McCaskill asks DHS about 'critical infrastructure' designation

With help from Eric Geller, Martin Matishak and David Pittman

FIRST IN MC: MCCASKILL QUESTIONS DHS — A top Senate Democrat, Claire McCaskill, wants to know what it actually meant when the Homeland Security Department labeled election systems as “critical infrastructure.” Former DHS Secretary Jeh Johnson made the critical infrastructure designation in the waning days of the Obama administration, a move that proved controversial with many states, but current Secretary John Kelly has supported continuing it.


In a letter, McCaskill asks Kelly how many states took advantage of DHS aid before the election, and how many have taken advantage since Johnson made the critical infrastructure designation. She also asked who would pay for the DHS assistance stemming from the designation, including the costs of patching any cyber vulnerabilities discovered. There are also legal liability questions, McCaskill noted. Would state and local governments assume liability should they not fill security gaps, she wondered. The Missouri Democrat also pressed DHS to explain one notable conclusion from the intelligence community’s report on Russia’s alleged election-season hacking: “DHS assesses that the types of systems we observed Russian actors targeting or compromising are not involved in vote tallying.”

McCaskill, the ranking Democrat on the Homeland Security Committee, sent her questions to Kelly last week, and forwarded that letter this week to the panel’s chairman, Sen. Ron Johnson. “As you know, ensuring that our elections are free, fair and secure is paramount,” she wrote to Johnson, encouraging the pair to join forces in “bipartisan oversight” of the threat. “We must investigate Russia’s interference in the 2016 election to prevent an attack on this nature from happening again.”

In other panel business today, the committee is scheduled to vote on the nomination of Elaine Duke to serve as Kelly’s deputy. Duke generated bipartisan support last week at her hearing, where she committed to using DHS’s flexible hiring powers to bring on top cyber talent.

HAPPY WEDNESDAY and welcome to Morning Cybersecurity! We failed to give you the sequel to “asking Alexa about the CIA.” So here it is. Send your thoughts, feedback and especially tips to [email protected], and be sure to follow @timstarks, @POLITICOPro and @MorningCybersec. Full team info is below.

DUE TODAY: TWO BIG LAW ENFORCEMENT ANNOUNCEMENTS — FBI Director James Comey privately told Sens. Sheldon Whitehouse and Lindsey Graham that he would go public today on the existence of any probe into links between President Donald Trump’s camp and Russia, CNN reported. Additionally, U.S. officials are set to announce indictments today connected to the Yahoo breaches, according to Bloomberg. Some of the targets are in Russia, the outlet reports.

SENATE INTEL DEMS WANT TO HIT THE GAS PEDAL — Democrats on the Senate Intelligence Committee want the panel’s investigation into Russia’s alleged election-year cyberattacks to start producing results — and soon, Martin reports with our colleague Austin Wright. “It’s very important, given all that’s gone on, that the committee show some concrete results soon,” said Sen. Ron Wyden, citing the lack of open hearings, subpoenas and declassified information.

While Democratic panelists admit that processing information from the intelligence community takes time, they argue it’s past time their committee publicly display benchmarks of progress, similar to their House counterparts, who are also examining the issue and have slated a public hearing for March 20. The leaders of the House Intelligence Committee are also providing regular updates on their inquiry, including one scheduled for this morning.

The anxiety to deliver results has led some senators to issue standing threats of walking out on the investigation, weeks after the committee’s top Democrat, Sen. Mark Warner, negotiated a deal with Committee Chairman Richard Burr over the scope of the inquiry that kept it from melting down before it began.

“If, at any point, I feel that there is anything that is obstructing it or unnecessarily delaying it, then, frankly, I’m prepared to stand up and say that and walk out if necessary,” said Democratic Sen. Kamala Harris. Pros can read the full story here.

LET’S TALK 702 TIL WE’RE BLUE — House Intelligence Committee Chairman Devin Nunes is inviting a group of Democrats to a classified briefing to learn more about key surveillance programs set to expire, a spokesman told POLITICO. The invitation comes after a group of almost a dozen Democrats on the House Judiciary Committee — led by Rep. Ted Lieu — sent a letter to Nunes urging him to back revisions of Section 702 of the Foreign Intelligence Surveillance Act, which sunsets at the end of the year. Revision-minded lawmakers are using the deadline as leverage to try to inject more privacy provisions into the law.

“Chairman Nunes will read the letter and consider its arguments,” Jack Langer, a spokesman for Nunes, said via email. “However, he believes that Section 702 authority has proven to be a crucial tool for tracking terrorists and keeping Americans safe. As such, he supports a clean reauthorization.” Langer added that Nunes would “like to invite the members who signed the letter to schedule a classified briefing through the Intelligence Committee so they can learn directly from those who run the program how it operates.”

Lieu’s senior advisor, Jack d'Annibale, noted in response that the Judiciary Committee held a classified briefing on Section 702 with various intelligence agencies earlier this month. “Based on that briefing, Mr. Lieu and others believe Section 702 as written is unconstitutional. Mr. Lieu is always happy, however, to have another classified briefing,” he said.

“As ranking member of the House Judiciary Committee, I am already well-acquainted with how the government uses Section 702,” Rep. John Conyers said in a statement, adding he agreed 702 is a “vital counterterrorism tool.” “It is also a powerful surveillance authority that likely affects the privacy of millions of people who have nothing to do with those counterterrorism efforts,” Conyers added. “The responsible course of action is to add new privacy protections onto the existing statute, without changing the core function of 702.”

— SPEAKING OF 702: Wyden says he’s considering delaying a full Senate vote on former Indiana Sen. Dan Coats to be the next director of national intelligence unless the Trump administration provides an estimate of how many innocent Americans have their communications sucked up by the 702 programs. “I’m certainly going to speak on it,” Wyden told reporters on Tuesday, noting Coats vowed during his confirmation hearing to get the number.

Last week, Wyden sent a letter to Coats demanding lawmakers be given the figure. But Wyden, who held up the vote for former Rep. Mike Pompeo to be CIA director, stopped short of saying he would filibuster the vote, saying he would “wait and see.”

“If we don’t get this information … I am going to make sure that my colleagues understand why this is important and I will make it clear that I am against advancing any DNI appointment without this information because this information is what you have to have to do real oversight,” Wyden told reporters.

TODAY: THE SCOPE OF WOMEN IN CYBER — Women still make up only 11 percent of the information security workforce worldwide, according to new research out today. They are also far less likely to serve in higher-level positions, according to the report from the Center for Cyber Safety and Education, (ISC)² and the Executive Women’s Forum, which was conducted by Frost & Sullivan. Additionally, more than half of those women said they had encountered discrimination in the field, compared to 15 percent of men. “I thought we would’ve made more progress,” said Suzanne Hall, technology and cybersecurity leader at PwC, one of the report’s sponsors. “We have a lot of talented women,” she told MC. “We bring a much-needed diversity of thought. If we can get more inclusive, we can solve some of these intractable cybersecurity problems.”

MORE PRAISE FOR JOYCE — It may not be official yet, but Rob Joyce’s expected appointment as White House cybersecurity coordinator continues to elicit positive reactions from the tech community. Amit Yoran, the CEO of the cyber firm Tenable, called Joyce, who has served as the NSA Tailored Access Operations chief, “a strong pick,” saying in an email that he “has a sophisticated understanding of the problem and is respected within the security industry.” Mike Overly, a partner in the cybersecurity practice at Foley & Lardner LLP, suggested that Joyce’s understanding of the business community’s needs would be a major asset. “In trying to comply with the many security regulations being promulgated at both the federal and state levels, what businesses need is specifics, not generalized statements,” Overly said in an email. Joyce’s perspective, he added, will “afford greater clarity to businesses regarding their obligations concerning information security.”

GET BACK ON YOUR FEET — DARPA, the military’s wing for fostering next-generation technologies, has awarded BAE Systems an $8.6 million contract to develop technology that will help electric grid operators quickly recovery from cyberattacks. In a statement, BAE said its technology isolates segments of a network from “all conduits of malicious attack” and creates a dedicated secure channel for “trusted organizations” to jointly coordinate a response. The company said its service could cut off unauthorized access “within minutes” of being activated. “Given the scale and complexity of the U.S. power grid, and the chaos following a coordinated, large-scale attack, [grid recovery] is no easy task,” said Victor Firoiu, BAE’s senior principal engineer and manager of communications and networking, in a statement. “Our work with DARPA is intended to stop ongoing attacks and minimize downtime.”

AI, THE NEXT CYBER DEFENSE IN HEALTH CARE — Via our friends at Morning eHealth: Algorithms and machine learning are the way to thwart health care’s continued battles with ransomware, according to a white paper from the Institute for Critical Infrastructure Technology, the self-described cybersecurity think tank. Defense-grade artificial intelligence can analyze threats and prevent them at speeds and accuracies no human can, the report says.

TWEET OF THE DAY — Same, to be honest.

RECENTLY ON PRO CYBERSECURITY — Sen. Maria Cantwell asked Trump to clarify the Energy Department’s role in protecting the energy sector against cyberattacks. … Trump is “extremely confident” that his claims about former President Barack Obama ordering surveillance on Trump Tower will be proven true, White House spokesman Sean Spicer said. … Spicer also said: “The microwave is not a sound way to surveil someone,” responding to senior counselor Kellyanne Conway’s remarks over the weekend about turning a microwave into a camera. … Sen. Jeanne Shaheen introduced legislation to increase the Justice Department’s powers to investigate RT America, Russia’s English-language news site, for potential violations of the Foreign Agents Registration Act.

QUICK BYTES

— Researchers determined a way to hack a phone with sound waves. The New York Times.

— The Nintendo Switch got hacked. Forbes.

— The New Yorker profiles Rep. Adam Schiff’s role in the House Intelligence Committee’s Russia probe.

— The acting head of the FTC wants to take a wait-and-see approach on cybersecurity enforcement. The Guardian.

— The Hill looks at some of the bills meant to aid state and local governments with their digital defenses.

— Bots are promoting WikiLeaks’ purported CIA hacking tool document trove on Twitter. CyberScoop.

— German Chancellor Angela Merkel, who will visit the White House on Friday, said her government must work with localities to protect against critical infrastructure hacks. Reuters.

— Princeton research scholar Bruce Blair warns of nuclear weapon hacks. The New York Times.

— John Ramsey, chief information security officer for the House’s chief administrative officer, was named one of the top 100 CISOs by Hot Topics and F5 Networks.

— Symantec figures one element of the delayed cybersecurity executive order is a good one.

— The Senate Judiciary Committee’s chairman won’t schedule a vote on Trump’s deputy attorney general pick until the FBI briefs his committee on its Russia counterintelligence investigation. The Washington Post.

FOR YOUR CALENDAR (Send your events to: [email protected])

8 a.m. — Financial Times hosts a cybersecurity summit, featuring remarks from acting Assistant Attorney General Mary McCord. 529 14th St. NW.

8 a.m. (CANCELED) — Federal Information Systems Security Educators' Association concludes a conference on security awareness. 100 Bureau Drive, Gaithersburg, Md.

8:30 a.m. — FireEye holds its Government Forum. J.W. Marriott, 1331 Pennsylvania Avenue NW.

9 a.m. — The Center for Strategic and International Studies hosts a cyber summit. 1616 Rhode Island Avenue NW.

10 a.m. — The National Archives and Records Administration’s Information Security Oversight Office holds a meeting of the National Industrial Security Program Policy Advisory Committee to discuss policy matters. 700 Pennsylvania Avenue NW.

12:45 p.m. (9:45 a.m. local time) — The National Governors Association conducts a cyber summit. San Jose, Calif.

1:30 p.m. — The Chamber of Digital Commerce and Georgetown University kick off the DC Blockchain Summit. 3700 O Street NW.

That’s all for today. Generally, your MC host also is not sure.

Stay in touch with the whole team: Cory Bennett ([email protected], @Cory_Bennett); Bryan Bender ([email protected], @BryanDBender); Eric Geller ([email protected], @ericgeller); Martin Matishak ([email protected], @martinmatishak) and Tim Starks ([email protected], @timstarks).





Follow us on Twitter Heidi Vogt @HeidiVogt



Eric Geller @ericgeller



Martin Matishak @martinmatishak



Tim Starks @timstarks