Overnight Cybersecurity: Senate Judiciary reportedly drops Manafort subpoena | Kushner meets with House Intel | House passes Russia sanctions deal | What to watch at ‘hacker summer camp’
Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …
THE BIG STORIES:
–MANAFORT AGREES TO SPEAK WITH INVESTIGATORS: The Senate Judiciary Committee has reportedly dropped its subpoena against Paul Manafort just hours after it was issued. According to a report by Politico, Manafort has agreed to speak with investigators. The committee had subpoenaed Manafort earlier Tuesday to appear publicly before the committee on Wednesday. Committee Chairman Chuck Grassley (R-Iowa) and ranking member Dianne Feinstein (D-Calif.) announced Tuesday that they had subpoenaed Manafort, President Trump’s former campaign chief, on Monday night. Manafort interviewed with the staff of the Senate Intelligence Committee Tuesday morning. Manafort and Donald Trump Jr. have been the subjects of close scrutiny in recent weeks following revelations about a meeting between Trump’s eldest son and a Russian lawyer who was presented as someone with damaging information on then-Democratic presidential nominee Hillary Clinton. Read more here.
–KUSHNER MEETS WITH HOUSE INTELLIGENCE COMMITTEE: Jared Kushner spent roughly three hours behind closed doors answering questions from House lawmakers investigating Russian interference in the 2016 U.S. presidential election on Tuesday. President’s Trump’s son-in-law and senior adviser exited the secured room in the U.S. Capitol just before 1:30 p.m. Tuesday afternoon, declining to answer questions from reporters about the outcome of the meeting. Leaders of the House Intelligence Committee’s probe offered few details on the interview but left the door open for the possibility of Kushner returning for more questioning. Kushner has become a focus in the probe as a result of his meetings with Russians, including Sergey Kislyak, Moscow’s ambassador to the United States, and the recent revelation that he attended the meeting between Donald Trump Jr., the president’s eldest son, and a Russian lawyer promising damaging information on Hillary Clinton. On Monday, Kushner met behind closed doors with staffers on the Senate Intelligence Committee as part of its investigation, saying in rare public remarks after that he did not collude with Russia during the presidential campaign and had no improper contacts.
To read the rest of our piece, click here.
–HOUSE PASSES RUSSIA SANCTIONS BILL: The GOP-controlled House easily passed bipartisan legislation on Tuesday to limit the Trump administration’s ability to lift sanctions on Russia. Three Republicans –Reps. Justin Amash (Mich.), Jimmy Duncan (Tenn.) and Thomas Massie (Ky.) — voted against the bill, which passed 419-3. Tuesday’s vote amounted to a rebuke of Trump, whose administration had pushed to water down the bill’s provisions giving Congress the power to veto the lifting of sanctions. “This strong oversight is necessary. It is appropriate. After all, it is Congress that the Constitution empowers to regulate commerce with foreign nations,” House Foreign Affairs Committee Chairman Ed Royce (R-Calif.) said. Trump expressed a desire to mend relations with Russia during the 2016 campaign, and is reportedly considering restoring Russian access to two diplomatic compounds in New York and Maryland that the Obama administration seized last year as punishment for the country’s use of cyberattacks and disinformation against the U.S. presidential election. The White House has sent mixed messages on whether Trump supports the legislation–but he lacks the votes to block the legislation, given that the House passed the bill with a veto-proof majority.
To read the rest of our piece, click here.
A POLICY UPDATE:
–DEMS MOVE TO BOOST CYBER WORK FORCE: Three House Democrats on Tuesday introduced a multi-layered bill aimed at boosting the cybersecurity workforce.
The “New Collar Jobs Act,” released by Reps. Ted Lieu (Calif.), Matt Cartwright (Pa.) and Ann McLane Kuster (N.H.), would establish incentivized tax breaks for employers offering cybersecurity training, increase funding for a cyber scholarship program and establish a student debt relief program for cybersecurity job takers.
“Our vision is to improve our economy and national security by re-educating industrial workers with high-demand skills in cyber to fill these ‘New Collar’ jobs – positions that have competitive salaries, career growth potential, and cannot be outsourced,” Lieu said in a statement.
In addition to providing the first tax breaks for employee training or education in cybersecurity, it would also boost the evaluation scores used to determine government contracts for employers utilizing the tax break by 5 percent.
The bill would double the size of the CyberCorps program, which offers scholarships in exchange for government service and add $10 million to the Advanced Technological Education Program in cybersecurity, which funds community college students.
To read the rest of our piece, click here.
A LIGHTER CLICK:
Mushroom foraging? There’s an app for that. (Motherboard)
AN OPINION IN FOCUS:
SHOULD U.S. ‘OWN UP’ TO ITS CYBER STRENGTHS? That’s what a former Pentagon cyber official argues in a new a guest blog post for the Council on Foreign Relations. Michael Sulmeyer, the Pentagon’s former director for plans and operations for cyber policy, lays out the problems with relying on deterrence to thwart cyberattacks and says that the U.S. could publicly acknowledge it’s cyber strengths in order to show their role in U.S. foreign policy and reassure allies.
“If the United States will not or is not able to deter cyberattacks, what can be done? First, the United States can publicly own up to its strength and capabilities. Although this can be seen as a necessary but insufficient condition for trying to deter by the threat of cost imposition, it has other benefits too,” Sulmeyer, who is now director of the cybersecurity project at the Harvard Kennedy School’s Belfer Center for Science and International Affairs, writes.
“Being clear about U.S. capabilities would be a first step towards a more informed dialogue with the American people about the role they will and will not play in U.S. foreign policy,” he writes. “Clarity can also reassure allies and encourage collective steps to be more forthright. Without being showy or flashy, the U.S. government can not only confirm its widely-known capabilities, but reinforce a commitment to use these power capabilities to protect the United States and to further its interests.”
Sulmeyer also argues that relying on deterrence to safeguard against cyberattacks “is a lousy policy prescription given that it is impossible to know whether it is working.”
To read the rest of the piece, click here.
WHAT’S IN THE SPOTLIGHT:
‘HACKER SUMMER CAMP’: The largest cybersecurity event of the year kicks off this week, as the Black Hat, Def Con and BSides conferences launch back-to-back-to-back in Las Vegas.
The Hill’s Joe Uchill will be on the ground in Las Vegas reporting on everything hacking.
The annual conferences come as focus on cybersecurity continues to grow following Russia’s use of cyberattacks and disinformation to influence the U.S. presidential election and devastating malware outbreaks like “Wanna Cry” and “NotPetya.”
We have five things the political world should watch for during an event known as “hacker summer camp,” including:
How easy is it to hack a voting machine?
In a subversive move, attendees at Def Con will be able to attend its first Voting Machine Village.
The Village offers a side conference on voting machine insecurity and a playground of real voting machines for hackers to toy with.
Given that the Def Con villages are traditionally meant to be instructive on how to breach security of an item, not whether or not an item can be breached, the goal appears to be to spread the word that voting machines have a number of known vulnerabilities among a group of influencers in the cybersecurity realm.
Though there is no evidence that machines have ever been breached in the past, and the decentralized nature of elections makes hacking a national election improbable, local elections, including those in 2018, may be easier to target. A number of local and national efforts, both legislative and citizen-driven, have moved for greater voting machine security.
The future of the cyber arsenal
The WannaCry ransomware was built using hacking techniques believed to have been stolen from the National Security Agency.
WannaCry, malware that rendered files on 300,000 computers unusable until users paid a ransom, serves as a chilling reminder of what could happen if government-created exploits escape into the wild. Hospitals had to turn away patients and businesses had to shut down for days.
Three talks at Black Hat will approach the issue of how government-held cyber tools might escape into the public.
Matt Suiche, founder of Comae Technologies and the foremost expert on the group who claims to have stolen the exploits used in WannaCry, will present on the so-called ShadowBrokers.
To read the rest of our roundup, click here.
IN CASE YOU MISSED IT:
Links from our blog, The Hill, and around the Web.
IRS says business-related ID theft on the rise. (The Hill)
Adobe to kill off Flash by 2020. (The Hill)
Elon Musk fires back at Zuckerberg on AI dangers. (The Hill)
Intelligence authorization fails in House. (The Hill)
House Republicans invite tech, telecom CEOs to testify on net neutrality. (The Hill)
Co-founder of firm tied to Trump dossier agrees to speak to Senate panel. (The Hill)
Mac malware silently spies on targeted computers. (Cyberscoop)
Sweden grapples with sensitive data leak. (Computer Weekly)
Medical robots ‘could squirm like maggots.’ (Wired)
If you’d like to receive our newsletter in your inbox, please sign up here.