Overnight Cybersecurity: Senators unveil election security bills | North Korea denies WannaCry role

Overnight Cybersecurity: Senators unveil election security bills | North Korea denies WannaCry role
© Greg Nash

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...

 

THE BIG STORY:

--SENATORS UNVEIL ELECTION SECURITY BILL: A bipartisan coalition of Senate lawmakers introduced legislation on Thursday meant to strengthen U.S. election cybersecurity following Russian election interference. The bill would authorize block grants for states to upgrade outdated voting technology. It would also create a program for an independent panel of experts to develop cybersecurity guidelines for election systems that states can implement if they choose, and offer states resources to implement the recommendations. In addition, the legislation aims to expedite the process by which state officials receive security clearances necessary to review sensitive threat information and instructs the Department of Homeland Security (DHS) and other federal entities to more quickly share this information with relevant state officials. The "Secure Elections Act" was introduced Thursday morning by Sens. James LankfordJames Paul LankfordOvernight Cybersecurity: Senators eye path forward on election security bill | Facebook isn't winning over privacy advocates | New hacks target health care This week: Senate barrels toward showdown over Pompeo Senators chart path forward on election security bill MORE (R-Okla.), Susan CollinsSusan Margaret CollinsOvernight Energy: Dems raise new questions about Pruitt's security | EPA rules burning wood is carbon neutral | Fourth GOP lawmaker calls for Pruitt's ouster | Court blocks delay to car efficiency fines How much does the FDA really do to promote public health? Trump aide: Mueller probe 'has gone well beyond' initial scope MORE (R-Maine), Lindsey GrahamLindsey Olin GrahamOvernight Cybersecurity: Senators eye path forward on election security bill | Facebook isn't winning over privacy advocates | New hacks target health care Paul backs Pompeo, clearing path for confirmation Can Silicon Valley expect European-style regulation here at home? MORE (R-S.C.), Amy KlobucharAmy Jean KlobucharOvernight Cybersecurity: Senators eye path forward on election security bill | Facebook isn't winning over privacy advocates | New hacks target health care Senators chart path forward on election security bill GOP poised to advance rules change to speed up Trump nominees MORE (D-Minn.), Kamala HarrisKamala Devi HarrisKamala Harris will no longer accept corporate PAC money Sen. Harris: I look forward to the day we need a nursery off the side of the cloakroom Dem senators unveil expanded public option for health insurance MORE (D-Calif.), and Martin HeinrichMartin Trevor HeinrichDem senators unveil expanded public option for health insurance Senators introduced revised version of election cyber bill Senate Intel releases summary of election security report MORE (D-N.M.).

To read the rest of our piece, click here.

--...HIGHLIGHTS MEASURES FROM EARLIER BILLS: Experts widely agree that the two major problems addressed by the bill need attention. Our aging elections equipment often uses old components now known to be vulnerable to various hacking techniques. And if officials don't have security clearances, it is impossible to promptly share threats between the federal government and the states that run elections. Two bills, both introduced by cosigners of the Secure Elections Act, used similar solutions to address the problem. Collins and Heinrich introduced comprehensive legislation on Halloween that included streamlining the process for state officials to get security clearances. Similarly, Graham and Klobuchar introduced legislation for federal grants for equipment upgrades.

--...NOT JUST A SECURITY ISSUE: Age doesn't just introduce security concerns. Over time, things break. Some of the earliest digital voting machines are rapidly approaching their expected end of life. Whether a hacker changes a vote or a broken touch screen misrecords the vote, the result is the same - someone's vote didn't count.

 

A REGULATORY UPDATE:

702: As of press time, the House passed in its funding bill a short-term extension of the 702 provisions of the FISA act, allowing law enforcement agencies to surveil foreign citizens outside the U.S. without a warrant.

Earlier Thursday, law enforcement agencies were getting anxious.

Midday, the heads of the FBI, CIA and NSA, alongside the Director of National Intelligence cosigned a letter imploring the Legislative Branch to reauthorize the prograam.

"There is no substitute for Section 702. If Congress fails to reauthorize this authority, the Intelligence Community will lose valuable foreign intelligence information, and the resulting intelligence gaps will make it easier for terrorists, weapons proliferators, malicious cyber actors, and other foreign adversaries to plan attacks against our citizens and allies without detection," they wrote.

A sizable group of opponents, including the Sens. Rand PaulRandal (Rand) Howard PaulRand's reversal advances Pompeo Overnight Defense: Pompeo clears Senate panel, on track for confirmation | Retired officers oppose Haspel for CIA director | Iran, Syria on agenda for Macron visit After Dems stood against Pompeo, Senate’s confirmation process needs a revamp MORE (R-Kent.), and Ron WydenRonald (Ron) Lee WydenTrump struggles to get new IRS team in place CIA declassifies memo on nominee's handling of interrogation tapes Dem senators demand Trump explain ties to Koch brothers MORE (D-Ore.) argue that U.S. citizens slip through the safety measures meant to filter out people not supposed to be surveilled.

 

A LIGHTER CLICK: 

LONG ISLAND ICED TEA COMPANY TRIPLES ITS STOCK PRICE BY CHANGING ITS NAME TO 'LONG BLOCKCHAIN.' To be fair, Long Island is not known for its non-alcoholic iced tea. 

 

AN ATTRIBUTION IN FOCUS: 

NORTH KOREA NOT THRILLED BEING BLAMED FOR WANNACRY: North Korea's Ministry of Foreign Affairs on Wednesday fiercely denied the United States assertion Pyongyang launched the disastrous WannaCry malware.

"As we have clearly stated on several occasions, we have nothing to do with cyber-attack and we do not feel a need to respond, on a case-by-case basis, to such absurd allegations of the U.S.," a spokesman told the state media publication KCNA.

"However, we can never tolerate the U.S. reckless move of using the issue of cyber-attack for the purpose of making direct accusation against our state," he said.

Though the KCNA website was down, the statement was archived at North Korean media aggregator KCNA Watch.

WannaCry infected hundreds of thousands of computers in only a few days, forcing the British national hospital system to turn away patients and harming government systems in Russia, India and China.

On Tuesday, U.S. homeland security adviser Tom Bossert announced that the U.S. had conclusively linked WannaCry with North Korean leadership.

"This move is a grave political provocation by the U.S. aimed at inducing the international society into a confrontation against the DPRK," the spokesman said.

To read the rest of our piece, click here.

 

WHAT'S IN THE SPOTLIGHT:

RUSSIA (AGAIN) (SORRY): A string of U.S. actions raises questions of whether the U.S.'s strategy of ignoring Russian hacking will ever pay off with the close ties with Moscow the president promised.

In June of 2016, Donald TrumpDonald John TrumpRand's reversal advances Pompeo New allegations could threaten Trump VA pick: reports President Trump puts on the pageantry for Macron’s visit MORE asked a rally in California "Wouldn't it be nice if we actually got along with Russia? Wouldn't that be good?"

And for 18 months, Trump has stood behind that line. He has delayed a sanctions bill for the DNC affair, revealed code-word classified information to Russian ambassadors, and generally denied any Russian involvement in the 2016 elections - despite the full confidence his intelligence agencies have in that fact.

Within the last 48 hours, Trump has approved an arms sale to Ukraine to push back Moscow's forces, and invoked Magnitsky act sanctions against five Russians including the son of the Russian prosecutor general. The Department of Defense has also accused Russia of violating the deconfliction boundaries in Syria.

The moves garnered praise from security hawks in the Senate.

"With this decision [to arm Ukraine], the Trump administration is reminding Vladimir Putin and his cronies that they lost the Cold War, and we won't tolerate their bullying of our friend Ukraine," Said Sen. Tom CottonThomas (Tom) Bryant CottonThe Hill's Morning Report - Lawsuits, investigations send Trump on Twitter tirade GOP senator: Democratic opposition to Pompeo 'driven 100 percent by politics' Sunday Shows Preview: Emmanuel Macron talks ahead of state dinner MORE (R-Ark.) in a statement.

But it did not get the same praise by Russia.

State-run media referred to the Ukraine sale as "a sideways move to nowhere," and Russia's Foreign Ministry called the new Magnitsky list"grotesque" and vowed a response.

 

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

The latest poll shows more than half of Americans disapprove of Trump's handling of the Russia investigation. (The Hill)

Eric Schmidt, the executive chairman of Google parent company Alphabet, will step down. (The Hill)

Lithuania follows America's lead and bars Kaspersky Lab from sensitive computers. (Reuters)

The Russian bank Globex was hacked over the SWIFT network, to the tune of $940,000. (Reuters)

How the newly negotiated Wassenaar Arrangement fixes the old version's flaws - including the part where it inadvertently banned the international sale of critical cybersecurity products. (Cyberscoop)

 

If you'd like to receive our newsletter in your inbox, please sign up here.