The Cyberlaw Podcast: What Gives With Electrical Grid Security?

Stewart Baker
Tuesday, January 26, 2021, 11:35 AM

Published by The Lawfare Institute
in Cooperation With

It’s a story that has everything, except a reporter able to tell it. A hostile state attacking the U.S. power grid is a longstanding and quite plausible national security concern.

The Trump administration was galvanized by the threat, even seizing Chinese power equipment at the port to do a detailed breakdown and then issuing an executive order and follow-up rulings designed to cut Chinese products from the supply chain.

Yet the Biden administration suspended this order for 90 days—the only Trump cybersecurity order to be called into question so far.

Industry lobbying? Chinese maneuvering? Tech uncertainty? No one knows, but Brian Egan and I at least sketch the outlines of an irresistible story that will have to wait for a persistent journalist.

The SolarWinds story needs a new moniker, as the compromises spread beyond the scope of SolarWinds distributions to victims like Malwarebytes.

Increasingly, it looks as though Microsoft and its cloud are the common denominators, Sultan Meghji and I observe, but that’s one moniker the story will never acquire.

In other cyber news, the Chinese are stealing airline passenger reservation data, Sultan notes.

Maybe they’re just trying to find out when Mike Pompeo next plans to come to China so they can meet him at the airport and enforce their latest sanctions—no Great Wall tours for you, Mr. Secretary!

This is our last week of Trumpian cyber news, so we wallow in it. The President issued a last-minute order calling for an assessment of the security risks of Chinese drones, Maury Shenk tells us.

And Brian unpacks the other last-minute order requiring U.S. cloud providers to know which foreigners they are selling virtual machines to.

I claim victory in my short letter to former Secretary of the Treasury Steven Mnuchin, suggesting that, instead of jamming a cryptocurrency regulation through on his watch, he concentrates on convincing the newly confirmed Secretary Janet Yellen to carry through. If he took my advice, it seems to have worked. Sultan reports that she is showing signs of wanting to "curtail" cryptocurrency.

In other news, Sultan boldly predicts the advent of interplanetary cryptocurrency in Elon Musk’s lifetime.

Brian and I unpack the latest Cyberspace Solarium Commission product—Transition Book—which is persuasive for the Biden administration.

I predict that the statutorily mandated cybersecurity director will have to be subordinated to the deputy national security adviser for cybersecurity for the office to be accepted in the administration.

And in quick hits, Maury covers the surprisingly robust European enforcement of employee protections against video surveillance. I explain Parler’s loss in trying to overturn the Amazon Web Services ban that pushed it off the internet. Sultan explains why the Biden Peloton is a cybersecurity risk, and I tip my hat to the president’s physical fitness.

I summarize the Michael Ellis story; he held the job of NSA's general counsel for about a day before a political witch-hunt caught up with him, and may never serve another day.

And, finally, a little schadenfreude for the European Parliament, which is being investigated by the EU’s lead data regulator for poor cookie notices on a website it set up for Members of the European Parliament to book coronavirus tests. The complainant? Max Schrems, who is on his way to becoming as unpopular with European politicos as he is in the U.S.

And more!

Stewart A. Baker is a partner in the Washington office of Steptoe & Johnson LLP. He returned to the firm following 3½ years at the Department of Homeland Security as its first Assistant Secretary for Policy. He earlier served as general counsel of the National Security Agency.

Subscribe to Lawfare