THE KEY

Senate Majority Leader Mitch McConnell (R-Ky.) smacked back at critics who have accused him of leaving the 2020 election vulnerable to Russian hackers, accusing them of “modern-day McCarthyism.” 

McConnell offered an impassioned 25-minute defense of his election security record on the Senate floor as Democrats accuse him of consistently blocking their bills from coming up to a vote. “I’m not going to let Democrats and their water carriers in the media use Russia’s attack on our democracy as a Trojan horse for partisan wish list items that would not actually make our elections any safer,” McConnell said. “I’m not going to do that.” 

His stance ensures that election security will play a major role in Senate campaigns that are ramping up now -- and Democrats are already seizing the moment to make McConnell look like the face of obstruction. 

Within minutes of the speech, Amy McGrath, a Kentucky Democrat and retired Marine lieutenant colonel who’s seeking McConnell's seat, slammed the majority leader on Twitter: 

McGrath rattled off a list of election security provisions Democrats have sought to mandate, such as paper ballots and security audits for voting machines before asking: “Tell me again how that is partisan, @senatemajldr? Oh right, you can’t."

Dan Baer, a former Obama administration official who’s in the Democratic race to unseat Sen. Cory Gardner (R-Colo.), also went on the offensive -- accusing the Republican of standing with McConnell to oppose election security bills:

The Senate Democrats’ campaign arm was also fundraising yesterday on a pledge to oust vulnerable Senate Republicans who oppose election security bills:

Even a group of Republicans opposed to President Trump announced it would run ads criticizing McConnell’s opposition to election security legislation in Washington and Kentucky:

After testimony from former special counsel Robert Mueller, Democrats sought to force votes on election security bills that many Republicans oppose, including ones that would give states an influx of cash to upgrade voting systems and require candidates to report offers of hacker material from foreign nationals. 

Yet McConnell argues that imposing federal mandates on election security -- even if security experts say they're best practices -- would violate states’ rights to run their own elections.

“My opposition to nationalizing election authorities that properly belong with the states is not news to anybody who’s followed my career or knows anything about Congress,” McConnell said.

Democrats counter that state and local election officials aren’t equipped to defend themselves against the sort of top-notch cyber pros from Russia’s intelligence services who probed the election infrastructure in numerous states in 2016 and ran a hacking and influence campaign aimed at helping the Trump campaign and hurting Hillary Clinton. 

Senate Minority Leader Chuck Schumer (D-N.Y.), who has led the fight to pressure McConnell to consider election security bills, responded soon after McConnell spoke:

One of the main pundits McConnell in his speech targeted as part of the "outrage industrial complex" was Post op-ed columnist Dana Milbank, who published an opinion column Friday headlined “Mitch McConnell is a Russian asset.” 

“Fred Hiatt, The Post’s editorial page editor, defended Milbank’s column and criticized the GOP leader for invoking McCarthyism,” my colleague Paul Kane reported.

“Dana Milbank’s column was a legitimate exercise in commentary, making the argument that Sen. McConnell’s blocking of elections-security legislation will harm the United States and work to Russia’s advantage. Of course it’s equally legitimate for Mr. McConnell to express a contrary view, but the Milbank argument has nothing to do with McCarthyism,” Hiatt said in a statement.

PINGED, PATCHED, PWNED

PINGED: A hacker accessed about 106 million credit card applications from Capital One, potentially exposing the names, addresses, dates of birth, and credit information of applicants in the United States and Canada, the company announced yesterday. Data from the hack included about 140,000 Social Security numbers and bank account numbers of approximately 80,000 consumers.

The FBI arrested a suspect in the breach, Paige A. Thompson, a Seattle-based woman who worked in a cloud computing company that contracted with Capital One, after she posted to social media bragging about the attack, my colleague Devlin Barrett reports. Capital One believes it is unlikely Thompson disseminated any of the brached information or used it for fraud, the company said in a fact sheet.

Capital One was alerted to the social media posts on July 17 and immediately reported concerns to the FBI, Devlin writes. The hack is expected to cost the company upward of $150 million in the near term, but government regulators could go after the company for millions more. No credit card numbers or log-in credentials were compromised in the breach, according to Capital One.

PATCHED: Georgia will spend $106 million on a contract with Dominion Voting Systems for a new statewide voting system in advance of the 2020 election, Georgia Secretary of State Brad Raffensperger announced. The new machines are ballot marking devices, meaning voters cast their votes electronically but the machines print out a paper record so they can verify their votes were recorded accurately -- an upgrade that makes them more secure against hacking than the paperless touch-screen devices they’re replacing, security experts say.

But some critics say that voters are unlikely to verify their votes using this method, making sucessful hacking more likely than with a fully paper-based system. Pending the result of one federal lawsuit, a U.S. District judge could still force the state to switch to a fully paper-ballot system. 

Marilyn Marks, the vice president and executive director of the Coalition for Good Governance, the election integrity watchdog leading the suit, called the new system “unconstitutional.”

“Elections security is my top priority,” Raffensperger said in a news release. “We look forward to working with national and local elections security experts to institute best practices and continue to safeguard all aspects of physical and cyber-security in an ever-changing threat environment.”

PWNED: China may be looking for a new bargaining chip in ongoing trade negotiations with the Trump administration by introducing cybersecurity regulations that could hurt U.S. businesses, Yoko Kubota at the Wall Street Journal reports.

The proposed regulations, which implement a 2017 Chinese cybersecurity law, could make it more expensive for U.S. compnanies to do business in China and prevent them from moving some of their data outside the country. Chinese officials seemed to be holding the regulations back during ongoing trade negotiations but moved forward after the Trump administration decided to ban U.S. companies from selling parts to Huawei, a Chinese telecom giant the administration considers a national security threat, the Journal reported.

“These are the tools in the arsenal that can be ready to be fired,” Samm Sacks, a cybersecurity expert at New America, told the Journal.

While new rules haven't gotten as much attention as U.S. sanctions against China, the measures could be disastrous for big tech companies such as IBM, Dell, and Cisco, the Journal reports. American data-handling companies in the financial and automotive sectors could also see their business diminished.

PUBLIC KEY

A security researcher who helped stem the damage from a massive ransomware attack in 2017 but was also arrested for developing and selling malicious software will face no additional jail time, a judge said last week.

Marcus Hutchins, best known by the handle @malwaretechblog on Twitter, developed a “kill switch” to stop the 2017 spread of the WannaCry malware attacks, which knocked businesses and government agencies across 150 countries offline. While Hutchins was visiting the United States shortly after that, however, U.S. authorities arrested him for developing and distributing Kronos, a hacking tool that steals banking credentials.

Since disarming WannaCry, Hutchins has received “additional acclaim for his malware research on new infections and botnet activities,” Tech Crunch’s Zack Whittaker reports. “Many in the security community — and further afield — have called on the court to grant Hutchins clemency for his recent concerted efforts to protect users from security threats.” Hutchins had faced up to 10 years in prison and a maximum $500,000 fine. 

— More cybersecurity news from the public sector:

National Security
Current and former officials called the congressman the least-qualified nominee ever for director of national intelligence.
Shane Harris
Huawei Technologies said its first-half revenue rose 23% from a year earlier, as the technology giant appeared to shrug off the impact of a U.S. supplier blacklisting.
Wall Street Journal
The Energy Department failed to secure the site in line with federal cyber standards.
Nextgov
Schools handle a lot of personal data and may not have strong technology teams, leaving them vulnerable to attacks, experts say.
The New York Times
PRIVATE KEY

— Cybersecurity news from the private sector:

Former White House top cybersecurity official Tom Bossert reveals his new startup, Trinity. Its focus: "active threat inference."
Wired
VxWorks is designed as a secure, "real-time" operating system for continuously functioning devices, like medical equipment, elevator controllers, or satellite modems.
Wired
A hack on Visa contactless could let opportunistic crooks drain accounts with a single tap and they don’t even need to steal the credit card. And it may have ramifications for Visa cards across the world.
Forbes
THE NEW WILD WEST

— Cybersecurity news from abroad:

Britain hosted a meeting of senior security ministers from the U.S.-led 'Fi...
Reuters
Dozens of NATO and EU diplomats who focus on cybersecurity issues descended upon Estonia last week for their first-ever “summer school” training on cyber diplomacy.
CyebrScoop