Week ahead: Crunch time for defense bill’s cyber reforms | Equifax under scrutiny

Week ahead: Crunch time for defense bill’s cyber reforms | Equifax under scrutiny
© Getty Images

The House is out in the coming week and all eyes will be on the Senate as the upper chamber looks to finally pass its version of the annual defense policy bill.

The Senate version of the fiscal 2018 National Defense Authorization Act (NDAA) has several cyber-related provisions, including some incorporated into a substitute amendment offered by Armed Services Committee Chairman John McCainJohn Sidney McCainUpcoming Kavanaugh hearing: Truth or consequences How the Trump tax law passed: Dealing with a health care hangover Kavanaugh’s fate rests with Sen. Collins MORE (R-Ariz.).

Among those is language that would codify into law the Department of Homeland Security's newly issued ban on anti-virus software from Moscow-based cybersecurity firm Kaspersky Lab. The ban would apply to all federal agencies and departments. It was first proposed by Sen. Jeanne ShaheenCynthia (Jeanne) Jeanne ShaheenSome employees' personal data revealed in State Department email breach: report Dems seek ways to block Trump support for Saudi-led coalition in Yemen Hillicon Valley: Trump signs off on sanctions for election meddlers | Russian hacker pleads guilty over botnet | Reddit bans QAnon forum | FCC delays review of T-Mobile, Sprint merger | EU approves controversial copyright law MORE (D-N.H.).

ADVERTISEMENT

Kaspersky has come under increased scrutiny over alleged ties to Russian intelligence, though the company has long described the allegations as baseless. Kaspersky intends to produce a written statement to Homeland Security addressing concerns about its products. Eugene Kaspersky, the company's CEO, has also agreed to testify before Congress in the wake of the Homeland Security ban.

McCain's substitute amendment also incorporated language directing the Pentagon to report on significant security risks to defense critical electric infrastructure posed by "malicious cyber-enabled activities."

Several cyber-related amendments have been offered to the Senate version of the annual defense policy bill, though they risk not getting added.

As in years past, the defense bill again sparked a fight over which amendments would get votes and a number of more controversial measures were dropped.

On the cyber front, Sens. Tim KaineTimothy (Tim) Michael KaineDem lawmaker trolls Trump over reception of UN speech Trump: Boasting line in UN speech was 'meant to get some laughter' Kaine mocks Trump over UN laughter, resurfaces old tweet calling Obama a 'laughing stock' MORE (D-Va.) and Roger WickerRoger Frederick WickerGoogle says it continues to allow apps to access Gmail user data Trump cancels Mississippi rally due to hurricane Cruz gets help from Senate GOP in face of serious challenge from O’Rourke MORE (R-Miss.) have proposed language that would update and expand an existing federal cyber scholarship-for-service program run by the National Science Foundation.

Sen. Amy KlobucharAmy Jean KlobucharHillicon Valley: State officials share tech privacy concerns with Sessions | Senator says election security bill won't pass before midterms | Instagram co-founders leave Facebook | Google chief to meet GOP lawmakers over bias claims Election security bill won't pass ahead of midterms, says key Republican Senate Democrats increase pressure for FBI investigation of Kavanaugh MORE (D-Minn.) along with other Democrats has offered an amendment that would bar a joint cybersecurity initiative between the United States and Russia, a proposal floated by President Trump earlier this year. Trump, though, quickly backed away from the idea after criticism from both parties.

Additionally, Sen. Cory GardnerCory Scott GardnerSome employees' personal data revealed in State Department email breach: report Colorado governor sets up federal PAC before potential 2020 campaign Hillicon Valley: Trump signs off on sanctions for election meddlers | Russian hacker pleads guilty over botnet | Reddit bans QAnon forum | FCC delays review of T-Mobile, Sprint merger | EU approves controversial copyright law MORE (R-Colo.) has offered a measure prohibiting the Pentagon from contracting with telecommunications firms that support North Korean cyberattacks. An identical measure offered by Rep. Robert Pittenger (R-N.C.) made its way into the House version of the bill passed in July.

The Senate is poised to wrap up debate on the NDAA Monday evening, having voted Thursday to end debate on the substitute amendment.

The bill fully funds Trump's budget request for U.S. Cyber Command, the Pentagon's offensive cyber unit that the administration officially elevated into its own warfighting unit in August.

The coming week is also likely to produce more scrutiny of Equifax over the data breach that the credit reporting firm says exposed personal information on as many as 143 million Americans to hackers.

Lawmakers from both parties have sent letters and requests for testimony to Equifax executives, demanding answers on the circumstances surrounding the massive security breach. The issue has also triggered legislation addressing credit reporting and data security.

On Thursday, the Federal Trade Commission (FTC) disclosed that it has launched an investigation into the breach, which exposed consumers' Social Security numbers, birth dates, and some credit card numbers.

Some cyber-related news could be made off Capitol Hill next week, with former FBI Director James Comey slated to speak at Howard University's opening convocation on Friday.

It was just over three months ago that Comey captivated the nation with his testimony before the Senate Intelligence Committee, amid rampant speculation about the circumstances of Trump's decision to remove him.

In case you missed them, here are some of our recent articles:

DOJ: Google no longer contesting most cross border data warrants

Senators propose 9/11-style commission on Russian interference

Bipartisan House bill would save State Department's cyber office

Feds move to ramp up cyber hiring

Equifax feels the heat in Washington for breach

Homeland Security sued over warrantless phone, laptop searches at border

Government warns of Equifax phishing scams

US sanctions Iranian nationals for cyberattacks against banks