Bipartisan campaign on Rule 41 gains steam?

With help from Tim Starks, Cory Bennett and Eric Geller

RULE 41 MOVES INTO THE SPOTLIGHT — A bipartisan cadre of senators are trying to kill a controversial change to the federal rules governing legal hacking. Sen. Patrick Leahy, the top Democrat on the Judiciary Committee, and Sen. Mike Lee, a libertarian Republican on the committee, asked Chairman Chuck Grassley in June to hold a hearing on the subject, according to a letter made public on Friday. The change to the little-known Rule 41 of the Federal Rules of Criminal Procedure — which will take effect on Dec. 1 unless Congress blocks it — would let judges grant electronic search warrants for devices whose locations aren't known, and permit them to authorize remote searches of devices not in their jurisdiction. Sen. Ron Wyden, a frequent critic of government surveillance powers, has led the charge against the requested update, blasting the impending change on the Senate floor on Thursday.


Leahy and Lee asked Grassley to hold a public hearing about Rule 41 so the committee could “carefully study” the rule alteration. “We recognize that the changing technological landscape and evolving threats require law enforcement to employ new techniques to investigate and prosecute crime,” Leahy and Lee told Grassley in the newly released letter. “But these issues should be debated in a public forum by the American people and their elected representatives.”

Wyden told MC in a statement that the letter “shows the broad, bipartisan interest in having a public examination” of the rule change. “It would be legislative malpractice for Congress to decline to even hold a hearing on this dangerous proposal,” Wyden added. “This letter gives fresh momentum in our fight against mass government hacking.” A Grassley spokeswoman told MC that the chairman “appreciates the feedback he is receiving on the Rule 41 changes and is considering the requests and any need for a hearing.”

HAPPY MONDAY and welcome to Morning Cybersecurity! Your guest MC host for the next few days knows you desperately miss Tim but asks that you give the substitute a chance and pass along any thoughts, feedback and tips to [email protected]. Be sure to also follow @POLITICOPro and @MorningCybersec. The full team info is below.

INFORMING THE CYBERSECURITY AGENDA — Larry Clinton, president of the Internet Security Alliance, did a Q&A with Tim that came out Sunday. The organization — whose members include key defense contractors, major banks and top academic research institutions — is trying to inform the cybersecurity policy agenda with a 400-page, 17-chapter book it's set to publish on Sept. 15. Clinton talked about why the group is putting out a book now. “Each chapter addresses one overarching issue. The idea is, if you had 30 minutes with the next president of the United States to discuss cybersecurity, what would you say?” He added: “After a lot of work, we have achieved a fair degree of consensus about how we want to approach this issue at a policy level.” The full interview is here for Pros.

CLINTON HEARS FROM CYBER EXPERTS — Hillary Clinton’s national security working session on Friday included several cyber experts with prior government experience. According to a list provided by a Clinton campaign official, the Democratic presidential candidate’s meeting included Rand Beers, Matt Olsen, Michael Chertoff, Adm. James Stavridis and Michael Vickers. Stavridis, who was reportedly in the running to be Clinton’s running mate, once proposed a unified military cyber force: “Instead of each armed service having its own version of a cyber command,” he asked, “why not create a separate entity altogether that would serve all branches?” Olsen, a former NSA general counsel and director of the National Counterterrorism Center under President Obama, now leads the consulting services at IronNet Cybersecurity.

Chertoff, former President George W. Bush’s second secretary of Homeland Security, founded the Chertoff Group, a consulting firm with significant cyber talent. Beers, a former acting secretary and deputy secretary of Homeland Security, spent five years leading the Department of Homeland Security’s National Protection and Programs Directorate, which oversees critical infrastructure protection and other key cyber issues. Vickers, a former top intelligence official at the Pentagon, once said that cyberattacks are as threatening to national security as kinetic terrorist attacks. “The range of threat actors, the methods of attack, the targeted systems and the victims who suffer from these attacks have also been expanding,” he said in January 2015.

A TEAM PLAYER — People who have worked with retired Gen. Gregory Touhill are encouraged that President Obama picked him on Thursday to be the first federal chief information security officer. “Greg has been one of the most accessible and collaborative officials at DHS for several years,” Larry Clinton, president and CEO of the Internet Security Alliance, told Eric in a profile of Touhill for Pros. Before being tapped as the inaugural CISO, Touhill served as the deputy assistant secretary for cybersecurity and communications at the Department of Homeland Security. At DHS, Touhill oversaw numerous cyberattack drills that tested the limits of public-private cooperation, and he helped lead the response efforts after many real attacks, including the intrusions at the Office of Personnel Management and Sony Pictures Entertainment. Pros can read more about Touhill’s record here.

HATS OFF? — Director of National Intelligence James Clapper and Defense Secretary Ash Carter have reportedly endorsed a plan that would remove the Adm. Michael Rogers’ “dual-hat” role as leader of both the U.S. Cyber Command and the NSA. The Obama administration is reportedly preparing to elevate Cyber Command to a full “unified command,” but a key unanswered question was whether Rogers would continue to lead both units. Spokesmen for Clapper and Carter declined to comment.

CYBER TERRORISM MIGHT BE CLOSER THAN WE THINK — The conventional wisdom about the Islamic State is that they’re interested in launching destructive cyberattacks, but don’t yet have the sophistication to carry them out. Cylance, fresh off favorable mentions in last week’s House Oversight Committee report on the Office of Personnel Management breaches, isn’t convinced. “We’re following and tracking on some threat indicators around ISIS and cyber campaigns that are interesting,” CEO Stuart McClure told MC in a recent interview. “My hint is, look at the video production. That’s not amateurish. There are some friends of ISIS that are quite sophisticated,” McClure said. These sympathetic hackers appear to be following the playbook of Iran, which has escalated its cyber capabilities over the past five to 10 years to move from defacing websites to penetrating critical infrastructure. “Now they’re pushing their knowledge quite a bit and partnering with other teams,” such as in China, McClure said.

TWEET OF THE DAY — There are so many cybersecurity hearings, conferences and other events happening in September. Eric suggested calling this month “Cybertember” or “Septyber,” but Capital Alpha Security CEO Matt Tait nailed it.

RECENTLY ON PRO CYBERSECURITY — Senate Intelligence Committee leaders weigh revised versions of their encryption bill … Senate Homeland Security and Governmental Affairs Chairman Ron Johnson and House Science Chairman Lamar Smith want the records of the FBI’s interviews with those who managed Hillary Clinton’s private server … Sen. Lindsey Graham threatens to "raise holy hell" if Senate leaders don't schedule an FBI briefing about the recent hack of the DNC.

QUICK BYTES

— Two Israeli teens have been arrested in connection with an FBI investigation into vDOS, a cyberattack service that has been credited with perpetrating “a majority” of the DDoS attacks over the last few years. Gizmodo.

— Cyberattacks have yet to hurt health care's bottom line. POLITICO Pro.

— “New Tricks Make ISIS, Once Easily Tracked, a Sophisticated Opponent.” Wall Street Journal.

— “With the 2020 census nearing and cyber threats growing, the [Census Bureau] is beefing up its cyber defenses.” Federal News Radio.

— “State Election Officials Confront Fears of Election Day Hacking.” BuzzFeed.

— The Justice Department filed its brief to dismiss a suit challenging elements of the Computer Fraud and Abuse Act. PoliticoPro.

— The government’s new CISO has a long to-do list and a short time to accomplish it. FCW.

— Secure Cloud is busting the code-crackers. Associated Press.

— Huawei’s Cloud-Computing Plans Aim Sky High. Wall Street Journal.

— Why FireEye Stock Dropped 17% in August. The Motley Fool.

— Oil industry ups the ante against cyber threats. Gulf News.

That’s all for today. If the first weekend of the NFL season taught me anything, it’s that I know nothing about fantasy football.

Stay in touch with the whole team: Cory Bennett ([email protected], @Cory_Bennett); Bryan Bender ([email protected], @BryanDBender); Eric Geller ([email protected], @ericgeller); Martin Matishak ([email protected], @martinmatishak) and Tim Starks ([email protected], @timstarks).

Follow us on Twitter Heidi Vogt @HeidiVogt



Eric Geller @ericgeller



Martin Matishak @martinmatishak



Tim Starks @timstarks