The Washington PostDemocracy Dies in Darkness

The Cybersecurity 202: Even conservative Democrats are savaging GOP over election security

with Tonya Riley


A group of centrist House Democrats that usually aims for bipartisanship is coming out swinging against Senate Majority Leader Mitch McConnell (R-Ky.) and other Republicans for blocking election security legislation.

Members of the Democrats’ Blue Dog Coalition, which includes the conservative wing of the party, charged Republican senators with endangering the country's democratic process for not forcing a vote on election security legislation during a press briefing. And they leveled their most pointed criticism at McConnell, who has steadfastly refused to allow major election security bills to get a vote on the Senate floor.

“The underlying trust of our citizens in their electoral system and who they choose to elect is at the base of this whole process,” Rep. Tom O’Halleran (D-Ariz.) said. “The question should be put day in and day out to Mr. McConnell: ‘Why are you not wanting to protect the electoral system in this nation?’”

Rep. Stephanie Murphy (D-Fla.) said that “McConnell is more comfortable having Russia engage in our elections than he is in having the federal government work with the states to protect them.” 

The blistering attacks from lawmakers, who often align with Republicans on national security issues, shows how fiercely partisan the election security fight has become. The Blue Dogs are trying to pressure Senate Republicans – many of whom pushed for election security reforms before the midterms but have backed off the topic since McConnell’s opposition hardened this year.

The group is pushing for a slew of bills that would mandate that states use paper ballots and conduct post-election audits, ramp up sanctions on Russia and prevent foreign actors from buying TV political ads among other reforms.

Murphy declined to say if she personally urged Florida Sens. Marco Rubio (R) and Rick Scott (R) to support election security bills but warned that Florida citizens would punish them if they didn’t. The issue is particularly pressing in Florida, she noted, because the report from Special Counsel Robert S. Mueller III revealed that networks in at least one Florida county were breached by Russian hackers in advance of the 2016 election. Murphy learned at least one other Florida county was penetrated after she demanded an FBI briefing following the Mueller report. 

“They're really not doing their jobs in not pressing for more action,” she said.

Rep. Anthony Brindisi (D-N.Y.) accused McConnell and other Republicans of running away from election security because they fear it will anger President Trump who has cast doubt on U.S. intelligence agencies’ conclusion that Russia interfered in the 2016 election to help his campaign and to hurt his opponent Hillary Clinton.

“The message has to be delivered to those Republican senators who are up for election in 2020…How does that Republican senator go back to their voters and say, ‘well my leader didn't want to [vote on election security] because he didn't want to make the president mad?’” Brindisi said.

Murphy and Rep. Michael Waltz (R-Fla.) are also pushing legislation that would require the FBI to swiftly inform voters anytime their election systems are infiltrated, which she touted in a Post op ed earlier this month.

Here’s more from the Blue Dog Coalition on Twitter:


PINGED: The top-polling 10 Democratic presidential candidates faced off on the debate stage last night but they totally ignored cybersecurity concerns – including that Russian hackers could undermine the 2020 contest.

Former Vice President Joe Biden, Sen. Kamala Harris (D-Calif.) and entrepreneur Andrew Yang did denounce China stealing U.S. companies’ intellectual property – much of which has been done by Chinese government-linked hackers. Their primary focus, though was on how to manage U.S.-China trade negotiations and a raft of tariffs imposed by President Trump.

Cybersecurity concerns played more heavily during some of the earlier debates, but were often pushed by lower-polling candidates, including New York Mayor Bill de Blasio.

Here’s a takeaway from the Wall Street Journal’s Dustin Volz:

And from Politico’s Tim Starks:

PATCHED: A Russian hack that briefly took out Ukraine's power grid in 2016 may have been a failed ploy to inflict longer-lasting damage, Andy Greenberg at Wired reports

By analyzing the data logs of Ukraine's national grid, researchers at the cybersecurity company Dragos were able to show that hackers had planned on using a powerful blackout malware to destroy some portions of the grid and take it offline for weeks or months on end, Andy reports. Researchers don't know for sure why that portion of the attack failed. 

Dragos director of threat intelligence Sergio Caltagirone called the attack plan "destructive and potentially life-threatening.”

There have only been two other known cases of malware being used to trigger physical sabotage against large-scale industrial systems -- the Stuxnet worm that damaged Iran’s nuclear program in 2009 and 2010 and is often attributed to the United States and a 2017 attack linked to Moscow that shut down a Saudi power plant. But much more damaging malware could have been developed in the interim, Caltagirone points out.

PWNED: Baltimore's information technology department permanently lost some data in a May ransomware attack, the city auditor Josh Pasch disclosed in a meeting with city officials on Wednesday, Ian Duncan at the Baltimore Sun reports.

The revelation is another sign of lasting damage from the attack that crippled the city’s computer systems for more than a month this spring. The city estimates it will take at least $18.2 million dollars to fully recover from the damage.

Pasch is now recommending that the city institute a backup system for all its files so similar losses don't happen in the future.


— Cybersecurity news from the public sector:

U.S. flags Huawei 5G network security concerns to Gulf allies (Reuters)

Lawmakers weigh responses to rash of ransomware attacks (The Hill)

Edward Snowden Tells NPR: The Executive Branch 'Sort Of Hacked The Constitution' (NPR)

For Mike Pompeo, a Moment of Singular Influence (The New York Times)


Reports of a new attack that allows hackers to take over mobile phones with just a text message could represent a huge advancement in the way hackers are spying on phone networks, researchers at mobile security firm AdaptiveMobile Security report.  Hackers have used the attack, dubbed "Simjacker," against victims in "multiple countries for the purposes of surveillance," the firm says.

Simjacker seems to work on nearly all types of mobile devices and the researchers estimate that as many as 1 billion phones might be at risk worldwide.

Unlike some other mobile attacks, which use text messages to deliver a link that has malicious software, Simjacker's malware is contained within the message itself -- potentially the first known instance of this kind of attack. Researchers wouldn't disclose who was behind the hacks, but say they're "quite confident that this exploit has been developed by a specific private company that works with governments to monitor individuals." 

— More cybersecurity news from the private sector:

Instagram Confirms Security Issue Exposed User Accounts And Phone Numbers—Exclusive (Forbes)

Ukrainian man pleads guilty to hacking, wire fraud charges (Associated Press)

Data Breaches Elicit Calls for More Transparency (Wall Street Journal)


— Cybersecurity news from abroad:

NZ to fund NZ$10m to support Pacific cybersecurity strategy (ZDNet)


  • The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency will host its second annual National Cybersecurity Summit September 18-20 in National Harbor, Maryland.