Loading...

The Cybersecurity 202: Congress Is Offering Millions In Election Security. States May Not Use It By November.

Loading...

THE KEY

Loading...

An investigator with the Georgia secretary of state's office, left, takes a look at a new voting machine being tested at a polling site in Conyers, Ga. (AP Photo/David Goldman)

Election officials from states spanning New England and the Midwest visited Capitol Hill yesterday with a clear message: Send us more money to help secure the vote.

Yet lawmakers are acknowledging that states probably won’t get more federal funding for election security upgrades anytime soon — which does not bode well for states seeking to upgrade to their systems before an anticipated surge of cyberattacks surrounding the midterm elections. It also could hinder states trying to carefully plan longer-term improvements they hope to make for the next political cycle. 

The Secure Elections Act is the main bill senators are pushing to help states respond to the mounting threats. But at this point, senators “will not use this bill to send additional funding to states,” said a Republican Senate aide who spoke on the condition of anonymity so as not to disrupt deliberations about the bill. 

Lawmakers are seeking to pass the bipartisan legislation by the fall, and there is broad consensus in the Senate about the need to do more to help states.

Although

Sen. Amy Klobuchar (D-Minn.), one of the bill’s co-sponsors, said she was exploring ways to get annual election security funding into the legislation, she

said it could be difficult before the midterms. 

When the bill was introduced in December, it included a $380 million grant program for states to pay for election system upgrades. Congress peeled off that provision and approved it as part of the massive government spending bill President Trump signed in March. Most states are drawing down their shares of those funds now, but election officials and election security experts say it’s just a start — that most states need far more to replace aging voting equipment, hire IT staff and take other steps to secure their networks. 

At a Senate Rules Committee hearing Wednesday, Vermont Secretary of State Jim Condos testified that the state plans to use all of the $3 million share of the election security funding it received from Congress. "

What we really need is ongoing maintenance, if you want to call it,” he said.

 “Cybersecurity is an evolving science and it's an evolving practice, and we have continuous needs.”

“Given the costs of regular technology refreshes and support for human resources with cyber capacity, the needed investment is very large,” added Noah Praetz, director of elections in Cook County, Ill., in written testimony.

“We need a signal that we can invest now for security and not squirrel away recent money for some future episode.”

Minnesota Secretary of State Steve Simon agreed. He told senators that his state planned to use “every penny” of its $6.6 million share of the funds. A steady stream of additional funding was necessary for buying software and hardware, and implementing cybersecurity recommendations from the Department of Homeland Security and private contractors, he said. 

"When DHS and others say 'Great, we’ve done this magnificent overview of your system and here the ten steps or seven steps or 20 steps that we’ve recommended,' very often they have price tags, and so any help we can get on that score is really important," Simon told me after the hearing. “What is fresh and new can become obsolete awfully quickly in this space, which means there will be an ongoing need for resources, wherever those resources come from.”

Klobuchar, who is the top Democrat on the Rules Committee, said that even without funding, other provisions in the legislation would go a long way toward deterring the type of cyberattacks that took place during the 2016 presidential race, in which Russian hackers targeted election systems in 21 states. 

“We have to stop admiring the problem . . . We have to start doing things to stop it from happening again, to stop foreign interference in our elections and to show the rest of the world that we’re serious about this,” she said.

“Even if you can’t get very penny out there, it sends a message to our adversaries that we’re going to take this on.”

In its current form, the Secure Elections Act would streamline the way the Department of Homeland Security shares cyberthreat information with state and local election offices, speed up security clearances for state election officials and set voluntary guidelines for voting equipment and post-election auditing. 

Sen. James Lankford (R-Okla.), who introduced the Secure Elections Act with Klobuchar and several other senators from both parties, said passing the legislation was a priority. 

“I will continue to work with my colleagues to have revised election security legislation enacted into law,” he said in an email. “While additional election funding for states was included in the Omnibus, funding alone is not enough. As we get closer to the 2018 election, it's irresponsible not to act on the Secure Elections Act to protect against interference from foreign entities.”

You are reading

The Cybersecurity 202,

Loading...
our must-read newsletter on cybersecurity policy news.
Not a regular subscriber?

SIGN UP NOW

PINGED, PATCHED, PWNED

Former assistant secretary of state for European and Eurasian affairs Victoria Nuland, left, and former White House cybersecurity coordinator Michael Daniel on Capitol Hill in Washington on June 20. (Alex Wong/Getty Images)

PINGED: 

Two former Obama officials are urging the Trump administration not to make the same mistakes on Russian interference. “Former Obama administration officials warned President Trump on Wednesday to learn from their mistakes and respond forcefully to Russian interference, urging him to make sure Moscow knows exactly what the U.S. will do if the Kremlin attempts to interfere in another election,” The Washington Post’s

Loading...
Karoun>
Loading...
Demirjian
writes. “‘The Russians, and particularly this Kremlin, watch what we do more than what we say — so active deterrence measures would have perhaps been more effective,’ former assistant secretary of state Victoria
Loading...
Nuland told the Senate Intelligence Committee. ‘We know that they may very well do this again, so now we need to be planning what the retaliation will be — and we need to be signaling it.’”
Loading...

Nuland and Michael Daniel, who was White House cybersecurity coordinator under Obama, "warned that the Trump administration was in danger of allowing foreign efforts to influence elections proceed unchecked — exposing the United States to potential interference not just from Russia, but from China and others as well,” Karoun writes.

Loading...

Additionally, Nuland, who serves as chief executive of the Center for a New American Security, said in a written statement that even though the Trump administration 

Loading...
has moved to punish Russia for its actions,

Loading...

it has not launched the kind of Presidentially-led, whole-of-government effort that is needed to protect our democracy and security from malign state actors who are intent on

Loading...
weaponizing

information and the internet.” Karoun adds:

 

Loading...
“Daniel and Nuland recommended a spectrum of policy options, from having the president convene a public-private commission to coordinate potential responses to threats, to approaching cyberattacks as the United States would any other act of war."
Loading...

Google chief executive Sundar Pichai in Mountain View, Calif., on May 8. (Jeff Chiu/AP)

PATCHED: A bipartisan group of Senate and House lawmakers asked Google to “reconsider” its partnership with the Chinese tech giant Huawei. “Chinese telecommunications companies, such as Huawei, have extensive ties with the Chinese Communist Party,” the lawmakers wrote to Google chief executive Sundar Pichai in a letter released Wednesday. “As a result,

this partnership between Google and Huawei could pose a serious risk to U.S. national security and American consumers.”

Sens. Tom Cotton (R-Ark.), Marco Rubio (R-Fla.), and Reps. K. Michael Conaway (R-Tex.), Liz Cheney (R-Wyo.) and C.A. Dutch Ruppersberger (D-Md.) also chided Pichai for Google's decision to end its involvement in an artificial intelligence program with the Defense Department. After Google employees expressed worries about the company's work on Project Maven, the firm said it would not renew its contract with the Pentagon when it expires in March 2019. “This project uses artificial intelligence to improve the accuracy of U.S. military targeting, not least to reduce civilian casualties,” the lawmakers wrote. “While we regret that Google did not want to continue a long and fruitful tradition of collaboration between the military and technology companies,

we are even more disappointed that Google apparently is more willing to support the Chinese Communist Party than the U.S. military.”

Tesla chief executive Elon Musk in Chicago on June 14. (Kiichiro Sato/AP)

PWNED: Tesla on Wednesday sued a former employee who it said hacked the firm's computer systems and stole company secrets. "But the employee, Martin Tripp, told The Washington Post that he did not tamper with internal systems and is instead a whistleblower who spoke out after seeing 'some really scary things' inside the company, including dangerously punctured batteries installed in cars," The Post's Drew Harwell reports. "Tesla attorneys wrote in their lawsuit that Tripp, a former technician at the company's Gigafactory battery plant in Nevada, wrote software to aid in an elaborate theft of confidential photos and video of Tesla's manufacturing systems."

Attorneys for Tesla also said in the lawsuit that the former employee, who worked at the company from October till last week, provided false information about the firm to journalists, Harwell writes. They added that the company “lost business, lost profits and damage to its goodwill” because of Tripp's actions.

“Tripp, the Tesla lawyers said, had been 'disruptive and combative' with colleagues and had grown disgruntled after being assigned to a new role,” Harwell writes. “The company is seeking an untold amount in damages to be decided in trial.”

— More cybersecurity news from The Post and elsewhere:

> The Switch Microsoft CEO responds to employee criticism of company’s contract with ICE Nadella criticized ICE and said Microsoft's contract with the agency only supports administrative functions.

Miranda Moore

> Ex-CIA Contractor Makes Millions Flying Immigrant Kids to Shelters MVM, Inc. went from guarding the U.S. spies in Iraq to hauling children away from the Mexico border on commercial airline flights.

The Daily Beast

PUBLIC KEY

Education Secretary Betsy DeVos on Capitol Hill in Washington on June 5. (Carolyn Kaster/AP)

— It's not just Google's ties to Huawei that raise eyebrows on Capitol Hill. Rubio and 25 other lawmakers from both chambers wrote to Education Secretary Betsy DeVos to voice concerns about Huawei's partnerships with dozens of American universities. They said those relationships may threaten national security, arguing that “Huawei is not a normal private sector company the way we have grown accustomed to thinking of the commercial economy in the West.”

“We urge that you promptly request a complete and classified briefing by the Federal Bureau of Investigation and the Director of National Intelligence on Huawei and Chinese technology acquisition modalities in general (as the technology transfer problem set is bigger than Huawei),” the lawmakers wrote in the letter, which was released Wednesday.

They also asked the Education Department to request information from U.S. universities that have relationships with the company and to assemble a “senior-level working group” to study how Chinese authorities seek to collect technology from American universities.

The ZTE logo at the company's Beijing research and development center on June 13. (Jason Lee/Reuters)

— The Trump administration and Congress still disagree on ZTE. Republican lawmakers on Wednesday said they and Trump moved closer to an agreement on how to keep the Chinese tech company open while alleviating national security concerns on Capitol Hill, Bloomberg News's Erik Wasson, Jenny Leonard and Roxana Tiron report. “But

a White House meeting between the president and Republican members of the House and Senate concluded with no agreement on Trump’s attempt to soften a provision in a Senate defense policy bill that would reimpose a ban on ZTE doing business with its U.S. suppliers,” Wasson, Leonard and Tiron write. “Trump had agreed to lift crippling U.S. sanctions, which threatened to put China’s second-largest telecom equipment maker out of business, after a personal plea from China’s president, Xi Jinping.”

— More cybersecurity news from the public sector:

> A Federal Policy Loophole Is Supporting the Hacking-for-Hire Market. Can It Be Closed? Should the government be able to circumvent its own process for disclosing security vulnerabilities?

Slate

> Draft Reauthorization Pushes NTIA to Investigate Telecom Cyber Supply Chain Threats The draft bill also orders a study on advanced location tech for mobile 9-1-1.

Nextgov

> The Switch California’s net neutrality legislation just got watered down in a big way The move is a blow to Internet activists who sought tougher state rules.

Brian Fung

PRIVATE KEY

> Alexa, I can trust you with my checkbook, right? Hey Alexa, what's my bank account balance? Big banks and financial companies have started to offer banking through virtual assistants — Amazon’s Alexa, Apple’s Siri, and Google’s Assistant — in a way that will allow customers to check their balances, pay bills and, in the near future, send money just with their voice.

The Associated Press

SECURITY FAILS

Equifax's corporate offices in Atlanta on Sept. 8, 2017. (Tami Chappell/Reuters)

— A few people among the millions whose information was exposed in last year's huge Equifax data breach have successfully sued the company in small-claims courts. “Those who have won against the company in court say that the key to their success was being prepared and having proof of the harm they experienced — receipts, for example, for services they would not otherwise have purchased,” the New York Times's Niraj Chokshi reports. “Research local laws that might apply, they advised. Document everything.”

The credit report company's breach extended to more than 145 million Americans, many of whom received an apology and free credit monitoring, according to Chokshi.

THE NEW WILD WEST

Israeli Prime Minister Benjamin Netanyahu at the Cyber Week conference at Tel Aviv University on June 20. (Ammar Awad/Reuters)

— Israeli Prime Minister Benjamin Netanyahu on Wednesday said governments should collaborate to counter cyberthreats so powerful that they could take down civilian and military planes, according to Reuters. “We cannot go back to the world of levers, pulleys and couriers,” Netanyahu said during a cybersecurity conference at Tel Aviv University. “Since we are going forward, we are absolutely vulnerable. Our airlines can be brought down, our fighter planes can be brought down.” Netanyahu also said cybersecurity is a promising market and noted that about 20 percent of global investment in that field goes to Israel, according to Reuters.

“This is a supreme test for our civilization,” the Israeli prime minister said. “It’s going to be tested not only by criminal organizations, by terrorists, but by other states. We have to combine forces.”

— More cybersecurity news from around the world:

> Theresa May casts doubt on UK status as ‘tier one’ military power ‘Shockwaves’ at MoD as PM challenges defence secretary to justify spending plans

Financial Times

> Why Europe’s Cyber Insurance Windfall Hasn’t Happened One of the biggest data-privacy laws in history was supposed to kick off a new era of surging demand for cyber insurance in Europe. So far, it hasn’t.

Reuters

FOR THE N00BS

A cryptocurrency mining computer in Taipei, Taiwan, on June 5. (Tyrone Siu/Reuters)

— Cyberattacks keep targeting cryptocurrency exchanges, and that's because the security of some of those portals sometimes leaves much to be desired, according to The Post's Brian Fung. Fung writes that “hackers love going after exchanges because they are rewarding and often easy targets. In this respect,

exchanges are little different from health-care providers with lucrative medical data, or credit reporting bureaus that hold Social Security numbers.” Fung also provides some advice on how to avoid getting hacked on a cryptocurrency exchange. In short, the idea is to approach those portals in a similar way that you put your savings in an account and keep the money you spend regularly in a checking account.

More cybersecurity news you can use: 

> How Phone Companies Share Your Data Carriers like Verizon Communications and AT&T get requests for their customers’ whereabouts from all sorts of places. How they handle them depends on who is asking.

ZERO DAYBOOK

Today

Coming soon

EASTER EGGS

Two starkly different realities for migrants crossing into the United States. This is what they look like:

The Trump administration’s wildly contradictory statements on family separation:

“Gotti” is not the only movie Rotten Tomatoes hates:


Trending Hairstyles

Source : https://www.washingtonpost.com/news/powerpost/paloma/the-cybersecurity-202/2018/06/21/the-cybersecurity-202-states-need-more-money-to-secure-the-vote-congress-is-unlikely-to-send-it-by-november/5b2a404f1b326b3967989b89/

The Cybersecurity 202: States need more money to secure the vote. Congress is unlikely to send it by November.
The Cybersecurity 202: Voter confidence is biggest election security challenge, DHS official says
Rick Scott orders Florida to use federal cybersecurity money for 2018 elections
Hacking the election is nearly impossible. But that's not Russia's goal.
Era of dynastic politics over, says PM Narendra Modi
The Cybersecurity 202: 'If you don’t have a brand, you’re not in the game.' New DHS cyber chief wants to rename his agency
Amid election cyber-threats, counties plead with state for more money
Six Things to Know About DHS’ ‘Not a Takeover’ of Elections
The Cybersecurity 202: States need more money to secure the vote, but Congress is unlikely to send it by November
Pressure builds to improve election cybersecurity