Overnight Cybersecurity: Senators unveil election security bills | North Korea denies WannaCry role
Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …
THE BIG STORY:
–SENATORS UNVEIL ELECTION SECURITY BILL: A bipartisan coalition of Senate lawmakers introduced legislation on Thursday meant to strengthen U.S. election cybersecurity following Russian election interference. The bill would authorize block grants for states to upgrade outdated voting technology. It would also create a program for an independent panel of experts to develop cybersecurity guidelines for election systems that states can implement if they choose, and offer states resources to implement the recommendations. In addition, the legislation aims to expedite the process by which state officials receive security clearances necessary to review sensitive threat information and instructs the Department of Homeland Security (DHS) and other federal entities to more quickly share this information with relevant state officials. The “Secure Elections Act” was introduced Thursday morning by Sens. James Lankford (R-Okla.), Susan Collins (R-Maine), Lindsey Graham (R-S.C.), Amy Klobuchar (D-Minn.), Kamala Harris (D-Calif.), and Martin Heinrich (D-N.M.).
To read the rest of our piece, click here.
–…HIGHLIGHTS MEASURES FROM EARLIER BILLS: Experts widely agree that the two major problems addressed by the bill need attention. Our aging elections equipment often uses old components now known to be vulnerable to various hacking techniques. And if officials don’t have security clearances, it is impossible to promptly share threats between the federal government and the states that run elections. Two bills, both introduced by cosigners of the Secure Elections Act, used similar solutions to address the problem. Collins and Heinrich introduced comprehensive legislation on Halloween that included streamlining the process for state officials to get security clearances. Similarly, Graham and Klobuchar introduced legislation for federal grants for equipment upgrades.
–…NOT JUST A SECURITY ISSUE: Age doesn’t just introduce security concerns. Over time, things break. Some of the earliest digital voting machines are rapidly approaching their expected end of life. Whether a hacker changes a vote or a broken touch screen misrecords the vote, the result is the same – someone’s vote didn’t count.
A REGULATORY UPDATE:
702: As of press time, the House passed in its funding bill a short-term extension of the 702 provisions of the FISA act, allowing law enforcement agencies to surveil foreign citizens outside the U.S. without a warrant.
Earlier Thursday, law enforcement agencies were getting anxious.
Midday, the heads of the FBI, CIA and NSA, alongside the Director of National Intelligence cosigned a letter imploring the Legislative Branch to reauthorize the prograam.
“There is no substitute for Section 702. If Congress fails to reauthorize this authority, the Intelligence Community will lose valuable foreign intelligence information, and the resulting intelligence gaps will make it easier for terrorists, weapons proliferators, malicious cyber actors, and other foreign adversaries to plan attacks against our citizens and allies without detection,” they wrote.
A sizable group of opponents, including the Sens. Rand Paul (R-Kent.), and Ron Wyden (D-Ore.) argue that U.S. citizens slip through the safety measures meant to filter out people not supposed to be surveilled.
A LIGHTER CLICK:
LONG ISLAND ICED TEA COMPANY TRIPLES ITS STOCK PRICE BY CHANGING ITS NAME TO ‘LONG BLOCKCHAIN.’ To be fair, Long Island is not known for its non-alcoholic iced tea.
AN ATTRIBUTION IN FOCUS:
NORTH KOREA NOT THRILLED BEING BLAMED FOR WANNACRY: North Korea’s Ministry of Foreign Affairs on Wednesday fiercely denied the United States assertion Pyongyang launched the disastrous WannaCry malware.
“As we have clearly stated on several occasions, we have nothing to do with cyber-attack and we do not feel a need to respond, on a case-by-case basis, to such absurd allegations of the U.S.,” a spokesman told the state media publication KCNA.
“However, we can never tolerate the U.S. reckless move of using the issue of cyber-attack for the purpose of making direct accusation against our state,” he said.
Though the KCNA website was down, the statement was archived at North Korean media aggregator KCNA Watch.
WannaCry infected hundreds of thousands of computers in only a few days, forcing the British national hospital system to turn away patients and harming government systems in Russia, India and China.
On Tuesday, U.S. homeland security adviser Tom Bossert announced that the U.S. had conclusively linked WannaCry with North Korean leadership.
“This move is a grave political provocation by the U.S. aimed at inducing the international society into a confrontation against the DPRK,” the spokesman said.
To read the rest of our piece, click here.
WHAT’S IN THE SPOTLIGHT:
RUSSIA (AGAIN) (SORRY): A string of U.S. actions raises questions of whether the U.S.’s strategy of ignoring Russian hacking will ever pay off with the close ties with Moscow the president promised.
In June of 2016, Donald Trump asked a rally in California “Wouldn’t it be nice if we actually got along with Russia? Wouldn’t that be good?”
And for 18 months, Trump has stood behind that line. He has delayed a sanctions bill for the DNC affair, revealed code-word classified information to Russian ambassadors, and generally denied any Russian involvement in the 2016 elections – despite the full confidence his intelligence agencies have in that fact.
Within the last 48 hours, Trump has approved an arms sale to Ukraine to push back Moscow’s forces, and invoked Magnitsky act sanctions against five Russians including the son of the Russian prosecutor general. The Department of Defense has also accused Russia of violating the deconfliction boundaries in Syria.
The moves garnered praise from security hawks in the Senate.
“With this decision [to arm Ukraine], the Trump administration is reminding Vladimir Putin and his cronies that they lost the Cold War, and we won’t tolerate their bullying of our friend Ukraine,” Said Sen. Tom Cotton (R-Ark.) in a statement.
But it did not get the same praise by Russia.
IN CASE YOU MISSED IT:
Links from our blog, The Hill, and around the Web.
The latest poll shows more than half of Americans disapprove of Trump’s handling of the Russia investigation. (The Hill)
Eric Schmidt, the executive chairman of Google parent company Alphabet, will step down. (The Hill)
Lithuania follows America’s lead and bars Kaspersky Lab from sensitive computers. (Reuters)
The Russian bank Globex was hacked over the SWIFT network, to the tune of $940,000. (Reuters)
How the newly negotiated Wassenaar Arrangement fixes the old version’s flaws – including the part where it inadvertently banned the international sale of critical cybersecurity products. (Cyberscoop)