With help from Eric Geller, Mary Lee, Martin Matishak and John Hendel
Editor’s Note: This edition of Morning Cybersecurity is published weekdays at 10 a.m. POLITICO Pro Cybersecurity subscribers hold exclusive early access to the newsletter each morning at 6 a.m. To learn more about POLITICO Pro’s comprehensive policy intelligence coverage, policy tools and services, click here.
Story Continued Below
— Robert Mueller is on the Hill today, finally, and he’ll surely face some election security questions.
— The attorney general made a big deal on Tuesday about getting “lawful access” to encrypted products, and a ton of people disagreed with him.
— Business groups, tech giants and defense contractors were among the biggest lobbying spenders focused on cybersecurity during the second quarter.
HAPPY WEDNESDAY and welcome to Morning Cybersecurity! Your MC host will not be heading to Black Hat or DEFCON this year. Eric will, though. He’s also in New York for the Fordham University conference mentioned later here. Please send your thoughts, feedback and especially tips to email@example.com. Be sure to follow @POLITICOPro and @MorningCybersec. Full team info below.
MUELLER MUELLER MUELLER — Look for election security questions to be at least part of today’s blockbuster House hearings with former special counsel Mueller. In advance of the hearings, a group of Senate Democrats on Tuesday used the occasion to renew their call for election security legislation stalled in their chamber. Among the House Judiciary and Intelligence committees, Democrats are divided on how much time they’ll spend on election security as opposed to other issues; some plan to make it their focus, others say they wish they had time but won’t.
There were the expected existential dilemmas leading up to the big day. House Judiciary Chairman Jerrold Nadler (D-N.Y.) blasted the Justice Department for seeking to limit Mueller’s testimony, while Attorney General William Barr said DOJ only offered the guidance at Mueller’s request.
BILL, CALL YOUR OFFICE — Barr on Tuesday reopened the debate over encryption, arguing its increased use puts the country’s security at risk and calling on companies to give law enforcement access to devices during investigations. “There have been enough dogmatic pronouncements that lawful access simply cannot be done,” Barr said at a Fordham University cybersecurity conference in New York. “It can be, and it must be.”
The remarks sparked an avalanche of rebukes. “Attorney General Barr has done little more than repeat the time-worn arguments against communications security that have been coming from the FBI,” Greg Nojeim, senior counsel and director of the Center of Democracy and Technology’s Freedom, Security & Technology Project, said in a statement. Noah Theran, spokesperson for the Internet Association, said encryption “protects Americans from countless daily cyber attacks and secures our most personal information. Companies must not be required to engineer vulnerabilities into their products and services that could put us all at risk.”
In prepared remarks on the Senate floor, Sen. Ron Wyden (D-Ore.) said “banning encryption in America will not stop bad guys from using encryption … It will only leave Americans less secure against foreign hackers. And — I regret having to say this — it will leave Americans less secure against intrusions by this lawless administration.”
DEEP POCKETS — Second-quarter lobbying disclosure reports are out this week, and K Street has cybersecurity on their minds. The top spender for the quarter, the U.S. Chamber of Commerce ($12.5 million), reported lobbying on an array of cyber-related issues, including “China’s intellectual property regime industrial policies and cybersecurity issues,” cybersecurity legislation, “cyber incident reporting of breaches, hacks, and other security incidents,” and “deepening business and governmental operational collaboration against foreign cyber threats.”
Tech giants Amazon ($4.1 million) and Facebook ($4 million) posted record high figures this quarter for a three-month period. Facebook reported lobbying on issues related to platform integrity, encryption and storage and access to electronic communications, while Amazon reported lobbying on issues related to intelligence authorization legislation (H.R. 3494/S.1589) and cloud security. Other top spenders that lobbied on cybersecurity include the American Medical Association ($4.8 million) and defense manufacturer Boeing ($3.9 million), which reported lobbying on issues related to Cyber Command and aircraft cybersecurity.
WHO KNOWS BEST? — An election security panel at Fordham University’s cybersecurity conference Tuesday highlighted major disagreements about the decentralized nature of U.S. elections, most notably whether it’s good or bad that local officials are responsible for protecting their election infrastructure. One side of the argument came from Chris Wlaschin, the vice president for systems security at Election Systems & Software. “Whatever the voting style that that state or local jurisdiction wants to use, we as a technology community want to support that and do it safely,” Wlaschin said at the event, adding that “we have long known that election authorities” know best what their voters want.
A different perspective came from Anthony Ferrante, a former cyber official at the National Security Council and the FBI who is now at FTI Consulting. “Election officials need to know the risks,” Ferrante said. He recounted meeting with local authorities over the past two years and hearing their pleas for more government aid. “They’ve all said, ‘We need help. We don’t have the help we need,’” he said. “The threat is evolving every single day, and they don’t have the resources … to get in front of this.” Ferrante shared a startling example: One local official said “they tally their votes by hand and they email them to the secretary of state,” he recalled. “They had no idea that email can be intercepted and manipulated.”
WRAY WRAY — FBI Director Christopher Wray said Russia remains determined to interfere in U.S. elections, and that “Until they stop, they haven’t been deterred enough.” Despite that, he told the Senate Judiciary Committee, he doesn’t know of any additional tools he needs from Congress to fight Russian election meddling. He said Congress could help by giving the FBI the additional money President Donald Trump sought in his fiscal 2020 budget. Wray also said loss of “business records” collection authority could damage the bureau’s cyber mission, and that he hasn’t read the entirety of the Mueller report.
TODAY: SENATE COMMERCE TO VOTE ON 5G SECURITY — From our friends at Morning Tech: The panel convenes this morning to mark up two bipartisan measures aimed at keeping the Trump administration on the right track on 5G security. That includes U.S. 5G Leadership Act, S. 1625, from Commerce Chairman Roger Wicker (R-Miss.), and The Secure 5G and Beyond Act, S. 893, from Sen. John Cornyn (R-Texas). These measures would force the Trump administration to nail down its 5G security strategy at a time of particular administration chaos on the subject. Cornyn suggested lawmakers may be able to find a vehicle to tuck the 5G legislation into by Sept. 30, the end of the fiscal year, saying, ”Any port in the storm is fine with me.”
Negotiation was still underway on Tuesday, according to Sen. Mark Warner (D-Va.), top Democrat on the Intelligence Committee and a lead backer of the 5G Leadership Act. The bill would slate $700 million for rural telecom companies in the U.S. to ditch their low-priced gear from Chinese telecom giant Huawei. That figure is “not sufficient, but it’s a good start,” Warner said.
TWEET OF THE DAY — The replies here are a gold mine.
RECENTLY ON PRO CYBERSECURITY — The NSA is establishing a cybersecurity directorate. … The Senate confirmed Mark Esper for Defense secretary. … Sen. Rick Scott (R-Fla.) introduced legislation that would force online retailers to disclose the country of origin of products on their platforms. … Rep. Devin Nunes (R-Calif.) met with Trump to discuss replacements for Director of National Intelligence Dan Coats, stirring speculation that Nunes himself could get a spy post.
— Google banned DarkMatter certificates from Chrome and Android. ZDNet
— Researchers found flaws in popular corporate VPNs. TechCrunch
— Police in the U.K. and Netherlands are trying an experiment to rehab teen hackers. CyberScoop
— “The Lost Policymaker’s Guide to Hacker Summer Camp.”
— Awkward. CyberScoop
That’s all for today.
Stay in touch with the whole team: Mike Farrell (firstname.lastname@example.org, @mikebfarrell); Eric Geller (email@example.com, @ericgeller); Mary Lee (firstname.lastname@example.org, @maryjylee) Martin Matishak (email@example.com, @martinmatishak) and Tim Starks (firstname.lastname@example.org, @timstarks).