Overnight Cybersecurity: Dem campaign arm embraces encryption | Panel signs off on $1.8B for DHS cyber office | Dems want review of pipeline security

Overnight Cybersecurity: Dem campaign arm embraces encryption | Panel signs off on $1.8B for DHS cyber office | Dems want review of pipeline security
© Getty Images

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...


--DEMS DO CRYPTOGRAPHIC CYBER COMMUNICATIONS: The Democratic Congressional Campaign Committee (DCCC) has taken to using an encrypted messaging app called Wickr for internal communications and correspondence with the campaigns of the most vulnerable House Democrats, BuzzFeed News reported Tuesday. The DCCC was among the organizations targeted by a Russian hacking campaign during the 2016 elections -- an attack that exposed the internal documents of a handful of Democratic House campaigns. Wickr, an end-to-end encrypted messaging software, was installed at the DCCC in June, according to BuzzFeed, and is a first for political party committees on both sides of the aisle. Encrypted messaging systems prevent third parties from deciphering communications and data sent using that software, meaning that only the sender and the intended recipient can view the information. Wickr is not intended to replace email and is used to send ephemeral messages and share files.

To read the rest of our piece, click here.

--DEMS ANXIOUS ABOUT PULLING RUSSIAN SANCTIONS BILL OVER FINISH LINE: The top Democrat on the House Foreign Affairs Committee expressed pessimism on Tuesday that long-stalled Russia sanctions legislation could get done before lawmakers leave Washington for August. The bipartisan bill passed in the Senate last month by a 98-2 vote, but it has since been stuck in the House due to multiple procedural problems. The Senate subsequently approved technical changes by unanimous consent three weeks ago. But House Democrats then objected to a provision that prevents them from forcing a floor vote to block the Trump administration if it tries to lift sanctions. And on Friday, House Majority Leader Kevin McCarthy (R-Calif.) suggested that the package, which also slaps sanctions on Iran, include a bill passed by the House earlier this year to sanction North Korea. Rep. Eliot Engel (D-N.Y.), the ranking Democrat on the House Foreign Affairs panel, appeared skeptical that the sanctions package could be sent to President TrumpDonald John TrumpIran claims it rejected Trump meeting requests 8 times ESPY host jokes Putin was as happy after Trump summit as Ovechkin winning Stanley Cup Russian ambassador: Trump made ‘verbal agreements’ with Putin MORE's desk before the House is scheduled to leave for the month long August recess at the end of next week. "I would hope. But every day passes and nothing is getting done, it makes it less and less likely. But that's not our fault. That's the Republicans' fault," Engel told The Hill. Engel added that he thinks adding North Korea sanctions will make it harder to resolve the already-complicated talks to move the package. "It makes no sense to me to have a North Korea sanctions bill thrown into the mix when we apparently can't even agree on a Russia-Iran sanctions bill," Engel said.

To read the rest of our piece, click here.




House lawmakers on Tuesday advanced a spending measure that would provide roughly $1.8 billion in funding for a Department of Homeland Security (DHS) cyber unit.


The bill would allocate the money for the National Protection and Programs Directorate (NPPD), the DHS office tasked with securing critical infrastructure from cyber threats.

The House Appropriations Committee approved the fiscal 2018 funding measure for the DHS by a vote of 30-22 during a markup on Tuesday.

The allocation for NPPD is similar to fiscal 2017 spending levels and on par with the Trump administration's request for $1.8 billion in discretionary funding for the office.

NPPD, which is charged with protecting U.S. cyber and physical infrastructure, would receive nearly $1.4 billion to help secure civilian networks, prevent cyberattacks and espionage, and help modernize emergency communications infrastructure.

However, the bill would cut funds to the DHS's Science and Technology Directorate by more than $100 million, reducing its budget to $638 million and putting it in line with President Trump's budget request. Rep. Dutch Ruppersberger (D-Md.) took issue with that cut on Tuesday.

"We are drastically cutting the important cybersecurity and research and development work that happens at the Science and Technology Directorate and shifting that money to fund a border wall," said Ruppersberger.

"The president may have promised a border wall, but I explicitly remember him saying Mexico would pay for it, not saying he would gut the important research and development work at the Department of Homeland Security to fund it," he continued.

To read the rest of our piece, click here.



EARLY FAKE NEWS. "Goodnight Moon" is not scientifically accurate.




WhatsApp users in China are reporting that the app isn't properly working across the country, sparking concerns that the Chinese government is censoring the encrypted messaging app.

Many users on the app in China have not been able to send videos, pictures and, in some cases, even texts, reports The New York Times. One Beijing-based reporter tweeted that the app had not been working since Sunday and could only be used with the help of a VPN.

Security groups reportedly confirmed that WhatsApp was being disrupted by government internet filters.

"According to the analysis that we ran today on WhatsApp's infrastructure, it seems that the Great Firewall is imposing censorship that selectively targets WhatsApp functionalities," Nadim Kobeissi, an applied cryptographer at Symbolic Software, a cryptography research startup, said to the Times.

Instagram and its parent company, Facebook, which also owns WhatsApp, are both already blocked by Chinese government censors.

To read the rest of our piece, click here.




Sen. Maria CantwellMaria Elaine CantwellSenators share their fascination with sharks at hearing Poll: Majority of Americans support Roe v. Wade The Hill's Morning Report — Sponsored by Better Medicare Alliance — Protests and anger: Washington in turmoil as elections near MORE (D-Wash.) and Rep. Frank Pallone Jr. (D-N.J.) asked the Government Accountability Office and Transportation Security Administration on Tuesday whether voluntary guidelines for cybersecurity defenses for fuel pipelines need to be updated or codified.

"An assessment of these guidelines and their effectiveness is needed as a number of major trends have emerged, with potentially significant implications for our energy, national and economic security," the lawmakers wrote in a letter.

Cantwell and Pallone are the ranking members of the Senate Energy and Natural Resources Committee and House Energy and Commerce Committee, respectively.

In the letter, they note that the same type of cybersecurity standards legislation protecting the energy grid is not in place for pipelines delivering natural gas and oil despite pipelines' dependence on the same types of internet-connected systems. 

To read the rest of our piece, click here.



A Democratic senator is pressing the Department of Homeland Security (DHS) to mandate the government-wide use of an email authentication tool "to ensure that hackers cannot send emails that impersonate federal agencies."

"I write to ask you to take immediate steps to ensure that hackers cannot send emails that impersonate federal agencies," Wyden wrote on Tuesday to Jeannette Manfra, the DHS official. "The threat posed by criminals and foreign governments impersonating U.S. government agencies is real."

Wyden asked DHS to require agencies to use a tool called the Domain-based Message Authentication, Reporting and Conformance, or DMARC, a standard developed by industry that can reroute emails that fake the sender's address to the spam folder or have them outright rejected.

Without DMARC or another authentication method, there is nothing that prevents a sender from putting whatever email address they would like in the "from" field. 

To read the rest of our piece, click here. 



Links from our blog, The Hill, and around the Web.

Mueller gave his blessings for the Senate Judiciary to interview Donald Trump Jr. (The Hill)

The White House makes its case for dismantling net neutrality. (The Hill)

The FBI warns smart toys might be dumb. (The Hill)

"Far from expanding its system of biometric border screening, DHS should end it." (The Hill)

Headline of the day "Myspace fixes account security hole - but delete your account anyway." (Graham Cluley)

Lots of security cameras share the same security flaw, inherited from a shared code library. (Motherboard)

If you'd like to receive our newsletter in your inbox, please sign up here.