Overnight Cybersecurity: Dems ask voting machine vendors if they shared code with Russia | Senate panel advances bill reorganizing DHS cyber office | FBI chief talks new digital threats

View in your browser       Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...   THE BIG STORIES: --DEMS PRESS VOTING MACHINE VENDORS: Sens. Amy Klobuchar (D-Minn.) and Jeanne Shaheen (D-N.H.) sent a letter Wednesday to three election equipment vendors to ask whether they have shared information about their machines with Russian entities. The senators wrote to Election Systems & Software, Dominion Voting Systems Inc. and Hart InterCivic Inc. to ask if the companies had shared source code, software or other sensitive details about their machines with Russians. "Foreign access to critical source code information and sensitive data continues to be an often overlooked vulnerability. Further, if such vulnerabilities are not quickly examined and mitigated, future elections will also remain vulnerable to attack," the senators wrote. The senators also asked the companies what steps they've taken to upgrade their technology in light of ongoing cybersecurity threats. Lawmakers have expressed concerns that Russia will seek to interfere in the 2018 midterm elections. "The 2018 election season is upon us. Primaries have already begun and time is of the essence to ensure any security vulnerabilities are addressed before 2018 and 2020," Klobuchar and Shaheen wrote. The lawmakers cited a Reuters report from January that a number of major technology providers let Russian authorities probe their software for vulnerabilities that could be exploited by hackers. That software is used by various agencies of the U.S. government. U.S. officials have said Russian hackers targeted 21 states' voting systems two years ago, though most of the efforts only involved preparations for hacking and did not result in successful breaches. The Department of Homeland Security says the systems targeted were not involved in vote tallying, and that there is no evidence any votes were altered. To read more from our piece, click here.   --FBI CHIEF HIGHLIGHTS EMERGING DIGITAL THREATS: FBI Director Christopher Wray on Wednesday said the bureau must be prepared to confront a new set of emerging cyber threats. "The digital environment presents new challenges that the FBI has to address in terms of what's coming down the pike," Wray said in an address to the FBI Boston Conference on Cyber Security at Boston College. Wray particularly pointed to advances in artificial intelligence or cryptocurrencies, which he warned could have consequences not just for the commercial sector but also for national security. "I'm convinced that we, the FBI -- like a lot of other organizations -- haven't fully gotten our arms around these new technologies and how they may impact our national security and cybersecurity work," he said. Wray's remarks suggest he has decided to dip his toes into the artificial intelligence debate that consumes Silicon Valley. Prominent tech leaders like Tesla's Elon Musk have called for regulations on AI that would provide guidelines in the event that the technology reaches a dangerous degree of self-learning sophistication that could become hard to safely control. Facebook's Mark Zuckerberg and other industry experts, however, argue that such warnings are alarmist and premature since the technology is far from achieving human intelligence. Financial officials are also grappling with how to regulate virtual currencies as cyber thieves continue to target digital wallets. Those changes have raised new questions over how the government should regulate the growing industry. The FBI chief also signaled that government agencies must understand these new issues in order to properly evaluate their future implications on national security. Wray also emphasized the bureau's ongoing challenge of breaking through the encryption barriers in devices that could offer key information in law enforcement investigations. "We face an enormous and increasing number of cases that rely on electronic evidence. And we face a situation where we're increasingly unable to access that evidence, despite lawful authority to do so," Wray said. To read more from our piece, click here.   --NEW RUSSIA SANCTIONS? The Trump administration may soon impose new sanctions on Russian entities for meddling in the 2016 presidential election, CNN reported late Tuesday. A senior administration official told the publication that the new penalties could come as soon as next week. Among the entities who could be sanctioned is the Internet Research Agency, the Russian troll farm that leveraged social media platforms like Facebook and Twitter to spread divisive political and cultural content to U.S. audiences before the 2016 vote. The news of potential sanctions comes weeks after special counsel Robert Mueller indicted 13 Russian nationals and three Russian entities in an elaborate scheme to meddle in the election. Most of those charged have been linked to the Internet Research Agency's operations. "If they have been indicted, they should be looked at" for sanctions, CNN quoted the senior official as saying. Meanwhile, Treasury Secretary Steven Mnuchin has signaled that the administration will soon enact new sanctions on Moscow in response to its election interference. Director of National Intelligence Dan Coats predicted Tuesday during a hearing before the Senate Armed Services Committee that Mnuchin would announce the measures "within a week."     A LEGISLATIVE UPDATE: A key Senate panel on Wednesday advanced legislation to reauthorize the Department of Homeland Security (DHS) that includes a measure reorganizing the department's cybersecurity wing. The bill includes language that would reorganize and rename the office within the department that protects federal networks and critical infrastructure from physical and cyber threats, currently known as the National Protection and Programs Directorate (NPPD). Under the legislation, the entity would be transformed into an operational agency called the Cybersecurity and Infrastructure Security Agency. The Senate Homeland Security advanced the legislation at a meeting Wednesday. "This bill now includes a key reorganization for DHS, transforming the National Protection and Programs Directorate into the Cybersecurity and Infrastructure Security Agency," Sen. Ron Johnson (R-Wis.), who chairs the committee, said in a statement. "Establishing an agency within DHS to focus on cyber and infrastructure security will help DHS achieve its missions." The effort to reorganize Homeland Security's cyber efforts has long been a priority of House Homeland Security Chairman Michael McCaul (R-Texas). The House passed a standalone bill on it last December. Homeland Security Secretary Kirstjen Nielsen has expressed support for the measure. The Senate committee also approved several amendments to the Homeland Security reauthorization bill, including multiple cybersecurity-related measures. For instance, the committee approved amendments that would set up a pilot "bug bounty" program to catch vulnerabilities in Homeland Security networks; direct the department to report on potential threats of blockchain technology; and set up a pilot "talent exchange" program to get private sector cybersecurity workers into the department. However, the bill approved Wednesday does not include measures to address election cybersecurity. Sens. James Lankford (R-Okla.) and Kamala Harris (D-Calif.) planned to introduce an amendment addressing the issue to the bill, but Lankford was forced to withdraw the amendment after some secretaries of state expressed concerns. To read the rest of our piece, click here.   A REPORT IN FOCUS:  EXPERTS OFFER IDEAS ON HOW U.S., EUROPE CAN COUNTER DISINFORMATION: Experts at the Atlantic Council have released a new report that presents a slate of options for the United States and European allies to counter disinformation from foreign adversaries. The report represents the latest effort in Washington to address Russian interference in the 2016 U.S. presidential election, and positions countering disinformation as a global challenge that will only grow larger with the evolution of the digital realm. The experts lay out a wide set of recommendations that can be broadly applied to future disinformation campaigns, noting that the problem is "broader than Russia" because other foreign entities are already looking to deploy digital disinformation tools. Among the recommendations, the paper calls for the creation of a so-called "Counter Disinformation Coalition" comprised of government and private sector representatives that would develop "best practices" for defending against disinformation, such as standards for social media companies to voluntarily adhere to. The experts also recommend that the Trump administration establish a high-level interagency operation to coordinate activities to counter disinformation between the FBI, CIA, Pentagon and the Departments of Homeland Security and State. They propose the entity be led by an official at the level of undersecretary or higher who would report to the Director of National Intelligence and the president. The report also suggests that the Trump administration set up an office within Homeland Security to share sensitive information on emerging disinformation threats with private sector companies. Daniel Fried, a State Department official who served in both the Clinton and Bush administrations, and Alina Polyakova, a foreign policy expert at the Brookings Institution, coauthored the report. "It was designed to be operational rather than theoretical," Fried told The Hill in an interview. "We're at the stage where people say, we know there's a problem, what do we do? We try to give operational suggestions." Fried said that it is paramount that the U.S. engage with allies in Europe to counter disinformation from Russia and other countries. "The Europeans are ready to work with us. They face the same challenges," said Fried, who consulted U.S. and European officials, academics, analysts and others when formulating the report. "This is going to be an ongoing and evolving challenge." To read more from our piece, click here.   A LIGHTER CLICK:  Amazon is looking to fix Alexa's creepy laughter. (The Verge)   WHAT'S IN THE SPOTLIGHT:  REDDIT: Reddit has not turned over any documents to congressional investigators regarding Russian influence on its platform despite saying that it is cooperating on the matter, The Daily Beast reported Wednesday. Sources told the news outlet that Reddit has yet to hand over any documents to the House and Senate panels responsible for investigating Russian interference in the 2016 presidential election. The report comes after Reddit CEO Steve Huffman said that his company was "cooperating with congressional inquiries" in a public post Monday. "While I know it's frustrating that we don't share everything we know publicly, I want to reiterate that we take these matters very seriously, and we are cooperating with congressional inquiries," Huffman wrote. The top Democrat on the House Intelligence Committee, Rep. Adam Schiff (Calif.), urged Reddit to provide any information that it may have to his committee. "We hope and expect Reddit, Tumblr, and other companies to thoroughly research both paid advertising and organic content that can be traced to Russia's disinformation campaign and to provide that information to the Committee," Schiff said in a statement to The Daily Beast. "I have repeatedly urged the social media companies to share data among themselves and prepare a joint report for the committee on how these platforms were used interchangeably to reinforce the Russian messages, and I continue to hope that they will do so," he added. The recent scrutiny, and Huffman's statement, come after Reddit said it had removed "a few hundred accounts" linked to Russian propaganda from its platform. To read the rest of our piece, click here.   IN CASE YOU MISSED IT: Links from our blog, The Hill, and around the Web. Broadcom pledges $1.5B innovation fund to reassure regulators. (The Hill) Warner criticizes Trump's response to threat of Russian interference. (The Hill) GOP chairman pledges to tackle Russian meddling efforts 'head on.' (The Hill) Energy companies are worried about cyberattacks. (Forbes) Watchdog flags issues with Homeland Security's IT security. (ZDNet) Breaches are fueling bug bounty programs. (Fox Business) The Vatican is hosting a hackathon. (Wired) Hope Hicks told House Intelligence lawmakers her email was hacked. (NBC News) If you'd like to receive our newsletter in your inbox, please sign up here.     Join The Hill on Wednesday, March 21, for Leadership in Action: The Hill's Newsmaker Series featuring Sen. Lamar Alexander (R-Tenn.) and Reps. Nanette Barragán (D-Calif.), and Joe Crowley (D-N.Y.). RSVP Here           Did a friend forward you this email? Sign up for Cybersecurity Newsletters     Forward Cybersecurity Newsletters       Privacy Policy  |  Manage Subscriptions  |  Unsubscribe  |  Email to a friend  |  Sign Up for Other Newsletters   The Hill 1625 K Street, NW 9th Floor, Washington DC 20006 ©2016 Capitol Hill Publishing Corp., a subsidiary of News Communications, Inc.