Overnight Cybersecurity: Senators demand Trump detail cyber strategy | Election security bill faces hurdles | North Korea linked to new cyberattacks on Turkish financial sector

Overnight Cybersecurity: Senators demand Trump detail cyber strategy | Election security bill faces hurdles | North Korea linked to new cyberattacks on Turkish financial sector
© Greg Nash

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...



--SENATORS DEMAND CYBER STRATEGY FROM TRUMP: A bipartisan group of senators is pressing President TrumpDonald John TrumpMnuchin knocks Greta Thunberg's activism: Study economics and then 'come back' to us The Hill's Morning Report - House prosecutes Trump as 'lawless,' 'corrupt' What to watch for on Day 3 of Senate impeachment trial MORE to issue a national strategy for deterring malicious activity in cyberspace "as soon as possible," accusing successive administrations of not giving enough urgency to the issue. "The lack of decisive and clearly articulated consequences to cyberattacks against our country has served as an open invitation to foreign adversaries and malicious cyber actors to continue attacking the United States," the senators wrote in the letter, obtained by The Hill. "The United States has failed to formulate, implement, and declare a comprehensive cyber doctrine with an appropriate sense of urgency," they wrote. "We urge you to end this state of inaction immediately. The letter was spearheaded by Sen. Martin HeinrichMartin Trevor HeinrichDemocratic senator blasts 'draconian' press restrictions during impeachment trial Health care, spending bills fuel busy year for K Street Schumer introduces bill requiring GDP measure inequality MORE (D-N.M.). It is signed by Sen. Mike RoundsMarion (Mike) Michael RoundsDrug price outrage threatens to be liability for GOP Overnight Defense: Iran takes credit for rocket attack on US base | Trump briefed | Trump puts talk of Iraq withdrawal on hold | Progressives push to block funding for Iran war | Trump backs off threat to hit Iranian cultural sites McConnell to GOP on impeachment rules: I have the votes MORE (R-S.D.), who chairs the Senate Armed Services subcommittee on cyber, as well as several other senators from both parties. Lawmakers have taken issue with both the Obama and Trump administrations for failing to develop a comprehensive strategy for deterring and responding to malicious behavior in cyberspace. In order to press the executive branch on the issue, Congress inserted language into recent annual defense policy bills directing the president to develop a cyber deterrence strategy. President Trump strongly objected to a provision in the current National Defense Authorization Act (NDAA) requiring him to develop a national cyber policy, though he ultimately signed the bill. The issue came up most recently at a Senate Armed Services Committee hearing on worldwide threats that featured extensive discussions between lawmakers and top intelligence officials on cyber threats. Director of National Intelligence Dan CoatsDaniel (Dan) Ray CoatsSchiff schedules public hearing with US intel chief  Rod Rosenstein joins law and lobbying firm DHS issues bulletin warning of potential Iranian cyberattack MORE, in response to questions from Rounds at the hearing Tuesday, acknowledged that the government has not developed a comprehensive cyber policy. "I don't think the progress has been made quick enough to put us in a position where we have a firm policy and understanding, not only ourselves, but what our adversaries know relative to how we're going to deal with this," Coats said, noting that it will take a "whole-of-government" effort.

To read more from our piece, click here.

--LEWANDOWSKI TALKS TO HOUSE INTEL FOR RUSSIA PROBE: The top Democrat on the House Intelligence Committee on Thursday said Corey LewandowskiCorey R. LewandowskiLewandowski decides against Senate bid Georgia ready for unpredictable Senate race Trump on Harris dropping out of race: 'We will miss you Kamala!' MORE selectively declined to answer questions about key events and conversations during his second interview before the panel. Rep. Adam SchiffAdam Bennett SchiffThe Hill's Morning Report - House prosecutes Trump as 'lawless,' 'corrupt' What to watch for on Day 3 of Senate impeachment trial Democrats' impeachment case lands with a thud with GOP — but real audience is voters MORE (D-Calif.) called on the majority to issue a subpoena on the former Trump campaign manager, calling it unacceptable for a witness to refuse to answer particular questions that are relevant to their Russia probe. He warned the panel continues to set a "broader precedent" of noncompliance that could hobble future congressional investigations. "Witnesses do not get to pick and choose when it comes to very relevant testimony to our investigation," Schiff told reporters after the meeting ended. He said Lewandowski refused to answer a series of questions about key events, including the initial statement from Donald Trump Jr.Donald (Don) John TrumpComedians post fake Army recruitment posters featuring Trump Jr. Trump Jr., Ivanka garner support in hypothetical 2024 poll FWS: There's 'no basis' to investigate Trump Jr.'s Mongolian hunting trip MORE about the controversial June 2016 Trump Tower meeting with a Russian lawyer and the firing of former FBI Director James ComeyJames Brien ComeyNYT: Justice investigating alleged Comey leak of years-old classified info Bernie-Hillary echoes seen in Biden-Sanders primary fight Rosenstein on his time in Trump administration: 'We got all the big issues right' MORE, as well as any conversations he may have had with the president about the potential firing of special counsel Robert MuellerRobert (Bob) Swan MuellerSchiff: Trump acquittal in Senate trial would not signal a 'failure' Jeffries blasts Trump for attack on Thunberg at impeachment hearing Live coverage: House Judiciary to vote on impeachment after surprise delay MORE. "They didn't believe it was relevant and we emphasized it repeatedly that was not their determination to make," Schiff said in part. "And of course, whether the administration knowingly made false statements about meetings with Russians is very relevant to our investigation, whether their actions taken to impede the investigation, obstruct the investigation is also very relevant so it was a meritless objection." Lewandowski, who left the committee's closed spaces after roughly three hours -- a short period compared to his last interview and appearances by other witnesses -- said he answered "every question you can [imagine]." "One thing is unequivocal: no collusion, no cooperation, no coordination," he added. Lewandowski is just the latest in a string of witnesses who have refused to answer certain questions before the Intelligence Committee. The meeting with Lewandowski, which was repeatedly described by lawmakers on both sides of the aisle as "tense" or "contentious," was also described as "productive" in obtaining new information.  

To read more of our piece, click here.


--TOP GENERAL SAYS TRUMP LACKS UNIFIED EFFORT TO COMBAT RUSSIAN CYBER THREAT: The head of U.S. European Command said Thursday that the U.S. government does not have an effective unified effort to confront cyber threats from Russia. "I don't believe there's an effective unification across the interagency with the energy and the focus that we could attain," Army Gen. Curtis Scaparrotti told lawmakers during a Senate Armed Services Committee hearing. Scaparrotti, who is also the supreme allied commander of NATO, had been asked by the committee's top Democrat Sen. Jack ReedJohn (Jack) Francis ReedSix mayors making a difference Overnight Defense: Book says Trump called military leaders 'dopes and babies' | House reinvites Pompeo for Iran hearing | Dems urge Esper to reject border wall funding request Senate Dems urge Esper to oppose shifting Pentagon money to border wall MORE (R.I.) how he would assess the country's "whole-of-government response" to confront Russia's cyber threat. The general also said that the Pentagon is trying to map out the scope of Russian cyber activity, but so far does not have a full picture of the activity. "We're getting better understanding of it," he said. "I would not characterize it as a - as a good picture at this point, not satisfactory to me." Reed also asked Scaparrotti whether he has noticed Russia directly targeting the United States with cyber and information warfare. Scaparrotti replied that he had seen Russian activity related to "infrastructure, reconnaissance, et cetera within the United States," but would not offer further details. During the Senate hearing Thursday, Sen. Ben SasseBenjamin (Ben) Eric SasseRestlessness, light rule-breaking and milk spotted on Senate floor as impeachment trial rolls on Senate Republicans muscle through rules for Trump trial On The Money: Senate panel advances Trump's new NAFTA despite GOP gripes | Trade deficit falls to three-year low | Senate confirms Trump pick for small business chief MORE (R-Neb.) called out the Trump administration for failing to address Russian cyber threats. "You and your colleagues end up taking a lot of the beating for what is really a failure of political leadership in both the legislative and executive branches and both parties," Sasse told Scaparrotti. "In the current moment with Russian attacks, the current administration has no real response. The legislature is not nearly serious ... enough about this issue."

To read more from our piece, click here.




MORE HURDLES FOR ELECTION CYBERSECURITY: Senators are running into roadblocks from state officials as they try to craft legislation to secure election systems before the midterms in November.

Sens. James LankfordJames Paul LankfordDemocrats sound election security alarm after Russia's Burisma hack Enes Kanter sees political stardom — after NBA and WWE 2020 predictions: Trump will lose — if not in the Senate, then with the voters MORE (R-Okla.) and Kamala HarrisKamala Devi HarrisCalifornia Democrat Christy Smith launches first TV ad in bid for Katie Hill's former House seat Steyer spokesperson: 'I don't think necessarily that Tom has bought anything' Biden wins endorsement of Sacramento mayor MORE (D-Calif.) are pushing for legislation that would bolster the security of U.S. voting infrastructure, with an eye toward countering threats from adversaries like Russia.

But Lankford on Wednesday was forced to table an amendment to a bill moving through the Senate that was aimed at improving information-sharing between federal and state election officials on election cyber threats. State officials objected to the amendment.

The development sparked frustration on the Senate Homeland Security and Governmental Affairs Committee, where lawmakers have been agitating for action.

"Texas had elections yesterday," said Harris, referring to the state's Democratic and Republican primaries. "This is an issue that we should approach, I think, with a great sense of urgency and immediacy."

What to do about election cybersecurity has been a source of tension between federal and state officials since the revelation that Russia tried to hack into election-related systems as part of its broader influence campaign against the U.S. in 2016.

While none of the systems targeted by Russia were involved in vote tallying, officials fear those campaigns could grow in scope and sophistication.

The Obama administration in its waning days designated election infrastructure as critical and therefore subject to optional federal protections from the Department of Homeland Security (DHS). State and local officials balked at the move, fearing a federal takeover of elections.

States have also complained that DHS was slow to share information on the Russia threat. The department formally notified election officials in 21 states that they had been targeted by Russian hackers last September, nearly a year after the 2016 election took place.

Lankford's amendment, provided to The Hill by an aide, aimed to improve the flow of information between federal officials and state officials involved in administering elections.

The lawmaker hoped to offer the amendment to a bill reauthorizing DHS that is under consideration in the Senate. But four secretaries of state -- who serve as the chief election officials in most states -- wrote to the committee Tuesday expressing concerns over the provision and one later withdrawn by Sen. Maggie HassanMargaret (Maggie) HassanCyberattacks against North Dakota state government skyrocket to 15M per month Hillicon Valley: Biden calls for revoking tech legal shield | DHS chief 'fully expects' Russia to try to interfere in 2020 | Smaller companies testify against Big Tech 'monopoly power' Bipartisan group of senators introduces legislation to boost state cybersecurity leadership MORE (D-N.H.) that would have codified into law steps DHS has undertaken to secure U.S. voting infrastructure.

The letter, signed by officials in Indiana, Louisiana, Georgia and New Mexico, questioned the need for the amendments to be included in the reauthorization bill, according to a copy obtained by The Hill.

"With so much scrutiny and ongoing investigations into the Russian involvement in the 2016 Presidential election, it would be more prudent to allow the investigation reports to be finalized and sent to the Congress and the President with conclusive evidence of what may have occurred before assuming what a proper solution might be," Indiana Secretary of State Connie Lawson wrote.

The Senate Intelligence Committee, which is investigating Russian interference in the presidential election, is expected to release a bipartisan report on election security later this year.

Lankford's amendment in its current form would direct DHS to promptly share election cybersecurity information with state election officials, unless the department secretary "makes a specific determination in writing that there is good cause to withhold the particular information." The state officials suggested the provision could potentially block state officials from receiving timely threat information.

The amendment would also mandate that election service providers, including vendors and contractors, notify state officials promptly if election systems -- including voting machines, voter registration databases and election agency email systems -- are breached, and that state officials provide the information to their federal counterparts in a timely fashion.

The secretaries of state questioned whether states would be penalized if a vendor or contractor failed to notify state election agencies of cybersecurity incidents.

To read more from our piece, click here.



NORTH KOREA LINKED TO NEW CYBERATTACKS ON TURKISH FINANCIAL SECTOR: Experts have unearthed evidence of a new North Korean hacking operation targeting Turkey's financial sector.

The hacking group "Hidden Cobra," also known as the Lazarus Group, has been orchestrating malware attacks against Turkish financial organizations that began earlier this month. They have included the targeting of an unnamed government entity involved in trade and finance, researchers from U.S.-based cyber firm McAfee said Thursday.

The attacks used a new variant of malware known as "Bankshot." No money appears to have been taken in the attacks, but the researchers warned that they could be a precursor of future heists.

"Bankshot is designed to persist on a victim's network for further exploitation; thus the Advanced Threat Research team believes this operation is intended to gain access to specific financial organizations," the researchers wrote in the report released Thursday.

North Korea has been increasingly linked to cyberattacks that could yield financial gains, as international financial sanctions have squeezed Pyongyang's economy. Experts also see evidence of North Korean government hackers targeting cryptocurrency.

The U.S. Department of Homeland Security (DHS) first issued an alert on the Bankshot malware implant last December, tying it to "Hidden Cobra," the name used by the U.S. government to describe malicious cyber activity from the North Korean government.

The activity against Turkish financial organizations is the first instance of new Bankshot variants surfacing in 2018, McAfee said. The malware has previously been tied to efforts to compromise global banking messaging system SWIFT.

The researchers traced the first infection of the new campaign to March 2 and 3, first targeting an unnamed government-controlled financial organization followed by a Turkish government entity involved in trade and finance. The researchers said the malware has not yet surfaced in other countries or sectors beyond finance.

The malware leverages a vulnerability in Adobe Flash that was only publicly identified at the end of January, meaning that the hackers worked quickly to develop malware to exploit the flaw.

"The campaign has a high chance of success against victims who have an unpatched version of Flash," McAfee wrote.

To read more from our piece, click here.



In honor of International Women's Day, CNET celebrates women in tech.



CYBER VULNERABILITY DISCLOSURE: Rep. Ted Lieu (D-Calif.) is pressing the Trump administration to report regularly to Congress on the secretive process by which the federal government decides whether to share unknown cyber vulnerabilities with the private sector.

The Trump administration has sought to bring more transparency to what is called the Vulnerabilities Equities Process (VEP) under pressure from lawmakers, public advocacy groups and others in the private sector. The process of disclosing what are commonly known as "zero days" to tech companies has attracted increased scrutiny in the wake of high-profile malware outbreaks that leveraged hacking tools allegedly developed by the NSA.

Last November, the White House released the first-ever public charter on the VEP, laying out its purpose and disclosing the agencies and officials that participate in it.

Lieu commended the decision as a step toward transparency in a letter to White House cybersecurity coordinator Rob Joyce sent this week. However, he expressed concerns "with the level of discretion when it comes to sharing information with Congress."

Lieu's letter, first reported by Politico, referenced a section of the public charter that says the administration "may" report annually to Congress on the process.

"The new policy lacks the critical piece of accountability to give the American people full confidence in the government's decision-making on vulnerability disclosure," Lieu wrote.

"The ultimate success of the VEP hinges on whether the results of the government's opaque decision-making on vulnerability disclosure can be audited by Congress to ensure the desired policy is being achieved," the lawmaker wrote.

Specifically, the charter says that the National Security Agency, which serves as the "executive secretariat" of the VEP, will produce an annual report on the process to participating agencies as well as the National Security Council that includes statistical data and any changes to the structure of the board that makes determinations on cyber vulnerabilities.

"The report will be written at the lowest classification level permissible and will include, at a minimum, an executive summary written at an unclassified level. As part of a commitment to transparency, annual reporting may be provided to Congress," the charter states.

To read more from our piece, click here.



Links from our blog, The Hill, and around the Web.

Rohrabacher under fire over Russia ties. (The Hill)

Schiff questions whether Erik Prince misled lawmakers about Seychelles meeting. (The Hill)

French president vows to crack down on hate speech online. (France 24)

Russians created an anti-Hillary Clinton video game and promoted it online before the 2016 election. (CNN)

A comprehensive view of EternalBlue, the leaked NSA hacking tool. (Wired)

OPM again criticized on response to massive breach. (NextGov)

Fake news is much more likely to spread on Twitter than real news, study finds. (Reuters)

Official admits intel community doesn't share enough information on cyber threats with the rest of the government, private sector. (Bloomberg)