Overnight Cybersecurity: Trump signs defense bill with cyber measures | Raises concerns over cyber-war language | Alabama angers election security groups | Dem wants state election cybersecurity grades

Overnight Cybersecurity: Trump signs defense bill with cyber measures | Raises concerns over cyber-war language | Alabama angers election security groups | Dem wants state election cybersecurity grades
© Getty Images

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...



--TRUMP SIGNS DEFENSE AUTHORIZATION: President TrumpDonald John TrumpSteele Dossier sub-source was subject of FBI counterintelligence probe Pelosi slams Trump executive order on pre-existing conditions: It 'isn't worth the paper it's signed on' Trump 'no longer angry' at Romney because of Supreme Court stance MORE signed a nearly $700 billion annual defense policy bill on Tuesday, touting it as a step toward delivering on his promise to build up the military. “Today with the signing of this defense bill, we accelerate the process of fully restoring America’s military might,” Trump said at a signing ceremony in the White House's Roosevelt Room. The National Defense Authorization Act [NDAA] enacts several cybersecurity related measures both military and non-military related.

To read about the signing, click here.


--...CONTAINS LONG-AWAITED IT MODERNIZATION PROGRAM: The NDAA contains legislation on the wish lists of federal agency tech staffs for years. The Modernizing Government Technology (MGT) act, which funds upgrades across the government, was embedded in the authorization. Government information technology ranges from years to decades out of date, impacting efficiency, hindering cybersecurity and costing more money to maintain. According to government reports, there are at least five systems still in use in the federal government that were around when The Beatles played The Ed Sullivan Show. Though it contains contributions from the Obama administration and Rep. Gerry ConnollyGerald (Gerry) Edward ConnollyJudge issues nationwide injunction against Postal Service changes House panel advances bill to ban Postal Service leaders from holding political positions Shakespeare Theatre Company goes virtual for 'Will on the Hill...or Won't They?' MORE (D-Va.), MGT is generally seen as the signature legislation of Rep. Will HurdWilliam Ballard HurdHillicon Valley: Oracle confirms deal with TikTok to be 'trusted technology provider' | QAnon spreads across globe, shadowing COVID-19 | VA hit by data breach impacting 46,000 veterans House approves bill to secure internet-connected federal devices against cyber threats House Democrats' campaign arm reserves .6M in ads in competitive districts MORE (R-Texas).

--...CODIFIES FEDERAL WIDE BAN ON KASPERSKY LAB SOFTWARE: Though Kaspersky Lab software was already banned from federal systems, the ban came from a Homeland Security directive. The NDAA makes that directive a law. Lawmakers have publicly expressed fears the cybersecurity company is involved with Russian espionage efforts, something Kaspersky denies. Sen. Jeanne ShaheenCynthia (Jeanne) Jeanne ShaheenSenate Democrats introduce bill to sanction Russians over Taliban bounties Trump-backed candidate wins NH GOP Senate primary to take on Shaheen Democratic senator urges Trump to respond to Russian aggression MORE (D-N.H.), who submitted the amendment codifying the government stance on the Moscow-based firm’s software, celebrated the bill's passage in a statement issued to the press: “Considering the grave risk that Kaspersky Lab poses to our national security, it’s necessary that the current directive to remove Kaspersky Lab software from government computers be broadened and reinforced by statute. The case against Kaspersky is well-documented and deeply concerning. This law is long overdue.”

--...TRUMP OBJECTS TO A CYBER PROVISION: President Trump is voicing strong objection to some cyber warfare-related language in the NDAA, charging that it and other provisions “raise constitutional concerns.” The provision in question requires the administration to set forth a national cyber policy that addresses the use of offensive cyber capabilities to respond to attacks in cyberspace. The law requires the administration to report the strategy to Congress and makes funding for the White House Communications Agency (WHCA) contingent on Trump doing so. Trump argued in the statement released by the White House that the provision amounts to Congress holding “hostage” his ability to communicate on national security strategy going forward, saying the provision “threatens to undermine the effective operation of the Executive Office of the President.” “I take cyber‑related issues very seriously, as demonstrated by Executive Order 13800, Trump said, referring to his cybersecurity directive.

To read the rest of our piece, click here.



FILE UNDER CONTROVERSIES NOT INVOLVING ROY MOORE: The Alabama Supreme Court has reportedly stayed a lower court’s order to election officials that would have required the preservation of voting records in Tuesday’s Senate special election.

A circuit judge on Monday ordered election officials to set voting machines to save all digital ballot images, which would preserve voting records in the event of a recount.

Alabama's AL.com said Tuesday morning that the state's Supreme Court had blocked the order.

A group of four Alabama voters filed a lawsuit last Thursday arguing that the state is required by law to preserve the images.

The decision rankled election cybersecurity advocates who see physically maintaining paper ballots as an auditable record of voter intent that can be used if accusations of hacking or other issues mar the election.

To read the rest of our piece, click here.



CAVITIES: THE FINAL FRONTIER. NASA is growing rock candy in space. For science.



WYDEN PUSHES FOR ELECTION SECURITY UPGRADES:  Sen. Ron WydenRonald (Ron) Lee WydenHillicon Valley: Subpoenas for Facebook, Google and Twitter on the cards | Wray rebuffs mail-in voting conspiracies | Reps. raise mass surveillance concerns On The Money: Anxious Democrats push for vote on COVID-19 aid | Pelosi, Mnuchin ready to restart talks | Weekly jobless claims increase | Senate treads close to shutdown deadline Democratic senators ask inspector general to investigate IRS use of location tracking service MORE (D. Ore.) formally requested the Executive Branch give states report cards on election security and for political campaigns to be designated as critical infrastructure.

Those are two of four "concrete steps" suggested by Wyden in a letter to national security adviser H.R. McMaster dated Tuesday. Both, if considered, would likely provoke pushback.

"[F]oreign governments will continue to exploit cybersecurity weaknesses in our election infrastructure. While some states have taken the threats seriously, others are seriously lagging behind and remain woefully vulnerable to foreign government cyberattacks," wrote Wyden.

Wyden suggested in the letter that the Department of Homeland Security (DHS) and the Department of Commerce's National Institute of Standards and Technology (NIST) provide states letter grades on election security.

States are in charge of running elections, including their security. Though federal agencies including the DHS and NIST offer optional assistance, states have traditionally pushed back against even that amount of help in running their own elections.

Declaring campaigns critical infrastructure would stretch the meaning of the term, while likely making a repeat of the actions Russia is believed to have undertaken in the 2016 elections an even greater offense. 

Wyden's letter makes two additional requests: that the White House has a senior adviser "own" the issue and that Secret Service extend its protection of candidates to include cybersecurity.



Links from our blog, The Hill, and around the Web.

Politifact names Trump’s claim Russia didn’t tamper with the election the lie of the year.

Dell Secureworks researchers find security flaws in two keyless locks. (Threatpost)

Finally, AI does something important: Making ASCII art out of your pictures. (Motherboard)

As maker claims its product is legitimate, researchers at Cybereason profile Mac “Pirrit” software as malware. (Cybereason)

A Buenos Aires-based Starbucks hijacked computers, using its wifi to mine cryptocurrency. (Motherboard)

A Philippine bank claims Bangladesh’s central bank is making it the scapegoat in the latter’s handling of a $81 million mega heist using the SWIFT transfer request system. (Reuters)

...Meanwhile, Taiwanese regulators fined a bank $270,000 for security issues leading to a seperate SWIFT hacking incident. (Reuters)

Ominous headline / Least likely tourism slogan of the day: “Another Human Foot Washes Ashore in Canada. That Makes 13.” Foul play is not involved in any of the feet, which actually seems way stranger. (NYT)


If you'd like to receive our newsletter in your inbox, please sign up here.