What will Democrats’ election security task force recommend?

PROGRAMMING NOTE — Due to the July Fourth holiday, Morning Cybersecurity will not publish on Monday July 3 and Tuesday July 4. Our next Morning Cybersecurity will publish on Wednesday July 5.

TASKING A TASK FORCE — House Democrats on Thursday vowed that a new election security task force would develop recommendations to help harden the country’s election systems before Russia’s cyber agents return in 2018.


The new panel — which will hold hearings, collect data on state-level election hacks, and interview election officials and cybersecurity experts — is likely welcome news for those who have been raising red flags for months that the nation must take action or risk leaving the electoral process exposed to even more devastating hacks in 2018 and 2020.

Various digital security experts, numerous lawmakers and some former Obama administration cyber officials have called on the federal government to earmark financial aid for state and local election offices to replace aging machines or upgrade their digital defenses. Many of these specialists are adamant that the country needs to invest in paper balloting systems or electronic voting machines with a physical paper trail. And voting integrity advocates say a post-election audit would help ensure that potential vote manipulation doesn’t go unnoticed.

In a study released Thursday, the Brennan Center for Justice tried to put a price tag on some of these suggestions. The report estimates that it would cost between $130 million and $400 million to replace all paperless voting machines. The center also estimated that a nationwide audit would cost between $1 million and $5 million annually.

And on Capitol Hill, lawmakers pushed for some of these changes on Thursday. Rep. Derek Kilmer sent DHS Secretary John Kelly a letter noting that former DHS chief Jeh Johnson supports a bipartisan bill that would set up a federal cyber grant program for states. Elsewhere, Rep. Mike Quigley introduced an amendment to an appropriations bill that would preserve and fund the Election Assistance Commission, which offers states voluntary assistance on running elections. Republicans have looked to ax the EAC, arguing it is outdated, but proponents say the commission can help states digitally secure their elections.

The task force’s timeline is unclear and its first meetings have not yet been set. For now, only Democrats are involved, but House Homeland Security Committee ranking member Bennie Thompson — who will lead the group with Rep. Robert Brady, the House Administration Committee’s top Democrat — said Republicans were “absolutely welcome” to join. Read our full story here.

HAPPY FRIDAY and welcome to Morning Cybersecurity! Tim is still down for the count, so the three-headed beast returns for another turn at the MC helm. Send your thoughts, feedback and especially tips to [email protected], and be sure to follow @timstarks, @POLITICOPro, and @MorningCybersec. Full team info is below.

WE SEE WHAT YOU’RE REALLY UP TO — The malware that raced from Ukraine and Russia to Germany and the United States on Tuesday was not really ransomware, despite outward appearances, according to a growing chorus of cyber experts analyzing this week’s massive digital scourge. While the malicious software does corrupt victims’ computers and demand ransom payments to set them free, the malware’s authors are unable to actually decrypt their victims’ hard drives, according to Kaspersky Lab. “This supports the theory that this malware campaign was not designed as a ransomware attack for financial gain,” Kaspersky researchers said in a blog post Thursday. “Instead, it appears it was designed as a wiper” — a destructive attack that erases data — “pretending to be ransomware.”

The assessment that the malware was only pretending to be a ransom virus, which first gained currency on Wednesday as experts analyzed its wiper component, suggests that whoever created the worm wanted to wreak havoc, not earn a profit. Kaspersky offered evidence to support this theory, noting that “at least 50 percent of the companies being attacked are manufacturing and oil and gas enterprises.” The Ukrainian government’s working theory, an official told Reuters, is that the virus was aimed at crippling infrastructure. Ukraine’s main security agency on Thursday announced that it was partnering with the FBI, Europol and the U.K.’s National Crime Agency to identify “the attack sources, its executors, organizers and paymasters.”

Motive aside, the malware’s effects continue to linger as some of its victims struggle to recover from Tuesday’s attack and bring their systems back online. Attorneys at the global law firm DLA Piper have requested filing extensions in several cases because their work email and document management systems are still down. The global advertising firm WPP said some of its computer systems were still affected, though it said it was making “steady progress” in restoring them. And the disruption at international shipping giant Maersk could have serious ripple effects for global trade.

DRIP, DRIP — “Before the 2016 presidential election, a longtime Republican opposition researcher mounted an independent campaign to obtain emails he believed were stolen from Hillary Clinton’s private server, likely by Russian hackers,” The Wall Street Journal reported Thursday night. “In conversations with members of his circle and with others he tried to recruit to help him, the GOP operative, Peter W. Smith, implied he was working with retired Lt. Gen. Mike Flynn, at the time a senior adviser to then-candidate Donald Trump.” Flynn later became Trump’s national security adviser, but was forced to resign for lying about his discussions with a Russian official during the transition regarding sanctions the Obama administration imposed on Moscow for hacking the 2016 U.S. election.

ANOTHER AGENCY COMPLETES CYBER EO REPORT — The Department of Commerce has completed a report on international cybersecurity priorities mandated by Trump’s cyber executive order, and its focus is on harmonizing digital security rules and ensuring internet stability. “Our report is in with the White House. They are reviewing it now,” Adam Sedgewick, Commerce Secretary Wilbur Ross’s senior cyber adviser, said Thursday at a meeting of a government cyber advisory group. Commerce’s cyber goals, Sedgewick said at the meeting of the technical standards agency NIST’s Information Security and Privacy Advisory Board, include “ensuring that cybersecurity approaches and policies are globally relevant,” “advocating for U.S. cybersecurity products and services internationally” and “enhancing global internet stability and security.”

Commerce’s approach was to consider its international engagement efforts “more from a mission perspective and then highlight what are the programs that then support those priorities,” said Sedgewick, who is on detail to Ross’ staff from NIST, where he serves as a senior IT policy adviser. The Commerce Department has staff in more than 86 countries, he said, with personnel representing a wide range of bureaus and agencies, from NIST to the International Trade Administration. “Bringing together the bureaus and the diverse mission of these bureaus to have consistent policies has been a multi-year effort,” Sedgewick said.

Trump’s cyber order “provides us an opportunity to think about what has changed and where do we need to go from here,” Jordana Siegel, director of international affairs at the Department of Homeland Security’s cyber wing, said during her presentation with Sedgewick. “The risk environment is increasingly complex,” Siegel said, and the question is how to manage that risk — and how to work with foreign governments that have chosen different ways to manage it. Trump’s directive required the departments of Commerce, Defense, Treasury, State and Homeland Security to submit their reports by Sunday. The Pentagon is still working on its report, while Treasury has submitted its document.

MORE DEETS ON SENATE DEFENSE BILL — The legislative text of the Senate Armed Services Committee’s annual defense policy bill likely won’t be available until after the July 4 recess, but the measure’s cyber provisions are starting to bubble up. The sprawling policy roadmap meets the Trump administration’s $647 million request for U.S. Cyber Command, panel staff told reporters on Thursday. It also contains a provision from Sen. Joni Ernst that would force the Pentagon to track the digital abilities at both the National Guard and Reserve. Another provision would require DoD to create a joint training program for its Cyber Mission Force in the next budget planning cycle. Meanwhile, Sen. Elizabeth Warren snagged an additional $10 million for the Cyber Resiliency for Weapons Systems program, which identifies vulnerabilities in current and existing weapons systems.

PYONGYANG PENALTIES — The Trump administration on Thursday imposed sanctions on a Chinese bank, accusing it of laundering money for North Korea. The punishment — which also includes penalizing two Chinese individuals — is part of the Trump administration’s changing approach to China. Trump initially signaled that he would try to cooperate with Beijing to try to curb Pyongyang’s increasingly bellicose behavior, which includes a series of missile tests and allegedly a global ransomware attack that seized hundreds of thousands of computer networks across well over 100 countries.

Digital security specialists say Chinese assistance — financial or not — has historically enabled North Korea’s hacking operations by providing network bandwidth and even physical space for thousands of Pyongyang digital warriors to launch attacks. Lawmakers have argued that sanctioning Beijing may be an effective way to slow down the boxed-in regime’s rapidly burgeoning cyber program. Sen. Cory Gardner, who chairs a Foreign Relations subpanel on East Asia, the Pacific and international cybersecurity, applauded the move. “The road to stop Pyongyang lies through Beijing,” the Colorado Republican said in a statement. “China can inflict serious diplomatic pressure and economic damage to Kim Jong Un’s reprehensible regime.” Gardner previously authored a North Korea sanctions bill that became law last year.

MEXICO HACKING CONTROVERSY WIDENS — Several of Mexico’s top opposition leaders, journalists and human rights advocates were targeted by spyware sold exclusively to governments, according to the experts at Citizen Lab. The spyware, called Pegasus, is made by the Israeli-based NSO Group, which claims to peddle its wares only to government agencies for use against criminals and terrorists. The internet watchdog group, which exposed the eavesdropping effort earlier this month, doesn’t say who was responsible for deploying the software, but notes that victims were targeted around the same time that Mexico’s Congress was debating anti-corruption legislation.

WE’VE ALMOST SECURED THE TOASTERS — The National Telecommunications and Information Administration will update the public on its efforts to improve the security of internet-connected devices during a virtual meeting next month. NTIA is leading the government’s work to identify and resolve internet of things cybersecurity issues, including how those products should be tested. The agency has been meeting with companies and security experts to design guidelines. During the July 18 teleconference and webinar, announced in a forthcoming Federal Register notice, NTIA will “share progress from the working groups and hear feedback from the broader stakeholder community.”

RECENTLY ON PRO CYBERSECURITY — “The Senate on Thursday approved tweaks to its bipartisan package of sanctions on Russia and Iran, ending a delay of the bill.” … Trump will meet with Russian President Vladimir Putin on the sidelines of the G-20 summit next week in Germany, but White House officials would not say whether hacking will be discussed. … A bipartisan bill introduced in both chambers on Thursday would direct the government to develop voluntary cyber hygiene standards.

The bipartisan leaders of the House Russia probe threatened to subpoena the White House to obtain any recordings of interactions between Trump and former FBI Director James Comey. … House Oversight and Judiciary Democrats want the DOJ’s inspector general to investigate whether Attorney General Jeff Sessions violated his recusal when he recommended the firing of Comey. … The European Union’s encryption report will come out by October. … The Trump administration is ramping up its cybersecurity discussions with smart device makers, but the work is proceeding slowly, officials said Thursday.

TWEET OF THE DAY — Groan.

QUICK BYTES

— DHS awarded $200,000 to security firm Veramine to harden the digital defenses of financial institutions. DHS.

— WikiLeaks is out with another dump from its apparent cache of CIA hacking tools. WikiLeaks.

— Cybersecurity firm Zscaler is preparing for an initial public offering. Reuters.

— “Amid global threats — and infighting at the Capitol — Minnesota’s cybersecurity operation struggles to keep up.” MinnPost.

— “Microsoft announces ‘Controlled Folder Access’ to fend off crypto-ransomware.” BleepingComputer.

— The Electronic Frontier Foundation takes on the Five Eyes intelligence coalition: “What a Global Anti-Encryption Regime Could Look Like.” EFF.

That’s all for today.

Stay in touch with the whole team: Cory Bennett ([email protected], @Cory_Bennett); Bryan Bender ([email protected], @BryanDBender); Eric Geller ([email protected], @ericgeller); Martin Matishak ([email protected], @martinmatishak) and Tim Starks ([email protected], @timstarks).

Follow us on Twitter Heidi Vogt @HeidiVogt



Eric Geller @ericgeller



Martin Matishak @martinmatishak



Tim Starks @timstarks