Checking in on the state of the states

May 31, 2016

TODAY: STATE OF THE STATES — Two House Homeland Security subcommittees today will join forces for a hearing on how to improve cybersecurity at the state level. For Rep. John Ratcliffe, who chairs the cybersecurity-focused subcommittee, the emphasis should be on enhancing information sharing. “What we are hoping to gain from today’s hearing is what more we can be doing to further these partnerships and programs,” he plans to say, according to prepared remarks. “The importance of the flow of information cannot be stressed enough as information is the currency with which security and insecurity is established in today’s age.”

— TOMORROW: POE, CONYERS OFFER RULE 41 BILL: On Wednesday, Rep. Ted Poe and House Judiciary ranking member John Conyers plan to file the House version of a bicameral effort to overturn the Supreme Court order expanding law enforcement’s search powers on the Internet. Their fellow Judiciary panelists Zoe Lofgren and Blake Farenthold are also original co-sponsors. The bill would overturn the court’s changes to Rule 41 of the federal rules of criminal procedure, which would in some cases allow federal judges to issue warrants for searches of Internet-connected computers outside their districts or even outside the United States. Poe, a former prosecutor and judge, said on Facebook that he would join Sens. Ron Wyden and Rand Paul “in their bipartisan effort to stop government hacking by introducing the Stop Massive Hacking Act in the House.” The changes will go into effect Dec. 1 unless Congress intervenes.

HAPPY TUESDAY and welcome to Morning Cybersecurity! “Swarms of Octopuses Are Taking Over the Oceans.” This is great news for the oceans, in the opinion of your MC host. Send thoughts, feedback and especially your tips to tstarks@politico.com and follow @timstarks, @POLITICOPro and @MorningCybersec. Full team info is below.

LAWMAKERS ELABORATE ON DOD CYBER FEARS — The Senate Armed Services Committee released its bill report on the fiscal 2017 defense authorization legislation, in which lawmakers expressed a range of worries about cybersecurity at the Pentagon.

“The committee has been concerned that DOD's cybersecurity solutions have tended to be deployed in piecemeal fashion, as isolated, stand-alone capabilities,” the report says, adding that programs “are not interoperable, are not tied together under overarching concepts of operation and architectures, and cannot seamlessly and instantly share machine-readable indicators of compromise or otherwise tip and cue each other.”

Other points of concern, some prompting briefings or additional reports from the Pentagon: security of Defense Department critical infrastructure; questions about whether the White House is delegating enough cyber responsibilities to the secretary; security at Defense Department “smart” buildings; and protection of the missile defense system. The panel also added language from Sen. Mark Kirk to speed up acquisition of electronic warfare technology.

CYBERCOM CONTRACTS OUT — U.S. Cyber Command has picked six contractors for its long-awaited $460 million contract to provide support to both its offense and defensive missions. The contractors are KEYW, Vencore, Booz Allen Hamilton, SAIC, CACI and Secure Mission Solutions, according to a recent announcement from the General Services Administration. Those contractors will be eligible for individual task orders, and the first went to Vencore for $89 million. The arrangement could run through 2021.

SPIES LIKE US — Another wing of the Homeland Security Department, this time its intelligence wing, is facing criticism from the inspector general over its information security practices. The Intelligence and Analysis office’s “continuity capabilities have not had an adequate oversight structure, risking the loss of essential records and intelligence information in an emergency.” The IG report, released Monday, concludes that I&A has made some progress on cybersecurity but could do more to improve how it handles information during the acquisition process.

GUCCIFER TO PLEAD GUILTY — Romanian computer hacker Marcel Lazar, known online as “Guccifer,” is expected to plead guilty this week after obtaining some of Hillary Clinton’s emails by breaking into the account of one of her advisers. The guilty plea would clear the way for Lazar, who was extradited from Romania in March to face U.S. charges, to cooperate fully with federal prosecutors in an ongoing FBI probe. Lazar is scheduled to appear in federal court in Alexandria, Va., on Wednesday morning for a change of plea hearing, according to court records. He was indicted in 2014 on nine felony charges stemming from his alleged hack into the emails of several prominent Americans, including former Secretary of State Colin Powell, a relative of former Presidents George W. Bush and George H.W. Bush, and former Clinton adviser Sidney Blumenthal. A set of Blumenthal's emails were published online in 2013, disclosing a private email address Clinton used. She later changed the address.

A NEW ROUND OF SCRAPPIN’ OVER DATA LEGISLATION — Retailers and financial institutions are fighting again over proposed data breach and standards legislation, with the National Retail Foundation hitting up congressional offices this week and the Financial Services Roundtable launching print and digital ads. The groups are at odds over which legislation to pass because they prescribe different data security standards; FSR favors legislation sponsored by Rep. Randy Neugebauer and Sen. Tom Carper. “All entities that handle sensitive financial data should be required to protect that data,” said Jason Kratovil, FSR’s vice president of government affairs for payments, in announcing its campaign. “Financial institutions have had this obligation for 15 years, and it’s long overdue for Congress to pass legislation ensuring that everyone has a similar mandate to keep customer data safe.” Retailers have criticized that version of the bill because they say it’s a bad “one size fits all” solution, and instead favor legislation sponsored by Rep. Marsha Blackburn.

** A message from Palo Alto Networks: Palo Alto Networks Next-Generation Security Platform, in combination with select technology and delivery partners, supports all three of the Continuous Diagnostics and Mitigation (CDM) program phases and enables agencies to achieve the security objectives of the program. Learn more: https://go.paloaltonetworks.com/dcbbcdm **

COMPUTER NERDS OFFER HYGIENE ADVICE — Two of the bigger computer nerds in Congress, Reps. Will Hurd and Ted Lieu, are offering bipartisan cybersecurity tips to their less tech-savvy colleagues on improving their computer hygiene. The Texas Republican and California Democrat, who both majored in computer science, sent a letter to colleagues offering tips such as using two-factor authentication, complex passwords, anti-virus software, trusted networks, data backups and, yes, data encryption, a solution that the two may not always see eye-to-eye on. But they both agreed in their joint letter that “the ease with which foreign governments, criminal syndicates, and everyday hackers can access your smartphone, tablet, desktop or laptop is frightening.”

SECURITY RAMIFICATIONS FOR SET-TOP BOX RULE — Homeland Security Committee leaders in both the House and Senate want the FCC to include cybersecurity as part of its final rule on set-top TV boxes. In a letter to FCC Chairman Tom Wheeler, they asked him to describe how the commission took cybersecurity into account during formulation of the proposal — meant to increase alternatives for consumers — and expressed concern that the rule could be out of step with the guidelines in the National Institute of Standards and Technology’s voluntary cybersecurity framework.

Issues:National Security and Foreign Affairs