Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …
THE BIG STORIES:
–DEMS PRESS VOTING MACHINE VENDORS: Sens. Amy KlobucharAmy Jean KlobucharOvernight Health Care: Trump eases rules on insurance outside ObamaCare | HHS office on religious rights gets 300 complaints in a month | GOP chair eyes opioid bill vote by Memorial Day Overnight Regulation: Trump to take steps to ban bump stocks | Trump eases rules on insurance sold outside of ObamaCare | FCC to officially rescind net neutrality Thursday | Obama EPA chief: Reg rollback won’t stand Dems seek reversal of nursing home regulatory rollback MORE (D-Minn.) and Jeanne ShaheenCynthia (Jeanne) Jeanne ShaheenOvernight Defense: VA chief won’t resign | Dem wants probe into VA hacking claim | Trump official denies plan for ‘bloody nose’ N. Korea strike | General ‘100 percent’ confident in US missile defense Trump official denies US planning ‘bloody nose’ strike on North Korea House Oversight Committee opens probe into sexual abuse of gymnasts MORE (D-N.H.) sent a letter Wednesday to three election equipment vendors to ask whether they have shared information about their machines with Russian entities. The senators wrote to Election Systems & Software, Dominion Voting Systems Inc. and Hart InterCivic Inc. to ask if the companies had shared source code, software or other sensitive details about their machines with Russians. “Foreign access to critical source code information and sensitive data continues to be an often overlooked vulnerability. Further, if such vulnerabilities are not quickly examined and mitigated, future elections will also remain vulnerable to attack,” the senators wrote. The senators also asked the companies what steps they’ve taken to upgrade their technology in light of ongoing cybersecurity threats. Lawmakers have expressed concerns that Russia will seek to interfere in the 2018 midterm elections. “The 2018 election season is upon us. Primaries have already begun and time is of the essence to ensure any security vulnerabilities are addressed before 2018 and 2020,” Klobuchar and Shaheen wrote. The lawmakers cited a Reuters report from January that a number of major technology providers let Russian authorities probe their software for vulnerabilities that could be exploited by hackers. That software is used by various agencies of the U.S. government. U.S. officials have said Russian hackers targeted 21 states’ voting systems two years ago, though most of the efforts only involved preparations for hacking and did not result in successful breaches. The Department of Homeland Security says the systems targeted were not involved in vote tallying, and that there is no evidence any votes were altered.
To read more from our piece, click here.
–FBI CHIEF HIGHLIGHTS EMERGING DIGITAL THREATS: FBI Director Christopher Wray on Wednesday said the bureau must be prepared to confront a new set of emerging cyber threats. “The digital environment presents new challenges that the FBI has to address in terms of what’s coming down the pike,” Wray said in an address to the FBI Boston Conference on Cyber Security at Boston College. Wray particularly pointed to advances in artificial intelligence or cryptocurrencies, which he warned could have consequences not just for the commercial sector but also for national security. “I’m convinced that we, the FBI — like a lot of other organizations — haven’t fully gotten our arms around these new technologies and how they may impact our national security and cybersecurity work,” he said. Wray’s remarks suggest he has decided to dip his toes into the artificial intelligence debate that consumes Silicon Valley. Prominent tech leaders like Tesla’s Elon Musk have called for regulations on AI that would provide guidelines in the event that the technology reaches a dangerous degree of self-learning sophistication that could become hard to safely control. Facebook’s Mark ZuckerbergMark Elliot ZuckerbergOvernight Tech: Dems turn up the heat on Equifax | Trump’s science budget | Inside Rupert Murdoch’s fight with Facebook | Cyber experts identify Olympics malware Rupert Murdoch pressured Facebook for changes to help news publishers: report Overnight Tech: GOP bill would bar agencies from using Chinese tech | How Russian accounts used Tumblr during the election | Warren, Equifax spar over breach claims | Dem worries about tech addiction | New lobster emoji MORE and other industry experts, however, argue that such warnings are alarmist and premature since the technology is far from achieving human intelligence. Financial officials are also grappling with how to regulate virtual currencies as cyber thieves continue to target digital wallets. Those changes have raised new questions over how the government should regulate the growing industry. The FBI chief also signaled that government agencies must understand these new issues in order to properly evaluate their future implications on national security. Wray also emphasized the bureau’s ongoing challenge of breaking through the encryption barriers in devices that could offer key information in law enforcement investigations. “We face an enormous and increasing number of cases that rely on electronic evidence. And we face a situation where we’re increasingly unable to access that evidence, despite lawful authority to do so,” Wray said.
To read more from our piece, click here.
–NEW RUSSIA SANCTIONS? The Trump administration may soon impose new sanctions on Russian entities for meddling in the 2016 presidential election, CNN reported late Tuesday. A senior administration official told the publication that the new penalties could come as soon as next week. Among the entities who could be sanctioned is the Internet Research Agency, the Russian troll farm that leveraged social media platforms like Facebook and Twitter to spread divisive political and cultural content to U.S. audiences before the 2016 vote. The news of potential sanctions comes weeks after special counsel Robert MuellerRobert Swan MuellerSasse: US should applaud choice of Mueller to lead Russia probe MORE indicted 13 Russian nationals and three Russian entities in an elaborate scheme to meddle in the election. Most of those charged have been linked to the Internet Research Agency’s operations. “If they have been indicted, they should be looked at” for sanctions, CNN quoted the senior official as saying. Meanwhile, Treasury Secretary Steven MnuchinSteven Terner MnuchinOvernight Tech: Judge blocks AT&T request for DOJ communications | Facebook VP apologizes for tweets about Mueller probe | Tech wants Treasury to fight EU tax proposal Overnight Regulation: Trump to take steps to ban bump stocks | Trump eases rules on insurance sold outside of ObamaCare | FCC to officially rescind net neutrality Thursday | Obama EPA chief: Reg rollback won’t stand Big tech lobbying groups push Treasury to speak out on EU tax proposal MORE has signaled that the administration will soon enact new sanctions on Moscow in response to its election interference. Director of National Intelligence Dan CoatsDaniel (Dan) Ray CoatsTop state election official questions why Trump is downplaying threat of Russian election interference: report Russian bots turn to gun control after Florida high school shooting: report The case alleging Russian collusion is not closed MORE predicted Tuesday during a hearing before the Senate Armed Services Committee that Mnuchin would announce the measures “within a week.”
A LEGISLATIVE UPDATE:
A key Senate panel on Wednesday advanced legislation to reauthorize the Department of Homeland Security (DHS) that includes a measure reorganizing the department’s cybersecurity wing.
The bill includes language that would reorganize and rename the office within the department that protects federal networks and critical infrastructure from physical and cyber threats, currently known as the National Protection and Programs Directorate (NPPD). Under the legislation, the entity would be transformed into an operational agency called the Cybersecurity and Infrastructure Security Agency.
The Senate Homeland Security advanced the legislation at a meeting Wednesday.
“This bill now includes a key reorganization for DHS, transforming the National Protection and Programs Directorate into the Cybersecurity and Infrastructure Security Agency,” Sen. Ron JohnsonRonald (Ron) Harold JohnsonTrump spars with GOP lawmakers on steel tariffs Overnight Regulation: Trump unveils budget | Sharp cuts proposed for EPA, HHS | Trump aims to speed environmental reviews | Officials propose repealing most of methane leak rule Trump budget seeks savings through ObamaCare repeal MORE (R-Wis.), who chairs the committee, said in a statement.
“Establishing an agency within DHS to focus on cyber and infrastructure security will help DHS achieve its missions.”
The effort to reorganize Homeland Security’s cyber efforts has long been a priority of House Homeland Security Chairman Michael McCaulMichael Thomas McCaulWhite House blames ‘Schumer Democrats’ for defeat of Trump immigration plan Overnight Cybersecurity: House Intel votes to release Dem countermemo | Hacking threats loom over 2018 Olympics | Booz Allen scores major DHS cyber contract McCain, Coons immigration bill sparks Trump backlash MORE (R-Texas). The House passed a standalone bill on it last December. Homeland Security Secretary Kirstjen NielsenKirstjen Michele NielsenUnder pressure, Trump shifts blame for Russia intrusion Top state election official questions why Trump is downplaying threat of Russian election interference: report Homeland Security chief touts effort on election cybersecurity MORE has expressed support for the measure.
The Senate committee also approved several amendments to the Homeland Security reauthorization bill, including multiple cybersecurity-related measures.
For instance, the committee approved amendments that would set up a pilot “bug bounty” program to catch vulnerabilities in Homeland Security networks; direct the department to report on potential threats of blockchain technology; and set up a pilot “talent exchange” program to get private sector cybersecurity workers into the department.
However, the bill approved Wednesday does not include measures to address election cybersecurity. Sens. James LankfordJames Paul LankfordAfter Florida school shooting, vows for change but no clear path forward GOP senator: ‘The problem is not owning an AR-15’ Sunday shows preview: Russian charges, Florida shooting dominate coverage MORE (R-Okla.) and Kamala HarrisKamala Devi HarrisCongress fails miserably: For Asian-Americans, immigration proposals are personal attacks American women will decide who wins and loses in 2018 elections Dems ponder gender politics of 2020 nominee MORE (D-Calif.) planned to introduce an amendment addressing the issue to the bill, but Lankford was forced to withdraw the amendment after some secretaries of state expressed concerns.
To read the rest of our piece, click here.
A REPORT IN FOCUS:
EXPERTS OFFER IDEAS ON HOW U.S., EUROPE CAN COUNTER DISINFORMATION: Experts at the Atlantic Council have released a new report that presents a slate of options for the United States and European allies to counter disinformation from foreign adversaries.
The report represents the latest effort in Washington to address Russian interference in the 2016 U.S. presidential election, and positions countering disinformation as a global challenge that will only grow larger with the evolution of the digital realm.
The experts lay out a wide set of recommendations that can be broadly applied to future disinformation campaigns, noting that the problem is “broader than Russia” because other foreign entities are already looking to deploy digital disinformation tools.
Among the recommendations, the paper calls for the creation of a so-called “Counter Disinformation Coalition” comprised of government and private sector representatives that would develop “best practices” for defending against disinformation, such as standards for social media companies to voluntarily adhere to.
The experts also recommend that the Trump administration establish a high-level interagency operation to coordinate activities to counter disinformation between the FBI, CIA, Pentagon and the Departments of Homeland Security and State. They propose the entity be led by an official at the level of undersecretary or higher who would report to the Director of National Intelligence and the president.
The report also suggests that the Trump administration set up an office within Homeland Security to share sensitive information on emerging disinformation threats with private sector companies.
Daniel Fried, a State Department official who served in both the Clinton and Bush administrations, and Alina Polyakova, a foreign policy expert at the Brookings Institution, coauthored the report.
“It was designed to be operational rather than theoretical,” Fried told The Hill in an interview. “We’re at the stage where people say, we know there’s a problem, what do we do? We try to give operational suggestions.”
Fried said that it is paramount that the U.S. engage with allies in Europe to counter disinformation from Russia and other countries.
“The Europeans are ready to work with us. They face the same challenges,” said Fried, who consulted U.S. and European officials, academics, analysts and others when formulating the report. “This is going to be an ongoing and evolving challenge.”
To read more from our piece, click here.
A LIGHTER CLICK:
Amazon is looking to fix Alexa’s creepy laughter. (The Verge)
WHAT’S IN THE SPOTLIGHT:
REDDIT: Reddit has not turned over any documents to congressional investigators regarding Russian influence on its platform despite saying that it is cooperating on the matter, The Daily Beast reported Wednesday.
Sources told the news outlet that Reddit has yet to hand over any documents to the House and Senate panels responsible for investigating Russian interference in the 2016 presidential election.
The report comes after Reddit CEO Steve Huffman said that his company was “cooperating with congressional inquiries” in a public post Monday.
“While I know it’s frustrating that we don’t share everything we know publicly, I want to reiterate that we take these matters very seriously, and we are cooperating with congressional inquiries,” Huffman wrote.
The top Democrat on the House Intelligence Committee, Rep. Adam SchiffAdam Bennett SchiffGOP strategist confronts ex-Trump staffer: ‘I’m sick of you guys making excuses for him’ Shepard Smith goes after Trump for not condemning Russia in tweets Trump: Why didn’t Obama ‘do something about Russian meddling?’ MORE (Calif.), urged Reddit to provide any information that it may have to his committee.
“We hope and expect Reddit, Tumblr, and other companies to thoroughly research both paid advertising and organic content that can be traced to Russia’s disinformation campaign and to provide that information to the Committee,” Schiff said in a statement to The Daily Beast.
“I have repeatedly urged the social media companies to share data among themselves and prepare a joint report for the committee on how these platforms were used interchangeably to reinforce the Russian messages, and I continue to hope that they will do so,” he added.
The recent scrutiny, and Huffman’s statement, come after Reddit said it had removed “a few hundred accounts” linked to Russian propaganda from its platform.
To read the rest of our piece, click here.
IN CASE YOU MISSED IT:
Links from our blog, The Hill, and around the Web.
Broadcom pledges $1.5B innovation fund to reassure regulators. (The Hill)
Warner criticizes Trump’s response to threat of Russian interference. (The Hill)
GOP chairman pledges to tackle Russian meddling efforts ‘head on.’ (The Hill)
Energy companies are worried about cyberattacks. (Forbes)
Watchdog flags issues with Homeland Security’s IT security. (ZDNet)
Breaches are fueling bug bounty programs. (Fox Business)
The Vatican is hosting a hackathon. (Wired)
Hope Hicks told House Intelligence lawmakers her email was hacked. (NBC News)
If you’d like to receive our newsletter in your inbox, please sign up here.