Justice versus Trump on election interference

With help from Eric Geller, Martin Matishak and Matt Daily

MIXED MESSAGES — Top Justice Department officials and the president continue to sound like they’re on opposite pages about election interference. On Thursday, FBI Director Chris Wray and Deputy Attorney General Rod Rosenstein painted it as a serious threat, while President Donald Trump sounded like he thought it was anything but. “This is not a one-shot deal,” Rosenstein told the House Judiciary Committee about future foreign election interference. Furthermore, Wray — like so many other Trump administration officials — backed up spy agency conclusions about who was responsible for interference in the last election. “I think the intelligence community assessment, which I agree with,” is that “Russia continued to sow discord in our country in an effort to influence our election” in 2016, Wray told the panel.


Additionally, they defended administration practices to secure the 2018 election. “I can assure you we are taking a lot of steps to protect against election interference,” Rosenstein said, referencing an FBI task force to combat foreign influence and DHS’s work with state and local election officials. Wray cited a White House meeting last month that Trump chaired with a number of federal agencies. Although when asked whether Trump specifically urged them to do more to protect the vote, Wray answered, “I don't remember exact words of the meeting.” Asked about Trump’s Thursday remarks on Twitter about election interference, Wray said, “There are a lot of opinions out there about a lot of things,” including on Twitter. “We're just focused on making sure we get our work done,” he said.

And Wray expressed confusion about recent news reports on a meeting with tech giants last month where some anonymously complained that the FBI and DHS weren’t forthcoming with information. “This is the first time I've heard any complaints about what we're providing,” Wray said, adding that the administration has provided “all sorts of information. We’re now looking to see what they come back to us with.”

— KID GLOVES: If Trump raises election meddling in his July 16 meeting with Russian President Vladimir Putin, it won’t exactly be a contentious discussion, based on Trump’s recent comments. “Russia continues to say they had nothing to do with Meddling in our Election!” the president tweeted Thursday morning, in a missive that also referenced a conservative conspiracy theory about the FBI’s lack of direct examination of the Democratic National Committee’s hacked server. With his credulous repetition of Putin’s widely mocked denial of responsibility for the cyberattacks, Trump was continuing a long streak of similarly trusting remarks. After his last meeting with Putin, in November, Trump said the Russian president denied meddling again and that “I really believe that when he tells me that, he means it.”

John Bolton, the president’s national security adviser, predicted Wednesday that Trump would bring up Russia’s election-season hacking when the two leaders meet next month in Helsinki. And Secretary of State Mike Pompeo said he was “confident” that Trump would “make clear [to Putin] that meddling in our elections is completely unacceptable.” But Trump has shown no inclination to aggressively pursue the topic in his conversations with Putin, and the two leaders have a history of amiable discussions. The president has repeatedly rejected the unanimous judgement of the U.S. intelligence community, including top officials from his own administration, in favor of the discredited argument that Russian hackers are too savvy to have been caught. Trump told reporters that Putin made this claim at their November meeting, and he called it “a very interesting statement.”

HAPPY FRIDAY and welcome to Morning Cybersecurity! You hope this isn’t connected, yet still it’s getting out of hand. Send your thoughts, feedback and especially tips to [email protected], and be sure to follow @POLITICOPro and @MorningCybersec. Full team info below.

THE TRADITIONAL FIRST ANNIVERSARY GIFT IS PAPER — The one-year anniversary of the NotPetya malware outbreak came and went this week, but worries that another attack is imminent remain. “Russia has a tendency to be a little more active around anniversaries whether they be tied to Russian-Ukrainian relations or some other geopolitical event,” according to Dave Weinstein, vice president of threat research at Claroty, a cybersecurity firm.

The NotPetya virus struck Ukraine in June 2017 and quickly spread globally, hitting major corporations such as FedEx and Merck. Both companies has since spent millions on boosting their cybersecurity and other expenses related to the digital assault. But it remains unclear what, if anything, the government and the private sector took away from the incident, or the WannaCry malware attack that preceded it. "One year on from NotPetya, it seems lessons still haven't been learned,” said BlackBerry CTO Charles Eagan. “A lack of regular patching of outdated systems because of the issues of downtime and disruption to organisations was the path through which both NotPetya and WannaCry spread, and this fundamental problem remains.”

NOT LEFT TO THEIR OWN DEVICES — Health care trade groups told a House panel in documents released Thursday that they want clarity on cybersecurity standards for internet-connected medical devices, federal cybersecurity upgrade funding for them and help avoiding anti-kickback laws that they said make cyber upkeep for the devices difficult. But a range of other organizations were sprinkled among the responses to the House Energy and Commerce Committee solicitation on cyber challenges affecting medical devices. For instance, human rights group Access Now wrote that “It would be useful to evaluate broadly how minimum standards or accountability for harm can address cybersecurity market externalities and market failures.” The cyber standards and auditing organization group ISACA, cybersecurity company Symantec, tech company VMware and accounting firm Deloitte also offered their perspectives.

DETERRENCE MOVES FORWARD UNDETERRED — The House Foreign Affairs Committee on Thursday advanced a bill that would require the president to more aggressively identify and confront individuals and organizations suspected of attacking the U.S. in cyberspace. The committee approved the Cyber Deterrence and Response Act (H.R. 5576), which directs the president to impose travel restrictions and financial sanctions on people and organizations that engage in “cyber activities” posing “a significant threat to the national security, foreign policy, or economic health or financial stability of the United States.” Rep. Ted Yoho, the chairman of the panel’s Asia and the Pacific subcommittee, introduced the measure. “Malicious cyber activity by foreign governments, including Russia, China and North Korea, cannot be tolerated,” Committee Chairman Ed Royce said in a statement. The bill, he said, “builds on this committee’s previous work by establishing a framework for deterring and responding to malicious state-sponsored cyber activity.”

The approval comes one day after the Senate Foreign Relations Committee endorsed Royce and ranking member Eliot Engel’s bill to reestablish a high-level cyber diplomacy office at the State Department. Both measures are part of Congress’s attempt to prod the Trump administration to more forcefully respond to a wide range of cyber threats. Lawmakers, especially in the Senate, have also lambasted the White House for lacking a broad cyber deterrence strategy.

EQUIFAX GETS MORE GOVERNMENT SCRUTINY — The Justice Department and the Securities and Exchange Commission filed separate charges Thursday against an Equifax software engineering manager for insider trading before public disclosure of the credit bureau’s massive data breach last year. It’s the second such joint Justice/SEC action against an Equifax employee, after a March charging of the company’s former chief information officer. The latest charges come one day after eight states entered into an agreement with Equifax under which the company would take several corrective steps on its information security, with its first progress reports due July 31 and a number of additional deadlines by the end of 2018.

ENERGY CYBER RATTLING — From our friends at Afternoon Energy: The gas industry has big plans for new fields, pipelines and liquefied natural gas facilities, and while there's a lot of investment in technology and safety, keeping the networks and infrastructure safe from cyber attacks seems to be a work in progress. Last year's expensive NotPetya attack has caught the energy industry's attention.

"The energy sector is a major target of these kinds of attacks. We know that Russia has done them, Iran has done them," Matt Olsen, a co-founder of IronNet Cybersecurity and the former director of the National Counterterrorism Center, told a World Gas Conference audience Thursday. Cyber experts said the vastness of the natural gas distribution network and the thousands of companies that have access to it means there are just too many vulnerabilities to create a foolproof defense. "There’s simply no way you can protect all the pipelines," said Galina Antova, co-founder of Claroty.

— SO WHAT’S TO BE DONE?: The folks at Schneider Electric have been working with DHS for years on the issues facing big installations, and though the government-industry partnership hasn't been perfect, some say it's getting better. "They have a whole group of folks who think they know the industry well and they come up with their own points of view. And I would say it’s starting to come together, but I wouldn't say there is a good, complete alignment today," Gary Freburger, president of the company's process automation business, told POLITICO this week.

Schneider — whose Triconex control system is used at nuclear facilities, oil and gas plants and water treatment facilities — was hit in a cyber attack last year that reportedly led to the shut down of a Middle Eastern facility. The company has many clients who are operating older facilities that lack modern cyber defenses. Convincing those companies to invest in upgrades can sometimes be challenging. “Until a big incident happens to a company, it's hard for them to get their heads around the risks,“ Freburger said.

Andy Kling, the company's director of cybersecurity and software practices, said he's pushing the government to think carefully before it sets regulations and to take less of a punitive stance when setting standards for companies. "There should be incentives for companies to take action." he said, such as tax breaks for investments.

NSA 86es CALL RECORDS — The NSA revealed Thursday that it was deleting three years’ worth of domestic call detail records it collected beyond limits established by the Foreign Intelligence Surveillance Act. “NSA is deleting the CDRs because several months ago NSA analysts noted technical irregularities in some data received from telecommunications service providers,” the agency said in a statement. “These irregularities also resulted in the production to NSA of some CDRs that NSA was not authorized to receive. Because it was infeasible to identify and isolate properly produced data, NSA concluded that it should not use any of the CDRs.”

The American Civil Liberties Union said Congress should, in response, act to revise USA Freedom Act provisions that modified the FISA law that are due to expire at the end of 2019. "This is another in a series of failures that shows that many NSA spying programs have ballooned out of control and have repeatedly failed to meet the basic limits imposed by Congress and the FISA court," said the ACLU's legislative counsel, Neema Singh Guliani.

The revelation came just before today’s oral arguments for Wikimedia v. NSA in the U.S. District Court for the Eastern District of Virginia, which challenges the collection of American citizens’ so-called “upstream” communications that travel through the U.S. via the internet’s backbone. That, too, is tied to the FISA law, specifically Section 702.

RECENTLY ON PRO CYBERSECURITY — The House Intelligence Committee passed unanimously its intelligence authorization bill. … A hacker claimed a security failure in a popular quiz app on Facebook left millions of people’s data exposed for almost two years. … California lawmakers voted to impose stricter consumer privacy rules on companies.

TWEET OF THE DAY — “pikachupokemon.exe”? Things were so innocent back then.

QUICK BYTES

— The case for redefining “hacker.” Motherboard

— Facebook and Twitter announced new ad transparency measures. CNBC

— Tesla is trying to get Facebook and Dropbox data from a former employee who considers himself a whistleblower and who the company considers a saboteur. Engadget

— Fake news creators are getting more active in Mexico’s presidential election. Reuters

— Web browser Brave has added a new feature using anonymity service Tor. CyberScoop

— “The federal government can’t legislate or mandate its way out of the risk of foreign hackers compromising its networks, the top tech official in the government’s nuclear security agency said.” Nextgov

— Bloomberg Businessweek did a big takeout on the Carbanak gang and its loot haul.

CORRECTION: The June 28 edition of Morning Cybersecurity misstated the name of the cyber education outfit HackEd. Also, this item has been updated to clarify that the Exactis leak involved 340 million records on individuals and business contacts.

That’s all for today. And still.

Stay in touch with the whole team: Mike Farrell ([email protected], @mikebfarrell); Eric Geller ([email protected], @ericgeller); Martin Matishak ([email protected], @martinmatishak) and Tim Starks ([email protected], @timstarks).

Follow us on Twitter Heidi Vogt @HeidiVogt



Eric Geller @ericgeller



Martin Matishak @martinmatishak



Tim Starks @timstarks