Mastodon Feed
Reblogged by adam@social.lol ("Adam Newbold"):
briankrebs@infosec.exchange ("BrianKrebs") wrote:
The way things are headed, the word "security" is danger of becoming a liberal slur. Long rant ahead explaining why this notion keeps popping in my head.
The subtext of the entire GOP playbook Project 2025 is that liberals have "weaponized" the government against conservatives and have been abusing that power to censor and unconstitutionally stifle their views and voices.
This ongoing injustice, they argue, justifies emptying all government agencies of any people, entities or ideologies that don't align with these views. If you're asking why at this point, remember that the president promised this term is all about retribution and settling scores, real or otherwise.
Why does Maga keep couching everything in terms of censorship? Disinformation researcher Kate Starbird nailed it in a Bsky thread from Nov. 2023, about how Maga lawmakers and their supporters mostly stopped parroting Trump's lies about election fraud as Biden's term went on, and instead pivoted to the deep threat of "censorship". This she argues, allowed Trump supporters to distract from the violence on Jan. 6, and to claim that the real threat to democracy wasn't this interruption of the peaceful transfer of power, but the so-called "censorship" of conservatives by "The Deep State."
"The deep story of 'censorship' is also a redemption story for influencers whose repeated falsehoods about the election stoked the grievances that led to Jan 6," Starbird wrote. "They get to play the parts of victims & heroes again. And no matter the veracity of their claims, to their audiences, the story rings true."
https://bsky.app/profile/katestarbird.bsky.social/post/3kdu7ucy3jd2f
Starbird was one of many researchers whose work came under heavy scrutiny by the House Judiciary Committee’s Select Subcommittee on the Weaponization of the Federal Government. Led by GOP Rep. Jim Jordan of Ohio, the committee’s stated purpose was to investigate alleged collusion between the Biden administration and tech companies to unconstitutionally shut down political speech.
The GOP committee focused much of its ire at members of the short-lived Disinformation Governance Board, an advisory board to DHS created in 2022 (the “combating misinformation, disinformation, and malinformation” quote from Trump’s executive order is a reference to the board’s stated mission). Conservative groups seized on social media posts made by the director of the board, who resigned after facing death threats. The board was dissolved by DHS soon after.
In his first administration, President Trump created a special prosecutor to probe the origins of the FBI’s investigation into possible collusion between the Trump campaign and Russian operatives seeking to influence the 2016 election. Part of that inquiry examined evidence gathered by some of the world’s most renowned cybersecurity experts who identified frequent and unexplained communications between an email server used by the Trump Organization and Alfa Bank, one of Russia’s largest financial institutions.
Trump’s Special Prosecutor John Durham later subpoenaed and/or deposed dozens of security experts who’d collected, viewed or merely commented on the data. Similar harassment and deposition demands would come from lawyers for Alfa Bank. Durham ultimately indicted Michael Sussman, the former federal cybercrime prosecutor who reported the oddity to the FBI. Sussman was acquitted in May 2022. Last week, Trump appointed Durham to lead the U.S. attorney’s office in Brooklyn, NY.
Lest anyone think these Project 2025 playbook items are just words on a page written by some political lackey, Trump also last week issued two executive orders -- one called "Ending the Weaponization of the Federal Government," and another titled "Restoring Freedom of Speech and Ending Federal Censorship." The last few paragraphs were lifted from this week's story about all the upheaval in federal cybers over the past week: https://krebsonsecurity.com/2025/01/a-tumultuous-week-for-federal-cybersecurity-efforts/
It doesn't take a rocket surgeon to figure out that the GOP will likely expand the number of ad hoc committees that seek to leave no stone unturned in their quest to find and root out the Deep State conspirers who are trying to stifle conservative voices. And we will likely see similar persecution of people in the security and research community who've been doing important work tracking disinformation networks, among other things.
NB: The disinformation stuff tends to be proxied through the same providers where most of the mass brute force vulnerability/credential stuffing attacks come from, and it's almost invariably tied to Russia-backed networks or cybercriminal actors.
Which brings me back (finally) to the first line of this post. If you are not interested in hearing the truth about disinformation, by extension you are also probably not too keen on people working to block it either. In fact, why should you want to block it at all, if the overall message is in support of this "censorship" worldview? Or in support of some other conservative or authoritarian messaging?
In this context, all kinds of security concerns become a threat to the censorship ideology. This includes vulnerability research, data analysis, incident response, site or network-specific threat metrics, the list goes on. At some point, pretty much all security efforts constitute some form of network censorship.
I'm not going to say that cybersecurity has always somehow been a "bipartisan" issue. For one thing, there are always way more than two sides to any story, and that term has somewhat lost its meaning. But at least until around when Trump first took office, support for tech-focused legislation was generally not broken down along party lines (except maybe in areas like government surveillance).
Cybersecurity has and always will be a very political challenge, at every level, for all organizations. But we just can't afford to let it become a deeply partisan issue, because then we are truly lost.
Why does any of this matter? There is very little daylight anymore between the priorities and prerogatives of cybersecurity and national security. As one goes, so goes the other.