It’s a story that has everything, except a reporter able to tell it. A hostile state attacking the US power grid is a longstanding and quite plausible national security concern.
The Trump administration was galvanized by the threat, even seizing Chinese power equipment at the port to do a detailed breakdown and then issuing an executive order and follow-up rulings designed to cut Chinese products from the supply chain.
Yet the Biden administration suspended this order for 90 days – the only Trump cybersecurity Order to be called into question so far.
Industry lobbying? Chinese maneuvering? Tech uncertainty? No one knows, but Brian Egan and I at least sketch the outlines of an irresistible story that will have to wait for a persistent journalist.
The SolarWinds story needs a new moniker, as the compromises spread beyond the scope of SolarWinds distributions to victims like Malwarebytes.
Increasingly, it looks as though Microsoft and its cloud are the common denominators, Sultan Meghji and I observe, but that’s one moniker the story will never acquire.
In other cyber TTP news, the Chinese are stealing airline passenger reservation data, Sultan notes.
Maybe they’re just trying to find out when Mike Pompeo next plans to come to China so they can meet him at the airport and enforce their latest sanctions – no Great Wall tours for you, Mr. Secretary!
This is our last week of Trumpian cyber news, so we wallow in it. The President issued a last-minute order calling for an assessment of the security risks of Chinese drones, Maury Shenk tells us.
And Brian unpacks the other last-minute order requiring US cloud providers to know which foreigners they are selling virtual machines to.
I claim victory in my short letter to Secretary Mnuchin, suggesting that, instead of jamming a cryptocurrency regulation through on his watch, he concentrates on convincing Secretary-designate Yellen to carry through. If he took my advice, it seems to have worked. Sultan reports that she is showing signs of wanting to “curtail” cryptocurrency.
In other news, Sultan boldly predicts the advent of interplanetary cryptocurrency in Elon Musk’s lifetime.
Brian and I unpack the latest Cyberspace Solarium Commission product – Transition Book – its persuasive for the Biden administration.
I predict that the statutorily mandated cybersecurity director will have to be subordinated to the Deputy National Security Adviser for cybersecurity for the office to be accepted in the administration.
And in quick hits, Maury covers the surprisingly robust European enforcement of employee protections against video surveillance.
I explain Parler’s loss in trying to overturn the AWS ban that pushed it off the internet.
Sultan explains why the Biden Peloton is a cybersecurity risk, and I tip my hat to the President’s physical fitness.
I summarize the Mike Ellis story; he held the job NSA’s general counsel for about a day before a political witch-hunt caught up with him, and may never serve another day.
And, finally, a little schadenfreude for the European Parliament, which is being investigated by the EU’s lead data regulator for poor cookie notices on a website it set up for MEPs to book coronavirus tests. The complainant? Max Schrems, who is on his way to becoming as unpopular with European politicos as he is in the US.
Download the 346th Episode (mp3).
You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!
The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.