Prepping for the Iowa caucuses and beyond – Politico

Posted byCaptain Mike

With help from Eric Geller, Martin Matishak and Kayla Sharpe

Editor’s Note: This edition of Morning Cybersecurity is published weekdays at 10 a.m. POLITICO Pro Cybersecurity subscribers hold exclusive early access to the newsletter each morning at 6 a.m. Learn more about POLITICO Pro’s comprehensive policy intelligence coverage, policy tools and services at www.politicopro.com.

Advertisement

The Iowa caucuses are today and the U.S. intelligence community is on watch for foreign interference during the earliest state races, with Iowa the first election security test.

DHS and election officials huddled last week and over the weekend on election security challenges like the supply chain and communication between feds, states and locals.

The leader of the NSA and Cyber Command is on the Hill this week as the Senate Intelligence Committee plans to release its latest 2016 election interference report.

HAPPY MONDAY and welcome to Morning Cybersecurity! All Superb Owls must be celebrated. Send your thoughts, feedback and especially tips to tstarks@politico.com. Be sure to follow @POLITICOPro and @MorningCybersec. Full team info below.

GAME ON — The U.S. intelligence community is on guard for the Iowa caucuses starting today and next week’s New Hampshire Democratic primary. “We remain focused and committed to providing all relevant intelligence through the FBI and DHS in an effort to ensure all of the upcoming caucuses and elections are conducted with the greatest integrity, confidence, and without foreign interference,” an NSA spokesperson told POLITICO.

Both NSA and U.S. Cyber Command are banking on lessons learned from defending the 2018 midterms to protect 2020. “We are collaborating with key partners including FBI, DHS and the National Guard Bureau to harden our election infrastructure defenses and make sure that foreign influence doesn’t play a significant role in our elections,” the spokesperson said. “Cyber Command remains poised to act and impose costs across a broad spectrum of adversary resources, organizations and personnel should an adversary attempt to interfere in our elections.”

KNOWING THE RISK — CISA is interested in deepening its understanding of election-related supply chain issues. The agency already co-leads a public-private supply chain task force, but “I’d like to continue to have the conversation about how we can apply that particularly to election infrastructure,” Bob Kolasky, director of CISA’s National Risk Management Center, said Friday at the National Association of State Election Directors’ winter conference. In the meantime, Kolasky said, CISA hopes that vendors will “invest in illuminating and understanding their own supply chain, and as they do that, share the information with us” so the government can combine that data with its own intelligence.

The NASED conference in Washington gave election officials a chance to ask CISA officials about various projects, including the agency’s “Last Mile Initiative” for educating local officials. One election director asked Kolasky if there was an easy way for states to determine which vendors had the best supply chain security. Not at the moment, Kolasky said, but “we are open to working on model contract language” so states could require assurances while buying equipment. The supply chain task force is also working on a framework that vendors can use to attest to their own security practices.

ALSO RECENTLY ON ELECTION SECURITY: DHS held a tabletop exercise in Washington, D.C., last week for election officials from 44 states as well as 11 federal agencies and reps from more than a dozen voting tech companies. CISA Director Chris Krebs told reporters after the exercise that some of his agency’s top priorities include simplifying interactions with election officials and strengthening the nation’s ability to withstand disinformation operations. And at a National Association of Secretaries of State event in D.C., Louisiana Secretary of State Kyle Ardoin criticized managed service providers that he said don’t offer adequate security products to defend against cyber threats to election systems.

IT’S LONELY AT THE TOP — Only 17 percent of organizations are effectively battling cyberattacks and quickly recovering from breaches, according to the third annual State of Cyber Resilience report out this morning from Accenture Security that surveyed more than 4,600 security experts globally.

Accenture dubbed the best-performing organizations “leaders” since they’ve shown the greatest benefits from their cybersecurity investments. These cyber elites are nearly four times more effective at stopping cyberattacks, 66 percent more likely to detect breaches in less than one day, 60 percent more likely to fix them within 15 days and 34 percent more likely to experience no negative impact as a result, according to the survey. One key ingredient to their success: offering security training to more than more than 75 percent of employees.

THIS WEEK ON THE HILL — Gen. Paul Nakasone, chief of Cyber Command and the NSA, testifies on Thursday before the Senate Armed Services Committee about the fiscal 2021 budget request and the five-year Future Years Defense Program. He’ll join two other DoD leaders at the hearing: Thomas Alexander, who’s serving as assistant secretary of Defense for special operations and low-intensity conflict, and Gen. Richard Clarke, commander of U.S. Special Operations Command. President Donald Trump is scheduled to release his fiscal 2021 budget request on Feb. 10.

Also this week, the Senate Intelligence Committee plans to release its latest unclassified report on 2016 election interference. Lawmakers told reporters that this edition, which will focus on the Obama administration’s response to Kremlin hacking and disinformation, suffered delays in part because of intelligence community declassification procedures.

— AND OFF THE HILL: The trial for the accused leaker of CIA hacking tools to WikiLeaks begins today in the U.S. District Court for the Southern District of New York. Judge Paul Crotty last week denied a motion to dismiss espionage charges against Joshua Schulte, the alleged Vault 7 leaker.

SILK ROAD TO PERDITION — A senior adviser to the shuttered Silk Road dark web forum for drugs, hacking services and other illegal activities pleaded guilty last week to conspiring to distribute narcotics. Roger Thomas Clark faces a maximum sentence of 20 years in prison. Clark, who was arrested in Thailand and extradited to the U.S. in 2018, served as a mentor to founder Ross Ulbricht on security vulnerabilities on the Silk Road site and more, according to the U.S. Attorney for the Southern District of New York. He also admitted to advocating violence to protect the site, the office said.

TWEET OF THE WEEKEND — Yikes.

RECENTLY ON PRO CYBERSECURITY — The Pentagon released cybersecurity standards for its contractors that will apply to every contract beginning in 2026. … NSA General Counsel Glenn Gerstell is departing the agency for a position at the Center for Strategic and International Studies. … One or more wireless carriers appeared to break the law over the unauthorized disclosure of customer location data, FCC Chairman Ajit Pai told lawmakers, and the commission is planning enforcement action. … “The U.S. Commerce Department is restarting a campaign to win the support of other federal agencies for a proposal that would further restrict American sales to the Chinese tech giant Huawei Technologies, according to people with knowledge of the matter.”

The Jeff Bezos hack has the rich and famous spooked, Financial Times reported.

Maybe not so foreign? Twitter took down a New Hampshire GOP-operated account that mimicked a Democrat, per The Wall Street Journal.

The New York Times examined the security team shakeup with Pete Buttigieg’s campaign and other Iowa caucuses security topics.

The Bank of Japan cautioned about cyber threats ahead of the 2020 Tokyo Olympic Games, Reuters recounted.

CNET: TVEyes, a search engine popular with political campaigns and news organizations, got hit by ransomware.

People with disabilities will be allowed to vote via smartphone in West Virginia, wrote NBC News.

Iowa prosecutors dropped charges against two men hired to test the physical and network security of its judicial system, reported Krebs on Security.

Attorney General William Barr again bashed end-to-end encryption, this time during an event on human trafficking, per The Information.

CyberScoop: A judge ruled that AIG will have to cover nearly $6 million for a company victimized by suspected Chinese hackers.

That’s all for today.

Stay in touch with the whole team: Mike Farrell (mfarrell@politico.com, @mikebfarrell); Eric Geller (egeller@politico.com, @ericgeller); Mary Lee (mlee@politico.com, @maryjylee) Martin Matishak (mmatishak@politico.com, @martinmatishak) and Tim Starks (tstarks@politico.com, @timstarks).