SPECIAL REPORT: CybersecurityOur team's special coverage on Cybersecurity
A report from the Government Accountability Office showed federal agencies had largely failed to collect data on cybersecurity improvements among the nation’s critical infrastructure.read more
“A really serious attack on the integrity of the election, which [Russia] probably could accomplish if they wanted to, would require paper ballots to recover from,” he said. “If you can go back and you can actually physically count ballots, that’s a way to assure the American people that you will never be able to do digitally.”read more
William Carter, deputy director for the CSIS technology policy program, says that he is very worried about the prospect of a cyberattack on the 2020 election, but it’s not vulnerable voting machines that keep him up at night. To understand where the Russian threat is coming from, he says, “you have to understand the way that they think about attacking our elections.”read more
The 2020 summer Olympic games in Tokyo are ripe targets for cyberattacks, and the best defense is international cooperation, experts said Tuesday. “These kinds of international events are ripe for bad actors like Russia to carry out cyberattacks, whether they’re testing new capabilities or whether they’re angry they’re prevented from participating,” said Meg King, strategic and national security advisor to the Wilson Center’s CEO & President.read more
WASHINGTON – Developing more complex artificial intelligence is necessary for the United States to keep pace with Russia and China, top defense technology officials said Tuesday.
Leaders from several Defense Department technology agencies told senators at an armed services subcommittee hearing that efforts are underway to create more advanced AI systems that can learn and use reasoning.
The Defense Advanced Research Projects Agency “research efforts will forge new theories and methods that will make it possible for machines to adapt contextually to changing situations,” said DARPA Deputy Director Peter Highnam.
Lt. Gen. John Shanahan, director of the Defense Department’s new Joint Artificial Intelligence Center, called for a greater sense of urgency in developing technology.
“The speed and scale of technological change required is daunting,” he said. “Ultimately, this [sense of urgency] needs to extend across our entire department, government and society.”
WASHINGTON — House and Senate Democrats Wednesday introduced legislation to restore net neutrality protections undone by the Trump administration.
The three-page “Save the Internet Act” would restore a 2015 Obama-era order allowing the Federal Communications Commission to enforce net neutrality, the principle which requires Internet service providers to treat all users as equal. Without it, providers are allowed to set different price points and prioritize some kinds of Internet traffic over others.
The bill would also reclassify broadband Internet as a “utility” under Title II of the Communications Act, which means it can be heavily regulated by the FCC. This is the greatest point of contention between Republicans and Democrats.
In late 2017, the FCC, under Trump appointee Ajit Pai, voted along party lines to remove broadband internet from Title II, thereby repealing net neutrality protections. The move received broad criticism, with the FCC receiving 24 million comments about the 2017 action — more than six times the amount they received about the decision to protect net neutrality in 2015. Many internet content companies, including Netflix, have supported net neutrality, opposing telecom companies like Comcast and AT&T.
The rule change took effect in June 2018, but the FCC has been far from unified on the decision. FCC commissioner Jessica Rosenworcel showed her support for the “Save the Internet Act” on Wednesday.
Rep. Mike Doyle, D-Pa., a sponsor of the bill, said it allows for FCC jurisdiction flexibility, so the Title II issue will be dealt with. Through this act, the agency can regulate new technologies or legal loopholes that may crop up — like broadband Internet did.
Doyle said without net neutrality, internet service providers are too powerful, noting examples of providers slowing down service or blocking applications.
“Consumers and small businesses want the protections and the certainty it’s shown that net neutrality will provide,” he said.
John Howes, a policy counsel at the Computer and Communications Industry Association, said the nonprofit advocacy group is a strong supporter of the bill. The text states no order similar to the 2017 decision could be made again — something Howes said will provide certainty to both industry members and consumers.
“Net neutrality rules are important for consumers and important for small businesses to be able to go anywhere they want to go on the Internet,” he said. “Without clear net neutrality rules, those companies could arbitrarily be prevented from reaching new customers and new markets.”
Democratic leadership showed their support Wednesday, with Minority Leader Chuck Schumer saying the bill would stop the costs of Internet service from rising for “average folk.” House Speaker Nancy Pelosi emphasized its effects on small businesses, saying it allowed them to remain on an “equal playing field” with larger corporations.
“A free and open Internet is a pillar…of our democracy, of economic possibility, of entrepreneurships and creating opportunities and empowering communities,” she said.
Both House and Senate Democrats hope to attract Republican co-sponsors, though none have signed on thus far. Pelosi cited that 86 percent of Americans oppose the repeal of net neutrality, including 82 percent of Republicans.
The bill faces an uphill battle in the Republican-controlled Senate, and a possible veto from President Trump, who has critiqued net neutrality before. Republican criticism of the bill could come from the Title II designation, where they worry about over-regulation from the FCC.
Rep. Greg Walden, R-Ore., top Republican on the House Energy and Commerce Committee, which has jurisdiction over the bill, expressed his concern last year over reclassifying broadband Internet as under the FCC’s jurisdiction.
“Title II is the outlier here,” he said. “Title II sounds innocuous, but it gives big government unlimited authority to micromanage every single aspect of a provider’s business, that includes setting rates. There is nothing neutral about this kind of authority.”
Hal Singer, a senior fellow at the George Washington University Regulatory Studies Center, predicted the bill will not garner GOP support because of that distinction.
Pelosi said House hearings on the bill will start as soon as next week.
WASHINGTON — A House Appropriations committee said Wednesday that not only did foreign actors attempt to interfere in the 2016 election, but that ahead of the 2020 election, vulnerabilities in many state election systems have not been fixed.
Their testimony reaffirmed the assessment of the Director of National Intelligence as part of the Worldwide Threat Assessment last month, which forecast that “our adversaries and strategic competitors probably already are looking to the 2020 U.S. elections as an opportunity to advance their interests.”
Alex Halderman, center, a professor of computer science at the University of Michigan, gives testimony to a House Appropriations subcommittee on vulnerabilities in the U.S. elections system. (Cameron Peters/MNS)
All three witnesses at the hearing supported the committee’s assessment and identified specific concerns about the state of United States elections infrastructure. They also, however, agreed that there is no evidence that a foreign power has affected the outcome of an American election.
Eric Rosenbach, the co-director of Harvard University’s Belfer Center for Science and International Affairs and former Pentagon chief of staff, said that Congress must prioritize domestic defenses, offensive cybersecurity capabilities and a posture of public deterrence if further attempts to interfere in elections are to be avoided.
Digital voting machines were identified as a particular vulnerability in some states’ systems, and direct-record electronic (DRE) voting machines were subject to particular scorn. DRE voting machines, which Rep. Matt Cartwright, D-Penn., described as a “clear and present danger” to election security, are currently in use in several states, in some cases without an accompanying paper trail.
Witnesses stressed that digital-only voting machines could potentially be manipulated undetected, and that paper ballots are preferable.
According to Alex Halderman, a professor of computer science at the University of Michigan and an expert on election security, a paper trail is an important step toward more secure elections, but it’s not enough by itself.
Halderman said a rigorous audit of election results is also necessary to assure a high degree of confidence in an election. However, eleven states do not have auditable elections.
He also advocated for federal policymaking to strengthen the election system. “I think it would be excellent if we had a uniform national policy that elections be rigorously audited,” Halderman said.
Steven Sandvoss, the executive director the Illinois State Board of Elections, said that Illinois voting machines are antiquated and in dire need of replacement. He estimated the cost of replacement at around $175 million, but noted that the Illinois budget would likely preclude replacing the machines.
The House Appropriations subcommittee on Financial Services and General Government hears testimony on vulnerabilities in the U.S. elections system Wednesday (Cameron Peters/MNS)
Rosenbach said that U.S. Cyber Command should also take on a larger, more proactive role in preventing election interference. States, he said, shouldn’t be left to deal with attacks on their own.
He added that the states should receive federal funding to combat the threat. “This is a nation-state actor,” Rosenbach said. “The states are not designed to have cybersecurity to defend against that threat.”
As the 2020 election approaches, the disparity in levels of election security between states presents another challenge. Halderman said that it may not matter which state is targeted by cyberattacks if that attack undermines confidence in the national outcome.
As such, he said, “until we bring up the most weakly protected states to an adequate level of security, the whole nation will be at risk.”
WASHINGTON –– The United States’ energy infrastructure has increasingly become a primary target for hostile cyber attacks, Assistant Secretary of Energy Karen Evans told lawmakers on Thursday.
“The frequency, scale and sophistication of cyber threats have increased,” she said at the Senate Energy and Natural Resources Committee hearing on cybersecurity efforts in the energy industry.
As a reason for urgent action, Republican and Democratic senators highlighted the actual cyberattacks that occurred since 2015, including a 2015 Russian hack that cut off power to nearly a quarter-million people in Ukraine and another in 2017 that disabled a Saudi petrochemical plant’s safety systems.
“We know we don’t want that to happen here,” said Chairwoman Lisa Murkowski, R-Alaska. “We cannot let it happen in the United States. The resulting loss of power would impact hospitals, banks, cell phone service, gas pumps, traffic lights — you name it.”
Sen. Angus King, I-Maine, pushed one witness on whether the government should implement mandatory standards to the energy industry. Energy agencies under the Trump administration have not set standards to the level Democrats have called for.
“There’s a weird calmness about this hearing. This is not calm! The Russians are already in the grid, are they not?” King asked James Robb, president of North American Electric Reliability Corporation, who eventually said he’d look into the standards. Robb would go no further nor acknowledge the widely reported story that Russian hackers have infiltrated the energy grid.
To limit vulnerabilities, David Edward Whitehead, CEO of Schweitzer Engineering Laboratories, said the government must communicate with industry quickly when it identifies these energy cyber threats.
““There’s a lot of reporting up that [we do] to various agencies, but what we don’t see is that there’s not a lot of reporting back down to us. There seems to be a one way communication,” he said, calling for a daily 8 a.m. conference call with government officials and industry leaders to discuss any potential cybersecurity threats that day. He said that this brief call would help keep industry more informed and prepared for essential cybersecurity measures.
Many Republicans, however, were hesitant to support mandating any standards in what they say is a “dynamic” industry. For Sen. Martha McSally, R-Ariz, though, the government should act now.
“If I close my eyes, this sounds like a hearing from 19 years ago,” she said. “What has changed in 19 years is that… the threat is real, and it is happening.”
Moving forward, King hopes to see the committee focus on deterrence of adversaries, who he says haven’t felt a price from these cyberattacks.
“Thus far there has not been a doctrine or a strategy of this country that deters these kinds of attacks as there is in other areas of our national security,” he said.