STINGRAY BOMBSHELL — The mystery of who planted cellphone surveillance devices, also known as Stingrays, near the White House appears to be solved thanks to the intrepid work of POLITICO White House reporter Daniel Lippman. The U.S. government believes it was Israel, three former senior U.S. officials told him — and the Trump administration apparently opted not to do anything about it. News that DHS discovered the Stingrays, or IMSI catchers, first surfaced in 2018.
The administration “did not rebuke the Israeli government, and there were no consequences for Israel’s behavior,” one former U.S. official told Daniel. It appears the likely target of the cellphone intercept devices was President Donald Trump and his top aides and advisers. “Based on a detailed forensic analysis, the FBI and other agencies working on the case felt confident that Israeli agents had placed the devices, according to the former officials, several of whom served in top intelligence and national security posts,” according to the story out this morning.
I’LL KNOW IT WHEN I SEE IT — Federal regulators brushed off contractors’ requests to specifically name the Kaspersky products that they can no longer use, issuing a final rule Tuesday that retained general language about how contractors must sever ties with the Russian cybersecurity firm. The government’s three main procurement agencies — GSA, NASA and the Pentagon — said that providing a specific list of banned products would be “impractical” because of “the continually evolving nature of technological product and service offerings, including third-party products that may either add or eliminate inclusion of elements such as Kaspersky Lab software.” The agencies noted that contractors hadn’t offered any suggestions for how to do this while the rule was being written.
The government’s response to industry feedback about its Kaspersky ban, first reported by Inside Cybersecurity, could foreshadow the degree of specificity in a similar rule expected by Oct. 12. The Commerce Department is preparing regulations that will likely ban U.S. telecom operators from working with the Chinese telecom equipment maker Huawei and other firms with ties to Beijing. Many of the same concerns about how to identify products and services containing Kaspersky code apply to Huawei, ZTE and other Chinese companies.
The final Kaspersky rule says that the government will coordinate with the recently created Federal Acquisition Security Council in deciding what information to share with companies to help them comply with the rule. Similar coordination and information sharing will likely follow the telecom supply chain regulations.
IT DOES SOUND PRETTY BAD — The nightmare cyber scenario involving a chemical plant is an attack triggering a facility to release chemicals, a DHS official told the House Energy and Commerce Committee on Wednesday. “I suppose that the worst case scenario [is] where a facility has cyber systems that are … pretty fully integrated with its industrial control systems with its chemical process systems that a cyber attacker could work to manipulate those processes, potentially causing a release of chemicals,” said David Wulf, acting deputy assistant secretary for infrastructure protection at DHS.
The panel was evaluating a legislative extension and update of the Chemical Facility Anti-Terrorism Standards program, H.R. 3256, which contains a number of cyber provisions.
BACK IT UP — Baltimore city officials acknowledged for the first time on Wednesday that hackers destroyed data in the costly ransomware attack that crippled the city in May. Josh Pasch, the city’s auditor, and his team have not been able to check some claims the IT department made about its performance without the missing data, which was not backed up. He recommended at the city’s spending board meeting to “revisit and implement a backup system.” It is unclear how much data is missing.
INTEL TALKS UNDERWAY — House and Senate lawmakers have begun to negotiate a compromise intelligence policy bill. “I’m still optimistic that we can get this over the line,” Sen. Mark Warner, the Senate Intelligence Committee’s top Democrat, told reporters on Wednesday. “It’s terribly important in terms of guidance for the intelligence community and certain issues like the security clearance reforms. Very important.”
In June, the Senate attached its version of the intel bill, S.1589, to the annual defense policy legislation, S. 1789. The House overwhelmingly passed its intelligence bill, H.R.3494, separately. The chambers have not yet voted to form a joint conference committee or named conferees to hammer out a final defense bill. An initial conference committee meeting set for Wednesday was pushed back to Sept. 19. “We have been working to conference the IAA with our Senate colleagues, and given this is a three-year IAA, a great deal of the work had been previously completed,” a House Intelligence Committee aide told Martin. “We’re hopeful that we will come to agreement soon, and can pass an IAA across both the House and Senate in the next few weeks.” Whether the intelligence legislation remains joined to the must-pass defense bill ultimately will be up to congressional leaders.
IT’S PRIVACY SHIELD REVIEW TIME AGAIN — From our friends at Morning Tech: Today kicks off the third annual review of Privacy Shield, the U.S.-EU agreement that smoothes the flow of digital data across the Atlantic. The EU has a delegation in town for the process; in the past, the EU side has ended up expressing concern about both how American companies handle Europeans’ data and federal authorities’ ability to enforce the deal’s protections, but ultimately signing off on re-upping.
Much the same’s expected this year — especially now that the U.S. has met key European demands by naming the State Department ombudsperson promised under the deal and filling out the Privacy and Civil Liberties Oversight Board.
Said the White House in a statement marking the start of the talks, “The Trump Administration’s commitment to robust privacy protections for individuals has never been stronger.”
TWEET OF THE DAY — Maybe it’s better not to think about it.
RECENTLY ON PRO CYBERSECURITY — The Senate Intelligence Committee could vote on another Russia report next week. … Microsoft President Brad Smith suggested in a book that Big Tech’s future should involve acceptable regulations. … The White House has begun its purge of the National Security Council following the departure of John Bolton as national security adviser. … Sen. Ed Markey (D-Mass.) pushed TSA to pause its use of facial recognition technology.