The Homeland Security Department is actually surging its efforts to protect elections against foreign hackers during the two years leading up to the 2020 elections -- not winding them down, the agency's top cybersecurity official insists.
Chris Krebs, who leads DHS’s Cybersecurity and Infrastructure Security Agency, was punching back Thursday against a Daily Beast report citing anonymous staffers who said the department was reducing its election security efforts following the midterms to invest more in border security and other Trump administration priorities.
“The department’s election security and countering foreign influence security-related efforts are not going anywhere,” Krebs said. “In fact, we’re doubling down.”
The article made waves in the security community because even a perception that the government isn’t serious about securing elections against Russian hackers could damage trust in the result in the 2020 election. Federal officials — including Krebs himself — have warned Russia may have viewed the midterms as merely a “warm-up” for 2020 when more Americans will be looking for signs of foreign influence. That stakes for officials such as Krebs are especially high because President Trump has wavered on whether he believes Russia was responsible for its hacking and disinformation campaign to influence the 2016 presidential contest.
But DHS will be devoting more money to election security in 2019 than it did last year -- and there will be more CISA employees protecting election systems in 2020 than there were during the midterms, Krebs told reporters during a media call responding to the Daily Beast article. Krebs acknowledged some election security workers are leaving the agency, as the Beast reported, but said they were temporary detailees from other parts of DHS who are being replaced by permanent election security specialists.
Krebs pointed to the compromise budget bill passed by Congress on Thursday, which provides $33 million for election security. That’s a boost from $26 million for election security in 2018. Trump is expected to sign the bill today to avoid another government shutdown.
The new money will allow CISA to offer more support to state election officials and to expand the agency’s work on behalf of election officials at the local and county level, he said, offering them services such as cyber penetration testing, vulnerability scans and threat information sharing.
Krebs stressed during his call that the department’s assistance to states and localities — and even to political campaigns — won’t be swayed by partisanship or the Trump administration’s other political priorities.
“Election security is nonpartisan,” he said. “Regardless of the letter by your name, red or blue, we’re going to offer our services in a nonpartisan way and to anyone who comes knocking on our door. This is just one of those things we’re politically colorblind on.”
The staffers’ criticism in the Daily Beast article centered on two CISA task forces that have shed staff since the midterm elections. One of the task forces focuses on the cybersecurity of election systems and the other focuses on foreign misinformation operations on social media and elsewhere.
Krebs acknowledged those task forces are smaller today than they were in November, but that’s because their work is being transitioned to a growing staff of full-time CISA employees, he said.
The task forces -- which were created in September 2017 after DHS formally notified 21 states that Russian hackers had tried to compromise their election networks – were always intended to be temporary, Krebs said. Some of the permanent staff who will replace those detailees will be election security specialists, he said, while others will not work on election security full-time but will be available to shift to it when necessary.
Krebs compared his agency’s work to the Federal Emergency Management Agency model in which workers do various things day to day, but can all shift to work on a single emergency when necessary.
“At any given moment, across days weeks and months, we have hundreds of people within CISA that are working on our election security efforts,” he said. Krebs did not provide specific numbers of employees working on election security now versus before the midterms.
CISA also disputed a claim in the Daily Beast story that the task forces formerly reported directly to him but don’t anymore. In fact, the task forces always reported lower down the chain, a spokeswoman told me.
|You are reading The Cybersecurity 202, our must-read newsletter on cybersecurity policy news.|
|Not a regular subscriber?|
PINGED: Senators from both parties praised U.S. Cyber Command for its efforts to help protect the 2018 midterm elections during a Senate Armed Services Committee hearing -- and one suggested CyberCom's role may have been pivotal in ensuring the elections weren't undermined by Russian hacking and influence operations, The Washington Post's Ellen Nakashima reported.
“Would it be fair to say that it is not a coincidence that this election went off without a hitch and the fact that you were actively involved in the protection of very important infrastructure?” Sen. Mike Rounds (R-S.D.) asked Gen. Paul Nakasone, who leads CyberCom and also serves as director of the National Security Agency, according to my colleague. Nakasone told Rounds that securing the midterms was the “number one priority” of CyberCom and the NSA.
Lawmakers on Wednesday got a classified briefing about the military's operation to protect the midterms and said they wished more information could be made available to the public. “I wished that the American people could have heard more of what you told us,” Sen. Richard Blumenthal (D-Conn.) said, according to Ellen. “It was [a] success. Very few of the American public know about the successes.’’
PATCHED: Sen. Angus King (I-Maine) raised the alarm about cybersecurity threats to the U.S. energy grid during a hearing of the Senate Energy Committee. King warned that “the Russians are already in the grid” as he referred to news reports about Russian efforts to target the U.S. power grid. “This is not a threat. This is happening now,” King said. “We are under attack. This isn’t something that may happen next year or two years from now. And I’m not revealing anything classified in the sense of quoting news articles and presentations by the Department of Homeland Security. We are in a very dangerous place, and I just think this has to be a very — an emergency, an urgent situation.”
King and Sen. James E. Risch (R-Idaho) last month reintroduced a bill to help protect America's energy infrastructure against cyberattacks. The Securing Energy Infrastructure Act would direct the energy secretary to create a two-year pilot program to spot security vulnerabilities. The program would also study the use of analog and physical controls to isolate systems from cyberattacks. “I don't think there's many more serious threats facing this country than this one,” King said at the hearing.
PWNED: The Democratic National Committee's chief security officer has a message for Democrats who may be thinking about a presidential run: Just because you haven't made any official announcement yet doesn't mean you can't be hacked. “The trick is the adversaries are already at work, whether a candidate has announced or not. They know the list of plausible candidates; so does everybody else,” the DNC's Bob Lord told CNN's Donie O'Sullivan. Lord also warned that hackers may also seek to target candidates as their campaigns are just beginning. “The best time to attack is before a (candidate's campaign) has their sea legs, before they've put a security plan in place,” Lord told CNN.
CNN also published a document from the DNC titled “Device and Account Security Checklist” that provides campaigns with advice on how to secure their devices and accounts. “Keeping your operating systems and applications patched is one of the most important ways to keep them secure,” the document says. The document also advises campaigns to encrypt laptop drives, use long and unique passwords, and enact two-factor authentication.
— Acting defense secretary Patrick Shanahan said cyberattacks are among the threats that the general public is underestimating, Bloomberg News's Lyubov Pronina reported. “The difficulty that we face is there isn’t alignment with the public on threats,” Shanahan said following a ministerial meeting at NATO, according to Bloomberg News. “I am referring to Russia, I am referring to China, I am referring to the evolving situation, infrastructure, cybersecurity, space.”
— A telecommunications industry association that represents over 800 operators has called on European governments to join mobile operators in a network security testing regime rather than excluding some vendors from next generation 5G networks, Reuters reported. The plan comes as the United States is urging European allies to ban the Chinese company Huawei on national security grounds. “Such significant consequences, intended or not, are entirely avoidable,” the GSMA said in a statement, reported by Reuters. The move comes just two weeks before GSMA hosts the annual Mobile World Congress in Barcelona.
— The Federal Trade Commission is negotiating with Facebook over a multibillion-dollar fine for the social network's privacy lapses, The Post's Tony Romm reported. Facebook and the FTC have yet to agree on the amount of the fine, but it would be the largest that the FTC has ever issued for a technology company. The fine would settle an FTC investigation into Facebook's privacy practices. “A multibillion dollar fine would amount to a reckoning for Facebook in the United States after a series of privacy lapses that may have put the personal information of its users at risk,” Tony wrote. “Lawmakers have faulted the company for mishandling that data while failing to crack down on other digital ills, including the rise of online hate speech and the spread of disinformation from Russian operatives and other foreign actors.”
— More cybersecurity news from the public sector:
— The founders of the Israeli cybersecurity firm NSO Group are buying the company back, Haaretz's Amitai Ziv reported. Critics have said that NSO software that can hack into cellphones has been used to commit abuses, but the company has said it complies with the law. “NSO did not release the terms of the deal but an industry source said that the management buyout assigned the company a market value of a billion dollars,” Haaretz reported. “NSO stated that its management and founders, Shalev Hulio and Omri Lavi, together with the European private equity fund Novalpina, are buying a 60% stake in the company from the U.S. private equity fund Francisco Partners, which owns the majority interest.”
— More cybersecurity news from the private sector:
— A hacker stole 127 million user records from eight websites and put the data up for sale, TechCrunch's Zack Whittaker reported. The same hacker had already stolen 620 million records from 16 websites. The hacker "stole the data last year from several major sites — some that had already been disclosed, like more than 151 million records from MyFitnessPal and 25 million records from Animoto,” according to TechCrunch. “But several other hacked sites on the marketplace listing didn’t know or hadn’t disclosed yet — such as 500px and Coffee Meets Bagel.”
— More news about security incidents:
- Senate Commerce Committee hearing on “policy principles for a federal data privacy framework” on Feb. 27.
Man describes killing mountain lion that attacked him:
Ocasio-Cortez celebrates Amazon dropping NYC headquarters:
Grassley isn't happy when McConnell interrupts his floor time: