Overnight Cybersecurity: Senate takes a hard line on Russia | Dems want hearings on Trump’s cyber issues
Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …
THE BIG STORIES:
–RUSSIA: Eight Republican senators on Thursday urged President Trump to take a harder line on Russia, days after he made controversial comments defending Russian President Vladimir Putin. “We write to ask you to pursue a results-oriented, but tough-minded and principled policy toward the Russian Federation,” the lawmakers wrote in a letter to Trump. “While we should seek common ground with Russia in the areas of mutual interest, we must never pursue cooperation with Russia at the expense of our fundamental interests of defending our allies and promoting our values.” Signees included Sens. Cory Gardner (Colo.), James Inhofe (Okla.), Todd Young (Ind.), Rob Portman (Ohio), Mike Rounds (S.D.), Joni Ernst (Iowa), Susan Collins (Maine) and Lindsey Graham (S.C.). They urged the president to take steps to counter continued Russian aggression in eastern Ukraine, following the 2014 annexation of the Crimean peninsula, and maintain the current sanctions regime until Russia withdraws from the country. They also pressed the president not to enter into any diplomatic or military agreements with Moscow as long as Russia supports Syrian President Bashar Assad in the ongoing conflict in that country. Trump has said that the U.S. and Russia should cooperate to fight the Islamic State in Iraq and Syria (ISIS). Officials and national security experts have argued that such a proposal is fanciful, saying Russia’s primary goal is to maintain influence in the region by propping up the Assad regime. For example, few Russian airstrikes in the region have been against ISIS targets. “It is plainly evident that despite Russian claims to the contrary, Moscow’s main goal is not the defeat of the Islamic State, but the preservation of the Assad regime at any cost,” the lawmakers wrote Thursday, using an alternate name for the terror group.
To read the rest of our piece, click here.
–MORE RUSSIA: There was also bipartisan agreement in the Senate Foreign Relations Committee Thursday that the legislative branch should take decisive action against Russia, even if that means circumventing the White House’s expressed desire for a better relationship between the two nations. Chairman Bob Corker (R-Tenn.) expressed disappointment with comments Trump made about Russia and Ukraine. “Despite the unfortunate statements that end up being made, there are folks within the administration with a very, very, very different point of view. And I think us working with them to create policies with them that we would support is something we can play a role in doing,” he added.
Ranking Member Ben Cardin (D-Md.) and several other senators advocated for recently proposed bipartisan legislation that would take decisions about Russian sanctions out of the hands of the White House at the hearing, titled “The United State, the Russian Federation and the Challenges Ahead.” Cardin noted the bill is modeled on similar legislation regarding the Iran nuclear deal that was crafted by several committee members. Former NATO Supreme Allied Commander Phillip Breedlove and Strategy and Statecraft Director Julianne Smith of the Center for New American Strategy told the panel it is critical to keep up a hard-line approach against Russia — including maintaining sanctions. “It would be a sign of weakness to ease those sanctions for anything less than full compliance with Minsk,” said Breedlove, referring to two summits between Russia and other world powers that set limits on Moscow’s role in Ukraine.
To read the rest of our piece, click here.
–EVEN MORE RUSSIA: In his January call with Russian President Vladimir Putin, President Trump condemned a 2010 nuclear arms-reduction treaty as a bad deal for the U.S., Reuters reported Thursday. Asked by Putin about the possibility of extending the treaty capping U.S. and Russian deployment of nuclear warheads — known as New START — Trump reportedly paused to ask his aides what the treaty was, two U.S. officials and one former U.S. official briefed on the call told Reuters. He then told Putin it was one of a number of bad deals negotiated by former President Barack Obama and that it favored Russia, before launching into a conversation about his own popularity, according to the sources. (Read more on the call here). This matters in a cybersecurity context because Trump has suggested trading a reduction of sanctions with Russia for nuclear disarmament, suggesting he might not have researched the framework he’d be dealing with.
A JUDICIAL UPDATE:
— NOT RUSSIA! A federal judge is allowing a lawsuit from Microsoft to move forward. The tech giant brought the suit to limit when law enforcement can issue an indefinite surveillance gag order preventing companies from telling customers that their data has been searched.
The digital giant is suing on behalf of its customers, arguing that such gag orders are only appropriate when alerting customers would cause a security or safety risk. The Department of Justice argued that Microsoft lacked standing to sue on behalf of its customers.
On Wednesday, a Seattle district court took Microsoft’s side.
“We’re pleased this ruling enables our case to move forward toward a reasonable solution that works for law enforcement and ensures secrecy is used only when necessary,” said Brad Smith, Microsoft president and chief legal officer in a statement.
A LIGHTER CLICK: MYSTERY CACTUS.
A BREACH IN FOCUS:
–FAST FOOD HACK: Fast food chain Arby’s has confirmed to KrebsonSecurity that it suffered a security breach involving malicious malware installed on payment card systems at hundreds of the sandwich giant’s corporate locations.
“Arby’s Restaurant Group, Inc. (ARG) was recently provided with information that prompted it to launch an investigation of its payment card systems,” Arby’s told the website in a written statement.
The company first learned of the breach in mid-January from industry partners, but was told to keep quiet about it by the FBI, a spokesman said. Arby’s did not say how long it believes the malware infected the payment card systems.
The chain immediately notified law enforcement of the breach and launched the investigation, which is ongoing. Arby’s also took “measures to contain this incident and eradicate the malware from systems at restaurants that were impacted,” the company said. The breach did not affect the chain’s franchise locations.
WHAT’S IN THE SPOTLIGHT:
–THE CYBER EXECUTIVE ORDER: Washington was abuzz this week with talk the President might finally sign a cybersecurity executive order.
Two weeks ago, the Washington Post printed a purported draft of the executive order that focused on audits of government agencies cyber issues. Last week, reporters were briefed on a far more substantial order the president was slated to sign but never did. By midweek, rumors had started swirling that the order would finally be signed this week. With the week running to its end, talk shifted to suggest the order may instead be signed next week.
As briefed to the press last week, the order would include having all agencies abide by the National Institute of Standards and Technology cybersecurity framework – an Obama commissioned document with wide private sector support describing how to develop a security strategy. The executive order would also use the Office of Management and Budget in a role akin to a chief risk officer, alerting agencies to the level of risk different actions would cause so agencies could prioritize security moves.
Newer rumored additions to the order include increasing transparency in publicly traded companies over cybersecurity risks and efforts to fight botnets.
With the exception of mandating increased corporate transparency – something business groups oppose – none of the orders elements would be too controversial. And experts peg the order as, overall, pretty helpful. But with the changes between the two drafts the press has been able to see and continual delays, the final order could be very different.
–DEMS WANT HEARINGS ON TRUMP WHITE HOUSE’S CYBER ISSUES:
Democrats on the House Committee on Science, Space, and Technology are asking for hearings about the executive branches’ cyber vulnerabilities.
Rep. Eddie Bernice Johnson (D-Texas), the committee’s ranking member, and two other Democrats wrote a letter to Republican committee leaders on Thursday asking to probe cyber issues in President Trump’s White House.
They cited the massive amount of media and congressional scrutiny of former Secretary of State Hillary Clinton’s use of a private email server as a precedent for their request.
“We are writing to inform the Committee of further opportunities to investigate Executive Branch cybersecurity issues that have been of intense interest to you in the past,” Reps. Johnson, Don Beyer (D-Va.), and Dan Lipinski (D-Ill.) wrote in the letter.
They accused the new administration of showing a “shocking disregard for cybersecurity practices,” pointing to news reports that senior Trump administrative staffers had active accounts on a Republican National Committee server and revelations that President Trump’s @POTUS Twitter account was linked to an unsecured Gmail account.
They also expressed concern over Trump’s use of an unsecured “outdated Android phone,” which he is reportedly still using.
To read the rest of the piece, click here.
IN CASE YOU MISSED IT:
Links from our blog, The Hill, and around the Web.
Cardiff University researchers snagged a research grant to study hate crimes incited by Brexit. (The Register)
Tom Bossert, tapped to advise President Trump on cybersecurity matters, gets good reviews (Wired)
Rep. Gerry Connolly (D-Va.) will reintroduce the Modernizing Government Technology act, which passed the house last year. It would fund replacements for elderly federal IT – ultimately both cheaper and more secure. (NextGov)
The Army is weighing a program that would allow civilians with cyber expertise to be directly commissioned into the service (Stars and Stripes)
Unless the government is willing to add regulations, Amazon’s drone delivery dreams might be grounded. (Recode)
If you’d like to receive our newsletter in your inbox, please sign up here.
The Hill has removed its comment section, as there are many other forums for readers to participate in the conversation. We invite you to join the discussion on Facebook and Twitter.