President Joe Biden said he plans to make cybersecurity a “top priority” of his administration. But by all appearances, the U.S. is off to a troublingly slow start in responding to, and recovering from, recent major hacks—foremost among them being the SolarWinds debacle.
Let us count the many ways the U.S. is falling behind in digital defense.
- The Homeland Security Department’s Cybersecurity and Infrastructure Security Agency, or CISA—the government agency most responsible for coordinating private and public sector bounce-backs from breaches—still lacks a leader. (Chris Krebs, the founding director, was fired last year by former President Donald Trump after he disputed Trump’s baseless claims of election fraud.) While CISA has made several appointments this year, it doesn’t yet have even a nominee for the top job.
- Although the government recently passed a $1.9 trillion coronavirus relief package that earmarks $650 million for CISA, officials fear much more funding will be required for CISA to tackle the many tasks at hand, including rooting out cyber threats across federal networks. Andy Keiser, a former House Intelligence Committee staffer who keeps in close touch with the CISA team, tells Politico that the agency is “overworked, understaffed and in one sense fighting half-blindfolded.”
- Some people argue that since intelligence agencies, like the National Security Agency, are legally restricted from surveilling domestic networks, attackers can more easily escape detection when they use U.S. IT infrastructure in the course of their espionage (as was the case in the SolarWinds campaign). Former Secretary of Defense Robert Gates writes for the Washington Post that he believes the solution is to appoint a “dual hat” Homeland Security official as a deputy director at the National Security Agency, thereby marrying tech skills (NSA) with legal authority (DHS).
- But critics say Gates’s proposal is flawed. Jonathan Reiber, a former chief strategy officer at the Pentagon, counters that FBI, not DHS, is the more logical partner. Meanwhile, Rob Knake, a former National Security Council cyber director, rejects any plan that boosts domestic surveillance, calling Gates’s proposition “utter nonsense.” (For more on the reasoning, I recommend reading cybersecurity journalist Kim Zetter’s enumeration of the many ways such proposals such as Gates’s may miss the mark.)
- The Biden administration still has not appointed a National Cyber Director, a new, prominent role that is supposed to coordinate the government’s cybersecurity activities. Choosing a strong leader for the job was the No. 1 recommendation Fortune made in a list of cyber policy proposals we offered the Biden administration earlier this year. Apparently, political infighting is the cause for delay: Biden’s top cyber advisor, Anne Neuberger, and the top contender for the role, Jen Easterly, a Biden transition team advisor, “do not get along,” as one official tells Politico. (Also, the Biden team reportedly objects to the directorship being subject to congressional oversight.)
That so many cybersecurity experts cannot agree on basic matters—how best to secure U.S. computer networks, who should lead the defensive charge, or whether certain jobs, like National Cyber Director, should even exist—helps explain the halting pace at which cybersecurity policy is proceeding. Surely, it’s better to move slowly than to move quickly and risk making mistakes.
But time is of the essence, and every delay puts America’s adversaries further ahead.
Robert Hackett
Twitter: @rhhackett
NEWSWORTHY
Mark your calendar. This year the Apple "worldwide developers conference," or WWDC 2021, will run from Monday, June 7th through Friday, June 11th. Themed "glow and behold," this will be the event's second year in a virtual format. Expect announcements covering all the latest, upcoming Apple software, including iOS 15, macOS 12, watchOS 8, and more. Meanwhile, Apple's "independent repair provider" program, which authorizes third parties to fix iPhones and the like, is expanding to 200 countries this year, just about everywhere Apple products are sold.
Check this out. PayPal is starting to allow people to make purchases with Bitcoin and other cryptocurrencies, Reuters reports. The app's new "crypto check out" feature converts a customer's holdings into fiat currency, like U.S. dollars, before transacting with a merchant. The capability will work at all of the company's 29 million online merchants this year. Anticipating the announcement, CEO Dan Schulman penned an op-ed in Fortune today, writing that the benefits of digital currencies "are legion" as they offer businesses and consumers "cheaper, safer, and more efficient transactions."
Ain't that nifty. Amid the craze over NFTs, CryptoKitties and NBA Top Shot-maker Dapper Labs just raised $305 million from investors including basketball stars Michael Jordan and Kevin Durant, the Wall Street Journal reports. Fortune has the scoop on a smaller NFT-related business, the crypto art market SuperRare, which just raised $9 million from investors including Samsung. Investors don't appear to be deterred by the fact that some high-priced digital art is disappearing without a trace.
Takeovers and tuck-ins. Communications software startup MessageBird, a Twilio competitor, dished out more than $100 million to pick up three companies in recent months. Spotify acquired Betty Labs, maker of the Clubhouse-like social audio app Lock Room, for an undisclosed sum. And Cazoo, a UK-based used car portal, is fusing with a blank-check SPAC company to go public at a $7 billion valuation.
Show me the money. In other news, the price of TikTok-maker ByteDance's shares, per trading on secondary markets, implies the parent has a private valuation of $250 billion. Softbank-backed data management startup Cohesity is now privately valued at $3.7 billion, up from $2.5 billion last year. Substack, the newsletter media startup, is raising $65 million at a $650 million valuation, with Andreessen Horowitz leading the round.
The twetes are coming from inside the house!
FOOD FOR THOUGHT
Computer chips are in incredibly high demand—so high that semiconductor companies simply can't pump out silicon wafers fast enough. Bloomberg has out a useful, graphics-decked explainer that delves into the backlog that is hobbling the tech sector. "It’s a bottleneck that could last several quarters—or into next year," the news wire reports. Indeed, even iPhone-contract manufacturer Foxconn says it expects the squeeze to last until 2022.
A six-decade-old invention, the lowly chip, has gone from little-understood workhorse in powerful computers to the most crucial and expensive component under the hood of modern-day gadgets.
That explosion in demand—unexpectedly goosed during the Covid-19 pandemic for certain industries like smartphones and PCs—has caused a near-term supply shock triggering an unprecedented global shortage.
IN CASE YOU MISSED IT
Google Maps wants to help users avoid getting stuck in the rain by Danielle Abril
Every adult in these states is eligible for a COVID vaccine this week by David Morris
T-Mobile to offer subscribers discounted YouTube TV service by Aaron Pressman
A year of exhaustion has weakened consumers’ resolve to make ethical buying choices by Tracey Lindeman
Apple loses bid to stop Swatch from using Steve Jobs’s ‘one more thing’ line by Jonathan Browning
Despite its best efforts, Walmart’s e-commerce is still a fraction of Amazon’s by Phil Wahba
(Some of these stories require a subscription to access.Thank you for supporting our journalism.)
BEFORE YOU GO
New York is the first state to release a COVID-19 digital passport. The so-called Excelsior Pass, developed in partnership with IBM, allows people to present proof of vaccination or negative COVID test results on their phones. Madison Square Garden is going to start using the system this week.
An increasingly embattled Governor Andrew Cuomo says the app is "another tool in our new toolbox to fight the virus while allowing more sectors of the economy to reopen safely and keeping personal information secure." You can download it here.
