The fussing and fighting in Congress over Clinton’s email server

With help from Cory Bennett, Eric Geller and Martin Matishak

HOUSE INTELLIGENCE COMMITTEE TURMOIL — House Intelligence Chairman Devin Nunes and top panel Democrat Adam Schiff often work in harmony, but they look like they’re on a collision course over potential GOP legislation stemming from Hillary Clinton’s email controversy. “A partisan feud is brewing on the House Intelligence Committee over Republican plans to introduce legislation to punish those who mishandle classified information — a response to the ongoing furor over Hillary Clinton's ‘homebrew’ server,” Tim reports. “The top Democrat on the panel is already plotting poison pill amendments to the bill, which he views as a political statement during the election year rather than a genuine offering.”


While a GOP aide said the bill was written with Clinton in mind, the purpose is to “tighten and clarify” security clearance procedures and penalties. But Schiff told POLITICO he views the offering as purely a 2016 elections play, and warned he would retaliate with an amendment that takes aim at GOP nominee Donald Trump over his invitation for Russia to go after Clinton’s emails. The full breakdown is here for Pros. Also Thursday, separately, Nunes downplayed the Russian potential role in a series of cyberattacks targeting Democrats and state election systems.

HAPPY FRIDAY and welcome to Morning Cybersecurity! Your MC host is about to be on vacation for a stretch, then off and on again through September. Be kind to Martin, Eric and Cory while I’m gone. You can still send thoughts, feedback and especially your tips to [email protected], and be sure to follow @timstarks, @POLITICOPro and @MorningCybersec. But full team info is below.

CRACKAS WITH ARREST RECORDS — Two North Carolina men were arrested Thursday on charges that they were members of the hacking group called “Crackas With Attitude,” which allegedly broke into the email accounts of several U.S. government officials, including CIA Director John Brennan’s AOL account. Andrew Otto Boggs, aka “INCURSIO,” 22, and Justin Gray Liverman, aka “D3F4ULT,” 24, engaged in “social engineering” hacking techniques — such as victim impersonation — to gain access to the personal accounts of senior U.S. government officials and multiple government computer systems, according to a Justice Department statement. Director of National Intelligence James Clapper and Homeland Security Secretary Jeh Johnson were also reportedly targeted by the group.

WE LIKE THE CUT OF YOUR JIB — Gregory Touhill, the deputy assistant secretary for cybersecurity and communications at the Department of Homeland Security, will be the first federal chief information security officer, and both lawmakers and tech groups seem happy about the pick. “Having a chief information security officer is a standard best practice across the public and private sector, so this is a good step at the federal level,” Sen. Mark Warner, co-founder of the Senate Cybersecurity Caucus, told MC. The Virginia Democrat added that “it will be important to watch how this function develops vis a vis the CIOs and CISOs across all the federal agencies.” Added Rep. Ted Lieu, another cyber-focused lawmaker: “It is imperative that the federal government prioritize cybersecurity, and Mr. Touhill’s appointment is a decided step forward in this crucial mission.”

Touhill’s selection reflects the Obama administration’s commitment to healthy cooperation with the private sector, said Elizabeth Hyman, executive vice president for public advocacy with the trade group CompTIA. “Through several positive experiences in working with the general during his time at DHS, we have developed a great appreciation for his expertise and leadership skills,” Hyman said in a statement to MC. James Scott, a senior fellow at the Institute for Critical Infrastructure Technology, told MC that Touhill’s appointment was “a positive first step” and urged CISO-less agencies and companies “charged with managing and protecting our nation’s critical infrastructure” to “expediently” follow suit.

PAUL RYAN: NOT A VLAD FAN — The day after Donald Trump said Russian President Vladimir Putin has been a better leader than President Barack Obama, House Speaker Paul Ryan broke with his party’s presidential nominee, labeling the former KGB officer an “aggressor.” “It certainly appears that he is conducting state-sponsored cyberattacks on what appears to be our political system,” Ryan said Thursday during his weekly press conference, referring to Moscow’s alleged involvement in the hacks of the Democratic National Committee and voter databases in two states. “That is not acting in our interests and that is an adversarial stance and he is acting like an adversary.”

EINSTEIN OR ELSE — Senate Homeland Security and Governmental Affairs Chairman Ron Johnson says the IRS is dragging its feet on implementing Einstein, a government digital defense tool. “The IRS’s refusal to adopt the EINSTEIN system is very concerning due to the vast amounts of personal data stored by the agency, as well as its recent security breaches,” Johnson said in a letter to IRS Commissioner John Koskinen. All federal agencies are supposed to have the system in place by Dec. 18, according to a new cybersecurity law. In response, the IRS said it has received the missive and is on pace to have the system in place by the December deadline.

WE CAN’T TALK RUSSIA, BUT WE’LL TALK ENCRYPTION — FBI Director James Comey and NSA Director Adm. Michael Rogers remained tight-lipped about the suspected Russian cyberattacks on major Democratic groups when they spoke on a panel of the “Big Six” security agency leaders at the Intelligence and National Security Summit on Thursday. But they were more candid about less sensitive issues: Comey said he and CIA Director John Brennan had been working on the transition briefing process since March, adding, “We want to make sure they understand the threats as we see them.” And Rogers expressed support for separating the spy agency from U.S. Cyber Command, which he also leads, telling the audience that “the right thing is to keep these two aligned but to separate them.”

When encryption came up, the four other members of the panel — Brennan, Defense Intelligence Agency Director Lt. Gen. Vincent Stewart, National Geospatial-Intelligence Agency Director Robert Cardillo and National Reconnaissance Office Director Betty Sapp — deferred to Comey and Rogers. “We need to stop demonizing each other,” Comey told the crowd. “Stop saying ‘it’s impossible.’” Rogers suggested that the stakeholders meet privately rather than resorting to impassioned public battle cries. “We don’t have to have this dialog publicly, constantly yelling at each other,” the spy chief said.

WHO WILL FOOT THE CYBER BILL? — The recent congressional report on last year’s massive breach at the Office of Personnel Management was chock full of digital security expert-approved recommendations. House Oversight Committee Chairman Jason Chaffetz — who spearheaded the report from his committee’s Republicans — has especially been touting the report’s call for the government to adopt a “zero trust” policy for those trying to access government networks. But Cris Thomas, longtime hacker and now strategist at security firm Tenable, told MC that there is “one question” the report avoids answering: “Who is going to pay for all this?” Thomas thinks it’s “obvious” that “in one way or another, it will be the taxpayers.” While recommendations such as “zero trust” are “moving in the right direction,” he said, “we can’t forget that reconfiguring networks into a ‘zero trust’ model and upgrading legacy systems is not going to be free.” The normally miserly Congress has shown a willingness to rubber-stamp most cyber budget requests in recent years. But lawmakers have mostly balked at the White House’s latest budget ask for over $19 billion in 2017 cyber spending, a 35 percent increase over last year’s allotment of about $14 billion. “It will be interesting to see if Congress supports the recommendations in this report with a budget to implement them,” Thomas said.

TWEET OF THE DAY — It’s Friday, which means the tweet of the day will be lighter than usual. Here is your periodic Comey height update.

RECENTLY ON PRO CYBERSECURITY — FBI Director James Comey insisted the U.S. election system is “wonderfully resilient” against hackers, echoing Homeland Security Secretary Jeh Johnson’s comments just hours earlier. … Sen. Ron Wyden failed to unanimously pass legislation that would halt a controversial change for computer hacking warrants, blocked by Sen. John Cornyn. … Sen. Tom Carper asked Twitter how it is addressing the Russian government’s use of the platform for propaganda purposes. … The Senate Armed Services Committee will hold a hearing next week focused on encryption.

QUICK BYTES

— A new U.S.-U.K. cyber deal is the “first of its kind.” Defense.gov.

— Bloomberg profiles the head of the Defense Digital Service.

— A newly arrested hacker says he participated in the Pentagon’s bug bounty program. BuzzFeed.

— The Pentagon doesn’t know where exactly the National Guard’s cyber assets are. ZDNet.

— Donald Trump said on Russia state-sponsored TV that it’s “probably unlikely” Russia is trying to influence the election. POLITICO.

— The European Commission is set to propose extending “some telecom security rules to WhatsApp, Skype.” Reuters.

— “U.S. commodities and derivatives firms, including exchanges and clearinghouses, would have to frequently test their information technology for vulnerabilities under final rules approved Thursday by the Commodity Futures Trading Commission.” Reuters.

— The FDA plans a “thorough” review of the St. Jude case. Also Reuters.

— NATO officials, nations and industry are meeting to talk cyber. ABC.

— Google is expanding its warnings to Chrome users about HTTP.

— A USB stick that fries unauthorized computers! ITworld.

— “David Levin, a security researcher who pleaded guilty to charges related to his hacking of the website of the Lee County (Florida) Supervisor of Elections, will serve 20 days in prison.” The Hill.

That’s all for today. Ta-ta for now.

Stay in touch with the whole team: Cory Bennett ([email protected], @Cory_Bennett); Bryan Bender ([email protected], @BryanDBender); Eric Geller ([email protected], @ericgeller); Martin Matishak ([email protected], @martinmatishak) and Tim Starks ([email protected], @timstarks).

Follow us on Twitter Heidi Vogt @HeidiVogt



Eric Geller @ericgeller



Martin Matishak @martinmatishak



Tim Starks @timstarks