Midterm vote to set cyber agenda

Midterm vote to set cyber agenda
© Getty Images

The midterm elections will be the first major test of election security since 2016, and also set the stage for the next Congress's cyber priorities.

Cybersecurity is largely a bipartisan issue, but if Democrats take control of the House as expected, election security will likely move to the forefront of their agenda. There will also be even greater pressure on President TrumpDonald John TrumpMichael Flynn transcripts reveal plenty except crime or collusion 50 people arrested in Minneapolis as hundreds more National Guard troops deployed Missouri state lawmaker sparks backlash by tweeting 'looters deserve to be shot' MORE from liberal critics to counter foreign adversaries and ensure that the administration is taking steps to protect the 2020 vote.

ADVERTISEMENT

Democrats will be expected to push ahead on a number of other cyber priorities as well, including eliminating threats to the supply chain and resolving the contentious debate on the encryption of devices.

After all the votes are counted and the new lawmakers are sworn in, here are the three cyber topics to keep an eye on.

 

Election security

After Tuesday’s midterms, lawmakers will be left with two critical questions: Were the midterm elections secure, and what can they do to protect the 2020 election from cyberattacks?

Federal officials say they have worked over the past two years to secure the midterms after the intelligence community concluded that Russia interfered in the 2016 race.

Homeland Security Secretary Kirstjen NielsenKirstjen Michele NielsenHillicon Valley: Twitter falling short on pledge to verify primary candidates | Barr vows to make surveillance reforms after watchdog report | DHS cyber chief focused on 2020 Sen. Kennedy slams acting DHS secretary for lack of coronavirus answers The 'accidental director' on the front line of the fight for election security MORE said Friday that Tuesday’s election “is going to be the most secure election we’ve ever had,” while cautioning that with “this dynamic threat it changes by the minute.”

“As of today, we don’t have any indication that a foreign government has a sustained effort or sustained plan to hack our election infrastructure,” Nielsen said at a Council of Foreign Relations event. “But having said that, the moment that changes, we will of course let our state and local partners know.”

If a foreign entity is found to have interfered in the election, they will now be subject to an executive order President Trump signed in September, authorizing sanctions in the case of election interference.

Officials and experts have also said that while there are no signs of a foreign adversary having successfully penetrated U.S. voting systems, it’s possible that Russia and others are waiting for the 2020 election to fully mobilize their resources.

Congress appropriated $380 million in funding earlier this year for states to shore up their election systems, but has not passed any legislation on election security. The Secure Elections Act, largely viewed as lawmakers’ best shot at passing a bill, was held up in a Senate committee after the White House reportedly shared concerns about some of its measures.

Several bills have also been introduced on the topic, and Democratic measures in the House could have a shot at passing if the party takes control of the chamber. But if Republicans maintain their majority in the Senate, it’s unclear a bill could get to Trump’s desk.

Even if Tuesday’s elections go off without a hitch, there will still be pressure to pass legislation: 2020 is viewed as a major target for countries like Russia and China, and the Department of Justice last month unsealed its first charge against a Russian national tied to interfering in the midterm elections.

 

Supply chain threats

The Trump administration’s crackdown this week on China for economic theft highlights the U.S.’s growing mistrust of Chinese companies, including fears that devices manufactured in the country are a threat to national security.

Attorney General Jeff SessionsJefferson (Jeff) Beauregard SessionsThe Memo: Trump tweets cross into new territory Sessions goes after Tuberville's coaching record in challenging him to debate The 10 Senate seats most likely to flip MORE announced Thursday that the U.S. has charged a Chinese state-owned company, a Taiwanese company and three Taiwanese nationals for stealing trade secrets from the U.S.-based semiconductor firm Micron Technology.

Concerns that Chinese companies -- backed by the state government -- could infiltrate U.S. networks have grown, particularly amid the fight over Chinese telecom firm ZTE earlier this year.

The Commerce Department initially banned U.S. companies from selling to the firm for allegedly violating sanctions against Iran and North Korea. The Trump administration lifted the restriction, despite outcry from the intelligence community and lawmakers over its close ties to the Chinese government.

The administration was also expected to unveil executive orders addressing supply chain risks, but has since punted the issue to Congress.

Sens. Claire McCaskillClaire Conner McCaskillMissouri county issues travel advisory for Lake of the Ozarks after Memorial Day parties Senate faces protracted floor fight over judges amid pandemic safety concerns Amash on eyeing presidential bid: 'Millions of Americans' want someone other than Trump, Biden MORE (D-Mo.) and James LankfordJames Paul LankfordGOP senator calls on State Department to resume passport application processing GOP senators urge Trump not to restrict guest worker visas Senate revives surveillance brawl MORE (R-Okla.) unveiled a bill earlier this year to create a Federal Acquisition Security Council that would review IT equipment for potential supply chain risks before government purchases. That bill advanced out of committee last month. McCaskill, though, is in a tough race for reelection.

A White House report released last month also found that there are major, significant issues with the U.S. defense industrial base that could pose a national security risk. IN many cases, industry must seek devices from foreign countries that aren’t being manufactured in the United States.

“All facets of the manufacturing and defense industrial base are currently under threat, at a time when strategic competitors and revisionist powers appear to be growing in strength and capability,” the report reads.

While the measure hasn’t passed and a companion bill hasn’t been introduced in the House, all signs point to Lankford and McCaskill’s legislation being the most likely course of action to address supply chain concerns.

“It is very, very challenging because our systems have become more and more complex, more and more integrated,” Grant Schneider, the federal chief information security officer, said Thursday at Fifth Domain’s CyberCon, noting that an adversary can get into federal networks through even the smallest of vulnerabilities.

 

Encryption

The heated encryption debate could come to a head after the midterms.

Privacy hawks and law enforcement officials have long battled over whether devices developed by the private sector should have loopholes to allow authorities to tap into devices or services in important investigations.

But top Trump administration officials have ramped up pressure on tech companies in recent months to provide access to such systems, threatening to take action, including through legislation.

The discussion around stopping what law enforcement officials describe as “going dark” could be upended if Australia passes a new anti-encryption bill into law. Critics have warned that bill could pave the way for similar legislation in the U.S.

Australia, which is one of the U.S.’s five intelligence-sharing allies, would in part require companies to build a back door -- or face a steep fine. The bill has sparked an uproar among multinational companies like Google and Apple, which have opposed giving authorities workarounds to their encrypted products.

The battle over encryption spilled into the public eye when the FBI and Apple fought over access to an iPhone belonging to one of the San Bernardino terror attackers in 2016. And the debate was revived this year when Trump officials began wondering whether to press Congress for legislation mandating encryption back doors.

While Trump sided with the FBI as a Republican presidential candidate, it is unclear what stance he would take if the encryption debate flares up again.