Overnight Cybersecurity: Trump unveils new sanctions on Russia | Feds say Russian hackers targeted US energy grid | NSA nominee sails through second confirmation hearing

View in your browser       Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...   THE BIG STORIES: -- US UNVEILS NEW SANCTIONS AGAINST RUSSIA:  The U.S. will impose new economic sanctions on two-dozen Russian individuals and entities for cyberattacks in the U.S. and meddling in the 2016 election, senior national security officials said Thursday. The Treasury Department will target five entities and 19 individuals from Russia for actions ranging from the "destabilizing efforts" in the 2016 presidential election to the "NotPetya" malware attack, the costliest and most disruptive in history. Treasury says it will freeze the assets and prohibit Americans from doing business with the accused Russians. Some of those entities and individuals -- including the "Internet Research Agency," which allegedly used fake social media accounts to sow division in the U.S. -- have already been indicted by special counsel Robert Mueller. The new sanctions also target two Russian military intelligence firms and a half-dozen people associated with them. The FBI and Department of Homeland Security are investigating what officials described as a two-year cyber-warfare campaign against U.S. government entities and critical infrastructure in the energy, nuclear, commercial, water, aviation and manufacturing sectors. "The Administration is confronting and countering malign Russian cyber activity, including their attempted interference in U.S. elections, destructive cyber-attacks, and intrusions targeting critical infrastructure," said Treasury Secretary Steven Mnuchin. "These targeted sanctions are a part of a broader effort to address the ongoing nefarious attacks emanating from Russia," he continued. "Treasury intends to impose additional CAATSA sanctions, informed by our intelligence community, to hold Russian government officials and oligarchs accountable for their destabilizing activities by severing their access to the U.S. financial system." The new sanctions come amid heightened tensions between the U.S. and Russia. The U.S. and its allies say Moscow was behind a brazen chemical attack against a former Russian intelligence officer in Britain. To read more from our piece, click here.   -- HOMELAND SECURITY, FBI SAY RUSSIAN HACKERS TARGETED US ENERGY GRID: The Department of Homeland Security and the FBI accused Russian hackers on Thursday of waging coordinated cyberattacks against the U.S. energy sector and other elements of critical infrastructure since at least March 2016. Federal officials say that the Russian government staged a "multi-stage intrusion campaign" that involved using malware and spearphishing attacks to compromise networks of small commercial facilities and gain remote access to U.S. energy sector networks. From there, Russian hackers were able to move "laterally" to other networks to collect information related to Industrial Control Systems (ICS), computer systems used to operate critical infrastructure. The agencies released a joint alert on the intrusion campaign shortly after the Trump administration imposed new sanctions on Russia for its malign cyber activity, including last year's global "notPetya" malware interference in the 2016 election. The alert describes a broad Russian intrusion campaign targeting U.S. critical infrastructure, including organizations involved in the energy, nuclear, water, aviation, and critical manufacturing sectors. It references research released in September by cybersecurity firm Symantec that detailed new activity tied to the "Dragonfly" cyber espionage group in which hackers targeted energy sector components in the U.S., Turkey and Switzerland. The hacking group, also commonly known as "Energetic Bear," has been linked by some security companies to the Russian government. Homeland Security and the FBI released a technical alert on the new Dragonfly campaign last October, but did not attribute the activity to the Russian government. According to Homeland Security and the FBI, Russian hackers deliberately targeted and compromised networks of "staging" targets. The aim was to gain access to their ultimate victims, higher-level networks containing data related to control systems. Russian hackers "in multiple instances" gained access to networks containing data outputted from energy generation facilities, according to the analysis. To read more from our piece, click here.   -- MUELLER SAID TO SUBPOENA TRUMP ORGANIZATION: Special counsel Robert Mueller has subpoenaed the Trump Organization for documents as part of the federal investigation into Russian interference in the 2016 election, The New York Times reported on Thursday. Mueller's subpoena concerns documents related to Russia in addition to other topics, the Times reported, citing two sources familiar with the matter. The scope of the subpoena, including how far it extends to topics outside Russia, was not immediately known, nor was it clear why Mueller subpoenaed the organization for the documents as opposed to simply requesting them. Responding to questions about the subpoena on Thursday, White House press secretary Sarah Huckabee Sanders said Trump would continue to cooperate with Mueller's effort. "As we've maintained all along and as the president has said numerous times, there was no collusion between the campaign and Russia," she said at her press briefing. "We're going to continue to fully cooperate out of respect for the special counsel. We're not going to comment for any specific questions about the Trump organization. I'd refer you there." A lawyer for the Trump Organization said it has been cooperating and dismissed reports about the subpoena as old news. "Since July 2017, we have advised the public that the Trump Organization is fully cooperative with all investigations, including the Special Counsel, and is responding to their requests," Alan Futerfas, a lawyer for the company, said in a statement. "This is old news and our assistance and cooperation with the various investigations remains the same today." The subpoena is the most direct move by the special counsel to go after documents related to Trump's business empire and brings the probe closer to Trump. The president told the Times in a June interview that Mueller would be crossing a "red line" if the special counsel began investigating his family's finances with other countries outside of Russia. The subpoena also suggests the investigation continues to evolve after recent reports that Mueller's team is interested in an adviser to the United Arab Emirates, signaling a probe that Trump had hoped would end soon could carry on for months. To read more from our piece, click here.     A LEGISLATIVE UPDATE:  ARMED SERVICES LEADERS SEEK BOOST TO FIGHT FOREIGN PROPAGANDA: The heads of the House Armed Services Committee want President Trump to add dollars and a leader to the Global Engagement Center (GEC), the State Department arm that fights foreign propaganda and disinformation. "We are ... disappointed that to date your administration has not provided adequate resources, including funding and personnel, to the GEC to carry out its mission and, furthermore, that you have not yet appointed a director to lead the agency in this endeavor," Rep. Mac Thornberry (R-Texas), the committee's chairman, and Rep. Adam Smith (D-Wash.), the ranking member, write in a March 9 letter to Trump. "We write to urge you to enable and fully resource the GEC to effectively execute its roles and responsibilities in leading the United States efforts to counter the exploitation of the information environment by state and non-state actors aimed at undermining democratic institutions values, and principles," they add in the document, also signed by Emerging Threats and Capabilities subcommittee Chairwoman Elise Stefanik (R- N.Y.) and ranking Democrat James Langevin (R.I.). A New York Times report earlier this month found that the State Department has not spent any of the $120 million intended since 2016 for the GEC, set up that year to combat foreign propaganda. Congress at the end of the Obama administration had directed the Pentagon to send $60 million to Foggy Bottom to counter disinformation from Russia, China and the Islamic State in Iraq and Syria. The provision was included in the fiscal 2017 National Defense Authorization Act. But then-Secretary of State Rex Tillerson, ousted this week, stalled on spending the dollars and didn't send a request for the money to the Pentagon until September, only days before the end of the fiscal year. Department of Defense officials did not send the money, deciding that the State Department missed its chance that year. The two departments then stalled for another several months on the next $60 million available in fiscal 2018. The departments in February reached a deal to transfer at least $40 million from the Pentagon to the GEC by April. To read more from our piece, click here.   A REPORT IN FOCUS:  A new Microsoft report highlights a number of threat trends the company says continue to affect computer and cloud systems. The latest Microsoft Security Intelligence Report says botnets, a network of private computers infected with malicious software, continue to infect computer systems around the world. "Microsoft analyzed over 44,000 malware samples, which uncovered the botnet's sprawling infrastructure," according to a Thursday blog post on the findings. In addition to active botnet use, the report found ransomware "remains a force to be reckoned with." Three ransomware outbreaks in 2017 largely affected corporate networks as well as hospitals, transportation, and traffic systems: WannaCrypt, Petya/NotPetya, and BadRabbit. The motivation for money appears to be the driving force of the cyber hackers behind the attacks, while the region receiving the brunt of the attacks was Asia. "The ransomware attacks observed last year were very destructive and moved at an incredibly rapid pace," the report found. "Because of the automated propagation techniques, they infected computers faster than any human could respond and they left most victims without access to their files indefinitely." The threats are interrelated: Certain botnet attacks distribute ransomware, it found. In addition to these malicious software attacks, cybercriminals have sought out easy targets, particularly because going after "low hanging fruit" is less costly in regards to time and effort than it is to hone in on systems with security measures in place. The solution? Microsoft proposes standard security practices like "keeping software and security solutions up-to-date" as well as raising awareness with employees about the latest phishing approaches that hackers are using.   A LIGHTER CLICK: Paging Gossip Girl ... Madison Square Garden is secretly using facial recognition on fans. (The New York Times)   WHO'S IN THE SPOTLIGHT:  GEN. PAUL NAKASONE: President Trump has selected a little-known military official who boasts a breadth of experience in intelligence operations to lead the National Security Agency (NSA). Lt. Gen. Paul Nakasone has spent nearly two decades in Pentagon cyber and signals intelligence roles. He is now commander of U.S. Army Cyber Command and leads the military's cyber operations against the Islamic State in Iraq and Syria, known as Joint Task Force Areas. His portfolio of responsibilities is about to expand dramatically. The Senate is expected to confirm Nakasone as NSA director, a job that will also make him head of U.S. Cyber Command, the Pentagon's burgeoning cyber warfare unit. Nakasone is widely respected in military and intelligence circles, and those who know him describe him as uniquely qualified for the job. Still, former officials say he will face a slew of challenges as he steps into the dual-hat role, including helming an agency that has faced a barrage of scrutiny since the 2013 Edward Snowden disclosures. "He's as equipped as anybody to do a really difficult thing, which is to run these two portfolios simultaneously," said David Shedd, who knows Nakasone from his time serving as deputy director and later acting director of the Defense Intelligence Agency. He described Nakasone as "a modest kind of guy, a visionary, a strong leader." Nakasone was commissioned as a military intelligence officer 31 years ago, rising through the ranks to serve in several key roles at the NSA and Cyber Command. He has a wealth of experience in what is called signals intelligence, a form of foreign intelligence collection that is at the center of NSA's mission. Notably, Nakasone commanded the 206th Military Intelligence Battalion at Ft. Gordon, in Georgia, which played an integral role in intelligence collection in the early years of the wars in Iraq and Afghanistan, between 2002 and 2004. Trump in February nominated Nakasone to replace outgoing Adm. Michael Rogers, the outgoing director of the NSA. The choice was unanimously approved by the Senate Armed Services Committee last week. On Thursday, Nakasone he faced lawmakers on the Senate Intelligence Committee for a second confirmation hearing, a meeting that was largely genial. In closing remarks, Chairman Richard Burr (R-N.C.) called Nakasone "the right person at the right time" to lead NSA. As the chief of the NSA, Nakasone would be one of the top U.S. intelligence officials, overseeing a massive foreign and counterintelligence collection enterprise that has increasingly drawn scrutiny since the Snowden disclosures. In recent years, the NSA has been forced to contend with embarrassing leaks, including the Shadow Brokers' publication of hacking tools widely believed to have been stolen from the agency. The role is likely to come with more public attention. Taking over following Snowden's leaks, Rogers was forced to engage in more public outreach to assuage concerns about the NSA's surveillance activities. Rogers has also increasingly been drawn into the spotlight over his role in assessing Russian interference in the 2016 presidential election. "I very much believe he is certainly prepared for it," Michaal Sulmeyer, a former director for plans and operations for cyber policy in the Office of Secretary of Defense, said of Nakasone. "The question that I think he and the senior leadership team will want to work through is what kind of public role do they see for the person in that job." "In the past, the NSA director was not the press conference type," Sulmeyer added. Rogers has also been the subject of criticism for overseeing a reorganization that has proven unpopular among some agency employees. The Washington Post reported in January that the NSA had lost hundreds of employees due to declining morale and other issues. "That seems like a huge issue you would think would want to be addressed pretty early on," said Sulmeyer, who directs the cybersecurity project at Harvard's Belfer Center for Science and International Affairs. The steepest challenge, however, could be managing the two different yet intertwined missions. As head of Cyber Command, Nakasone would also be in charge of defending Pentagon networks and directing the military's offensive cyber operations, including providing options to civilian leadership to respond to adversarial acts in cyberspace. To read more of our coverage, click here and here.   IN CASE YOU MISSED IT: Links from our blog, The Hill, and around the Web. Bitcoin's highly anticipated 'Lightning Network' goes live. (The Hill) Spotify will go public on April 3. (The Hill) Microsoft launches new bug bounty reward for CPU flaws. (The Verge) Reports warns of cyber threats to IoT medical devices. (ZDNet) Fears of cyberattacks on industrial plants deepen following attack in Saudi Arabia. (The New York Times) If you'd like to receive our newsletter in your inbox, please sign up here.     Join The Hill on Wednesday, March 21, for Leadership in Action: The Hill's Newsmaker Series featuring Sen. Lamar Alexander (R-Tenn.) and Reps. Nanette Barragán (D-Calif.), and Joe Crowley (D-N.Y.). RSVP Here           Did a friend forward you this email? Sign up for Cybersecurity Newsletters     Forward Cybersecurity Newsletters       Privacy Policy  |  Manage Subscriptions  |  Unsubscribe  |  Email to a friend  |  Sign Up for Other Newsletters   The Hill 1625 K Street, NW 9th Floor, Washington DC 20006 ©2016 Capitol Hill Publishing Corp., a subsidiary of News Communications, Inc.