Incident response in the spotlight

With help from Joseph Marks and David Perera

SCOOP: WHITE HOUSE MULLS CYBER INCIDENT RESPONSE — The White House is devising a plan specifying federal agencies’ responsibilities in the event of a crippling cyberattack, which could be released as an executive order or presidential directive in the next few months, MC has learned. The guidance will address the federal response to a cyberattack against “critical infrastructure,” including power plants, chemical facilities, banks and telecommunications providers, according to industry officials. The goal is to ensure agencies are focused on chasing hackers out of compromised systems rather than figuring out who to call or talking to lawyers.

“This is outlining specific roles and responsibilities and tasks for agencies, saying ‘DHS, you do this’ and ‘FBI, you go do this’ … a high-level, whole-of-government approach,” one executive told Joe. The Homeland Security Department is also updating its cyber incident response plan, which has languished for more than five years in interim form, according to people familiar with the discussions. Congress has been seeking an updated version of that plan for more than a year. House Homeland Security Committee staffers plan to press for a firm delivery date during a scheduled meeting this week with department officials. More for Pros: http://politico.pro/1mSmfax

POLITICO PRO SOTU SCORECARD — Just in time for tonight’s State of the Union speech, Joe also has a rundown of President Barack Obama’s cybersecurity vows in each of his previous addresses and whether they were wins or losses. Every POLITICO Pro team did the same for their particular policy area. If you want to read the whole mammoth sucker, click here: http://politico.pro/1W283YV

HAPPY TUESDAY and welcome to Morning Cybersecurity! Your MC host mourns David Bowie, like many people; I was a huge fan, and even sleep with him every night because his face is on my duvet cover. His departure is an occasion to celebrate his work, however. I’d nominate the obvious “Ziggy Stardust” as the best album, although “Station to Station” might be my favorite. Dave is partial to “Low.” What say you? Send your thoughts, feedback and especially your tips to [email protected] and follow @timstarks, @POLITICOPro and @MorningCybersec. Full team info is below.

WASSENAAR FIGHT GETS SCRAPPY — The Wassenaar Arrangement is turning into a real loser for the State Department. Foggy Bottom has been on the defensive about its support for adding cybersecurity products to the list of items with both civilian and military uses that face export limits.

State’s reluctance to speak publicly about Wassenaar backfired badly Monday after officials attempted to pull a bait-and-switch on two House committees. Rather than let lead Wassenaar diplomat Ann Ganzer testify today, State said it would send to Capitol Hill a more senior official whom no one following the issue had before encountered.

That led to a subpoena from the House Oversight Committee, which is holding this afternoon’s hearing along with House Homeland Security. “We have gone back and forth with State to reach a suitable compromise, but at no point in time have we indicated that we would like to have another witness,” said a congressional aide. More for Pros: http://politico.pro/1N3HlIj and http://politico.pro/1Rye3cU

Today’s hearing will focus in part on State’s role in adding cybersecurity to the export control list. When the Commerce Department last year tried to implement the new restrictions, industry howls forced a delay. Since then, Commerce, the Department of Homeland Security and the Pentagon have concluded that Wassenaar needs to be redrawn.

But State continues to insist otherwise, with Ganzer being among the most vocal proponents of staying the course, says an industry source. Hostility to State’s position is near universal among industry , which will be out in force today: Symantec, VMware, Microsoft and the Information Technology Industry Council. Cheri McGuire, Symantec’s vice president of government affairs and cybersecurity policy, says Wassenaar would require the company to seek more than 1,000 new export licenses. McGuire also says the controls will hamper security research and information sharing, and that State must renegotiate. http://1.usa.gov/1ZSGxPG

UNION-CYBER FIGHT Draft legislation clarifying that agency heads have the authority to secure their information systems and protect employees’ personal information without going through collective bargaining is scheduled for a House committee vote today. “I think federal agencies have a responsibility, not only to protect themselves, but their employees as well,” said Rep. Gary Palmer, the bill’s sponsor. “I think this bill will allow them to do that.” The legislation is prompted by a 2014 Federal Labor Relations Authority ruling. In that case, a union representing Immigration and Customs Enforcement employees successfully challenged the agency’s ability to block commercial webmail on the agency’s network. According to Palmer’s office, the Office of Personnel Management also has “faced threats of being forced to collectively bargain over temporarily blocking certain sites after the massive breach.” The ruling: http://1.usa.gov/1Drfs9V The House Oversight and Government Reform markup agenda: http://1.usa.gov/1ne1Q0a

MORE THAN ONE WAY TO GO DARK Malware probably didn’t directly cause last month’s power outage in Ukraine, but it did help the attackers gain access to critical utility hardware, researchers have determined. The attackers likely used malware to access a regional utility’s control system and open breakers to cause the disruption, according to SANS ICS. Malware known as KillDisk, which was discovered in the Ukrainian network, can cause damage. But in this case, it was employed to make it harder to restore power and subsequently determine the cause of the outage. http://bit.ly/1Q0YkBE

** A message from HP: Print security today is about more than protecting devices, documents and data. Threats are becoming more sophisticated, industry regulations more complex, and workforces more mobile. Build a defense for a leaner, faster, smarter world. See how HP can strengthen your company’s print security. Learn more: www.hp.com/go/printersthatprotect **

RECENTLY ON PRO CYBERSECURITY The Obama administration is plotting a “potentially far-reaching cybersecurity strategy” in its final year that could include assembling an elite squad to respond to major attacks on computer networks: http://politico.pro/1RxXePt A global coalition of almost 200 activists signed an open letter against proposals to weaken encryption: http://politico.pro/1On1wmu The Defense Department’s inspector general will examine the NSA’s information security controls: http://politico.pro/1N3y0QU

TODAY: THORNBERRY GETS CYBER AWARD The IT industry association CompTIA will present its first Excellence in Cybersecurity awards to House Armed Services Committee Chairman Mac Thornberry and Navy Cyber Workforce Branch Head Chris Kelsall at a breakfast event this morning.

NFL + POLITICO — Join NFL Network and POLITICO for a screening of NFL Film’s production of “America’s Game and the Iran Hostage Crisis.” The screening will be followed by a panel conversation discussing the film and current events featuring Tate Donovan, the film’s director and executive producer; Alex Paen, an American reporter in Iran during the crisis; and, former hostage Rocky Sickmann. Thursday, Jan. 14, 6-8 p.m., The Newseum. RSVP: http://bit.ly/1ZQv5UM

REPORT WATCH

In almost half of all data breaches, the cause was not much of a surprise, according to a survey of 300 CEOs in North America and Europe out this morning. The survey, conducted by Forbes Insights and BMC, which helps businesses manage their information technology systems, found that 44 percent of breaches can be traced to known vulnerabilities where the fixes have already been identified. A disconnect between security specialists and IT operators may be to blame. http://bmc.co/1OLJ8as

ON THE MOVE

John Fitzpatrick, who headed the National Archives and Records Administration’s Information Security Oversight Office, has moved to the National Security Council staff, Secrecy News reports. Fitzpatrick will work on information security policies for classified and sensitive information. http://bit.ly/1ZXbLp5

Anthony Grieco will represent Cisco on the board of directors for the National Cyber Security Alliance, a nonprofit partnership between industry and the Homeland Security Department to promote cyber awareness. Grieco is senior director for the Security and Trust Organization at Cisco, which joins the alliance’s board today.

Kaspersky Government Security Solutions has appointed Cynthia James as general manager. She moves from Kaspersky Lab, where she was global director of business development.

QUICK BYTES

Dutch police say they can access encrypted emails on PGP BlackBerry phones. Motherboard: http://bit.ly/1mRgpGx

The Iran-Saudi Arabia cyber conflict could escalate. Passcode: http://bit.ly/1RizbUi

Israeli firms playing a major role in auto cybersecurity. Reuters: http://reut.rs/1W14vpK

The NSA expects a four-year delay on a public records request on a children’s coloring book. Motherboard: http://bit.ly/1RHqlhy

Galois won a $1.7 million contract from Homeland Security to fight distributed denial of service attacks: http://bit.ly/1OM33X0

That’s all for today. We got a lot of Golden Years. http://bit.ly/1uC4lMw

Stay in touch with the whole team: David J. Lynch ([email protected], @davidjlynch), Joseph Marks ( [email protected], @Joseph_Marks_); David Perera ( [email protected], @daveperera ); and Tim Starks ( [email protected], @timstarks)

** A message from HP: Print security today is about more than protecting devices, documents and data. Threats are becoming more sophisticated, industry regulations more complex, and workforces more mobile. Build a defense for a leaner, faster, smarter world. See how HP can strengthen your company’s print security. Learn more: www.hp.com/go/printersthatprotect **