Rachel Lyon

Welcome to to the Point Cybersecurity Podcast. Each week, join Vince Spina and Rachel Lyon to explore the latest in global cybersecurity news, trending topics, and cyber industry initiatives impacting businesses, governments, and our way of life. Now, let's get to the Point.

Maggie Miller

Hello, everyone.

Rachel Lyon

Welcome to this week's episode of to the Point Podcast. I'm Rachel Lyon, here with my co host, Vince Spina. Where in the world is Vince today?

Vince Spina

Hey, Rach. I am sitting in a hotel room in Dubai just finishing up a major technology show here called Jitex, and it's just been a fantastic week.

Rachel Lyon

It's a massive show, isn't it?

Maggie Miller

I mean, that's what I've heard.

Vince Spina

We were in Hall 24, and I know there was a 25 and a 26.

And there isn't a technology that you could talk about that didn't have a massive haul. So I think the numbers were in the hundreds of thousands. And I'm not. I think that might have been per day, it could be per week, but it was. I mean, just a massive show with unbelievable attendance.

Maggie Miller

That's awesome. That's awesome.

Rachel Lyon

And it's in Dubai, so there's that, too.

Vince Spina

It's in Dubai. Yes.

Rachel Lyon

Fun. All right, so I will.

Maggie Miller

Let's jump into today's conversation.

Rachel Lyon

I am so excited because this is one of my favorite topics, particularly at this time of year. In this year, Maggie Miller. She's a cyber security reporter for Politico based in Washington, D.C. her coverage focuses on the intersection of cyber security and national security, which. How awesome is that? Like, there's so much to write about. I. I can't even imagine where to start. So.

Maggie Miller

Welcome.

Rachel Lyon

Welcome, Maggie.

Maggie Miller

Thanks so much for having me. And, yeah, it's a wild time these days.

Absolutely.

Rachel Lyon

All right, Vince, you want to kick us off?

Vince Spina

Yeah, I do. And, you know, it's interesting with that background, Maggie, we both stalked you. We looked you up. Your CV is impressive. Your background, just a lot. And there's so much that we can talk about. You know, if I did my math right, I think literally we're 19 days from election day. Is that. I mean, that's crazy.

Maggie Miller

19 days sounds correct to me. And that's gonna give us all anxiety attacks.

Vince Spina

Exactly. And what I think, you know, your background is in politics and cybersecurity. I was like, I'm horrible at metaphors, but I was thinking, man, that's like peanut butter jelly, or it's like anchovies and pineapple. I don't know if they go together or you know, they're diametrically opposed, but it just interesting. So there's so much we can talk about today. But you know, recently one political party had reported that a nation state had sent them inside information on the other political party. We're 19 days from the election and with all that, I just wanted to start with campaign data leaks as kind of the topic. So maybe my first question to you is, do you see any cybersecurity problems in political campaigns that tend to keep on happening? I mean, it seems to be getting worse and worse, but my sense is with your experience, this is probably something that's been around for a while. Maybe the tech has changed or the activity level, but what tends to keep on happening that you see from your perspective?

Maggie Miller

Yeah, absolutely. And just to start off, flattery will get you anywhere. Vince ON cv.

No, I mean it's been an interesting pre election season in that I think we were all, at least in the reporting space and I'm sure in the cybersecurity watching things very closely given the history specifically really of Russian cyber attacks, disinformation efforts ever since 2016 and other countries. And it really has been eventful. So in terms of campaign hack and leak operations, we've actually seen Iran get really involved this season in a way that they really haven't in the past, targeting the Trump campaign and then leaking some of the information they found to the Biden campaign and also to reporters, including, including one of my colleagues at Politico and other outlets. So it's been interesting to track how things are going and in terms of campaigns, I mean, I've been talking to some former campaign officials and experts and I feel like there's been a huge evolution in terms of focus on election security by cybersecurity professionals, by election officials, et cetera. But campaigns have kind of stayed in this same kind of startup like space in that often, obviously from the lowest campaigns, local campaigns, all the way up to the top presidential campaigns. They're very fast paced. They're very many of them, maybe not as much presidential, but state level, they're formed very quickly, they're constantly evolving, they're constantly changing messages. You've got a lot of very often low paid, very young people working on campaigns who are coming in. I've been told a lot of times on some of these campaigns, not necessarily presidential, but just, you know, campaigns widely, they're using personal devices, personal laptops, there's outdated equipment. There's also the issue of, you know, the funds that you get for a campaign. You're really looking at putting into advertising, at putting into, you know, paying the bills for people that are helping run your campaign. And cybersecurity often really falls, you know, to the last priority, falls to the wayside. And I think amid all of this also because there is this startup like environment, which is how it's been described to me by multiple former officials. It's very easy, you know, if you're working insane hours, you don't have weekends, you know, you're just overworked, you get an email, you accidentally click on something. It's very easy in that sort of environment for some of the really low hanging fruit type. I mean I would say attacks, I would say more just tactics that can work. And I think there is still, despite everything, this lack of cyber attack, cyber visibility, understanding by some of these campaign workers, campaign officials, because again, it's not top of their pile for what they're focused on. So it is a really ripe space for nation states such as Iran, but also frankly just low level cybercriminals to exploit. Cybersecurity is just not the main focus and it's not very surprising to me that that has become a main focus of at least the presidential campaign cycle.

Rachel Lyon

Yeah, it's interesting too on these things because you have to wonder what are the motivations, right? And are we seeing, and I'd be interested in your perspective here. Are the bulk of the attacks coming from foreign adversaries or are we seeing a lot coming from within the US as well? You know, it's like back when the Ukraine, Russia, that conflict started coming up, you had this like cyber volunteer army, right, where all of these people, like hundreds of people would just start, you know, hacking one country or the other. And I just wonder with kind of elections, right, their sides, are you seeing kind of a juxtaposition of foreign adversaries and within the US or kind of what's that trend looking like?

Maggie Miller

Yeah, I think in terms of what's being publicly reported by not just the campaigns but social media companies, by federal authorities, they've been really zeroed in on the nation state threat. We've seen indictments against Russia or Russian affiliated actors for disinformation campaigns targeting some US based influencers and taking down a lot of websites that have been linked to Russia, linked to Ukraine, that were posing as news sites, trying to send out maybe less credible stories. But at first glance they might seem like credible stories that have a slant towards something towards what the Iranian government or the Russian government might want in terms of the outcome of the presidential election. But at the same time, I think that you see after every election there is a moment to sit back and take stock of what was seen. And I think this is going to be something that we're, you know, a lot of these companies and officials are going to probably not, probably definitely look at in terms of what they're seeing. And I think I'm not surprised that.

What has been so widely trumpeted has been the nation state activity because it is something that is so much more critical. It's something that likely involves governments and it's something that's much harder to counter than sort of your low level cyber criminal, given that it really involves geopolitics.

Rachel Lyon

Right.

Vince Spina

Maggie, just to follow up on that, I mean, we're hearing that in the news all the time. What's your opinion on how these.

Data breaches or leaks inside of campaigns? What's your perception on how that's affecting public trust and their desire to even get out and vote or.

Being more doubtful about the results of the election after the fact four years later? You know, differences of opinion on, you know, the results of election from four years. I mean, what's your thoughts on all of those kind of things as a, from a data leak perspective?

Maggie Miller

Yeah, and you know, that's something that's really occurred to me as I've been covering things. I mean, I don't think it's a secret to say that this year was always going to be a highly divisive election, to say the absolute least. And I'm speaking at the presidential level here, of course, divisiveness below that. But in terms of the presidential election. Yeah, I mean, I'm sure this is only complicating things. It does not. I mean, just writing about some of the Iran leaks I've had feedback is one way to put it. Feedback from readers who have thoughts about what this means for election security, for election integrity, feedback on social media. You know, I think that this is a space that unfortunately doesn't have a lot of trust in it on both sides, despite the fact that there really has been good faith efforts by all election officials involved to really heighten the election security and really try to heighten efforts to ensure people believe that their vote is secure. But when you see things like Iran being able to get into the emails of senior Trump campaign officials and leak some of that to another campaign and then that campaign not necessarily be as open about what they're seeing initially, at least according to the FBI, that does engender a little bit of a Lack of trust. And it's not. I just think that we're in an environment right now that any sort of seen interference or any funny business is only just going to complicate matters in terms of trust, which is unfortunate because you want, as an American myself, you want to have confidence that your vote is going to be counted and counted accurately and that you are not being swayed by something that may not be true. And I will say everything I'm hearing from federal officials involved in this, everyone is really working hard to ensure that votes will be accurately counted. But, you know, it's hard to convince the American public that are already concerned about this that that is the case.

Vince Spina

Yeah. Counted as one thing, validated that it was actually, you know, Maggie's vote or Rachel's vote or Vincey's vote is, you know, a whole other, you know, concern as well.

Maggie Miller

Yeah, yeah, yeah. That leads to an.

Rachel Lyon

I mean, I think this is a great entree, right, to kind of election system security. You know, that's such a hot topic that keeps coming up every election cycle. You know, kind of. What. What is your perspective there? I mean, particularly in, you know, foreign adversaries targeting actual election systems, particularly when they can vary so much from state to state. You know, it seems like it would be quite cumbersome to do that, but I'd be interested in your point of view.

Maggie Miller

Yeah, absolutely. I mean, this has really been a big concern since. Well, I would assume since before then. But 2016 is really what put the spotlight on it with Russian interference specifically, there were multiple vectors that Russia used. One was targeting voter registration databases in multiple states. And that really put the hackles up of election officials and trying to ensure that these machines that were being used to cast votes and also these online databases were more secure and trying to address some of the vulnerabilities there. And one thing that has been a strength of the American voting system from the very beginning is, as you mentioned, that every single election is run by a different election administration group, whether that be the city level, the county level, the state level. It's not homogenous. It is very varied. And it is pretty much impossible for an actor such as Russia to say, I'm going to change the votes of everyone in the country, because frankly, everyone votes in different ways around the country with different machines, different models. They might use mail in ballots, et cetera. That being said, as we were just talking about, given the information space, really all it takes is one machine targeted in one county, and then that being amplified specifically on social media to really cause doubt and really cause fear, which is something that definitely concerns officials. And it's something that I know that election officials have been really focused on in saying, hey, we're gonna get out there on election day at the state, local level. And you really should be paying attention to your election official wherever you live, wherever you vote, because they are the ones in charge of that system and they're the ones keeping an eye on things and they're going to say if they're seeing some sort of funny business going on. But at the same time, it is very possible to potentially tamper with a machine. It is cumbersome, though. I was at the DEFCON conference in Las Vegas in August where we have the famous voting village every year where some machines that are still in use in various parts of the country are tested and hackers have the ability to just tear them apart. And of course, they always find vulnerabilities every year. And I think the thing I want to stress from that is clearly there's vulnerabilities in some of these machines. Clearly the companies need to continue upkeeping their devices. But it would be quite difficult for a voter to go into a voting place and do what some of these hackers are doing at defcon. They don't have the ability. I think it would be very noticeable if they went in and started tearing apart a machine in the way some of these hackers do. So it would be harder to sway things. But what has been seen is you have to be careful with some of these machines and some of the ability for small mistakes to be made. I believe there was a speech during DEF CON talking about. I think it was a couple years ago, one of the counties in the US where there was a discrepancy of something like 200 votes. And they realized when they did a whole investigation into it, they had folded the vote wrong, the paper vote wrong, and the vote scanner was not understanding the exact way they'd folded it. So it's things like that that can sometimes sway. But I think my long winded way of saying, at least from what I've seen, it would be very difficult to really hack into a device. It is possible and it is something that election officials are laser focused on. Will say, from what I'm hearing, it's not the main concern in terms of election security for this year. It's really the disinformation space if you.

Vince Spina

Had to put a percentage on it, because you get both sides of that, Maggie. And like you said, it might be one voting booth in one county and then it hits the news and that's what we as consumers see. But I'm sure you've got your ear to the ground and you talk to some pretty important people. How big of a problem is this really? Is it the 1% and it just blows up from there, or how widespread would you think this is?

Maggie Miller

Yeah, that's the main issue is that there might be tampering on one device, or more sinisterly maybe there isn't. But a post that claims that that's the case blows up and people lose confidence in that particular voting station that their vote was counted. There's also the issue that was brought up to me of sometimes voter registration check in devices, sometimes those can go down, sometimes they malfunction. That's not necessarily going to certainly wouldn't change your vote. But what that will do is slow down the process of people voting. And that has happened in past election days where you see really long lines of people, you see this backup. People assume, oh, there's been some sort of, you know, foreign interference or other sort of malicious interference to ensure I don't get to cast my vote, when often it's just a technical issue. And that is something that I know that election officials at all levels are worried about because again, it lowers voter confidence in their ability to vote and that their votes will be counted. And especially if that's happening in any sort of swing state where there's going to be a lot of focus on election day. And of course, complicating matters further is that every single state has different laws for when people can vote and when ballots are counted. And the process for certifying an election, as we saw in 2020 with the presidential election then we didn't have results on election day. And I think everyone is pretty much assuming we're not going to have results this election day either. It's going to come down pretty close, it seems like, and it's going to come down to the last ballots being counted in certain states, most likely. But more than that, I think remember that whatever you see on election day, whatever the media is call it, is preliminary results. And every state goes through a different process to certify, double certify, take every means they can to show that this is what the votes were, this is what was counted. And many states have a lot of mail in ballots. They gotta get through those, take a while to sort through and count and everything. So it's a wide ranging process. I mean, election officials, to me, whether they're at the city, county, state Level, to me, it's a very cumbersome job. So I think it is something that at least me, as an American citizen, I am grateful for those that volunteer to do some of this work because it's certainly a job that is very long ranging and these days unfortunately comes with a lot of threats as well.

Vince Spina

You said, you know, talked earlier a bit about different laws in different states. Any laws out there in any of those states that you feel have been created around cybersecurity or election security that seems to be or going to help protect voter data and make these elections fair. Any new and interesting themes?

Maggie Miller

Yeah, I mean, there's been a lot of different developments in the last, I mean, again since 2016, I keep bringing up that year, but that really did change things. I mean, you had a month later, the Department of Homeland Security, just before President Obama left office. They made elections critical infrastructure, which meant that there was a lot more focus on them and resources going towards them. And I know that that was a very controversial decision at the time, but has since, I mean, over and over when I've talked to election officials, they have since said actually, and this is election officials on both sides of the equation, they actually think that was a good call because it puts a lot more attention, a lot more resources on ensuring that the vote is secure. Yeah. And I know states have done quite a bit at different levels to try to ensure that some of these devices are safe, a lot more eyes on the votes. And that's, you know, people can come sometimes in some of these stations and actually watch the votes being counted to try to make sure that they feel that their vote has been counted and is secure. I think one place we haven't seen a lot of movement is at the federal level. Congress has been pretty deadlocked in anything to do with election security mandates. You know, there is the constant back and forth between Democrats and Republicans on this. Republicans often have concerns about the federal government instituting anything that might be seen by states as a mandate. They really want to leave it at the state level. The one area that there has been agreement is they've managed Congress in the last, oh gosh, five, six years. At this point, I might be wrong, might be a little longer. Has appropriated almost a billion dollars, I believe, in election security funding through the Election Administration Commission, the eac, to sort of divvy out to states. States submit for these funds, they create packages of what they need, detail out, et cetera. You can find a lot more, not to plug the eac, but you can find a lot more very detailed information on that on their website. I've certainly gone through it in my reporting, which I know has been really helpful, given that a lot of these states and localities don't necessarily have dedicated funding to, for example, replace outdated computer systems, computer networks, or to, for example, hire a cybersecurity professional to ensure that they're safer or to have antivirus software or things like that. They don't necessarily. They know that there's a problem, but they didn't necessarily have the funds. So what I've heard again from election officials on both sides of the aisle is these funds have been helpful, to say the least. So that has been something that has changed. But I do think there's a lot of interest on Capitol Hill and continuing to look at this issue. And cybersecurity specifically is an area, one of the, I like to say, last bastions of bipartisanship on Capitol Hill that usually gets a lot of bipartisan support. So, yeah, we'll see what happens after the election. Also, you know, what happens in Congress will obviously be impacted by who comes into power, but also what we see in terms of election day and the threats that are seen.

Rachel Lyon

Absolutely. And, you know, we can't talk about elections. Right. And you mentioned it earlier, disinformation. There was, I think, making the rounds. What back in September, there was foreign interference linked to Russia against Kamala Harris, her campaign, with fake videos. And they even went so far as to kind of create this fake media outlet in San Francisco to give it credibility. I mean, this is bananas, Maggie. Like, I mean, how do you combat that?

Maggie Miller

I mean, isn't that the question that everyone asks, how do you combat that? I mean, often it comes down in many cases to the, you know, where this is being posted on social media, taking action and spotting these posts and saying, well, clearly this is not true. Yeah, there was a video that falsely made it seem like she'd been in a hit and run, you know, things like that. But I mean, that has been a concern for many elections going forward is the impact of false or faked media on candidates, whether at the presidential level or lower. Especially now with the advent of AI, there's been a lot of concern about AI generated videos, AI generated audio recordings, or even deep fakes that might seem like it's the candidate, but really is not. That's not what's happening. There has been, I would say, from what I've heard, less of the doomsday scenario than what was expected. That being said, there have been AI generated images that have been found on social media sites. Microsoft has come forward talking about that. Actually China has been involved in that. They've linked some of this to China, trying to less sway the election and more just exploit divisions in US society and just try to. I think Iran and Russia have been really the big players this year, but China's certainly still there. I think it's those three that tend to wade in to some of these efforts. So, yeah, I mean, these fake videos, fake images, they're very concerning. They're certainly unfortunately, probably into the future in terms of election security. And I think it really is going to put even more of a spotlight on social media companies to try to spot these, try to take them down, try to label them, et cetera. And, you know, also you have to look at how much traction are they actually getting. So the vast majority of these posts that I've seen, at least this cycle that have been called to my attention really haven't gotten a huge audience, haven't gotten a huge uptake. But there's been a few that have been passed along, especially on TikTok, before they were able to be debunked. And when a certain amount of people see them, even if they're debunked later, there's a certain amount of, well, I saw this, this is true, et cetera. Or oh, they've been called out, debunked, but not trusting that.

I mean, it's the ongoing question of how do you ensure that Americans and others around the world in election scenari really trust what they're seeing or can really understand that what they're seeing is false? And that's just an ongoing question that I think officials and social media executives are still trying to grapple with.

Vince Spina

Yeah, just to follow up on that, Maggie, I mean, I'm probably going to ask you how concerned are you? But I think you articulated that well. I mean, it is an issue and you know, it's something in.

My personal family, we tend to make sure, you know, there's certain subjects that are off limits and politics has been added to that, you know, that group because just in our family alone, I mean, you can almost split the family right down the middle. So it's become concerning, you know, from a government perspective in general. Do you think we're prepared as a country and quite frankly as a world to counter these, these threats as it pertains to AI? I mean, this thing is pervasive and it's getting better and obviously more scary all the time. I mean, what's your thoughts on that?

Maggie Miller

I think it's one of those issues in terms of AI, in terms of its impact on the information space. It's an area where I feel like everyone and their mother is running around chickens with their heads cut off, knowing that it's an issue. I mean, you can't go up to Capitol Hill without seeing a new bill introduced on AI issues every day. We've also seen leadership, leadership trying to move through. We've seen Senate Majority Leader Schumer has been really leading on an issue with AI, and obviously social media companies, tech companies, are trying to address this. We've seen the EU trying to address this. I could go on for days, but I think the issue is there's a lot of efforts and a lot of attention on the issue, but trying to get consensus on something and trying to get consensus on what the actual problem is, what government can do, what is too far for government to go. And of course, when it comes to tech, I mean, this is tech, cyber, anything in that space, government moves so slowly, and it's an area where things evolve so quickly and change and new technologies are being introduced that it's like the speed of light and government's the turtle crawling along. And it's not always easy to keep up. I mean, an example, completely separate privacy issues have been an issue for a long time. We still don't have a federal privacy law, still not on the books. We've got state level, we've got one in the EU that we often have to kind of abide by, but still not that. And that's been an effort every single year in Congress that comes up, and it still can't get through. So I think even when there is bipartisan consensus that there's an issue here, there's certainly bipartisan consensus on privacy, for example, that there's something that needs to be done. Still hard to actually get agreement, actually get something through. And I think we might see that with AI. But there's consensus. It's a problem, but what do you do? So moving forward, it's going to continue to be an evolving issue. Obviously, AI has great promises. I don't want to sound like huge doomsday. I mean, there's been thoughts that it could for the intelligence community in the us it enables them to sort through billions of items of data at much faster speeds, maybe spot potential terrorist plots, et cetera. That's amazing. I mean, it could help solve health issues like cancer research, et cetera. But it also, as I mentioned, can supercharge disinformation and make it Much harder to combat. It could also supercharge cyber attack efforts, could make it easier for low level cyber attack efforts. It's been brought up to me that many cybercriminals are not English speaking. And so often it's easy to spot spam emails from them just because there's certain grammatical errors. That's not going to be the case in the future with AI, they can simply run it through. So there's a lot of question marks around it. I know I went on forever there, but I have many thoughts on AI. It's constantly discussed in the cyberspace.

Rachel Lyon

Yeah. And there's no really clear answer. Right. How do you regulate it? What's the right thing to do? Because there's just so many unknowns right now. Switching gears a little bit. I'm always kind of fascinated in looking at the global perspective. You know, how can you get countries aligned. Right. On cyber policies, what's acceptable? And I know there's some countries that don't have extradition, so there's no way. Yes, there's criminals there, but we're never gonna get them to the US to have them tried or have any accountability for that. And I'm always kind of looking at what's the role of the UN or NATO, what role can they play here? You know, because it can be tricky. And I would love your thoughts on the UN Cyber treaty. You know, are there. What are the most significant provisions in the treaty that could have a major impact on how countries handle cyber threats and cybercrime?

Maggie Miller

Yeah, absolutely. And thanks for bringing that up. I know it's been an issue I've been reporting on. You know, it's one of those issues that I think at first glance many Americans would say, or many people in the world who aren't in the cyberspace would say, oh, it's just another complex. I'm not looking at it. But it's become a key issue at the UN in terms of disagreement. So basically, this treaty was first proposed by Russia in 2019. It was brought forward. The US its allies had serious concerns about it. They saw it from the beginning as basically an avenue that Russia was using to try to say, oh, yeah, we want to tackle cybercrime, but at the same time, we want to get language in here that allows us to maybe take away some digital rights to conduct more surveillance of our citizens. So there were issues from the beginning with it. But the problem is that cybercrime is a major threat across countries around the world. It is an area of agreement by countries that more needs to be done to tackle this. So there was this agreement by countries. There should be a treaty on this. There should be something the UN does on this. And it was negotiated over the past few years with the US was fully involved, the EU was fully involved. At the same time, Russia was very involved, China was very involved. And the product that emerged earlier this year that was approved in committee is one that has really caused a lot of controversy. There's been serious concerns, just like from the beginning, that the product they've come out with in the end is indeed potentially going to be used by governments like China, like Russia, to surveil their citizens and say, oh, the un, this treaty has said we can do this. There's just certain language in there that that's concerning, that could take away digital rights. And so a lot of private sector groups, a lot of NGOs, have really raised this concern with the White House in recent weeks, raised this concern with the eu. And the White House is still weighing how to vote. There's gonna be a vote on this treaty in the full UN later this year at some point, probably between Thanksgiving and Christmas. And the White House is still not quite sure. Cause the problem is, if the US Votes against it, then it kind of gives Russia and China this avenue to create updates to it in future that could make it even worse. And the US Kind of shut out. So there's a big effort by some of the NGOs involved who are digital rights groups, to really get the US to either abstain or vote no. But we'll see. I mean, just this week, the EU came out and has said that they're going to vote in favor the EU as the actual entity, the European Union, which does kind of send a signal as to where the White House may go on this, where the US May go on this. So it's very controversial. I think, as I said, cybercrime is an issue that everyone agrees on and the international community should be tackled. But the way that the UN is going about it is interesting and kind of shows, at least those I've talked to, that it may have been more of a victory for countries like Russia and China than countries that really do want to tackle cybercrime.

Vince Spina

Maggie, you said the vote is somewhat imminent, but my sense is it's going to happen after the election. Do you see the vote changing based on, you know, which candidate, you know, wins the presidency? What's your thoughts?

Maggie Miller

It's a good question. I mean, at the same time, obviously, you know, President Biden, no matter how the vote goes, on November 5th. He's not going to be president post January 20th. So, you know, it doesn't really impact him as much. He already knows he's going out. You know, I'm not actually sure how much the election will impact the outcome of this, but, you know, I'm sure that having it after the election, having it during a lame duck period where, you know, often in lame ducks, a lot of things get pushed through that, you know, might not have been as popular, that might not have been something that would help you during an election. But all of a sudden the election's over, you're about to get out the door, you know, get some things through. So, you know, that might play into it, but can't really, can't really predict on that, but it does. It is interesting to me that the EU has now said that they're going to vote in favor of. So that would be even more interesting if the US either abstained or vote no. Voted no. Given the.

Vince Spina

I don't know enough. Is the eu, is that collective one vote, or is that.

Maggie Miller

I believe the eu, and I really should know this more, I believe the EU has its own vote. I don't think it's a collective of every country in the eu. I think it's the EU has its own vote. But you might need to double check on that. And I apologize to listeners if I'm wrong on that.

The United nations is something that, that I tend to not cover as much, but then this has become such a big issue that I've really waded into this. So. But that was breaking news this week in terms of the eu.

Rachel Lyon

Nice. So coming back to kind of the new president coming in.

I know there's been a lot done in recent years, particularly on the cybersecurity front of it, when you have a new presidential changeover. Right. I mean, how do you see that impacting things currently in motion? Do you see that stalling depending on who comes in or. You know, I've been feeling like we've been getting some momentum and I'm just curious, with an election change over, what impact that might have?

Maggie Miller

Oh, big impact. I mean, as I said, cybersecurity is a pretty bipartisan area of agreement. There are some issues, as I said, sometimes election security can cause some hiccups there in terms of, you know, state versus federal. But cybersecurity does tend to have a lot of bipartisan agreement there. That being said, if former President Trump comes in, has a second term, if you look at whether or not he does follow what is in the famous Project 2025 report. There are certain things recommended in that report that would certainly be major changes from currently now, for example, big defunding and movement of the Cybersecurity and Infrastructure Security Agency. The report would recommend putting that under the Department, Department of the treasury and also seriously curtailing some of its powers. Very much a major change. Also there's a recommendation to split apart the NSA and US Cyber Command from under one leader to two separate, which is actually quite a divisive topic on Capitol Hill. There's a lot of back and forth on whether that is necessary. But one thing actually that wouldn't change quite as much just because it's in law is the National Cyber Director office at the White House. That was a position. There was a cybersecurity coordinator position that was eliminated under former President Trump. And actually as a result of that, there was a lot of bipartisan pushback on the Hill to that decision. And as a result there was a law pushed through that created in law the position of the National Cyber Director and the office there. So I'm not saying that some of their funding or some of the staffing might not change, but that actual position would remain. And that position has really helped spearhead we had the National Cyber Strategy release not too long ago, National Cyber Workforce Strategy release. Cyber Workforce is an issue. I know that there's been a lot of concern, bipartisan on the Hill about the fact that we have so many open jobs in cybersecurity. I mean, you can't think of an organization that doesn't need a cyber pro these days and usually they're fairly good paying jobs. So it's a pretty good area for folks to go into. So that will probably be something that moves forward. AI as we said, is going to continue to be an area of concern. I can't imagine that under either administration there wouldn't be focus on that. So I think, as I said, it's going to be an issue that I think sees less stark differences depending on, you know, if it's Vice President Harris or former President Trump, but certainly an area to stay focused on. And actually, you know, as a spoiler to our readers, we are recording this, I believe before it's going to go out a couple days at least and in the next few days there and you'll probably have seen this by the time this comes out, there is a report coming from former federal state leaders. Are those movers in the cybersecurity space in D.C. on both sides of the aisle, which has a long run of recommendations that either of the two administrations could take on to further cyber policies. They're pretty, I would say, measured for the most part, kind of just how to continue the work that's ongoing. Cyber workforce is a big element of it. They actually do recommend that CISA be given some further authorities be maintained at certain budget levels. So I think that that's going to be a report that's going to be, as I said, there's been bipartisan involvement in shaping that. And it's a lot of the big Cyber voices in D.C. so I think that that could be a pretty useful report no matter who's in the White House come January 20th. But let me tell you on my team and here at Politico, transition is going to be a major focus of of Our reporting post November 5th. So not to put a plug in for myself, but please keep following because that's gonna be the main focus, I would say.

Rachel Lyon

Yeah, I imagine.

Vince Spina

Rachel, any more questions along that line? I wanted to just delve into Maggie a little bit. She's interesting. Anything prior to asking her a couple background questions?

Rachel Lyon

No, no, let's jump into it. I'm always fascinated. Kind of the personal side of how folks get to cyber.

Vince Spina

Yeah, yeah. And we won't go too personal, Maggie, but as we talked earlier, I mean, you're super interesting. We both did a little bit of research on you. Rachel's kind of words about when she introduced you said your career is kind of at the intersection of cybersecurity and politics. And I'm like, when I, you know, heard those kind of, you know, two areas of expertise, I'm like, that could either be peanut butter and jelly or anchovies and pineapple. I can tell you after talking to you, I'm leaning more towards peanut butter and jelly. But how'd you get here? Like, how did your career get you to being somebody who reports on politics, but more specifically the cybersecurity issues and opportunities in that area of importance?

Maggie Miller

Yeah, I really think it's kind of serendipity. And I always tell people I feel like I really fell into cybersecurity. But more than that, I fell into cyberpunk security at the exact right moment. I was pretty young. I hadn't long been out of university. I'd done some work with Voice of America with a few different media outlets, and I was really looking for some policy work in D.C. i was based in D.C. and I had a wide range of job applications out. And actually I was hired by an organization which is fairly well known, as we say within the beltway in D.C. called inside cybersecurity, which is, which is part of a larger organization that is inside Defense, inside US Healthcare, et cetera. And really what they do is it's very focused on sort of regulations. I think we're read by a lot of lawyers. I think very sort of in the weeds learning about it. And I started there at the beginning of 2017, and that was quite a time to come into cybersecurity again. I feel like the theme has been me talking about 2016 and how that was really big with the election, but it's. It was big. And you know, we saw within a year of that 2018, former President Trump signed into law legislation that, you know, renamed and created cisa. You know, we saw after that, we saw the Solar winds hack in 2020, Colonial Pipeline 2021. Just sort of the snowballing of cyber attacks that put a lot of Americans attention on the issue and efforts by the federal government to kind of evolve to address the moment. So, you know, I fell into this work. I was there for almost three years and then, you know, you talk about politics. I ended up going working for the Hill newspaper. I always say the Hill newspaper. I did not work for a member of Congress. No offense to members of Congress, but having covered things up there, I don't care. No matter what my political thoughts, I would never work. It's just, it's a whole world. No, thank you. But covering it's interesting. So I worked for the Hill for a big. And was there during the 2020 election and everything, the fallout from that. And then in 2022, I had the opportunity right at the beginning of the year to start with Politico. And again, what a time to start. I came in and pretty much for the first two months, I only wrote about Ukraine and the cyber elements of what was going on with Russia's invasion and how the US Was supporting. So it's really been this evolution of not only my past in covering cybersecurity, but that path happening at the exact time that it. Things are really, to say it in a less formal way, popping off in this area. And it's something I didn't really have any background in it. I didn't really have any background in tech. And for me, it's been really fascinating because it's an area that to me, it felt like if you're not in this space, you don't understand the criticality of it. People are always as they should be, concerned about missiles and bombs, etcetera you know, you could use a cyber attack and cause some of that same destruction. You know, maybe not as permanent, but it could cause severe problems and I think. And it's way cheaper. And it's something that I think even now the international community hasn't really fully grappled with. How do we respond to that? You know, if you shut down our, the power grid of New York City with a cyber attack versus a bomb, you know, a bomb, I feel like it's clear cut a cyber attack.

Rachel Lyon

Right.

Maggie Miller

I don't know. What do we do? So it's a scary, scary world, I think, and certainly cyber plays a role in every conflict now and what a space to be in. But it's fascinating and as I keep saying, I love covering an area that it does feel fairly bipartisan in Washington. It's a nice space to be in. Everyone kind of wants to talk to you and you do feel that sort of civility that I think in the last few years as people become more entrenched on different sides, has really been missing. So it's a good area to cover here.

Rachel Lyon

So you've been doing like the, I think the fun times of cyber. I love cyber fun times.

Maggie Miller

Maybe not so fun for the victims.

Rachel Lyon

But yeah, you know, but you know, every day you learn something new. And that's what I love about the cyber industry. You know, it's continuously changing and very dynamic, you know, and you've been covering it for quite some time. I'd be curious to know. I mean, do you have a favorite, like, cybersecurity story you've written? I mean, is there anything that kind of stands out?

Maggie Miller

Oh, I mean, I thought you were going to say like a favorite crisis there for a moment because, you know, I always think back to SolarWinds and think, oh, that was fun. My Christmas being ruined, you know, just constantly working through that whole holiday.

Rachel Lyon

No, there's.

Vince Spina

That's right. Your job starts when something like that happens, right?

Maggie Miller

Oh, yeah. Well, I mean, not to. I'll answer your question about favorite story in a moment. But that just happened a couple weeks ago with the CrowdStrike outage, where ended up not being a cyber attack, but at the start of the day, everyone thought it could be. I mean, as it was brought up to me, what we saw with CrowdStrike very well could have happened with a cyber attack. And, you know, you wake up, it's 8am and immediately your phone is blown up with, you know, 60 different messages from people and it's just, you know, go, go, go. So Those days are exhausting, but, you know, really rewarding in some ways. But in terms of favorite stories, I mean, gosh, there's been several. I loved writing about the UN Cyber treaty recently. There was another story I did actually when I was working for the Hill that I'm pretty proud of, which was actually about some targeting that was done of a journalist who worked for Al Jazeera actually in Qatar. And she was being targeted by probably at the orders of the Saudi crown prince, mbs, targeted with a lot of disinformation and harassment on Twitter by people linked to him, by people being paid by him. And she was filing suit against him in the US because some of those people that were undertaking these efforts against her were based in the US and that felt really interesting to kind of dig into what it means to be a journalist in that space and have the sort of harassment she was getting. Speaking of fake images, a lot of doctored images of her maybe in compromising positions that she wants, wasn't in that were going around online, a lot of harassment. So that was really interesting to cover that side of things. Also I've, you know, as I said, I cover national security, so covered very in depth everything that's happened in Ukraine that's been, you know, really heartbreaking, but really interesting to cover. Had some really interesting conversations the last few years with Ukrainian officials. I mean, covering, you know, everything from the impact on telecoms, talking to telecom officials there who are saying, yeah, we have huge cyber attacks and half of our workforce is on the front lines fighting Russia. So it's a really deep in depth area to go into and I guess to lighten the mood a little bit, I also, everyone knows Taylor Swift. Everyone knows there was a huge effort to get her tickets last year and there were actually hacking issues that impacted Ticketmaster, a huge amount of bots. And digging into the. And breaking that news with my colleague Josh Sisco, that was kind of a fun one. And weirdly enough, despite the fact that I write about all these big topics, probably the story I've had the most personal feedback from, from my personal friends and family. They're like, oh my God, you're writing about Taylor Swift. That's great. Let's talk to you about your story now. I'm like, well, not really writing about Taylor Swift, but, you know, writing about this issue.

Vince Spina

So did she send you tickets after the fact?

Maggie Miller

No. God, I wish. My gosh. I actually, you know, it's funny, I actually haven't been to her show. I had the opportunity. A friend of Mine was online for 12 hours to get tickets to her show in Atlanta. And you know, up to her, she. I won't talk about how much she paid. She paid a lot. And I just decided the amount she had another ticket I could have had, but the amount to get that ticket and attend. I just said, you know, I'd be interested to see her in person. I cannot justify that amount of money.

But I did, in my defense, I did go to the theater and see the show, you know that when it was recorded. So I've kind of seen it. I don't know.

Vince Spina

I'm a swifty myself, so.

Maggie Miller

Yeah, yeah, yeah.

Rachel Lyon

I did not know that about you, Vince.

Vince Spina

Yeah, I know. Yeah. Maggie, we've talked a lot, a lot of subjects here. Very interesting. Campaign data leaks, voter security, I mean, on and on disinformation. What haven't we asked you? Like, what's the question? We haven't asked you that. You know, our listeners might be.

Maggie Miller

Oh, gosh, we've really been pretty wide ranging. Yeah, I would say a little bit on, you know, I kind of hinted at this right at the end of talking about some of the geopolitical issues, but cyber really is a geopolitical issue. I don't think this will surprise many of your listeners, but really, I mean, you know, I've talked about Ukraine. I've also covered aspects of what's happening in Israel, Gaza. I mean, there have been cyber elements involved with that. And also looking at potential in the future Chinese invasion of Taiwan, which would almost certainly begin with mass cyber attacks that would also impact the U.S. i mean, we've seen the U.S. really calling out China pretty strongly in the last few years for some of these campaigns to infiltrate U.S. infrastructure in advance of a potential war one day where, say, we're prepping to go to the aid of Taiwan. Oh, interestingly enough, the network for key trains or key airlines that need to get our troops overseas all of a sudden have gone down. Sort of like what we saw with the crowdstrike outage, that would be pretty crippling. And I think it's something that. Not to be doomsday, but I do think the American public generally hasn't really grappled with where we are in terms of these threats and how they are going to increasingly be part of sort of any conflict we see that we're involved in in the world and the wider region. So. So I think obviously we need to continue to be concerned about physical attacks, bombs, missiles, et cetera. But I think cyber is going to be just More part of a toolbox. And it's nice you have this podcast because I think a lot of the average American might say, oh, it's cyber, it's nerdy, et cetera. But it's really central, actually when it comes to things that impact our lives. There's been a lot of talk on Capitol Hill about satellite safety, a lot of concerns about Russia and China's capabilities in space. That's because one cyber attack on a US satellite, all of a sudden we don't have navigation. You know, all of a sudden no one can send text. You know, there's certain. There's certain things that can be easily taken down that our lives are thrown off course. So I think that's just, you know, not to. It's kind of a depressing note to end on, but I think that's just something to bear in mind for listeners is that it is an ever growing geopolitical topic and don't take your eye off it today.

Vince Spina

Absolutely.

Maggie Miller

It is the eye off it. And those who work in cyber who are listening to this, as someone that is constantly in it, thank you for your work. Keep going and keep blowing the horn on what you're seeing, because that helps with my work. So send it over if you see it. Yeah, absolutely.

Rachel Lyon

Yeah, I know it's one of those things. It's like if you have to be aware of it and you have to think about it on some level, but then again, when you think about is a little overwhelming, you know, and said you kind of want to like la la la la.

Not have to address it. But I agree there needs to be more awareness for folks and.

What can you do to prepare?

Vince Spina

Right.

Rachel Lyon

I mean, if something were to happen.

Maggie Miller

On that front too. It's the question. And I think, as I said, I keep bringing up. I love that it's a bipartisan area and I actually think it's really important that it remain about bipartisan area because it is an area that we really, you know, we don't want to be arguing over whether we should strengthen our satellite cyber defense efforts. I feel like that's a pretty. Some things are pretty key things. I don't think I'm taking a political side to say that. So as an American who wants to continue to live a safe life that isn't interrupted too much, I think it's a good thing that it remains bipartisan and hopefully that doesn't change into the future. But it does seem like an issue where everyone's kind of their hackles are up and they're looking at it and, and let's hope that continues to be the case.

Rachel Lyon

Yeah. No, it's good when there's common ground.

Maggie Miller

Right.

Rachel Lyon

On certain themes, for sure. Well, I'm cognizant of time. I know we've had a great conversation. Maggie, thank you so much for joining us today. This has been really insightful. I know our listeners enjoy when we can dive into topics, really, and get some meat on the bone. So thank you for providing that to our listeners.

Maggie Miller

Yeah, my pleasure. And yeah, my pleasure. Happy to come on in the future if you ever want to chat about anything further. But on November 5th, we'll all be, my team and I watching things closely and as I said the week after because I could be wrong. But I mean, I'm not assuming we'll have the results of the presidential race on November 5th. So we'll be watching.

Rachel Lyon

Yeah. It's exciting times ahead for sure. For sure. I can't wait to see the coverage that comes out. I'll be following you. I'll continue stalking you, I guess, is what I'm saying.

Maggie Miller

Well, also our wife, White House and campaign reporters that are going to be working their butts off that day. So give them a shout out, too.

Rachel Lyon

I have dogs barking in the background if you can hear that as we close out, because we talked about dogs before to all of our listeners. Don't forget to smash that subscription button. Get a fresh episode in your inbox every Tuesday. And until next time, everybody stay safe. Thanks for joining us on the to the Point Cyber Security podcast, brought to you by forcepoint. For more information and show notes from today's episode, please visit www.ForcePoint.com podcast. And don't forget to subscribe and leave a review on Apple Podcasts or Google Podcast.