with Aaron Schaffer

The House is poised to vote this morning on a $1.9 trillion coronavirus stimulus package that includes nearly $2 billion in funding to secure and improve aging government technology that has crippled efforts disperse relief to struggling Americans. 

The legislation is the first coronavirus package to highlight cybersecurity as a key part of the economic recovery. 

State and federal governments are gearing up for another wave of stimulus checks and emergency benefits – after their systems buckled under the demand for increased services last year. Technology failures left many Americans waiting on benefits during the crisis, and opened the door for cybercriminals and other fraudsters to steal the money. 

This $1 billion investment will enable federal agencies to better respond to the coronavirus pandemic and future national emergencies as well as meet the urgent economic needs of American families,  Rep. Gerald E. Connolly (D-Va.) said in a statement. 

Experts are fearful that the number of additional economic programs in this bill, including new child tax support, will further overload federal agencies this time, Tony Romm, Jeff Stein and Rachel Siegel report. “I think struggle is inevitable,” Connolly (D-Va.), who chairs a key House committee overseeing government operations, told them, citing outdated computer systems at the Internal Revenue Service. 

The bill is a big win for government agencies that have struggled to securely adapt to online work and services. 

The legislation includes $650 million for the Department of Homeland Security's cybersecurity agency for its operations to defend the United States against cybersecurity risks. It also includes $1 billion for the General Services Administration's Technology Modernization Fund, which awards funding to federal agencies seeking to update and secure their technology systems. 

The bill also boosts U.S. Digital Service by $200 million and the Federal Citizens Service Fund by $150 million, two other government organizations that support the modernization of government systems.

Still, it's not as much as some lawmakers would like: Connolly initially urged House leaders to include closer to the $9 billion for that GSA fund advocated within a White House plan for recovery. The original House version of the bill included no money for the GSA fund. The funding was later reintroduced  by the Senate. 

Experts say that the challenges in implementing the stimulus emphasize that an overhaul of government technology is long overdue.

If you’re trying to deliver services digitally and securely you need secure infrastructure to do that, says Jeremy Grant, coordinator for the Better Identity Coalition. Grant led the Obama administration's National Strategy for Trusted Identities in Cyberspace.

The idea in 2021 that when most in-person transactions have basically become impossible, that you can adequately respond to a pandemic without secure digital infrastructure is a fallacy," he says 

States will also get help preventing the significant fraud targeting unemployment benefits seen last year.

The new bill also includes a separate pot of $2 billion dollars in funding to help detect fraud and distribute benefits more efficiently. 

Funding for the Cybersecurity Infrastructure and Security Agency also highlights a new focus this DHS priority in the aftermath of a sweeping Russian hacking campaign that infiltrated at least nine federal agencies. The agency is also dealing with a ransomware epidemic escalated by the pandemic.

Still, the funding is a far cry from the nearly $10 billion in cybersecurity funding some lawmakers and industry groups were hoping for.

“A billion dollars doesn't go as far as we need it to go, but it's an important step forward,” says Amit Yoran, a former Homeland Security Department cybersecurity official and chief executive officer at Tenable.

“We see critical functions within CISA and we see critical requirements for better protecting the federal government unfunded,” he says. "Having more money available to get those important tasks accomplished is critical.”

Rep. Carolyn Maloney (D-N.Y.), chairwoman of the House Committee on Oversight and Reform says that her committee is working with the Senate Homeland Security and Government Affairs Committee to pass additional legislation to fund improvements to government technology.

“I’m glad we were able to secure some funding, but we need much more to fully address the vulnerabilities of our aging federal IT systems," she said in a statement.

The keys

Hackers say they accessed the live security camera feeds of 150,000 customers of a top security firm.

The trove of Verkada’s security camera data included feeds from Tesla, hospitals, schools and Verkada’s own offices, Bloomberg News’s William Turton reports. The hackers’ access was disabled after Bloomberg contacted Verkada.

A hacker collective, which calls itself Advanced Persistent Threat 69420, is claiming responsibility for the breach.

The group says it hacked the company to raise attention to the surveillance industry and its vulnerabilities. 

The company is working to notify customers of the breach, a person with knowledge of the matter told Bloomberg. Clients of the company declined to comment or did not immediately respond to requests for comment.

“We have disabled all internal administrator accounts to prevent any unauthorized access,” a Verkada representative said. “Our internal security team and external security firm are investigating the scale and scope of this potential issue.” 

A top Biden nominee signaled that she plans to go after foreign hackers.

Lisa Monaco, President Biden’s pick to hold the second-highest position at the Justice Department, said that addressing cybersecurity threats will be a top priority at the Justice Department if the Senate confirms her. Monaco praised the Trump administration for continuing to go after hackers backed by foreign countries, and she said that the law enforcement agency will continue to take an active role in holding hackers accountable.

Monaco also addressed end-to-end encryption, telling Sen. Josh Hawley (R-Mo.) that the technology “provides invaluable benefits to personal privacy” and cybersecurity. But she also couched her words, warning that criminals’ use of the technology poses a challenge to law enforcement.

Police in Europe shut down an encrypted chat company used by thousands of criminals.

Dutch and Belgian police seized messaging platform Sky ECC’s servers after infiltrating the platform last month, the Record’s Catalin Cimpanu reports. It’s another blow for the shadowy world of encrypted messaging apps used by criminals, and comes less than a year after another messaging service that was popular with criminals, Encrochat, said it was shutting down after being infiltrated by law enforcement. 

Authorities say criminals used Sky ECC to coordinate criminal activity from drug trafficking to murder. Police in Belgium searched 200 homes and arrested 48 people in the raids, while Dutch police carried out 75 searches and arrested 30 people. 

Industry report

  • Microsoft is expanding its online protection program to high-risk customers in 31 countries. The company rolled out the program ahead of the 2020 U.S. election.

Global cyberspace

Cyber insecurity

A financially motivated hacking group has returned in the midst of the pandemic.

FIN8 is using improved hacking tools to target the insurance, retail, technology and chemical industries, Bitdefender researchers say. The off-and-on hacker group is known for targeting businesses with point-of-sale systems and updated its tools in December, about 18 months after its last update to its toolbox.

Encryption wars

Daybook

  • Brandon Wales, the acting director of the Cybersecurity and Infrastructure Security Agency, and Eric Goldstein, the agency’s executive assistant director for cybersecurity,  testify before a House Appropriations Committee panel today at 10 a.m.
  • Rep. Jim Langevin (D-R.I.), the chair of the House Armed Services Committee’s cyber panel, speaks at a K12 SIX event on cybersecurity in the K-12 education sector today at 10 a.m.
  • Secretary of State Antony Blinken testifies before the House Foreign Affairs Committee on the United States’ foreign policy priorities today at 1:30 p.m.
  • U.S. Cyber Command executive director Dave Frederick speaks at an event hosted by the Intelligence and National Security Alliance today at 4:30 p.m.
  • A House Judiciary committee panel holds a hearing on technology competition and the press on Friday at 10 a.m. Microsoft president Brad Smith, whose company said China and other hackers attacked its email software recently, is expected to testify.
  • Former Google CEO Eric Schmidt, the chairman of a government commission on artificial intelligence, testifies with other commissioners at a joint hearing on Friday at 11 a.m.
  • Homeland Security Secretary Alejandro Mayorkas testifies before the House Homeland Security Committee at 9:30 a.m. on March 17.

Chat room

A forthcoming film called “Cocaine Bear” had cybersecurity experts thinking of hacking groups. Red Canary intelligence director Katie Nickels:

Jason Kichen, director of security strategy at the DigiTrust Group: