Overnight Cybersecurity: Rice denies wrongly unmasking Trump team | Dems plead for electric grid cyber funds | China reportedly targeting cloud providers

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …

 

THE BIG STORY:

–SUSAN RICE DENIES WRONGDOING: Former national security adviser Susan Rice on Tuesday categorically denied that the Obama administration inappropriately spied on President Trump or members of his transition team. “The allegation is that somehow, Obama administration officials utilized intelligence for political purposes,” Rice told MSNBC’s Andrea Mitchell. “That’s absolutely false.” Rice had requested that at least one Trump transition team member be “unmasked,” Bloomberg View reported Monday, leading to claims that the Obama White House had intended to use that intelligence to damage Trump’s transition. While Rice did not deny making any such requests — declining to comment on specific reports — she denied that her actions went outside the scope of her job. Rice also flatly denied exposing Trump’s own former national security adviser, Michael Flynn, who was forced to resign in February after media reports revealed that he misled Vice President Pence about the contents of his discussions with the Russian ambassador. “I leaked nothing to nobody,” she said. The national security adviser has the authority to request the unmasking names if there is a compelling national security reason to do so. “I don’t solicit reports,” Rice said. “They’re giving it to me, if I read it, and I think that in order for me to understand, is it significant or not so significant, I need to know who the ‘U.S. Person’ is, I can make that request.”

To read the rest of our piece, click here.

{mosads}–…LINDSAY GRAHAM: “WHEN IT COMES TO SUSAN RICE, YOU NEED TO VERIFY, NOT TRUST.” Sen. Lindsey Graham (R-S.C.), often a Trump skeptic, told Fox News he is no less skeptical of Susan Rice and plans to follow through on the unmasking controversy. “I’m not going to prejudge here, but I think every American should know whether or not the national security adviser to President Obama was involved in unmasking Trump transition figures for political purposes. It should be easy to figure out and we will,” he said. Read more here.

–…FORMER ACTING CIA DIRECTOR JOHN MCLAUGHLIN: “SHE WAS DOING HER JOB.” Just after Andrea Mitchell finished her interview with Rice, the MSNBC host spoke with John McLaughlin, who served as acting director of the CIA in the George W. Bush administration and deputy director for intelligence in the Clinton administration. McLaughlin outlined why he felt Rice unmasking names may well have been necessary for national security. “The standard you apply is, is the unmasking of this person’s name essential to national security?  It is important to understand what happened? There is another standard and it has not been mentioned in anything I’ve heard so far. Sometimes you unmask the name in order to protect an American citizen… [like if a] senator is talking to someone that he doesn’t really know who that is,” said McLaughlin, later adding “[S]he was doing her job. That is what national security advisors are expected to do.”

–…TRUMP: IT’S “#FAKENEWS.” Donald Trump, Jr. dismissed the Rice interview shortly after it aired, calling it fake news in a tweet. “Should have gone to CNN that way she would get the Qs in advance… who am I kidding they were never going to ask a real question? #fakenews.”

–…TOM COTTON SKEPTICAL OF TRUMP’S SURVEILLANCE CLAIMS:

Earlier in the day, before the Susan Rice interview, Sen. Tom Cotton (R-Ark.) said he felt that Rice always seemed to be at the center of Obama administration scandals, calling her the “Typhoid Mary of the Obama administration foreign policy” on Hugh Hewitt’s radio show.

In an afternoon interview, Cotton again addressed Rice’s actions. “It’s not necessarily illegal. It is unusual though,” Cotton told CNN’s “The Lead.”

But he also still appeared skeptical of Trump’s claims that he had been surveilled illegally by then-President Barack Obama.

“We’re going to look into these allegations but the people who would be in a position to know, Barack Obama’s director of intelligence, director of his CIA say they know of no evidence to support that claim, not a fire there, not a camp fire, not even a spark,” Cotton said on CNN. Read more here.

 

A POLICY UPDATE:

BORDER PHONE SEARCHES: A bipartisan group of lawmakers has introduced legislation that would require law enforcement agencies to obtain a warrant before searching the digital devices of Americans trying to reenter the United States.

The practice of U.S. Customs and Border Protection (CBP) agents asking for passwords to search the digital devices of Americans seeking entry into the United States has attracted significant media attention and raised concerns among privacy advocates in recent months.

Sens. Ron Wyden (D-Ore.) and Rand Paul (R-Ky.) introduced legislation on Tuesday that cites the 2004 Supreme Court case Riley v. California, in which the court ruled that law enforcement needed a warrant to search an electronic device in the case of an individual’s arrest.

The bill, a version of which Reps. Jared Polis (D-Colo.), Blake Farenthold (R-Texas), and Adam Smith (D-Wash.) introduced in the House, states that the principles of the Supreme Court decision extend to searches of Americans’ digital devices at the border.

The legislation, called the Protecting Data at the Border Act, also states that Americans must be made aware of their rights before they agree to give up passwords, social media account names or other digital account information or to hand over their devices to law enforcement.

“Americans’ Constitutional rights shouldn’t disappear at the border,” Wyden said in a statement.

To read the rest of our piece, click here.

 

A LIGHTER CLICK: SECRET STRIKE. CIA bowling leagues required cover stories.

 

A REPORT IN FOCUS:

CHINESE ESPIONAGE THREAT TARGETING CLOUD PROVIDERS, MANAGED IT FIRMS: A new report suggests a China-based espionage campaign is targeting managed IT service providers and cloud service providers in an attempt to spy on those firms’ clients, including diplomatic and political organizations and companies’ intellectual property.

PriceWaterhouseCoopers and BAE Systems collaborated on the report, detailing a threat nicknamed “Operation Cloud Hopper.”

Cloud Hopper uses a mixture of unique hacking tools and open-source software in attacks against service providers around the world. The campaign has logged attacks in nations including the U.S., Canada, South Korea, India, Thailand and Japan. It is linked to China through its use of internet addresses used by the well-established APT10 campaign. The report notes that the Cloud Hopper hackers work during the Chinese workday, including a midday break for lunch.

To read the rest of our piece, click here.

 

WHAT’S IN THE SPOTLIGHT:

ELECTRIC GRID SECURITY: Democrats are raising concerns about the Trump administration’s proposed cuts to a Department of Energy office that plays a role in protecting the U.S. electric grid from cyberattacks.

President Trump has proposed reducing the Department of Energy’s budget by nearly $2 billion next fiscal year, which would include cuts to the Office of Electricity Delivery and Energy Reliability.

The office works with state and local governments, as well as the private sector, to secure U.S. energy infrastructure and also spearheads research and development for advanced electricity delivery technologies.

The proposed cuts led Democratic senators to raise concerns on Tuesday over the potential effects to the cybersecurity of the energy sector.

“This office, in coordination with our national labs, helps protect our nation’s energy infrastructure from a variety of cyber threats,” Sen. Martin Heinrich (D-N.M.), a member of the Committee on Energy and Natural Resources, said at a hearing Tuesday.

“I am very concerned that the president has proposed significant cuts to the electricity office’s budget that could impair our ability to meet the challenges foreign actors and others present to our energy infrastructure,” Heinrich said.

Patricia Hoffman, the office’s acting assistant secretary, told lawmakers on Tuesday that the details of the new budget would be worked out before the administration’s full budget proposal is released in May. She avoided explaining any potential negative impacts of the budget reductions.

The fiscal year 2018 budget blueprint released by the Office of Personnel Management in March slashed the Energy Department budget by $1.7 billion. The proposal stated that funding for the Office of Electricity Delivery and Energy Reliability and three other department programs would be focused on “limited, early-stage applied energy research and development activities where the federal role is stronger.”

To read the rest of our piece, click here.

IT STAFFING WOES: The government faces a 10,000 person deficit of cybersecurity staff, a House Oversight subcommittee heard Tuesday during a hearing. And the problem may get worse before it gets better. Internationally, some estimates of the international skills gap reach as high as 1.8 million by 2022.

The hearing, held by the Subcommittee on Information Technology, acted as a brainstorming session about possible solutions.

“It’s really simple. Most of the hearings, I usually know the answers to the questions I am going to ask. This one, I do not,” said Subcommittee Chair Will Hurd (R-Texas).

Witnesses included Stephen Cooper, the former chief information officer for the Department of Commerce; Nick Marinos, assistant director of information technology at the Government Accountability office; and Lisa Depew, head of industry and academic outreach at McAfee (formerly Intel Security).

The subcommittee and panel floated ideas including expanding scholarship-for-service programs both in size and scope. Depew noted that currently the major program funds about 1500 scholarships to fill that 10,000 deficit. The panel and representatives agreed it would be valuable to expand the program to two-year colleges. Currently, it serves only four-year schools.

Cooper said he wished he had done more outreach to underrepresented minorities during his time as CIO. Both gender and race imbalances contribute heavily to skills shortages – Debora Plunkett, a board member of the International Consortium of Minority Cybersecurity Professionals, testified that only 11 percent of IT workers are women and 12 percent African American or Hispanic.

But other solutions would call for more systemic changes – like rescinding the federal hiring freeze seen as wreaking havoc on federal IT hiring. That not only stresses agencies, said Dan Waddell of the certification board (ISC)2, it risks their current staffs.

“Their 9 to 5 job is to pick up other duties,” he said, later adding “We have too many coaches and not enough players.”

 

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

House Democrats are pushing Paul Ryan (R-Wis.) to recuse Devin Nunes (R-Calif) from heading the Russia investigation. 

Obama-era Defense Secretary Ash Carter wants to further strengthen ties between the Pentagon and Silicon Valley – something he was known for during his time in charge. (The Hill)

Black women earn 21 percent less than white men in tech. (Recode)

Scam anonymity services are flourishing as Americans fear the government and ISPs. (Motherboard)

Ransomware makers are now focusing on businesses instead of individuals, because businesses have more money. (ZDNet)

Apple is redesigning its much-derided cylindrical Mac Pros. (The Verge).

The vast majority of Americans don’t want to give up digital privacy for security, according to a new poll. (Reuters)

If you’d like to receive our newsletter in your inbox, please sign up here.