Overnight Cybersecurity: Trump nominates official to lead DHS cyber office | Feds eye cryptocurrency regs | Dems want 'immediate' briefings on election cybersecurity

Overnight Cybersecurity: Trump nominates official to lead DHS cyber office | Feds eye cryptocurrency regs | Dems want 'immediate' briefings on election cybersecurity
© The Hill photo illustration

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...

 

THE BIG STORIES:

--HOMELAND SECURITY LEAD CYBER OFFICE GETS NOMINEE: President TrumpDonald John TrumpWhite House counsel called Trump 'King Kong' behind his back: report Trump stays out of Arizona's ugly and costly GOP fight Trump claims he instructed White House counsel to cooperate with Mueller MORE has officially nominated Christopher Krebs to serve as under secretary of the National Protection and Programs Directorate (NPPD), an office at the Department of Homeland Security responsible for protecting federal networks and U.S. critical infrastructure from cyber and physical threats. Krebs has been performing the duties of under secretary for NPPD for several months, while also filling the role of assistant secretary for the Office of Infrastructure Protection within the directorate. Krebs previously served as director for cybersecurity policy for Microsoft's government affairs team. The White House announced his nomination in a statement late Wednesday. Krebs will serve at the helm of an office that has seen its responsibilities grow considerably in recent years, especially in the cyber arena. As part of its broad mission, NPPD is responsible for engaging with operators across several critical infrastructure sectors to share cyber and other threat information. This now includes engaging with state officials on election security, in the wake of Russian interference in the 2016 presidential election. Krebs will serve above Jeanette Manfra, who leads NPPD's cyber efforts as Homeland Security's chief cyber official. To catch our recent exclusive interview with Manfra, click here.

--FEDS LOOK TO GET A HANDLE ON CRYPTOCURRENCIES: Federal officials in Washington are scrambling to get a handle on the sudden boom in cryptocurrencies as questions swirl about their place in the financial system. The two top U.S. federal agencies for regulating cryptocurrencies both say they want tighter oversight of the currencies, which have exploded in popularity and are increasingly used as an investment vehicle. The heads of both the Securities and Exchange Commission (SEC) and Commodity Futures Trade Commission (CFTC) testified this week that they would like to work with each other, the Federal Reserve and state regulators on a "coordinated" strategy for bringing stability to the lightly regulated cryptocurrency market. Their effort comes amid a larger push for increased regulation by both the U.S. government and governments around the world. The sense of urgency has been heightened by wild swings in the value of cryptocurrencies over the past year. "We should all come together, the federal banking regulators, the CFTC and SEC -- there are states involved as well -- and have a coordinated plan for dealing with the virtual currency trading market," Jay Clayton, chairman of the SEC, told the Senate Banking Committee on Tuesday. Clayton's call was echoed by CFTC Chairman J. Christopher Giancarlo, as well as some of the senators at the hearing. Currently, cryptocurrencies are regulated as commodities by the CFTC, but other aspects of them, including the digital markets that they are traded on, have no clear regulatory oversight. Cryptocurrency advocates, who fear that too much regulation could stifle innovation, said that they largely didn't have qualms with what regulators said in the hearing.

To read the rest of our piece, click here.

--DEMS DEMAND IMMEDIATE JUDICIARY HEARINGS ON ELECTION HACKING THREATS: Democrats on the House Judiciary Committee are demanding "immediate" hearings on cyber vulnerabilities in U.S. election infrastructure, amid sustained concerns about the prospect of Russian meddling in future elections. The lawmakers wrote to Chairman Bob GoodlatteRobert (Bob) William GoodlatteFive things to know about Bruce Ohr, the DOJ official under fire from Trump Republicans become entangled by family feuds over politics House GOP prepares to grill DOJ official linked to Steele dossier MORE (R-Va.) on Thursday asking him to call leaders of the departments of Homeland Security, Justice and State before the committee to explain what steps the Trump administration "may or may not be taking to ensure the integrity of our state and federal elections." "We believe the threat is urgent," wrote the Democrats, led by ranking member Jerrold Nadler (D-N.Y.). "We cannot afford to ignore the mounting evidence of a coordinated effort to undermine the most basic and essential aspects of democratic process." The Democratic lawmakers accused the Justice Department of taking little "if any" steps to secure election systems, citing previous testimony from Attorney General Jeff SessionsJefferson (Jeff) Beauregard SessionsWhite House counsel called Trump 'King Kong' behind his back: report Trump claims he instructed White House counsel to cooperate with Mueller Watergate's John Dean: White House counsel is 'doing right' by cooperating with Mueller MORE that the U.S. is not in the position it needs to be in to stop future Russian interference. FBI Director Christopher Wray has told lawmakers that the bureau is looking to "get in front" of the threat going forward. Wray has set up a "foreign influence task force" within the bureau to monitor the issue and agents are engaging with other federal officials as well as international partners to understand and disrupt meddling efforts. Meanwhile, Homeland Security is providing cyber vulnerability testing and other services to state officials that request help in securing their voting infrastructure, as part of the department's decision to designate election infrastructure as "critical" one year ago.

To read the rest of our piece, click here.

 

A LEGISLATIVE UPDATE: 

HOUSE PASSES UKRAINE CYBER HELP ACT: House lawmakers on Wednesday passed legislation aimed at deepening cooperation on cybersecurity between the United States and Ukraine.

The bill would encourage the State Department to take a number of steps to help Ukraine improve the cybersecurity of its government and critical services.

The bill passed overwhelmingly in a 404-3 vote Wednesday evening.

The legislation is sponsored by Rep. Brendan Boyle (D-Pa.) and has attracted a slate of bipartisan co-sponsors.

Specifically, the bill expresses the sense of Congress that the State Department should provide support to Ukraine to shore up the cybersecurity of its government networks and critical infrastructure, help Kiev reduce its reliance on Russian technology and help the country improve and expand its information sharing efforts.

The legislation would also trigger a State Department report on the status of the U.S. government's cooperation with Ukraine that would explore new areas for collaboration.

Hacking threats to critical infrastructure have attracted focus on Capitol Hill following cyberattacks that took down portions of Ukraine's power grid in 2015 and 2016. There are broad suspicions that Russia had a hand in the attacks.

To read more from our piece, click here.

 

A LIGHTER CLICK:

Punishment is rare for rogue drone operators. (MarketWatch)

 

A 'REPORT' IN FOCUS: 

The National Association of Secretaries of State (NASS) is pushing back on a report in NBC News that alleged Wednesday that Russia successfully penetrated voter registration databases of "several" U.S. states leading up to the 2016 presidential election.

The publication cited a recent interview with Jeanette Manfra, the chief cybersecurity official at the Department of Homeland Security, who was quoted as saying, "We saw a targeting of 21 states and an exceptionally small number of them were actually successfully penetrated."

NASS, which represents a swath of top state election officials across the country, pushed back on the reporting on Thursday, alleging that the article simply repackaged information that was already reported and took it as something it was not.

Previous reports have indicated that Russian hackers sought access to voter rolls in Arizona and Illinois. While Arizona officials say that they took the state database offline for several days after finding malware on a county election official's computer, they maintain the database was not successfully breached. Officials in Illinois have acknowledged that hackers successfully breached the state voter database, accessing information on as many as 200,000 voters in the state.

"What DHS Cybersecurity Chief, Jeanette Manfra said was 'we saw targeting of 21 states and an exceptionally small number of them were actually successfully penetrated,'" NASS said in a statement circulated on Wednesday. "NBC chose to interpret that statement to mean 'several states' were successfully penetrated. We are still only aware of one state voter registration system that was penetrated and that office made a public statement at the time."

Homeland Security notified 21 states in September that Russian hackers tried to target their election systems ahead of the 2016 vote. Some states have disputed the notification, saying that the targeting activity was not specific to their election systems and that therefore their voting infrastructure was not targeted.

"It is also important to note that some of the 21 states notified discovered it was not their election networks that were targeted or scanned, but other networks in the state and non-election related websites," NASS said Thursday. "To be clear, a scan is not a hack."

 

WHAT'S IN THE SPOTLIGHT (AGAIN!): 

EQUIFAX: More than 30 senators are asking the Consumer Financial Protection Bureau (CFPB) for details about their investigation into last year's massive Equifax data breach following reports the agency has been dragging its feet on the probe.

The group, led by Sen. Brian SchatzBrian Emanuel SchatzGOP leader criticizes Republican senators for not showing up to work Senate takes shot at Trump, passes resolution affirming 'press is not the enemy of the people' Pentagon’s No. 2 official: Trump’s ‘Space Force’ could cost 'billions' MORE (D-Hawaii), sent a letter to the CFPB, dated Feb. 7, which cites a Reuters report that Acting Director Mick MulvaneyJohn (Mick) Michael MulvaneySunday shows preview: Trump stokes intel feud over clearances Pentagon, GOP breathe sign of relief after Trump cancels parade Middle-class Americans can't afford another trillion financial crash MORE has not approved a number of preliminary steps in the investigation.

"The CFPB has a statutory mandate to participate in this process by conducting an investigation," the senators wrote. "If that investigation exposes wrongdoing or consumer harm, the CFPB has the authority, and indeed a duty, to bring appropriate enforcement actions."

The CFPB said it received the letter but declined to comment on it. A spokesperson pointed to a statement put out earlier this week by Mulvaney's senior advisor John Czwartacki.

"Acting Director Mulvaney takes data security issues very seriously," Czwartacki said. "Under his direction, the CFPB is working with our partners across government on Equifax's data breach and response. We are committed to enforcing the law. As policy, we do not confirm or deny enforcement or supervisory matters."

The letter includes a list of questions on whether the investigation has been halted and what steps the agency has taken. It was signed by 30 Democrats, as well as Sens. Angus KingAngus Stanley KingOvernight Energy: Judge revives clean water rule | Keystone XL pipeline to get new environmental review | Nominee won't say if he backs funding agency Trump nominee won't say if he supports funding agency he was selected to run Trump draws bipartisan fire over Brennan MORE (I-Maine) and Bernie SandersBernard (Bernie) SandersBoogeywomen — GOP vilifies big-name female Dems RealClearPolitics editor: Moderate Democrats are losing even when they win Sanders tests his brand in Florida MORE (I-Vt.).

The Reuters report has prompted backlash from Democrats who have called for a crackdown on Equifax and the credit reporting industry following the breach that exposed sensitive information of more than 145 million people.

The Federal Trade Commission and the Justice Department are also conducting investigations into the breach.

To read the rest of our piece, click here.

 

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

White House to give phones to senior advisers for political calls. (The Hill)

Republican senators want to bar US government from using ZTE, Huawei devices. (The Hill)

OP-ED: Trump can end the ISIS cybersecurity threat once and for all. (The Hill)

UK lawmakers press social media giants over Russian influence. (The Hill)

The Senate Intelligence Committee is looking to release its election hacking report by March. (The Wall Street Journal)

Swiss telecoms company Swisscom suffered a data breach. (ZDNet)

Homeland Security announces $5.6 million in awards to bolster cybersecurity research. (DHS)