With help from Eric Geller, Mary Lee and Martin Matishak
Editor’s Note: This edition of Morning Cybersecurity is published weekdays at 10 a.m. POLITICO Pro Tax subscribers hold exclusive early access to the newsletter each morning at 6 a.m. Learn more about POLITICO Pro’s comprehensive policy intelligence coverage, policy tools and services, at politicopro.com.
Story Continued Below
— Voting equipment vendors will appear today before the House Administration Committee for a unique hearing, and lawmakers, experts and others will hash out a number of policy issues.
— Researchers discovered a powerful tool that a Russian cybercrime gang is deploying to go after high-value targets stealthily.
— Even if tensions with Tehran decline, concerns about Iran’s malicious activity in cyberspace will remain.
HAPPY THURSDAY and welcome to Morning Cybersecurity! Like, together? That would be cool. Send your thoughts, feedback and especially tips to email@example.com. Be sure to follow @POLITICOPro and @MorningCybersec. Full team info below.
ELECTION VENDOR CHIEFS MAKE MASS HILL DEBUT — The three leaders of the top election equipment makers testify today for the first time before one congressional committee, the House Administration panel. Chairwoman Zoe Lofgren (D-Calif.) indicates in her prepared opening remarks that she doesn’t plan to go easy on them.
“Despite their outsized role in the mechanics of our democracy, some have accused these companies of obfuscating, and in some cases misleading, election administrators and the American public,” her remarks read. “Others suggest there is an insufficient regulatory structure for this sector.” She’ll be asking questions about vendors’ supply chain security, ownership and the issue of remote access to software.
The top Republican on the committee will call for an update of the Help America Vote Act passed into law in 2002 in response to the 2000 elections. “There have been many developments in voting system technology that are not addressed in this original HAVA language, like e-poll books and securing online registration databases,” reads the prepared opening statement of Illinois Rep. Rodney Davis. “It’s been almost 20 years since this law has been updated, and with the recent developments in election security and technology, it’s time to modernize these laws again and incentivize new, more secure infrastructure development from vendors.”
The leaders of Election Systems & Software, Hart InterCivic and Dominion Voting Systems largely tout their security safeguards in their written testimony, but ES&S CEO Tom Burt supports bolstering funding for the Election Assistance Commission and Hart InterCivic CEO Julie Mathis encourages increased funding for both the EAC and NIST. Georgetown University professor Matt Blaze will highlight ongoing security flaws, however, and the Brennan Center’s Liz Howard will call for enhanced federal oversight of election vendors.
EAC Commissioner Doug Palmer said in written remarks that the extra money Congress gave the commission in the most recent spending bill will allow it to fill staffing vacancies and hire new personnel in its testing and certification program. The panel also will hear from a local Illinois election official, a Florida University professor and the president of the North Carolina NAACP.
UNLIMITED POWER — The Russian cybercrime gang TrickBot is using a powerful, stealthy, fileless tool dubbed PowerTrick to get into high-value, well-protected, air-gapped networks, according to research out today from SentinelLabs, the research division of SentinelOne. Tools like PowerTrick are “flexible and effective which allows the TrickBot cybercrime actors to leverage them to augment on the fly and stay stealthy as opposed to using larger more open source systems,” the company wrote.
The high-value targets include financial institutions, SentinelLabs found: “The end-goal of the PowerTrick backdoor and its approach is to bypass restrictions and security controls to adapt to the new age of security controls and exploit the most protected and secure air-gapped high-value networks.”
IRAN AFTERMATH — Chances of more military action with Iran following the U.S. killing of military leader Qassem Soleimani may have subsided for now, but the potential for conflict in cyberspace remains. Although Kuwait didn’t blame a recent malware infestation on Iran, the hacking of the Kuwait News Agency’s social media account to spread a report that American troops had pulled out jibes with Tehran’s disinformation goals.
Government officials signalled continued vigilance, too. “Visited the team at @CISAgov to discuss cyber threats, election security, Iranian cyber capabilities & the impressive work CISA does to protect critical infrastructure,” tweeted acting DHS Secretary Chad Wolf. “They’ve been training for years & stand vigilant to respond to any threat against the homeland should one arise.” The House Homeland Security Committee scheduled a hearing for next week on the homeland ramifications of the U.S.-Iran tensions.
I DON’T CARE IF YOU CAN’T DO IT, JUST DO IT — Sen. Rick Scott (R-Fla.) on Wednesday urged Apple to help the FBI access iPhones belonging to the deceased suspect in last month’s Pensacola, Fla., naval base shooting. “It is unthinkable that any American business would refuse to offer their resources to help get to the bottom of an attack on our nation,” Scott said in a statement, referencing a report about the bureau asking Apple for help.
The iPhone maker told POLITICO that it gave the government “all of the data in our possession,” but Scott seemed to believe that Apple could do more. “I hope Apple Inc. decides to comply with the FBI as soon as possible and be proactive in the effort to prevent future terrorist attacks.” His statement came one month after a Senate hearing exposed bipartisan outrage at Apple for its stance on warrant-proof encryption.
The FBI hasn’t said why it can’t access the iPhones, and a Scott spokeswoman said the senator was still waiting for officials to give him more information. The latest version of the mobile forensics tool GrayKey, which is popular with law enforcement agencies, can unlock all existing iPhones. But the exact configuration of the shooter’s phones could prevent GrayKey from working, and NBC News reported that the shooter “fired a round” at one of the devices, “further complicating efforts to unlock it.”
EIGHT IS ENOUGH — A group of eight companies joined the National Cybersecurity Center of Excellence to produce IoT guidance for the energy sector, the agency announced on Wednesday. The project will focus on helping energy companies so-called industrial IoT information exchanges for alternative energy sources, like wind and solar, and will use security controls that adhere to NIST’s Cybersecurity Framework, as well as industry standards and best practices.
MOVING TO THE SENATE — The House passed three 5G security bills on Wednesday. The first bill, H.R. 2881, would require the president to create a strategy to ensure the security of 5G and future generation mobile telecom systems and infrastructure in the U.S. and help allies and strategic partners in maximizing the security of next generation mobile telecommunications systems.
The whole-of-government approach of the bill “will force the Trump administration to get serious about protecting Americans as 5G services are deployed,” according to a statement from Energy and Commerce Chairman Frank Pallone. (D-N.J.) and Communications and Technology Chairman Mike Doyle (D-Pa.). “The timing is particularly important given the increased risk of cyberattacks arising from the conflict with Iran.”
Lawmakers passed a second measure, H.R. 3763, that would require the president to establish an interagency working group to provide help to enhance the representation and leadership of the U.S. at international standards-setting bodies that set standards for equipment, systems, software and virtually-defined networks that support 5G; and a third bill, H.R. 4500, that would require the assistant secretary for Communications and Information to seek to enhance representation of the U.S. and its leadership in communications standards-setting bodies. All three are now ready for Senate consideration.
TWEET OF THE DAY — Ah, yes, sure, of course.
RECENTLY ON PRO CYBERSECURITY — Sen. Tom Cotton (R-Ark.) introduced legislation forbidding the U.S. from sharing intelligence that allow Huawei to be part of their 5G networks. … TikTok took steps to battle disinformation on its platform.
— Former Deputy Attorney General Rod Rosenstein is joining King & Spalding, a popular destination for departees of President Donald Trump’s national security team, as a partner on its special matters and government investigations team. In a statement on Wednesday, Rosenstein touted his eagerness to expand the law firm’s cybersecurity practice.
— Ring defended its cybersecurity policies to U.S. senators. CyberScoop
— A college athletics recruiting software exposed athletes’ personal information. Motherboard
— “Pentagon science advisors offer three-part strategy in countering cyber threats.” Inside Cybersecurity
— TechCrunch contemplated how to handle craftier ransomware.
— A New York Post reporter’s identity got hijacked to spread Iran-friendly propaganda. Daily Beast
— The Indonesian military funds propaganda websites. Reuters
That’s all for today.
Stay in touch with the whole team: Mike Farrell (firstname.lastname@example.org, @mikebfarrell); Eric Geller (email@example.com, @ericgeller); Mary Lee (firstname.lastname@example.org, @maryjylee) Martin Matishak (email@example.com, @martinmatishak) and Tim Starks (firstname.lastname@example.org, @timstarks).