the functions such as terrorist attacks and natural disasters. It goes deep. Kolasky's team started by identifying 55 critical functions — crown jewels that must be protected from significant adversary cyberattacks, including systems that distribute electricity, provide wireless Internet and manage wastewater. But then they kept going, identifying things that might depend on those functions and what would happen if they were similarly booted offline. To date, they've identified a whopping 3,319 "sub functions" that could be imperiled by the cascading consequences of a cyberattack hitting one of the 55 big targets. They're also looking at what makes those functions vulnerable to hacks and other threats such as underinvestment in security and overreliance on foreign components. Here's how it works in practice: When Colonial Pipeline was temporarily shut down by a ransomware attack last year, Kolasky's team started mapping out all the possible fallout. Will this affect fuel supplies at nearby airports? Do any of those airports transport items vital for national security? What kind of burden will that place on other transportation hubs? "We've got much more significant risk models than we did in 2018," he told me. I look back at what we've been able to accomplish, and it's been pretty remarkable." | | One big win for Kolasky: It's become far easier during his tenure for government officials to convince companies that they need to better protect themselves against hacking. That's partly because there have been enough high-profile attacks that companies know they're in danger, he said. It's also because the government has done the work to demonstrate how a hack that affects one company could end up producing consequences across the nation. Initially, "some of the threats were … too hard to imagine scenarios or things that businesses didn't think the government needs to be involved in," Kolasky told me. "Whereas now, the threats sounds a lot like national security threats. It creates the space for this partnership." Two big challenges: I asked Kolasky about the top threats the government should be focusing on in coming years. He said: | - Coming up with a system for combating foreign disinformation and treating it like a major homeland security threat
- Dealing with the threat of complex supply chains that could make it easier for malicious software to find its way into vital technology systems
| | Next: Kolasky is starting this month at Exiger, a supply chain risk management firm, as senior vice president for critical infrastructure. | | |  | The keys | | Election clerk, who embraced conspiracy theories, indicted over security breach |  Tara Peters had been under investigation since August. (McKenzie Lange/The Grand Junction Daily Sentinel/AP) | | | A Mesa County, Colo. grand jury indicted county clerk Tara Peters (R) for allegedly helping an outsider obtain election machine data from her office that made its way to election conspiracy theorist Mike Lindell's conference in May, Emma Brown reports. Peters has been charged with 10 counts, seven of which are felonies. Peters is seeking the Republican nomination for Colorado secretary of state. She previously called on election clerks elsewhere to copy their voting machines' hard drives, and alleged that she is the target of powerful forces who don't want her to get to the truth. Peters and her attorney didn't respond to requests for comment. Context: Peters "is the first elections official to face criminal charges related to conspiracy theories surrounding the 2020 election, experts said. She is accused not of fixing the election but of breaking the law as she sought to investigate whether someone else did," Emma reports. The grand jury also indicted Peters's deputy, Belinda Knisley. Knisley's lawyer argued she will be exonerated when more evidence comes out at trial. | SEC proposes four-day deadline for firms to disclose hacks |  The proposal has "special relevance" in light of Russia's invasion of Ukraine, an SEC spokesperson told CNBC. (Andrew Harrer/Bloomberg News) | | | The proposed rule could go into effect after the Securities and Exchange Commission finishes receiving feedback from the public in May, the Wall Street Journal's Paul Kiernan reports. The new requirements have "special relevance" in the wake of Russia's invasion of Ukraine, which has increased cyberattack risks, an SEC spokesperson told CNBC. In addition to requiring publicly traded firms to disclose major cybersecurity incidents within 96 hours, the proposed rules would: | - Require companies to provide updates on previously reported incidents
- Make firms disclose when "a series of previously undisclosed, individually immaterial cybersecurity events has become material in the aggregate"
- Tell firms to outline their cybersecurity risk policies in annual reports and say whether any of their board members have cybersecurity expertise
| Ukraine's government is preparing to ship its servers out of the country | | It's a contingency plan that "suggests Ukrainians want to be ready for any Russian threat to seize sensitive government documents," Reuters's Raphael Satter and James Pearson report. Ukrainian lawmakers would have to approve such a move. In other Russia-Ukraine news: | - European officials say they're not seeing many Russian cyberattacks, the Wall Street Journal's Sam Schechner reports. European officials met in France on Wednesday to discuss ways to defend European networks.
- Cybercriminals are trying to trick amateurs who want to hack Russian websites. Cisco Talos found a tool advertised as a way to launch digital attacks to overwhelm "Russian sites." But it was actually malware designed to steal passwords and cryptocurrency information, researchers said.
| | Disinformation watch: White House press secretary Jen Psaki accused Russia of being behind a disinformation campaign promoting the idea that the United States funded biowarfare facilities in Ukraine: | | The European Union also played down the Russian reports, saying that "the credibility of information provided by [the] Kremlin is in general very doubtful and low," Reuters reports. | | |  | Chat room | | | That feeling when the U.K.'s former top cyber official drops into your pub and asks for some crisps: | | |  | Global cyberspace | | The Internet's elders have an idea for blocking Russian military, propaganda sites |  One leading idea is to give major online networks a blacklist of sites. (Dado Ruvic/Reuters/Illustration) | | | In an open letter, veteran Internet activists have proposed a new working group to consider what they call technical sanctions that could disrupt Russian military and propaganda sites but leave intact ordinary civilian sites like those used by news organizations, schools and hospitals, Craig Timberg reports. While the details of such a move haven't been worked out yet, one leading idea would be to give major online networks a blacklist of sites to avoid, a technique that is also used to block sites with malware and spam. The experts' letter rejects the idea of disconnecting an entire country from the Internet. That echoes the position of the Internet governance nonprofit ICANN, which previously rejected Ukraine's proposal to revoke the ".ru" domain and help get rid of their security certificates, which would have made it more difficult for people within Russia to access sites outside of the country. "Sanctions should be focused and precise," the letter says. "They should minimize the chance of unintended consequences or collateral damage. Disproportionate or overbroad sanctions risk fundamentally alienating populations." It was signed by activists, politicians, networking experts, security researchers and others. | | |  | Government scan | | Biden orders sweeping review of cryptocurrencies |  President Biden is seeking to update cryptocurrency regulations. (Ting Shen/Bloomberg News) | | | An executive order from President Biden yesterday aimed at updating the government's cryptocurrency regulations could be a boon for efforts to combat ransomware, which relies on the digital currency. Here's more from The Post. | | |  | Securing the ballot | | | |  | Industry report | | | |  | Cyber insecurity | | | |  | Daybook | | - The Senate Intelligence Committee holds its worldwide threats hearing today at 10 a.m.
- U.S. Cyber Command holds its annual legal conference today at 10 a.m.
- CISA Executive Assistant Director Eric Goldstein speaks at a Billington Cybersecurity event today at noon.
- Senate Intelligence Committee Chairman Mark R. Warner (D-Va.) and Chris Painter, the Obama administration's top cyber diplomat, discuss cybersecurity and Russia's invasion of Ukraine at an event hosted by the Center for Strategic and International Studies on Monday at 11 a.m.
- Cyberspace Solarium Commission executive director Mark Montgomery speaks at an American Enterprise Institute event on gray-zone warfare that begins on Wednesday at 9:30 a.m.
| | |  | Secure log off | | | "You ain't seen nothin' yet." Thanks for reading. See you tomorrow. | | |
