Legislation, hearing target Clinton over server

With help from Cory Bennett, Eric Geller and Nancy Scola

‘THIS ISSUE ISN’T NECESSARILY OVER’ — Republicans pushed legislation Thursday and urged Obama administration officials to block former Secretary of State Hillary Clinton’s access to classified briefings afforded to presidential nominees, citing FBI Director James Comey’s damning assessment of her mishandling of classified information via her private email servers. But as Cory and Martin reported, it might not make much difference: “Former officials who handled classified material, along with other policy experts, cautioned that Capitol Hill has minimal capacity to force the administration's hand on the matter.” Full story here.


Several Democrats castigated the legislation on both political and policy grounds. “I think it’s a media ploy, but I don’t see how she could be denied,” Rep. John Conyers, the ranking member on the Judiciary Committee, told MC. “Congress doesn’t weigh in on that. Not at all. I’ve never remembered it” happening before. And Rep. Dutch Ruppersberger told MC: “Our job is oversight and funding. … [Donald] Trump’s getting briefed. I have a lot more faith in Hillary because of her experience as a secretary of State.” The legislation was referred to the Senate Homeland Security and Governmental Affairs Committee, where Chairman Ron Johnson told MC he hasn’t looked at it yet.

— PILING ON: At Thursday’s House Oversight Committee hearing, Comey bruised Clinton further on cybersecurity. What was protecting Clinton’s private server, Rep. Will Hurd asked. “ Not much,” answered Comey. And while he didn’t come out and say it, Comey strongly hinted that foreign governments at least tried to penetrate that server. The Clinton campaign countered some of those hacking fears Thursday: “Contrary to the baseless speculation and conspiracy theories, there has never been any evidence found to support the allegation that Hillary Clinton’s server was hacked.” Meanwhile, “the State Department is reopening an internal investigation of possible mishandling of classified information by Hillary Clinton and top aides,” The Associated Press reports.

HAPPY FRIDAY and welcome to Morning Cybersecurity! Your regular MC host will be on a brief four-day weekend vacation, so be kind to Eric and Martin with tips while I’m gone, please. Their contact info is below. And you can still send thoughts, feedback and especially your tips to [email protected] and follow @timstarks, @POLITICOPro and @MorningCybersec.

CYBER IN THE SKY — Congress is about to direct the FAA to develop new policies to “reduce cybersecurity risks to the national airspace system, civil aviation and agency information systems.” The requirement is part of an FAA authorization bill that lawmakers are preparing to pass before the agency’s current authorization expires on July 15. The FAA will have 240 days to prepare the “comprehensive and strategy framework,” and must update Congress on its progress within 90 days of the bill’s enactment.

The agency will also have a year to prepare a research plan that addresses “cybersecurity risks of cabin communications and cabin information technology systems.” Airplane cybersecurity became a high-profile issue last May when the FBI claimed that a security researcher had admitted to hacking into flight control systems from his seat’s in-flight entertainment system.

THE COST OF DOING (SMALL) BUSINESS — A small-business cybersecurity bill approved by the House Homeland Security Committee last month would cost the government as much as $1.5 million over five years, according to a Congressional Budget Office estimate released Thursday. Of that, $1 million would go toward a strategy the Homeland Security Department and Small Business Administration would be required to develop and deliver to small-business development centers to help them offer cybersecurity assistance. The rest — less than $500,000 — would go toward a Government Accountability Office study of current federal programs providing small businesses with cybersecurity assistance.

THEY’RE STILL HERE — The IRS couldn’t verify that thousands of former employees had returned all “security items” that would allow them to, for example , access IRS computers and view taxpayer information, a new audit finds. The Treasury Inspector General for Tax Administration found that to be the case 66 percent of the time in a sample of fiscal 2014 employee departures. In some cases, those employees were people with pending disciplinary cases. The IG recommended that the IRS update its guidance on employees who quit or are fired, develop an inventory of keys, locks and key cards and ensure that computer access is cut off. The IRS agreed with the recommendations.

OVERWHELMED — Criminals are innovating in cyberspace faster than British authorities and private-sector defenders can stop them, the National Crime Agency and British industry groups said in a report released Thursday. “It is critical that businesses not only implement and maintain the latest good practices but also actively test how well they are prepared for criminal attacks,” the report said. “This testing should encompass both their resistance to threats, and their ability to minimize and mitigate the damage caused by successful attacks.” The NCA warned in a statement that “the accelerating pace of technology and criminal cyber capability currently outpaces the U.K.’s collective response to cyber crime.” The report also urged companies to more tightly coordinate their activities with law enforcement.

TURKEY IN DECEMBER — The Commerce Department on Thursday released the details of a “Cyber Security Trade Mission” to Turkey from Dec. 5-8. The department is encouraging companies and trade associations to submit applications to participate if they want to try to offer their products to Turkish partners. Despite recent tensions between the two countries, the U.S. has an interest in maintaining strong economic and digital ties with Turkey, given its proximity to Syria and its long-standing position as an ally in the region.

DAYS AWAY FROM PRIVACY SHIELD DEAL — Via Morning Tech: The collection of European Union member-state reps called the Article 31 Committee is set to vote today in Brussels on the adequacy of the transatlantic data-transfer proposal, the first of three steps expected to carry the long-awaited deal over the finish line. Step 2: A vote by the European Commission’s College of Commissioners on Monday. And step 3: A signing event on Tuesday featuring U.S. Secretary of Commerce Penny Pritzker and her European counterpart.

POLICE SHOOTING PROMPTS CYBER PROTEST — A hacker breached a Baton Rouge police database in retaliation for the shooting of Alton Sterling, Daily Dot reports. The hacker then leaked 50,000 records from the Louisiana agency online. “I don't regret it btw police officers shouldn't be abusing their power #0x2Taylor,” the person claiming credit for the breach tweeted. Wrote Daily Dot: “The ‘breach’ — for lack of a better term — appears to have simply been a case of unauthorized access through the use of discovered login credentials rather than through any kind of technical attack.”

REPORT WATCH

— U.S. consumers place data security second on their list of concerns, a new survey out today found, behind only the economy. Brunswick Insight surveyed seven countries, five of which placed data security and privacy at the front of the list. In the United States, 84 percent said they were “very concerned” or “somewhat concerned” about data security. Brunswick Insight is the research and consulting arm of Brunswick Group, a communications firm.

QUICK BYTES

— Avast Software is buying anti-virus company AVG Technologies for $1.3 billion. ABC.

— “Burger chain Wendy's said some customers' payment card data, including card numbers and other crucial information, was stolen in the malware attack that affected about 1,025 of its franchised restaurants in the United States.” Reuters.

— A Tor exit node volunteer is drawing attention from Polish authorities over comments he made about the mayor of a small Polish town. Motherboard.

— Russian President Vladimir Putin reportedly directed one of his intelligence agencies to obtain encryption keys to monitor online messaging. The Moscow Times.

— Putin also signed new data laws that have privacy rights and tech groups worried. The Wall Street Journal.

— Some of the names leaked from a Democratic National Committee database point to ticket purchases. The Hill.

— Lots of small businesses don’t have cyber risk insurance. Small Business Trends.

— “One Email Address Links Some of the Biggest Cybercrime Operations.” Motherboard.

That’s all for today. Not sure whether Eric and Martin are more like the Hardy Boyz, Dudley Boyz or Edge and Christian, but they are a tag team to be feared!

Stay in touch with the whole team: Cory Bennett ([email protected], @Cory_Bennett); Bryan Bender ([email protected], @BryanDBender); Eric Geller ([email protected], @ericgeller); Martin Matishak ([email protected], @martinmatishak) and Tim Starks ([email protected], @timstarks).

Follow us on Twitter Heidi Vogt @HeidiVogt



Eric Geller @ericgeller



Martin Matishak @martinmatishak



Tim Starks @timstarks