Overnight Cybersecurity: Senators unveil election security bills | North Korea denies WannaCry role

Overnight Cybersecurity: Senators unveil election security bills | North Korea denies WannaCry role
© Greg Nash

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...

 

THE BIG STORY:

--SENATORS UNVEIL ELECTION SECURITY BILL: A bipartisan coalition of Senate lawmakers introduced legislation on Thursday meant to strengthen U.S. election cybersecurity following Russian election interference. The bill would authorize block grants for states to upgrade outdated voting technology. It would also create a program for an independent panel of experts to develop cybersecurity guidelines for election systems that states can implement if they choose, and offer states resources to implement the recommendations. In addition, the legislation aims to expedite the process by which state officials receive security clearances necessary to review sensitive threat information and instructs the Department of Homeland Security (DHS) and other federal entities to more quickly share this information with relevant state officials. The "Secure Elections Act" was introduced Thursday morning by Sens. James LankfordJames Paul LankfordConservatives left frustrated as Congress passes big spending bills Outdated global postal system hurts US manufacturers Tech mobilizes to boost election security MORE (R-Okla.), Susan CollinsSusan Margaret CollinsKavanaugh accuser agrees to testify next week The Memo: Could Kavanaugh furor spark another ‘year of the woman’? Kavanaugh fight roils an already ugly political climate MORE (R-Maine), Lindsey GrahamLindsey Olin GrahamSunday shows preview: Trump sells U.N. reorganizing and Kavanaugh allegations dominate Kim, Moon toss ball to Trump in ‘last, best chance’ for Korean peace GOP senator: Kavanaugh accuser 'moving the goalposts' MORE (R-S.C.), Amy KlobucharAmy Jean KlobucharSenate Democrats increase pressure for FBI investigation of Kavanaugh Election Countdown: Trump confident about midterms in Hill.TV interview | Kavanaugh controversy tests candidates | Sanders, Warren ponder if both can run | Super PACs spending big | Two states open general election voting Friday | Latest Senate polls GOP in striking distance to retake Franken seat MORE (D-Minn.), Kamala HarrisKamala Devi HarrisSenate Democrats increase pressure for FBI investigation of Kavanaugh Poll: Most Massachusetts voters don't think Warren should run for president in 2020 Trump, GOP regain edge in Kavanaugh battle MORE (D-Calif.), and Martin HeinrichMartin Trevor HeinrichElection Countdown: What to watch in final primaries | Dems launch M ad buy for Senate races | Senate seats most likely to flip | Trump slump worries GOP | Koch network's new super PAC Rand Paul endorses Gary Johnson's Senate bid The Hill's Morning Report — Trump’s legal jeopardy mounts after Manafort, Cohen felony counts MORE (D-N.M.).

To read the rest of our piece, click here.

--...HIGHLIGHTS MEASURES FROM EARLIER BILLS: Experts widely agree that the two major problems addressed by the bill need attention. Our aging elections equipment often uses old components now known to be vulnerable to various hacking techniques. And if officials don't have security clearances, it is impossible to promptly share threats between the federal government and the states that run elections. Two bills, both introduced by cosigners of the Secure Elections Act, used similar solutions to address the problem. Collins and Heinrich introduced comprehensive legislation on Halloween that included streamlining the process for state officials to get security clearances. Similarly, Graham and Klobuchar introduced legislation for federal grants for equipment upgrades.

--...NOT JUST A SECURITY ISSUE: Age doesn't just introduce security concerns. Over time, things break. Some of the earliest digital voting machines are rapidly approaching their expected end of life. Whether a hacker changes a vote or a broken touch screen misrecords the vote, the result is the same - someone's vote didn't count.

 

A REGULATORY UPDATE:

702: As of press time, the House passed in its funding bill a short-term extension of the 702 provisions of the FISA act, allowing law enforcement agencies to surveil foreign citizens outside the U.S. without a warrant.

Earlier Thursday, law enforcement agencies were getting anxious.

Midday, the heads of the FBI, CIA and NSA, alongside the Director of National Intelligence cosigned a letter imploring the Legislative Branch to reauthorize the prograam.

"There is no substitute for Section 702. If Congress fails to reauthorize this authority, the Intelligence Community will lose valuable foreign intelligence information, and the resulting intelligence gaps will make it easier for terrorists, weapons proliferators, malicious cyber actors, and other foreign adversaries to plan attacks against our citizens and allies without detection," they wrote.

A sizable group of opponents, including the Sens. Rand PaulRandal (Rand) Howard PaulConservatives left frustrated as Congress passes big spending bills Senate approves 4B spending bill Some employees' personal data revealed in State Department email breach: report MORE (R-Kent.), and Ron WydenRonald (Ron) Lee WydenHillicon Valley: NYT says Rosenstein wanted to wear wire on Trump | Twitter bug shared some private messages | Vendor put remote-access software on voting machines | Paypal cuts ties with Infowars | Google warned senators about foreign hacks Overnight Health Care: Opioids package nears finish line | Measure to help drug companies draws ire | Maryland ObamaCare rates to drop Google says senators' Gmail accounts targeted by foreign hackers MORE (D-Ore.) argue that U.S. citizens slip through the safety measures meant to filter out people not supposed to be surveilled.

 

A LIGHTER CLICK: 

LONG ISLAND ICED TEA COMPANY TRIPLES ITS STOCK PRICE BY CHANGING ITS NAME TO 'LONG BLOCKCHAIN.' To be fair, Long Island is not known for its non-alcoholic iced tea. 

 

AN ATTRIBUTION IN FOCUS: 

NORTH KOREA NOT THRILLED BEING BLAMED FOR WANNACRY: North Korea's Ministry of Foreign Affairs on Wednesday fiercely denied the United States assertion Pyongyang launched the disastrous WannaCry malware.

"As we have clearly stated on several occasions, we have nothing to do with cyber-attack and we do not feel a need to respond, on a case-by-case basis, to such absurd allegations of the U.S.," a spokesman told the state media publication KCNA.

"However, we can never tolerate the U.S. reckless move of using the issue of cyber-attack for the purpose of making direct accusation against our state," he said.

Though the KCNA website was down, the statement was archived at North Korean media aggregator KCNA Watch.

WannaCry infected hundreds of thousands of computers in only a few days, forcing the British national hospital system to turn away patients and harming government systems in Russia, India and China.

On Tuesday, U.S. homeland security adviser Tom Bossert announced that the U.S. had conclusively linked WannaCry with North Korean leadership.

"This move is a grave political provocation by the U.S. aimed at inducing the international society into a confrontation against the DPRK," the spokesman said.

To read the rest of our piece, click here.

 

WHAT'S IN THE SPOTLIGHT:

RUSSIA (AGAIN) (SORRY): A string of U.S. actions raises questions of whether the U.S.'s strategy of ignoring Russian hacking will ever pay off with the close ties with Moscow the president promised.

In June of 2016, Donald TrumpDonald John TrumpSunday shows preview: Trump sells U.N. reorganizing and Kavanaugh allegations dominate Ex-Trump staffer out at CNN amid “false and defamatory accusations” Democrats opposed to Pelosi lack challenger to topple her MORE asked a rally in California "Wouldn't it be nice if we actually got along with Russia? Wouldn't that be good?"

And for 18 months, Trump has stood behind that line. He has delayed a sanctions bill for the DNC affair, revealed code-word classified information to Russian ambassadors, and generally denied any Russian involvement in the 2016 elections - despite the full confidence his intelligence agencies have in that fact.

Within the last 48 hours, Trump has approved an arms sale to Ukraine to push back Moscow's forces, and invoked Magnitsky act sanctions against five Russians including the son of the Russian prosecutor general. The Department of Defense has also accused Russia of violating the deconfliction boundaries in Syria.

The moves garnered praise from security hawks in the Senate.

"With this decision [to arm Ukraine], the Trump administration is reminding Vladimir Putin and his cronies that they lost the Cold War, and we won't tolerate their bullying of our friend Ukraine," Said Sen. Tom CottonThomas (Tom) Bryant CottonSprint/T-Mobile deal must not allow China to threaten US security GOP senators condemn 'vulgar' messages directed at Collins over Kavanaugh GOP turns its fire on Google MORE (R-Ark.) in a statement.

But it did not get the same praise by Russia.

State-run media referred to the Ukraine sale as "a sideways move to nowhere," and Russia's Foreign Ministry called the new Magnitsky list"grotesque" and vowed a response.

 

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

The latest poll shows more than half of Americans disapprove of Trump's handling of the Russia investigation. (The Hill)

Eric Schmidt, the executive chairman of Google parent company Alphabet, will step down. (The Hill)

Lithuania follows America's lead and bars Kaspersky Lab from sensitive computers. (Reuters)

The Russian bank Globex was hacked over the SWIFT network, to the tune of $940,000. (Reuters)

How the newly negotiated Wassenaar Arrangement fixes the old version's flaws - including the part where it inadvertently banned the international sale of critical cybersecurity products. (Cyberscoop)