– A Pennsylvania school district has banned a young adult series intended to inspire girls to pursue a career in coding. MC examines how books were swept away in the culture wars.
HAPPY MONDAY, and welcome to Morning Cybersecurity! We are less than a week away from Cybersecurity Awareness Month, which is very not why your MC host is dazed.
Yesterday I became an uncle. Hopefully I do better than Benjen Stark.
Do you have any tips, comments or feedback for MC? Email me at [email protected]. You can also follow @POLITICOPro and @MatinCybersec on Twitter. Full contact details for the team can be found below – just below the world’s most recent newsletter.
Would you like to receive this newsletter every day of the week? To subscribe to POLITICO Pro. You’ll also receive daily political news and other information you need to take action on the biggest stories of the day.
The National Infrastructure Advisory Council meets to discuss physical and digital threats to the nation’s critical infrastructure. 1 p.m.
BOOK BAN — The Biden administration faces an unexpected hurdle in its efforts to expand and diversify the cyber workforce: the Central York School District in York City, Pennsylvania, which has banned a young adult fiction series that allows girls of color to pursue tech careers.
The suburban public school district serving 40,000 people removed the “Girls Who Code” series and a range of other children’s books with any off-white diversity dye from its classrooms for a 10-month period between 2020 and 2021 before local activists mounted a successful campaign to overturn the ban, according to Ben Hodges and Patricia Jackson, Central York District high school English teachers who helped fight the ban.
The backstory — Jackson and Hodges told MC that a group of conservative school board activists opposed efforts by educators to create a list of diversity resources for the school district in the wake of the murder of George Floyd at the spring 2020.
Even though this material was intended for staff development or school libraries, not curriculum changes, activists convinced the school board to ban a list of about 300 books they deemed problematic – among them the “Girls Who Code” series, whose protagonists are black, Latin, Asian and Muslim.
Why now? – The year-long ban resurfaced this weekend after Pen America released a national index of banned books from the 2021-2022 school year. Realization that the four-part series “Girls Who Code” was on the list drew anger from CISA Director Jen Easterly, who has made it a priority to increase the number of women in the cyber workforce.
“This effort to ban their book is dangerous to our nation’s security on so many levels,” Easterly said.
scar tissue – Jackson and Hodges told MC the ban had a lasting impact on girls in the Central York School District.
“We have all kinds of programs where girls can get certified, where they can get involved, and we just can’t get girls interested,” Jackson said. “What sane person would ban such a book, especially when we’re trying to get girls into tech?”
EXTERNAL HELP – An advisory body made up of leaders from industry and state and local governments will meet today with the Biden administration to decide how it will review the federal government’s efforts to mitigate physical and digital threats to national critical infrastructure.
The 26 newly appointed members of the National Infrastructure Advisory Council will meet for the first time to receive a briefing on classified threats from US intelligence officers and decide which issue the advisory group will consider next. NIAC typically examines an issue comprehensively over the course of a year, but it does not focus exclusively on cyber.
That means the decision could inform how the Biden administration shapes its approach to defending the country’s critical infrastructure from malicious hackers — or not.
Place bets — Created in the aftermath of September 11, NIAC is nonetheless increasingly interested in the digital components of critical infrastructure protection: two of the last three NIAC reports have focused on cybersecurity. And with increasing digitization, it can be difficult for the group to separate cybersecurity concerns from physical security concerns.
my weakness is my strength – NIAC, whose members President Joe Biden appointed in August, has only one cybersecurity or IT expert in its ranks. But Glenn Gerstell, who served on the board from 2011 to 2015, told MC that the board’s breadth of experience is its greatest strength.
“I really think it’s important that cybersecurity issues are understood by general industry representatives and not just cyber experts,” said Gerstell, a former NSA general counsel. “It will enlighten the government on the challenges you face when industries don’t have a strong cyber background. I think it’s a healthy thing.
TURN ON BAT SIGNAL — Australia, India, Japan and the United States are teaming up to tackle a common enemy: ransomware.
On Friday, senior diplomats from the four countries – whose partnership is known as the Quad, or Quadrilateral Security Dialogue – released a joint statement pledging to tackle the threat of global ransomware.
what it says — Considering ransomware as “an obstacle to the economic development and security of the Indo-Pacific”, the diplomatic move calls on signatories to prevent ransomware operations emanating from their territory.
What this means – The joint statement shows that the Biden administration continues to view ransomware as a priority – and international diplomacy as a necessary tool to address it. It also indicates that non-NATO countries share US ransomware concerns.
Or at least they are willing to pretend to be American interests.
A noticeable absence — The list does not include Russia, where many ransomware groups operate with tacit government approval. On the other hand, none of the four countries that signed the declaration are notorious havens for ransomware, which raises questions about the impact the initiative will have.
IoT SECURITY– Researchers from the Atlantic Council are releasing a new report this morning with recommendations for policy makers on securing Internet of Things devices. Focusing on IoT devices in connected homes, the networking and telecommunications sector, and medical devices, “Security in the Billions: Towards a Better Strategy to Secure the IoT Ecosystem” examines the approaches that four countries – the US, UK, Singapore and Australia – have taken to mitigate IoT security risks. The researchers argue that regulators should enforce minimum security standards for IoT device manufacturers, encourage above-minimum security through public contracts, and pursue international alignment with IoT standards, such as international guidelines on Managing deployed connected devices that stop receiving security updates.
massive carding scam – Fraudsters have made millions of dollars exploiting more than 200 fake dating and adult sites, according to cybersecurity firm ReasonLabs. Acquiring stolen credit cards from the dark web, cybercriminals managed to defraud victims by creating an elaborate network of fraudulent websites and charging victims’ credit cards minimal fees on a subscription basis – a pattern that payment processors were less likely to recognize as fraud. The scam has been running since at least 2019 and the perpetrators appear to be based in Russia, the researchers write.
How to Debunk Unfounded Conspiracy Theories on Social Media, Part I:
— Bulgarian authorities extradite alleged RSOCKS botnet operator to US (Krebs on Security)
– City of London Police arrest a teenager for hacking Rockstar Games. The teenager, who has already been indicted for a series of hacks attributed to the Lapsus$ group, is also believed to be behind the recent Uber hack. (Bloomberg)
— Journalist Zach Dorfman uncovers a massive Cold War-era bugging program that American spies launched against the Soviet Union. (Brazen Project)
– Hackers extort Australia’s second-largest telecom operator after stealing 11 million customer records. (Security of banking information)
We’ll talk later.
Keep in touch with the whole team: Eric Geller ([email protected]); Maggie Miller ([email protected]); Jean Sakellariadis ([email protected]); Constantin Kakaes ([email protected]); and Heidi Vogt ([email protected]).