The first national cyber director’s last day is today

Below: A Russian hacker is convicted in a $90 million fraud case, and Royal Mail’s hackers up their pressure on the company. First: 

Inglis leaves national cyber director post after a year and a half

Chris Inglis ends his tenure today as the United States’ first national cyber director amid widespread, bipartisan praise, leaving command of his office to acting director Kemba Walden.

Inglis departs after serving in the role since July 2021, and his exit comes as cyber observers eagerly await the publication of the Biden administration’s first national cybersecurity strategy, which Inglis’s office began writing last year. That makes it a doubly sensitive moment for the White House office.

“From protecting our country’s critical infrastructure and defining the Biden-Harris administration’s vision for a secure digital future, Chris has done an exemplary job as our inaugural national cyber director,” White House Chief of Staff Jeff Zients said in an emailed statement. “His professionalism, expertise and accomplishments have made this nation a better place, and the Biden-Harris administration is deeply grateful for his service.” 

Inglis spent much of his career with the National Security Agency, which he joined in the 1990s before eventually ascending to deputy director.

The congressionally created Cyberspace Solarium Commission, which Inglis served on before joining the Biden administration, recommended creation of an Office of the National Cyber Director (ONCD) in its final report in 2020. The idea was to make the director the chief cyber adviser to the president, among other roles. Congress included the recommendation in legislation that President Donald Trump vetoed, only for Congress to overturn it and for the bill to become law on Jan. 1, 2021.

It wasn’t an easy road to create the office. Trump didn’t want the office, having killed a “cyber czar” role in the White House in 2018. And Biden transition officials also had signaled opposition in mid-November, 2020, said Mark Montgomery, who served as executive director of the Cyberspace Solarium Commission. Biden nominated Inglis to lead the office in April 2021.

The Senate confirmed Inglis by voice vote, indicating no opposition.

Inglis deserves praise for growing the office from one person — himself — to more than 100 people, Montgomery told me.

• Inglis built the office “in the hardest place in government, inside the executive office of the president,” said Montgomery, a senior fellow at the Foundation for Defense of Democracies think tank who continues to oversee the solarium commission’s progress as part of the CSC 2.0 project.

With his decades of work on cybersecurity, Inglis “brought a significant gravitas and credibility to the role,” Andrew Howell, a partner at the Monument Policy Group lobbying firm, told me.

From there, another major milestone for Inglis was his office leading the writing of the next national cybersecurity strategy. That strategy, as I reported with Ellen Nakashima last month, is expected to advocate for mandates for critical infrastructure, breaking with past strategies. 

There is “no question his work will leave a lasting impact,” Sen. Gary Peters (D-Mich.), chair of the Senate Homeland Security and Governmental Affairs Committee and a key advocate for creating the office, told me via email.

The timing of the release of the strategy, which has been going through an interagency review, remains up in the air.

• It could come as early as this week, Derek Johnson reported for SC Magazine on Tuesday.
• Another source familiar with deliberations on the strategy, who spoke on the condition of anonymity to talk about confidential discussions, said it could be as soon as next week.
• Montgomery said he’d be surprised if it didn’t come out in the next three weeks.
• An administration official, who spoke on the condition of anonymity to discuss a process that was not yet complete, said they were “confident” it would work its way through the process “soon,” but didn’t have a more precise sense of timing.

While Peters, Senate Intelligence Committee Chair Mark R. Warner (D-Va.) and Democrats on the House Homeland Security panel might be expected to praise Inglis, he also has impressed Republicans.

“I thank National Cyber Director Inglis for his service and steady leadership amid numerous challenges to our nation’s cybersecurity,” House Homeland Security Chairman Mark Green (R-Tenn.) told me via email.

• But Green added: “While we have known for some time that Director Inglis was planning to step down, I am troubled by the timing of his departure and what message that sends about where cybersecurity ranks in this administration’s priorities.”

Walden brings her own cybersecurity experience to the job of acting director. She’s been serving as principal deputy national cyber director since last summer. She is an attorney who held several cyber roles at Microsoft. She also had a stint at the Cybersecurity and Infrastructure Security Agency as part of a decade of work at the Department of Homeland Security.

One of her best assets is that she can “take difficult, complex cybersecurity concepts and turn them into something that’s extraordinarily understandable,” said Howell, who said he worked with Walden as part of his firm’s representation of Microsoft.

Walden understands the federal government’s cyber role, knows key risks from her time at Microsoft, isn’t a pushover and has already been helping establish the Office of the National Cyber Director, former CISA director Chris Krebs told me.

Her challenges will include:

• Navigating a federal cyber bureaucracy that includes not only her office playing a prominent role, but also CISA and the National Security Council, Howell said.
• Reviewing annual cyber budget proposals for not just major agencies with cyber responsibilities but for the many agencies with cyber components, Montgomery said.
• Implementing the national cyber strategy, said Krebs, who is a founding partner of the Krebs Stamos Group. “That’s a task anyone would be hard pressed to do well, but given her understanding of the distributed cyber risk management responsibilities across industry and government, and that the current approach isn’t working for everyone — if anyone can do it, it’s Kemba,” Krebs said.

Montgomery said Inglis could’ve stayed on to await publication of the strategy but wanted to “ensure that the acting NCD was fully empowered” to carry it out.

Implementation of that strategy is where Walden — or a different permanent successor to Inglis, if the administration doesn’t nominate her for the job full-time — could run into some resistance.

“I hope the next national cyber director will be empowered to stand up to the regulatory wishes of this administration,” Green said. “At this critical time for our nation’s cybersecurity, we need federal coherence and trust with the private sector, not overlapping and burdensome regulations. I will continue fighting to keep cybersecurity at the top of the federal government’s priorities.”

The White House talked up Walden on Tuesday.

“While we are sad to see Chris go, Kemba has demonstrated excellent leadership as the principal deputy national cyber director,” Zients said. “I look forward to working with her as the acting national cyber director and the entire ONCD team to advance the vital mission of improving our nation’s cyber resilience.”

Said Peters, when asked about a full-time director: “This is an essential position and I encourage the administration to name a highly qualified nominee as soon as possible.”

Royal Mail hackers reportedly demanded nearly $80 million ransom

After three weeks of negotiations, the LockBit hacking group that first attacked Royal Mail in January said it was demanding a ransom of about $80 million, but the mail service has missed its deadline to send the payment — potentially setting the stage for a large-scale leak of the company’s data,  Mehul Srivastava and Oliver Telling report for the Financial Times. 

According to internal conversations released by LockBit, the two groups discussed Royal Mail’s revenue and business challenges, with the company’s negotiator saying “under no circumstances will we pay you the absurd amount of money you have demanded,” adding that it is an amount that “could never be taken seriously by our board.” 

LockBit said it was asking for 0.5 percent of the profits of Royal Mail International, likely referring to its parent company, International Distribution Services. The mail service declined to comment to the Financial Times on the authenticity of the leaked chats, but the hackers probably published the chats in an attempt to add pressure on their victims.

The cybercriminals previously said they would release large amounts of company information if bargaining failed completely. Royal Mail, the largest known target of the group, appears to have walked away from the negotiations, the FT reports.

Russian hacker found guilty in $90 million fraud case

A Russian cybersecurity expert was convicted by a federal jury in Boston on Tuesday for hacking two U.S. publicly traded companies and then using the undisclosed information to make trades before it was public, AJ Vicens reports for CyberScoop. 

Vladislav Klyushin, who owns the cybersecurity firm M-13 in Moscow and has connections to the Russian government, was found guilty of conspiracy to obtain unauthorized access to computers, wire fraud and securities fraud. 

The scheme, which took place between 2018 and 2020, allegedly netted Klyushin’s group around $90 million, according to a press release from the U.S. attorney’s office. So far, Klyushin is the only defendant to be arrested and to face prosecution. 

“This case demonstrates the Department of Justice’s commitment to protecting our financial markets and computer networks by aggressively pursuing those who seek to profit unfairly through intrusive cyberattacks,” Rachael S. Rollins, a U.S. attorney, said in a statement. “Cybercriminals be warned: we will use every tool at our disposal to track you down and you will end up as a defendant in a courtroom.”

Correction: An earlier version of this item incorrectly said Klyushin was charged by a federal jury in Boston on Tuesday. He was convicted.

The Israeli hackers who tried to steal Kenya’s election (Haaretz)

Revealed: the hacking and disinformation team meddling in elections (The Guardian)

Cambridge Analytica’s Israeli black ops team – exposed at last (Haaretz)

‘Aims’: the software for hire that can control 30,000 fake online profiles (The Guardian)

Addiction, suicide, cyberbullies: Senate confronts kids’ online horror (Gizmodo)

Senators appear divided on how to regulate crypto (The Hill)

Airline SAS network hit by hackers, says app was compromised (Reuters)

New ‘MortalKombat’ ransomware targets systems in the U.S. (Bleeping Computer)

Ransomware attacks surge against US manufacturing plants (CyberScoop)

Ransomware attack on city of Oakland leaves City Hall closed, many systems still paralyzed (SFist)

Louisiana HBCU says personal data from 44,000 students accessed in November cyberattack (The Record)

Binance, Huobi freeze some cryptocurrency stolen in $100 million Harmony hack (The Record)

• The Cyber Threat Alliance holds a webinar about the importance of mandatory cyberattack incident reporting requirements on Thursday at 12 p.m.
• The Future of Privacy Forum holds its 13th annual privacy papers for policymakers summit and awards ceremony Thursday at 5:30 p.m.  
• The National Association of State Election Directors holds its winter conference in D.C. on Thursday through Saturday. 
• The Intelligence and National Security Alliance holds its annual achievement awards Thursday at 6 p.m. in Arlington, Va.

Thanks for reading. See you tomorrow.