OPM WANTS $37M MORE FOR IT — The Office of Personnel Management told congressional appropriators it could use another $37 million to migrate its IT systems in the fiscal year starting in October, Dave scoops. The request came in an email sent last Friday, which was a response to congressional inquiries, OPM’s spokesman said. But any formal request for more money in the fiscal year 2016 OPM budget proposal would have to come from the Office of Management and Budget, and no such supplemental request has been sent in, according to a Senate Appropriations aide. More, from Dave: http://politico.pro/1Hwoho1
U.S. CYBER WARRIORS FARE OK IN WAR GAME — Cyber Command put its troops to the test recently, and generally they did pretty well, the Defense Department said in a rare press call Wednesday. Unlike a “capture the flag”-style competition, the opposing, red team wasn’t aiming to win, but rather “to train the blue team participants,” said Rear Adm. Kevin Lunday, director of exercises and training at U.S. Cyber Command. “They do that by placing them under extreme stress and pressure. … That’s where learning occurs — near the point of failure.” As a result, the red teams raise and lower their game based on how well the defender teams were performing, he said. In the simulation last month, a cyberattack caused electricity to be intermittent on the costs, causing panic. ATMs weren’t all operational and a U.K. port went offline. Joe has the story on the biggest Cyber Guard exercise to date:http://politico.pro/1IPvEnb
CYBER FUELS PENTAGON PIVOT BACK TO NATION-STATE WORRIES — The U.S. military expects to refocus its planning away from combatting violent extremist groups and back to preparing to battle nation states — in part because of the growing threat of nation-state cyberattacks, according to the annual National Military Strategy that Chairman of the Joint Chiefs of Staff Martin Dempsey released Wednesday. The report also lists the proliferation of weapons of mass destruction along with space and drone capabilities as reasons “we must pay greater attention to challenges posed by state actors” for “the foreseeable future.” The report also touts the buildup of Cyber Mission Forces and the standup of the Joint Information Environment, a DoD-wide computer cloud, as preparing the military to fight future wars. The report: http://1.usa.gov/1Itrd5v
HAPPY THURSDAY and welcome Morning Cybersecurity, where we’re getting ready for barbecue, explosions and rest this holiday weekend. As a programming note, we won’t be publishing tomorrow in observance of the Fourth of July holiday, but we’ll be hitting your inboxes again bright and early on Monday with Joe at the wheel. Enjoy your weekend! And send your thoughts, tips and feedback to [email protected] and follow @talkopan, @POLITICOPro and @MorningCybersec. Full team info below.
FBI GIVES NO ANSWER, YET, ON RULE 41 — The FBI has let slip a deadline from the Senate Judiciary Committee to respond to questions about the bureau’s use of spyware and hacking techniques, including a request to brief the committee. Chairman Chuck Grassley sent FBI Director James Comey a letter on June 12 asking for answers to a number of questions about law enforcement’s use of remote search techniques on computers, especially in light of a rule change sought by the Justice Department that would allow them to go to magistrate judges for a warrant to remotely search a device when its location is concealed. The committee had wanted answers by June 26 and a briefing by July 2. As of Wednesday night, a committee aide confirmed, the FBI had yet to respond. Background: http://politico.pro/1LEfORl
COMEY TO FACE SENATE DOUBLE-HEADER — The Senate’s Judiciary and Intelligence committees will both hear law enforcement’s complaints about “going dark” next week, as they consider the role technology and encryption play in balancing privacy and national security. FBI Director James Comey is slated to appear next Wednesday at the Intel hearing (http://1.usa.gov/1LICbpR) and Judiciary has lined up two panels that afternoon: One with Comey and Deputy Attorney General Sally Yates, and another with New York District Attorney Cyrus Vance Jr., researcher Herbert Lin and law professor Peter Swire (http://1.usa.gov/1LICocv).
As we reported Wednesday, data from American courts doesn’t seem to bolster the law enforcement case that client-side or end-to-end encryption is a significant problem for criminal investigators. Your host dissects the numbers:http://politico.pro/1GPn9Ic
CONNOLLY: OPM MISSPELLED MY NAME — Rep. Gerry Connolly said the Office of Personnel Management has done little to earn his confidence in its ability to handle its massive breach — and their care of his own records don’t help. Connolly said that his office asked OPM about his status as part of the breach, since he had a break in Hill service and a security clearance, but was told he wasn’t part of the compromised population. “And then it turns out they had misspelled my name, so I am part of the 4.2 million, but they got it wrong,” he told Federal News Radio, saying the second “o” in his name was written as an “e” instead. “That is not a confidence-inducing measure.” The Virginia Democrat, who represents plenty of federal employees, said he isn’t yet calling for the OPM director or CIO’s resignation, saying that the chorus of lawmakers who have may be avoiding responsibility for not giving federal agencies adequate resources for IT. The story:http://bit.ly/1LV9Vxd
ROUSEFF FETES SILICON VALLEY — Brazilian President Dilma Rousseff spent a day on the west coast Wednesday, breakfasting with former U.S. secretary of homeland security and current University of California President Janet Napolitano. Rousseff met with Google executive chairman Eric Schmidt, who demonstrated one of the company’s self-driving cars, before Rousseff took a ride. Reuters has the story: http://reut.rs/1Kucol1
VA MANDATES TWO-FACTOR AUTHENTICATION FOR ELEVATED USERS — Veterans Affairs Department staffers with any elevated system privileges will have to use two-factor authentication to log in beginning this month, according to a series of memos VA acting CIO Steph Warren shared with reporters Wednesday. Elevated accounts without a second factor will be shut down. VA will inventory and revalidate all existing elevated privileges and centralize the process going forward. All VA employees who aren’t directly responsible for patient care will have to use PIV cards and personal PINs to access any VA information systems. During a conference call, Warren said he expects no lapse in cybersecurity despite a $2.5 billion budget shortfall and told reporters he’s used the OPM breach as a “learning moment” to talk with VA employees about their personal cyber hygiene. Warren’s successor as CIO, LaVerne Council, will be sworn in Monday, he said.
** A message from Northrop Grumman: Today’s enemy threats have taken on forms like never before. That’s why our full-spectrum cyber capabilities enable our military to tackle challenges at the push of a button. See how athttp://bit.ly/1IM0OAJ **
DIRTY SILK ROAD AGENT PLEADS OUT — The former DEA agent accused of using the Silk Road investigation to enrich himself pleaded guilty on Wednesday to extortion, money laundering and obstruction of justice, the Justice Department announced late in the evening. Carl Force was an undercover agent on the Silk Road investigation, and he admitted to using that position to steal bitcoin in a number of ways, including creating a separate online persona from the investigation called “French Maid” to extort money from the subject of the investigation, convicted mastermind Ross Ulbricht. He also kept bitcoin payments from the investigation without disclosing them to the government.
The DOJ said the guilty plea should send a message to would-be criminals. “While investigating the Silk Road, former DEA Agent Carl Force crossed the line from enforcing the law to breaking it,” said Assistant Attorney General Leslie Caldwell. “Seduced by the perceived anonymity of virtual currency and the dark Web, Force used invented online personas and encrypted messaging to fraudulently obtain bitcoin worth hundreds of thousands of dollars from the government and investigative targets alike.” Force will be sentenced in October. The other allegedly dirty Silk Road agent, former Secret Service Agent Shaun Bridges, also plans to plead guilty, his attorney said last month. More: http://1.usa.gov/1R6fIH1
SWEDEN TO JOIN NATO CYBER CENTER AS A ‘CONTRIBUTING PARTICIPANT’ — Sweden will join NATO’s Cooperative Cyber Defense Center of Excellence in Tallinn, Estonia, as a contributing participant, the CCDCOE said yesterday. The move bolsters the center’s reputation as a center for cyber expertise that stretches beyond NATO nations. It comes just about a week after Defense Secretary Ash Carter pledged a slate of new cyber training and expertise programs for NATO and its allies operating out of the center. Details: http://bit.ly/1IPco9j
NEXT JRSS SOFTWARE WILL CRUNCH BIG DATA FOR CYBER THREATS — The next generation of software that will run the Joint Regional Security Stacks that undergird DoD’s planned Joint Information Environment computer cloud will include big data crunching tools that can “harvest security insights from data that is not intuitively security-related,” according to a Federal Computer Week scoop. DoD Chief Information Officer Terry Halvorsen was introduced to the capability during a recent Silicon Valley tour and decided to incorporate it into an upcoming request for proposals for the Joint Management System software that runs the JRSS he told FCW. The RFP should be out in late July or early August, FCW reported. “We’ll be able to ask industry to do … certain things that I think we would not have been able to ask them before the trip, because we now see that it’s capable,” Halvorsen told FCW. The story:http://bit.ly/1Iu8gQm
ICS-ISAC MERGES WITH WEBSTER UNIVERSITY — The Industrial Control System Information Sharing and Analysis Center is merging with Webster University’s Cyberspace Research Institute, it announced on Wednesday. The university provides “a robust platform and substantial infrastructure that allows the ICS-ISAC to more fully achieve its mission,” the announcement said. It also noted that Webster is drafting a proposal to establish the $11 million organization that’ll be charged by DHS to establish standards for Information Sharing and Analysis Organizations.
RILA JOINS CHAMBER GROUP — The Retail Industry Leaders Association announced Wednesday that they will also be a part of the Cybersecurity Leadership Council with the U.S. Chamber of Commerce. As first reported by Morning Cybersecurity in April, the new council will be helmed by former DHS Secretary Tom Ridge and will also include the Alliance of Automobile Manufacturers. The council will support the Chamber’s Cybersecurity Working Group on policy and decision-making. It will provide a platform for business and trade associations to advocate for cyber policy and best practices with a market-based focus.
REPORT: U.S. SPIED ON GERMAN LEADERS IN GREECE TALKS — The U.S and Britain were spying on German leaders in 2011 while discussing the Greek economic crisis, two newly leaked NSA briefs revealed on Wednesday. Published on WikiLeaks, the briefs included a redacted list of German government phone numbers dating back 15 years, when the snooping may have started, and point to spying on Chancellor Angela Merkel specifically. Foreign surveillance revelations — including of the German chancellor — are nothing new, but it’s yet another blow at a time when America is trying to rebuild foreign trust and goodwill after previous leaks. The story from Ars Technica: http://bit.ly/1BZqOGR Plus, the Intercept released new XKEYSCORE documents: http://bit.ly/1HuGPVH