With help from Joseph Gedeon, John Sakellariadis and Maggie Miller

— Kemba Walden apparently racked up a bit too much personal debt … and it’s taken her out of the running to be national cyber director. It came as a shock to many, who think something’s up.

HAPPY MONDAY, and welcome to Morning Cybersecurity! I’m your host, Matt Berg. While I may not be as talented or handsome as your usual host, I promise we’ll have a good time together — not a long time. I’m back to my National Security Daily duties after Joseph celebrates his engagement. Young love, am I right?

Have any tips or secrets to share with MC? Or thoughts on what we should be covering? Email [email protected]. You can also follow @POLITICOPro and @MorningCybersec on Twitter. Full team contact info is below. Let’s dive in.

Want to receive this newsletter every weekday? Subscribe to POLITICO Pro. You’ll also receive daily policy news and other intelligence you need to act on the day’s biggest stories.

MAXED OUT — After Chris Inglis stepped down in February, Kemba Walden has been acting national cyber director, much to the cybersecurity community’s delight. Apparently, those in government don’t share the same affinity.

The Record, cybersecurity company Recorded Future’s publication, broke the news over the weekend that Walden, who many assumed would take over the full-time role of national cyber director, had been told she wouldn’t receive the nomination. She then withdrew her name from the process.

— The plot thickens: It wasn’t because she’s not qualified or hasn’t proven herself — Walden’s work at standing up the cyber director’s office over the past year has been lauded. Just last week, the White House announced an implementation plan for the new national cyber strategy, which she shepherded in only six weeks.

No, it was because she and her husband — public servants with a mortgage and two children in private school — racked up too much debt, which could complicate her nomination in Congress, the Washington Post reported, citing four people familiar with the matter. That’s an explanation that not all experts are buying.

“There’s something else going on, but they won’t tell us what it is. It’s a nice cover story, but it needs work,” the Center for Strategic and International Studies’ James Lewis told MC. “If you’re going to start firing people because they have big mortgages, you’re going to depopulate Washington.”

— Backlash: That sentiment was shared by cyber vets online, including Chris Krebs, Walden’s former boss while he was CISA director. He called the decision “a shame,” saying that her experience in CISA and work on the implementation plan shows that she’s “eminently qualified.”

The Senate Homeland Security Committee, which handles the cyber director’s nomination, reportedly determined Walden’s nomination “wasn’t viable for confirmation,” due to her debt, a U.S. official told WaPo. Chair Gary Peters (D-Mich.) called that “not accurate” through a spokesperson, and said he would still consider Walden’s nomination if she changed her mind.

— Who’s on deck?: Harry Coker, a former top official at the CIA and National Security Agency, is the White House’s preferred choice, the Post reported. During our call, Lewis took a moment to look up his name.

“That’s a sign. I don’t know the guy and very few people know him. He’s one of these NSA lifers who spends his whole career there,” he said.

Two other people who have been floated for the gig — Rob Silvers, DHS’s undersecretary for strategy, policy and plans, and Suzanne Spaulding, a former DHS undersecretary for cyber and infrastructure — aren’t currently in the lead, he said.

When asked by MC, the Office of the National Cyber Director declined to provide a comment from Walden on the concerns about her debt, and about whether she’d reconsider the position if the White House reversed course.

AIMING FOR ANTONY — The Biden administration really wants to make things better with Beijing, and Secretary of State Antony Blinken’s trip there last month was a major attempt to improve relations.

But Washington believes China wanted the inside scoop beforehand, taking matters into their own hands and accessing State’s email systems during the massive hack on government agencies. It was an attempt by Beijing to gain insights into Blinken’s thinking ahead of the visit, two U.S. officials told CNN.

“We took immediate steps to protect our systems, to report the incident — in this case, notifying a company, Microsoft, of the event,” Blinken told reporters on Friday. “I can’t discuss details of our response beyond that, and most critically this incident remains under investigation.”

— Get it together: That’s hardly surprising, since both sides spy on each others’ communications. But experts say more could be done to prevent Blinken and other top officials from being snooped on.

There are already mandates for protecting information, including the requirement that agencies categorize sensitive information, or, in layman’s terms, “just good housekeeping of basic security measures,” Will Ackerly, a former NSA official and co-founder of data security company Virtru, told MC. “Right now, it’s perceived as too hard to do so they skip it.”

It’s still unclear what the Chinese government was able to access from the hack, but in Ackerly’s eyes, implementing these basic security measures would be extremely helpful — even when Beijing is checking out Blinken’s happy hour RSVPs in Outlook.

“That’s OK, insofar as maybe they can’t read” the messages, he said. “It’s very awkward, right? You want them out, but it’s not game over.”

While the White House’s implementation plan for the cyber strategy is a step in the right direction toward defending against cyberattacks, Lewis told MC, the government needs clearer steps to prevent such hacks from happening again.

“Planning doesn’t put points on the board. It’s actions that put points on the board,” he said. “So tell me what you’re going to do. There’s a lot of ‘we’ll drive toward this, we’ll do this, we’ll do that.’ They need firmer goals.”

CYBER SMARTIES — No matter how freshly graduated you are, the chances that you learned about cybersecurity measures in school are low. Your host is a reliable source — I graduated college last year and trust me, cyberbullies could’ve stolen my virtual lunch money with ease.

— Open those textbooks: Educating the public on how to keep personal online information safe is the goal of the American Cybersecurity Literacy Act, which passed the House Energy and Commerce Committee last week and will be teed up for a potential vote on the House floor later this year.

— Kids these days: People like (college) me and other Americans who haven’t been taught about cybersecurity could benefit from that, especially in light of the Microsoft hack, Rep. Jay Obernolte (R-Calif.), who introduced the bill, told MC.

“If we hope to truly secure Americans’ digital data and fight back against the recent rise in cyberattacks, we must invest in cybersecurity education for the American public,” Obernolte said in a statement.

If passed, the bill would direct the National Telecommunications and Information Administration to conduct a cybersecurity literacy campaign to educate the American public about the benefits of secure passwords, the use of cybersecurity tools and the identification of cybersecurity risks.

I guess it’s time to start using those recommended passwords …

‘THE HOUR OF RECKONING HAS COME’ — That’s the ominous message that hackers broadcast on television channels in a couple regions throughout Russia on Saturday — straight out of a “Black Mirror” episode.

During the disruption, television screens suddenly cut to a blacked-out screen with the message written in white, bold Ukrainian letters. It then cut to footage of ballerinas from the ballet “Swan Lake,” which played on loop following the death of top Soviet Union leaders in 1991.

Russia and Ukraine have frequently hacked each others’ infrastructure throughout the war. In this case, it appears that the hackers managed to intercept and replace the satellite signals, said Maksym Skrypchenko, president of the Transatlantic Dialogue Center in Ukraine.

Rather than persuade Russian viewers against Putin’s rule, he said, the hackers appear to be attempting to lower the morale of citizens following Wagner mercenary group chief Yevgeny Prigozhin’s failed mutiny against the Kremlin.

“It’s therefore a timely opportunity to foster distrust in the Russian political leadership, which seems unable to even protect national TV,” Skrypchenko told MC. “Ukraine has been making significant efforts to transform this counteroffensive into a psychological operation.”

WANT SOME CHIPS WITH THAT? — The State Department and Costa Rica will partner to collaborate on semiconductor development, officials announced on Friday. Coincidentally, I just had a new idea for a work trip.

“This partnership will begin with a review of Costa Rica’s current semiconductor industry development, regulatory framework, and workforce and infrastructure needs,” the State Department said in a statement, adding that the review “will inform future collaboration on developing this critical sector.”

As Washington works to compete with Beijing on technological advancements, semiconductors have taken center stage. In Costa Rica, products from vehicles to medical devices rely on these chips and serve as “the building blocks of today’s economy,” officials wrote.

“This collaboration underscores the significant potential to expand this industry … to the benefit of the United States and Costa Rica,” the statement said.

The partnership was made through the International Technology Security and Innovation Fund, created by the CHIPS Act in 2022, which provides State with $500 million to expand global semiconductor manufacturing and secure semiconductor supply chains.

Accepting our fate as a bunch of “nature reserves” preserved by robots is possibly the most unsettling outcome I’ve heard yet when it comes to artificial intelligence.

— At least three towns in the U.S. were hit by ransomware attacks last week. (Twitter)

— Would you still love me if I were a Worm GPT? That’s the name of a new AI tool that’s been marketed on underground forums as a way to launch sophisticated phishing and business email compromise attacks. (The Hacker News)

— German Chancellor Olaf Scholz’s Q&A session with journalists over the weekend wasn’t disrupted by a cyberattack. (POLITICO)

Chat soon.

Stay in touch with the whole team: Joseph Gedeon ([email protected]); John Sakellariadis ([email protected]olitico.com); Maggie Miller ([email protected]); and Heidi Vogt ([email protected]).