THE KEY

Businessman and 2020 candidate Andrew Yang defended his controversial assertion that the U.S. and Russia were equal in terms of election interference against other countries -- and says that doesn’t mean he won’t be tough on Russian hacking if he's elected president. 

“Calling attention to the fact that America has also interfered in elections of the past is just acknowledging a historical fact," Yang said of his answer during last week's primary debate. "[I] was not making any claims of right or wrong."

During the debate, Yang said he would tell Moscow: “We've tampered with other elections. You've tampered with our elections. And now it has to stop.” The answer drew jeers on Twitter and a quick rebuke from rival Sen. Amy Klobuchar (D-Minn.) who shot back: “I don't see a moral equivalency between our country and Russia.”

The response also seemed to take a similar tack to President Trump, who has explained away Russian aggression against its neighbors by asking, “You think our country's so innocent?” 

Yet Yang, during a question-and-answer session with Post reporters, said he wasn’t excusing Russia’s actions or drawing a moral equivalency by bringing up the United States’ Cold War-era record interfering in Democratic processes in Iran and elsewhere. 

“I think most Americans are very smart,” he said. “They don't take the acknowledgment of our interference in other countries’ elections as some sort of moral equivalency. It's simply an acknowledgment of things that occurred that are well documented.”

Russian interference is also “ongoing … and we need to call a stop to it now,” he added.

And he praised congressional efforts to punish Russia and to guard against efforts by Russia or others to interfere in the 2020 vote.

“I think that responding to acts that you feel are hostile to your democracy is only reasonable and rational,” he said. Yang spoke with reporters before an on-stage Post Live interview with my colleague Robert Costa about his campaign and policy priorities. 

Yang’s debate comments were in marked contrast to his Democratic rivals, who savaged Trump for seeming to condone Russia’s actions and for not standing up to Russian President Vladimir Putin. 

Sen. Cory Booker (D-N.J.) slammed the president for “showing moral weakness” and former Texas Rep. Beto O’Rourke warned that Russia is “invading this democracy right now as we speak, still at the invitation of this president.” 

Yang, by contrast, said if Russian interference does not stop, "we'll take this as an act of hostility against the American people.”

Yang has touted his tech bona fides on the campaign trail as an entrepreneur who has led several start-ups, but he has focused less on cybersecurity and election security during his long-shot presidential race.

His website, which lists dozens of policy positions, does not address election security — though he does have a short position paper advocating for improving U.S. encryption standards so they can stand up to the encryption-cracking power of quantum computers being built in China and elsewhere.

Yang also came out strong during his talk with Post reporters for improving the government’s cybersecurity and tech literacy. He advocated creating a new Department of Technology and reviving the Office of Technology Assessment, which advised Congress on technology issues until 1995.

“Oh my gosh, getting rid of that was so dumb,” he said.

He also credited low tech literacy in Congress for lawmakers’ stumbles dealing with privacy and misinformation — especially during two infamous 2018 hearings with Facebook chief executive Mark Zuckerberg, when House and Senate lawmakers misunderstood basic aspects of the company’s business model.

“Our government is not tech-forward enough to actually lead on this, but it needs to at least play catch-up,” he said.

PINGED, PATCHED, PWNED

PINGED: Facebook will ramp up cybersecurity protections for elected officials, candidates and their staffs to protect them from targeted attacks by Russia and other adversaries, the company announced. The protections are part of a series of changes to combat hacking and disinformation threats to the 2020 U.S. elections.

The Facebook Protect program will require participating campaigns to use two-factor authentication to access accounts — such as an SMS code in addition to a password. The company will also boost its own monitoring of those accounts for suspicious activity and alert campaigns about login attempts from unusual locations or devices. Federal and state government agencies and political party committees will also qualify for the program.

Facebook also announced it removed a network of Russian-backed phony accounts that praised Trump and attacked former vice president Joe Biden, my colleagues Tony Romm and Isaac Stanley-Becker report. The networks were still in the early stages of building followings, Nathaniel Gleicher, head of cybersecurity policy at Facebook, told reporters.

PATCHED: Two-thirds of Environmental Protection Agency contractors may not be getting cybersecurity training, leaving the agency at risk for ransomware attacks and worse, according to a new watchdog report

The EPA’s Inspector General first raised concerns in 2017 that the agency wasn’t verifying that its contractors got the cybersecurity training they were supposed to. But two years later, the agency hasn’t fixed the problem, the IG found. 

The inspector general is seeking “immediate improvements” from the agency, including a list of contractors who need cybersecurity training.

PWNED: Rep. Ro Khanna (D-Calif.) wants every federal employee to receive cybersecurity training on how to interact with Internet-connected devices, Jack Corrigan at Nextgov reports.

Khanna wants to equip employees with basic training, such as not connecting devices such as smart speakers to systems containing sensitive information. His new legislation is the latest attempt by lawmakers to secure government systems from vulnerabilities posed by the Internet of Things. Both lawmakers and industry researchers have ramped up warnings over security vulnerabilities those devices can pose.

“The internet of things is very exciting. It’s going to help connect so many of … the gadgets we use into one system, but that also makes them vulnerable to [threats],” Khanna told Jack. “It certainly makes our federal government and our federal agencies vulnerable.”

PUBLIC KEY

— Cybersecurity news from the public sector:

The Fed Page
Behind closed doors, President Donald Trump has made his views on Ukraine clear: “They tried to take me down.”
AP
National Security
Lawyers told a London court that the charges against the WikiLeaks co-founder are part of a Trump administration war on whistleblowers.
Ellen Nakashima and William Booth
Technology
A man who hacked Los Angeles County court computers, sent 2 million malicious phishing emails and stole hundreds of credit card numbers has been sentenced in Los Angeles
Associated Press
With transmons and entanglement, scientists strive to put subatomic weirdness to work on the human scale.
The New York Times
Suzette Kent flagged priority data sets and a focus on supply chain security.
Nexgov

PRIVATE KEY

"Handmaid's Tale" actress Alexis Bledel is the most dangerous celebrity to search for online, followed by late night TV host James Corden and “Game of Thrones” actress Sophie Turner, according to a report from the cybersecurity firm McAfee. Searching for free content featuring these celebrities leads users to sites with malicious websites and viruses, researchers report.

“Consumers may not be fully aware that the searches they conduct pose risk, nor may they understand the detrimental effects that can occur when personal information is compromised in exchange for access to their favorite celebrities, movies, TV shows or music,” Gary Davis, chief consumer security evangelist at McAfee, said in a statement. 

-- Companies including Microsoft, BlackBerry Cylance, Fortinet and Splunk are launching a new industry group aimed specifically at protecting the cybersecurity of major industrial machines, according to a press release out this morning.

Industrial systems are a big cybersecurity concern because an attack against, say, an energy plant could cause massive financial and environmental damage.

The Operational Technology Cyber Security Alliance will focus on helping companies in the utilities, manufacturing oil and gas and other sectors to improve cybersecurity standards for their machinery and speeding up how the companies adapt to new digital threats.

— More cybersecurity news from the private sector:
 

A virtual private network that markets its “advanced security” said on Monday that one of its services had been compromised last year.
Bloomberg
Amazon- and Google-approved apps turned both voice-controlled devices into "smart spies."
Ars Technica

THE NEW WILD WEST

— Cybersecurity news from abroad:

At one of the world's showpiece tech conferences in China, jibes at the Uni...
Reuters
The European Union should become the leading market for deployment of 5G mobile ...
Reuters
Nation has a capability gap relating to economy-wide cyber attacks, the Department of Home Affairs has said.
ZDNet

ZERO DAYBOOK

— Today:

  • The House Committee on the Judiciary will host a hearing Securing America’s Elections Part II: Oversight of Government Agencies today at 10am
  • The House Committee on Homeland Security will host a hearing on "Preparing for the Future: An Assessment of Emerging Cyber Threats" at 2pm.
  • DC CyberWeek will take place today through Friday

— Coming up:

  • The Cybersecurity Coalition, the Cyber Threat Alliance, and the National Security Institute at George Mason University’s Antonin Scalia School of Law will host the third annual CyberNextDC policy day in Washington on Thursday.