Overnight Cybersecurity: Russian sanctions deal clears Senate hurdle | How nations rank on internet port security

Overnight Cybersecurity: Russian sanctions deal clears Senate hurdle | How nations rank on internet port security
© Getty Images

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...


The Senate easily voted Wednesday to advance a bipartisan agreement to slap new financial penalties on Russia and let Congress weigh in before President Trump can lift sanctions. Senators voted 97-2 to attach the deal to an Iran sanctions bill currently being debated on the Senate floor. Republican Sens. Rand PaulRandal (Rand) Howard PaulGOP political operatives indicted over illegal campaign contribution from Russian national in 2016 White House debates vaccines for air travel Senate lawmakers let frustration show with Blinken MORE (Ky.) and Mike LeeMichael (Mike) Shumway LeeHillicon Valley — Presented by Xerox — Officials want action on cyberattacks Senate panel advances antitrust bill that eyes Google, Facebook Trump pushes back on book claims, says he spent 'virtually no time' discussing election with Lee, Graham MORE (Utah) were the only senators to vote against including new Russia penalties in the legislation. The Senate is expected to pass the Iran and Russia sanctions bill as soon as this week. Absent an agreement, the Senate will take another procedural vote on the legislation on Thursday morning. The vote comes after top Republicans held off for months from backing tougher financial penalties in a bid to give the Trump administration space to try to improve the U.S.-Russia relationship, which soured under the Obama administration. But top senators have signaled that talks with Russia over Syria, where Moscow supports Syrian President Bashar Assad, were moving too slowly to warrant holding off on new penalties. "We must take our own side in this fight. Not as Republicans, not as Democrats, but as Americans. It's time to respond to Russia's attack on American democracy with strength, with resolve, with common purpose, and with action," Sen. John McCainJohn Sidney McCainWhoopi Goldberg signs four-year deal with ABC to stay on 'The View' Collins to endorse LePage in Maine governor comeback bid Meghan McCain: Country has not 'healed' from Trump under Biden MORE (R-Ariz.) said ahead of Wednesday's vote.  The Russia deal would impose new sanctions, including on any individuals tied to "malicious cyber activity," supplying weapons to Assad's government or individuals tied to Russia's intelligence and defense sectors. It would also give Congress 30 days -- or 60 days around the August recess -- to review and potentially block Trump from lifting or relaxing Russia sanctions; codify the sanctions on Russia imposed by executive order by the Obama administration, and allow the Trump administration to impose new sanctions on sectors of the Russian economy.


To read the rest of our piece, click here.

--...TILLERSON ARGUES FOR MORE 'FLEXIBILITY': Secretary of State Rex Tillerson warned on Wednesday that Congress should not pass any legislation that would undercut "constructive dialogue" with Russia. "I would urge Congress to ensure any legislation allows the president to have the flexibility to adjust sanctions," he said during a House Foreign Affairs Committee hearing. Asked about Tillerson's comments, Corker told The Hill that he thought the legislation didn't prevent the administration from lifting sanctions if they are able to make progress with Russia. "Obviously this is a very strong piece of legislation and it is forward in its policy, but yes, if progress is made they have the ability to do what they need to do. In certain cases it would require congressional review," he said. He added that if he was in Tillerson's position "I would be saying the same thing. ...No administration wants input from legislative branches."



BACK TO THE FCC. President Trump on Tuesday nominated Jessica Rosenworcel to return to the Federal Communications Commission to fill an open seat for a Democrat.

A former commissioner, Rosenworcel served from 2012 to January 2017 as her term expired.

Senate Minority Leader Chuck SchumerChuck SchumerDemocrats' do-or-die moment Biden touts 'progress' during 'candid' meetings on .5T plan Progressives push for fossil subsidy repeal in spending bill MORE (D-N.Y.) had pushed for her to serve another term, and former President Barack ObamaBarack Hussein ObamaTop nuclear policy appointee removed from Pentagon post: report Prosecutors face legal challenges over obstruction charge in Capitol riot cases Biden makes early gains eroding Trump's environmental legacy MORE renominated her in the days before he left office. But President Trump withdrew her nomination in February.


Rosenworcel has been a strong supporter of the FCC's Obama-era net neutrality rules, which new Republican Chairman Ajit Pai is moving to roll back.

Trump's decision to tap Rosenworcel to serve another term was roundly praised by both Democrats and Republicans at the FCC, cable industry advocates and net neutrality supporters alike.

"Ms. Rosenworcel is a great pick for the FCC and I'm happy the Administration accepted our recommendation," Schumer said in a statement. "Once she is confirmed by the Senate, I look forward to working with her to prioritize consumer protections – including preserving net neutrality, expanding rural broadband and more."

To read the rest of our story, click here.



NIGHTMARE TURKEYS ONCE ROAMED THE OUTBACK. Crocodile Dundee could have been way more interesting.



WE'RE NOT NUMBER ONE! When it comes to a recent report by the security firm Rapid7, the United States is not number one when it comes to securing the connection points used in internet communications called ports. In fact, the U.S. is number 137.

Each internet protocol tends to use a different port to form a connection, be it email, web traffic, a file sharing system, databases or something else. For less used protocols, it's wise to completely block all connections. The report evaluated each country by the percentage of systems that accepted connections over different protocols and how often traffic was unencrypted and could therefore be intercepted by eavesdroppers.

Many threats take advantage of exposed ports. The Wanna Cry ransomware used exposed ports for a native Windows file sharing service. The Mirai botnet that briefly knocked Netflix and Twitter offline used exposed telnet ports in internet connected devices.

The report finds GDP does not correlate with security or even a national reputation for cyber savviness. The most exposed regions, it finds, are Zimbabwe, Hong Kong, Samoa, Republic of the Congo, Tajikistan, Romania, Ireland, Lithuania, Australia, and Estonia. Ireland hosts many internet companies' European operations and Estonia is generally considered one of the most vigilant nations against nation-state attackers.

The U.S. outranks Russia, China, France, Singapore, Taiwan, Spain, Canada and New Zealand - all of whom place in the top 50 exposed nations. It also edges out 129th ranked Germany.

Iceland, Japan, Sweden, Switzerland and Belgium are among the wealthy nations that have the U.S.'s better.

The top spot went to the West African nation of Togo.  



HEARINGS AND OTHER HILL MEETS: Two star-studded (at least, cybersecurity star-studded) hearings and one additional meeting on the Hill will take place tomorrow.

The House Judiciary Committee will take on the issue of cross-border data warrants. Both Microsoft and Google have gone to court over whether user emails stored in Europe are within the grasp of a federal warrant if the government doesn't get the permission of the country where the data is hosted. If those warrants are valid, companies worry they may have to break one country's laws to abide by another's.

Foreign nations have the same issues with data stored stateside. Finding a solution is so important that UK Deputy National Security Advisor Paddy McGuiness testified in front of the Senate about it the day after the recent UK terror attacks. His country decided it was more important he appear here.


McGuiness will appear at the House hearing tomorrow at 10 a.m., along with Acting Deputy Attorney General Richard Downing and Google Director of Law Enforcement and Information Security Richard Salgado.

At the same time, two subcommittees from the House Science Committee will mine for lessons to be learned from the WannaCry ransomware attacks.

The hearing will feature Symantec Chief Technology Officer Hugh Thompson. Symantec compiled the most thorough case linking Wanna Cry to a North Korean government intelligence group nicknamed Lazarus. That attribution has been backed by other researchers but remains controversial.

The hearing also boasts Salim Neino, CEO of Kryptos Logic, the company that took control of the "killswitch" web domain that prevented Wanna Cry from damaging many more systems. By controlling that website, Kryptos Logic has unparalleled access to statistics about the attack as infected systems make contact. Neino is expected to say that the killswitch prevented 10-15 million attacks.

Finally, the industry group Software.org is hosting a discussion about the digital requirements to expand national infrastructure. The meeting takes place in room 2203 of the Rayburn House Office Building at noon, and features Rep. Darrell Issa (R-Calif.) as a speaker.




Links from our blog, The Hill, and around the Web.

The heads of the Senate Intelligence Committee met with independent counsel Mueller. (The Hill)

The Senate Judiciary will probe political interference with the FBI. (The Hill)

Uber's nightmare year continues; the FTC is investigating privacy violations at the ridesharing company. (The Hill)

Democratic senators look to block an FCC plan to allow telemarketers to leave "ringless" voicemails. (The Hill)

A Freedom of Information Act filing shows that some unnamed internet company defied the NSA. (ZDNet)

Xerox icon Chuck Thatcher passed away. (The Register)

Germans are not in love with moving to a U.S.-style data regulatory regime. (ZDNet).

Why Intel's 286, 386 and 486 processors were never followed by a 586. (Motherboard)


If you'd like to receive our newsletter in your inbox, please sign up here.