With help from Eric Geller, Martin Matishak and Doug Palmer
Programming announcement: This 10 a.m. version of Morning Cybersecurity will end daily publication on July 10 and move to a week-ahead style newsletter that publishes on Monday mornings. For information on how you can continue to receive daily policy content, as well as information for current POLITICO Pro subscribers, please visit our website.
MC exclusive: House and Senate officials say theyre making moves to enable encrypted calls from one side of the Capitol to the other.
A House panel will examine Covid-19 cybercrime, from the increase in number of attacks to whos responsible.
The White House is resisting the creation of a national cyber director, the most visible recommendation of the Cyberspace Solarium Commission, one of its co-chairs said.
HAPPY TUESDAY and welcome to Morning Cybersecurity! Most headlines feel very strange these days. Send your thoughts, feedback and especially tips to [emailprotected]. Be sure to follow @POLITICOPro and @MorningCybersec. Full team info below.
Get the free POLITICO news app for the critical updates you need. Breaking news, analysis, videos, and podcasts, right at your fingertips. Download for iOS and Android.
FIRST IN MC: CONGRESSIONAL CALL ENCRYPTION The Senate sergeant at arms and House chief administrative officer are taking steps to encrypt cross-Capitol calls, they said in a letter to lawmakers on Monday. Calls made between Senate Voice over Internet Protocol phones are encrypted, and calls made between House VOIP phones are encrypted, but calls between the two chambers are not.
Modernization of the Senates VOIP system is ongoing and may be necessary to allow for encrypted cross-Capitol calls, the officials wrote to a long list of lawmakers from both chambers and parties who signed a letter last month, led by Sen. Ron Wyden (D-Ore.) and Rep. Anna Eshoo (D-Calif.), asking for such protected voice communications. The House and Senate are examining how to implement the calls, the officials added.
"To further explore the feasibility of encrypting calls between the two bodies, the Senate and the House will commission an independent third-party assessment of the two current infrastructures providing a recommendation to include technical guidance, industry best practice, and risks and impact considerations to ensure encrypted inter-chamber voice traffic," wrote Sergeant at Arms Michael Stenger and Chief Administrative Officer Philip Kiko. "The Senate and the House will also form a technical working group comprised of staff from both bodies to review these recommendations and provide a detailed plan regarding the most efficient and cost-effective technical solution."
Congress is an obvious target for foreign intelligence services, so we are highly pleased to see that the Senate and House are moving toward securing calls between the chambers with strong encryption. Secure, backdoor-free encryption is essential, including to protect Congress against foreign threats, Wyden and Eshoo said in a statement to MC.
HILL ATTENTION ON CORONAVIRUS CYBERCRIMINALS The House Financial Services national security subcommittee holds a hearing today on Covid-19 cyber threats, following a similar virtual roundtable in May. A committee aide said the hearing is expected to be bipartisan and will likely focus on examining the increased volume of cyber threats exploiting the Covid-19 crisis, analyzing what kind of schemes and methods cyber experts are detecting, and discussing whos perpetuating the attacks on Americans and how. Heres a reminder of the witnesses and legislation in play.
WHITE HOUSE AGAINST NATIONAL CYBER CHIEF The Trump administration opposes a Cyberspace Solarium Commission proposal to create a national cyber director, Sen. Angus King (I-Maine) said Monday. The White House is resistant to it, King, one of the commissions co-chairs, said during a New America webinar. The national security adviser [Robert OBrien], I suspect, doesnt like it. No national security adviser would, because its some diminution of their authority. But I think its one of the most important recommendations we have.
A senior administration official confirmed the executive branchs stance. To best protect the American people in the most effective manner, the administration is opposed to the creation of a National Cyber Director because, among other things, it would limit the authority of the president to select and appoint his own advisers, create conflicting layers of authority, and inevitably create budgetary inefficiencies, the official told Martin in an email.
The Senate Armed Services Committee last week included almost a dozen recommendations from the Solariums report in its draft of the fiscal 2021 defense policy bill but stopped short of creating the office, instead requesting an independent assessment on establishing the Senate-confirmed post. That language is literally a placeholder so there can be further discussions with other lawmakers and the administration, according to King. Im really hopeful, Im not going to put a percentage on it, but its so logical, he said, adding success boils down to basically persuading the administration. This isnt about President Trump. This is about any president. This is a favor to the president, giving them someone that they can hold accountable in this area. I think there's a reasonable shot at it.
EYES EMOJI Nearly 60 percent of businesses in the Americas region let employees use their social media accounts to access work resources, and more than 40 percent of corporate cyber defenders consider usernames and passwords to be one of the best ways to limit unauthorized network access, according to a new Thales survey of 300 IT professionals in the U.S. and Brazil. Furthermore, nearly 30 percent of respondents called social media credentials one of the best tools for protecting cloud platforms from intruders, Thales revealed in its 2020 Access Management Index report.
The report wasnt all bad news, however. Ninety-five percent of IT professionals told Thales that their organizations have implemented multi-factor authentication, and 59 percent reported using smart single sign-on solutions. Additionally, 65 percent of respondents said their IT leaders found it easy to convince corporate boards that cybersecurity mattered, up from 44 percent a year ago. The number of respondents who said it was difficult declined from 33 percent a year ago to 16 percent now.
SOC IT TO ME More than 8 in 10 security operations centers are confident in their capacity to detect cyber threats, even though 40 percent still struggle with staff shortages, an Exabeam annual survey out today found. SOC outsourcing has declined in the U.S. from 36 percent to 26 percent, although it's become more common in Europe, among other findings from the report, which polled personnel in the U.S., the U.K., Canada and Australia.
SO IT WILL WIN A LOT OF AWARDS? Based on Georgias primary voting issues last week, Wyden said Monday that the nation could be heading toward an election Chernobyl. The state showed how everything can go wrong, he wrote on Medium. Start with a base of shoddy electronic election equipment and a system that was unprepared for a surge in mail-in ballots, he said. Add a failure in leadership from state election officials, who had no contingency plans for extremely predictable COVID-related complications. And top it all off with Republicans usual affinity for ensuring that Black voters and other people of color face huge hurdles to get to the ballot box. Congress needs to act on election funding and improvements immediately, Wyden argued.
DOE BOSS HEADS TO IDAHO Energy Secretary Dan Brouillette will tour a cyber hub at the Idaho National Laboratory on Thursday. He will see firsthand the Labs new CyberCore Integration Center, a facility that enables partnerships across federal agencies, private industry, and university partners to secure control systems from cyberthreats, the department announced on Monday.
WELCOME TO TWITTER, GEN. NAKASONE NSA and Cyber Command chief Gen. Paul Nakasone made his Twitter premier Monday. I'll be using this platform to speak directly to you about partnerships and engagements in my role as Commander @US_CYBERCOM and Director @NSAgov, he said in his inaugural message. Then, in what perhaps was a nod to the bizarre romance scams where the fraudsters pretended to be him, Nakasone added: You can rest assured this is the only place (besides @NSAgov, @US_CYBERCOM, and my other official social media accounts) that you'll find me.
HUAWEI SLACK From our friends at Morning Trade: The Commerce Department issued a new rule that it said would ensure Huaweis placement on the U.S. entity list does not prevent American companies from contributing to important standards-developing activities despite Huaweis participation in standards-development organizations. The Information Technology Industry Council welcomed the move.
DONT MAIL FETAL PIGS TO YOUR CRITICS For one thing, the retailer may not ship it. For another, you might get indicted for cyberstalking, like six former eBay employees did on Monday. Federal prosecutors charged eBays former head of security and five others with taking part in a bizarre campaign to harass a couple who write and publish an e-commerce newsletter that criticized the company. (The Natick, Mass.-based newsletter isnt named in the indictment but details in the court filings indicate it is eCommerceBytes).
In addition to anonymous, threatening messages, the former employees sent a box of live cockroaches, a funeral wreath and a bloody pig mask to the pair, our colleagues at Morning Tech report. They also tried to send a fetal pig but were thwarted when the company declined to deliver it. In a statement, eBay said it terminated all of the employees involved including the companys former chief of communications after finding out about the cyberstalking. An internal investigation found former eBay CEO Devin Wenig, who stepped down in September, had inappropriate communications but didnt know about or authorize the campaign, the company said.
TWEET OF THE DAY A sobering summary.
Onapsis today released research on Oracle financial software vulnerabilities that would allow attackers to pilfer financial information, modify accounting reports or disrupt a business. Oracle has issued patches for the vulnerabilities in its E-Business Suite.
FBI Director Christopher Wray on Monday announced James Dawson as the special agent in charge of the criminal and cyber division of the Washington field office. He most most recently served in the same office as the special agent in charge of the mission services division.
Amnesty International and Citizen Lab reported on Indian human rights activists targeted by the NSO Groups Pegasus spyware.
Kaspersky produced a report on porn and cyber threats.
Wired: Researchers turned up a pretty big trove of sensitive dating app data.
The New York Times: "A Conspiracy Made in America May Have Been Spread by Russia."
CyberScoop: Hackers are pretending to be a top Taiwan health official to steal sensitive info.
ZDNet: A South African bank has to replace 12 million cards following an employees theft of the master key.
Thats all for today.
Stay in touch with the whole team: Eric Geller ([emailprotected], @ericgeller); Bob King ([emailprotected], @bkingdc); Martin Matishak ([emailprotected], @martinmatishak); Tim Starks ([emailprotected], @timstarks); and Heidi Vogt ([emailprotected], @heidivogt).
View original post here:
First in MC: Moves afoot on encrypted calls between House, Senate - Politico