Overnight Cybersecurity: Senators demand Trump detail cyber strategy | Election security bill faces hurdles | North Korea linked to new cyberattacks on Turkish financial sector

Overnight Cybersecurity: Senators demand Trump detail cyber strategy | Election security bill faces hurdles | North Korea linked to new cyberattacks on Turkish financial sector
© Greg Nash

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...

 

THE BIG STORIES:

--SENATORS DEMAND CYBER STRATEGY FROM TRUMP: A bipartisan group of senators is pressing President TrumpDonald John TrumpWSJ: Trump ignored advice to confront Putin over indictments Trump hotel charging Sean Spicer ,000 as book party venue Bernie Sanders: Trump 'so tough' on child separations but not on Putin MORE to issue a national strategy for deterring malicious activity in cyberspace "as soon as possible," accusing successive administrations of not giving enough urgency to the issue. "The lack of decisive and clearly articulated consequences to cyberattacks against our country has served as an open invitation to foreign adversaries and malicious cyber actors to continue attacking the United States," the senators wrote in the letter, obtained by The Hill. "The United States has failed to formulate, implement, and declare a comprehensive cyber doctrine with an appropriate sense of urgency," they wrote. "We urge you to end this state of inaction immediately. The letter was spearheaded by Sen. Martin HeinrichMartin Trevor HeinrichCNN congressional correspondent talks about her early love of trolls and family Overnight Energy: DNC to reject fossil fuel donations | Regulators see no security risk in coal plant closures | Senate committee rejects Trump EPA, Interior budgets Energy commission sees no national security risk from coal plant closures MORE (D-N.M.). It is signed by Sen. Mike RoundsMarion (Mike) Michael RoundsKey GOP senator says ‘no question’ Russia is meddling in U.S. affairs GOP Senator: 'Very inappropriate' for Trump to discuss allowing Russia to question US citizens Election security bill picks up new support in Senate MORE (R-S.D.), who chairs the Senate Armed Services subcommittee on cyber, as well as several other senators from both parties. Lawmakers have taken issue with both the Obama and Trump administrations for failing to develop a comprehensive strategy for deterring and responding to malicious behavior in cyberspace. In order to press the executive branch on the issue, Congress inserted language into recent annual defense policy bills directing the president to develop a cyber deterrence strategy. President Trump strongly objected to a provision in the current National Defense Authorization Act (NDAA) requiring him to develop a national cyber policy, though he ultimately signed the bill. The issue came up most recently at a Senate Armed Services Committee hearing on worldwide threats that featured extensive discussions between lawmakers and top intelligence officials on cyber threats. Director of National Intelligence Dan CoatsDaniel (Dan) Ray CoatsHillicon Valley: Trump's Russia moves demoralize his team | Congress drops effort to block ZTE deal | Rosenstein warns of foreign influence threat | AT&T's latest 5G plans Questions mount over Trump-Putin discussions Overnight Defense: White House 'not considering' Ukraine referendum | Pompeo hopeful on plans for Putin visit | Measure to block ZTE deal dropped from defense bill MORE, in response to questions from Rounds at the hearing Tuesday, acknowledged that the government has not developed a comprehensive cyber policy. "I don't think the progress has been made quick enough to put us in a position where we have a firm policy and understanding, not only ourselves, but what our adversaries know relative to how we're going to deal with this," Coats said, noting that it will take a "whole-of-government" effort.

To read more from our piece, click here.

--LEWANDOWSKI TALKS TO HOUSE INTEL FOR RUSSIA PROBE: The top Democrat on the House Intelligence Committee on Thursday said Corey LewandowskiCorey R. LewandowskiThe Hill's 12:30 Report — Sponsored by Delta Air Lines — GOP spars with FBI agent at tense hearing Washington big names celebrate launch of Hill.TV The Hill's Morning Report — Trump denigrates NATO allies, floats 4 percent solution MORE selectively declined to answer questions about key events and conversations during his second interview before the panel. Rep. Adam SchiffAdam Bennett SchiffObama, Bush veterans dismiss Trump-Putin interpreter subpoena Hillicon Valley: Officials pressed on Russian interference at security forum | FCC accuses Sinclair of deception | Microsoft reveals Russia tried to hack three 2018 candidates | Trump backs Google in fight with EU | Comcast gives up on Fox bid Top intel chief: I don't know what Trump, Putin discussed in meeting MORE (D-Calif.) called on the majority to issue a subpoena on the former Trump campaign manager, calling it unacceptable for a witness to refuse to answer particular questions that are relevant to their Russia probe. He warned the panel continues to set a "broader precedent" of noncompliance that could hobble future congressional investigations. "Witnesses do not get to pick and choose when it comes to very relevant testimony to our investigation," Schiff told reporters after the meeting ended. He said Lewandowski refused to answer a series of questions about key events, including the initial statement from Donald Trump Jr.Donald (Don) John TrumpFox News bigger than ever two years after Roger Ailes Kimberly Guilfoyle leaving Fox News to campaign with Donald Trump Jr.: report George Will charges that Trump colluded with Putin MORE about the controversial June 2016 Trump Tower meeting with a Russian lawyer and the firing of former FBI Director James ComeyJames Brien ComeyThere was nothing remotely treasonous in Trump's performance with Putin Opinion: One FBI text message in Russia probe that should alarm every American Clapper: Intel officials showed Trump evidence of Putin's role in election meddling MORE, as well as any conversations he may have had with the president about the potential firing of special counsel Robert MuellerRobert Swan MuellerSasse: US should applaud choice of Mueller to lead Russia probe MORE. "They didn't believe it was relevant and we emphasized it repeatedly that was not their determination to make," Schiff said in part. "And of course, whether the administration knowingly made false statements about meetings with Russians is very relevant to our investigation, whether their actions taken to impede the investigation, obstruct the investigation is also very relevant so it was a meritless objection." Lewandowski, who left the committee's closed spaces after roughly three hours -- a short period compared to his last interview and appearances by other witnesses -- said he answered "every question you can [imagine]." "One thing is unequivocal: no collusion, no cooperation, no coordination," he added. Lewandowski is just the latest in a string of witnesses who have refused to answer certain questions before the Intelligence Committee. The meeting with Lewandowski, which was repeatedly described by lawmakers on both sides of the aisle as "tense" or "contentious," was also described as "productive" in obtaining new information.  

To read more of our piece, click here.

 

--TOP GENERAL SAYS TRUMP LACKS UNIFIED EFFORT TO COMBAT RUSSIAN CYBER THREAT: The head of U.S. European Command said Thursday that the U.S. government does not have an effective unified effort to confront cyber threats from Russia. "I don't believe there's an effective unification across the interagency with the energy and the focus that we could attain," Army Gen. Curtis Scaparrotti told lawmakers during a Senate Armed Services Committee hearing. Scaparrotti, who is also the supreme allied commander of NATO, had been asked by the committee's top Democrat Sen. Jack ReedJohn (Jack) Francis ReedSenate Dems press for info on any deals from Trump-Putin meeting Senate Dems tell Trump: Don't meet with Putin one-on-one Schumer: Trump should cancel meeting with Putin MORE (R.I.) how he would assess the country's "whole-of-government response" to confront Russia's cyber threat. The general also said that the Pentagon is trying to map out the scope of Russian cyber activity, but so far does not have a full picture of the activity. "We're getting better understanding of it," he said. "I would not characterize it as a - as a good picture at this point, not satisfactory to me." Reed also asked Scaparrotti whether he has noticed Russia directly targeting the United States with cyber and information warfare. Scaparrotti replied that he had seen Russian activity related to "infrastructure, reconnaissance, et cetera within the United States," but would not offer further details. During the Senate hearing Thursday, Sen. Ben SasseBenjamin (Ben) Eric SasseChristine Todd Whitman: Trump should step down over Putin press conference GOP lambasts Trump over performance in Helsinki GOP senator: Senate should be 'disgusted' by Helsinki summit MORE (R-Neb.) called out the Trump administration for failing to address Russian cyber threats. "You and your colleagues end up taking a lot of the beating for what is really a failure of political leadership in both the legislative and executive branches and both parties," Sasse told Scaparrotti. "In the current moment with Russian attacks, the current administration has no real response. The legislature is not nearly serious ... enough about this issue."

To read more from our piece, click here.

 

A LEGISLATIVE UPDATE: 

ADVERTISEMENT

MORE HURDLES FOR ELECTION CYBERSECURITY: Senators are running into roadblocks from state officials as they try to craft legislation to secure election systems before the midterms in November.

Sens. James LankfordJames Paul LankfordGOP seeks separation from Trump on Russia Hillicon Valley: EU hits Google with record B fine | Trump tries to clarify Russia remarks | Sinclair changing deal to win over FCC | Election security bill gets traction | Robocall firm exposed voter data Election security bill picks up new support in Senate MORE (R-Okla.) and Kamala HarrisKamala Devi HarrisTrump: ‘Dems have a death wish’ Election Countdown: Senate, House Dems build cash advantage | 2020 Dems slam Trump over Putin presser | Trump has M in war chest | Republican blasts parents for donating to rival | Ocasio-Cortez, Sanders to campaign in Kansas Senate Democrats block resolution supporting ICE MORE (D-Calif.) are pushing for legislation that would bolster the security of U.S. voting infrastructure, with an eye toward countering threats from adversaries like Russia.

But Lankford on Wednesday was forced to table an amendment to a bill moving through the Senate that was aimed at improving information-sharing between federal and state election officials on election cyber threats. State officials objected to the amendment.

The development sparked frustration on the Senate Homeland Security and Governmental Affairs Committee, where lawmakers have been agitating for action.

"Texas had elections yesterday," said Harris, referring to the state's Democratic and Republican primaries. "This is an issue that we should approach, I think, with a great sense of urgency and immediacy."

What to do about election cybersecurity has been a source of tension between federal and state officials since the revelation that Russia tried to hack into election-related systems as part of its broader influence campaign against the U.S. in 2016.

While none of the systems targeted by Russia were involved in vote tallying, officials fear those campaigns could grow in scope and sophistication.

The Obama administration in its waning days designated election infrastructure as critical and therefore subject to optional federal protections from the Department of Homeland Security (DHS). State and local officials balked at the move, fearing a federal takeover of elections.

States have also complained that DHS was slow to share information on the Russia threat. The department formally notified election officials in 21 states that they had been targeted by Russian hackers last September, nearly a year after the 2016 election took place.

Lankford's amendment, provided to The Hill by an aide, aimed to improve the flow of information between federal officials and state officials involved in administering elections.

The lawmaker hoped to offer the amendment to a bill reauthorizing DHS that is under consideration in the Senate. But four secretaries of state -- who serve as the chief election officials in most states -- wrote to the committee Tuesday expressing concerns over the provision and one later withdrawn by Sen. Maggie HassanMargaret (Maggie) HassanNew Hampshire governor signs controversial voting bill Conway takes aim at congressional intern who yelled 'f--- you' at Trump Fox's Regan defends CNN's Acosta, calls for civility: 'What has happened to us?' MORE (D-N.H.) that would have codified into law steps DHS has undertaken to secure U.S. voting infrastructure.

The letter, signed by officials in Indiana, Louisiana, Georgia and New Mexico, questioned the need for the amendments to be included in the reauthorization bill, according to a copy obtained by The Hill.

"With so much scrutiny and ongoing investigations into the Russian involvement in the 2016 Presidential election, it would be more prudent to allow the investigation reports to be finalized and sent to the Congress and the President with conclusive evidence of what may have occurred before assuming what a proper solution might be," Indiana Secretary of State Connie Lawson wrote.

The Senate Intelligence Committee, which is investigating Russian interference in the presidential election, is expected to release a bipartisan report on election security later this year.

Lankford's amendment in its current form would direct DHS to promptly share election cybersecurity information with state election officials, unless the department secretary "makes a specific determination in writing that there is good cause to withhold the particular information." The state officials suggested the provision could potentially block state officials from receiving timely threat information.

The amendment would also mandate that election service providers, including vendors and contractors, notify state officials promptly if election systems -- including voting machines, voter registration databases and election agency email systems -- are breached, and that state officials provide the information to their federal counterparts in a timely fashion.

The secretaries of state questioned whether states would be penalized if a vendor or contractor failed to notify state election agencies of cybersecurity incidents.

To read more from our piece, click here.

 

A REPORT IN FOCUS: 

NORTH KOREA LINKED TO NEW CYBERATTACKS ON TURKISH FINANCIAL SECTOR: Experts have unearthed evidence of a new North Korean hacking operation targeting Turkey's financial sector.

The hacking group "Hidden Cobra," also known as the Lazarus Group, has been orchestrating malware attacks against Turkish financial organizations that began earlier this month. They have included the targeting of an unnamed government entity involved in trade and finance, researchers from U.S.-based cyber firm McAfee said Thursday.

The attacks used a new variant of malware known as "Bankshot." No money appears to have been taken in the attacks, but the researchers warned that they could be a precursor of future heists.

"Bankshot is designed to persist on a victim's network for further exploitation; thus the Advanced Threat Research team believes this operation is intended to gain access to specific financial organizations," the researchers wrote in the report released Thursday.

North Korea has been increasingly linked to cyberattacks that could yield financial gains, as international financial sanctions have squeezed Pyongyang's economy. Experts also see evidence of North Korean government hackers targeting cryptocurrency.

The U.S. Department of Homeland Security (DHS) first issued an alert on the Bankshot malware implant last December, tying it to "Hidden Cobra," the name used by the U.S. government to describe malicious cyber activity from the North Korean government.

The activity against Turkish financial organizations is the first instance of new Bankshot variants surfacing in 2018, McAfee said. The malware has previously been tied to efforts to compromise global banking messaging system SWIFT.

The researchers traced the first infection of the new campaign to March 2 and 3, first targeting an unnamed government-controlled financial organization followed by a Turkish government entity involved in trade and finance. The researchers said the malware has not yet surfaced in other countries or sectors beyond finance.

The malware leverages a vulnerability in Adobe Flash that was only publicly identified at the end of January, meaning that the hackers worked quickly to develop malware to exploit the flaw.

"The campaign has a high chance of success against victims who have an unpatched version of Flash," McAfee wrote.

To read more from our piece, click here.

 

A LIGHTER CLICK:

In honor of International Women's Day, CNET celebrates women in tech.

 

WHAT'S IN THE SPOTLIGHT: 

CYBER VULNERABILITY DISCLOSURE: Rep. Ted Lieu (D-Calif.) is pressing the Trump administration to report regularly to Congress on the secretive process by which the federal government decides whether to share unknown cyber vulnerabilities with the private sector.

The Trump administration has sought to bring more transparency to what is called the Vulnerabilities Equities Process (VEP) under pressure from lawmakers, public advocacy groups and others in the private sector. The process of disclosing what are commonly known as "zero days" to tech companies has attracted increased scrutiny in the wake of high-profile malware outbreaks that leveraged hacking tools allegedly developed by the NSA.

Last November, the White House released the first-ever public charter on the VEP, laying out its purpose and disclosing the agencies and officials that participate in it.

Lieu commended the decision as a step toward transparency in a letter to White House cybersecurity coordinator Rob Joyce sent this week. However, he expressed concerns "with the level of discretion when it comes to sharing information with Congress."

Lieu's letter, first reported by Politico, referenced a section of the public charter that says the administration "may" report annually to Congress on the process.

"The new policy lacks the critical piece of accountability to give the American people full confidence in the government's decision-making on vulnerability disclosure," Lieu wrote.

"The ultimate success of the VEP hinges on whether the results of the government's opaque decision-making on vulnerability disclosure can be audited by Congress to ensure the desired policy is being achieved," the lawmaker wrote.

Specifically, the charter says that the National Security Agency, which serves as the "executive secretariat" of the VEP, will produce an annual report on the process to participating agencies as well as the National Security Council that includes statistical data and any changes to the structure of the board that makes determinations on cyber vulnerabilities.

"The report will be written at the lowest classification level permissible and will include, at a minimum, an executive summary written at an unclassified level. As part of a commitment to transparency, annual reporting may be provided to Congress," the charter states.

To read more from our piece, click here.

 

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

Rohrabacher under fire over Russia ties. (The Hill)

Schiff questions whether Erik Prince misled lawmakers about Seychelles meeting. (The Hill)

French president vows to crack down on hate speech online. (France 24)

Russians created an anti-Hillary Clinton video game and promoted it online before the 2016 election. (CNN)

A comprehensive view of EternalBlue, the leaked NSA hacking tool. (Wired)

OPM again criticized on response to massive breach. (NextGov)

Fake news is much more likely to spread on Twitter than real news, study finds. (Reuters)

Official admits intel community doesn't share enough information on cyber threats with the rest of the government, private sector. (Bloomberg)