NDAA’s Done, Election Security’s On Deck and Senators Are Fretting About 3D Gun Printing
Last week also saw a showdown over a phony FCC DDoS attack and a new cyber law to protect small businesses.
A bipartisan group of five senators joined the effort to prevent the wide release of blueprints for 3D printed guns Thursday, a month after the Supreme Court declared releasing the blueprints legal.
The lawmakers asked chiefs of seven major websites—Facebook, Microsoft, Yahoo, Google, Craigslist, Reddit and Twitter—to prohibit users from sharing blueprints for 3-D printed guns on their platforms.
“Based on your own terms of service, we urge you to proactively prevent the online dissemination of these dangerous 3-D designs across all of your platforms. Doing so will make all of our communities safer,” wrote Sens. Bob Menendez, D-N.J., Dianne Feinstein, D-Calif., Richard Blumenthal, D-Conn., Bill Nelson, D-Fla., and Ed Markey, D-Mass., in letters to each executive.
Eight state attorneys general have also sued to temporarily stop the company, Defense Distributed, from publishing the blueprints.
Closing the Books on another NDAA
One more iteration of the National Defense Authorization Act became law Monday.
The mammoth defense policy bill, which President Donald Trump signed Monday, banned two Chinese telecoms from government’s tech supply chains and hiked congressional oversight of a major Pentagon cloud contract.
The bill also ordered up a report on shifting the military’s operational cybersecurity responsibilities from the Defense Information Systems Agency to U.S. Cyber Command and required new disclosures about defense contractors’ foreign ties.
Here’s our rundown from when the House-Senate conference bill came out.
Election Security Legislation (Finally) Moving
The Senate Rules Committee on Thursday released its markup of the Secure Elections Act, which would clarify the Homeland Security Department’s authority over federal election security efforts and establish an election security advisory committee.
The committee will consider amendments to the bill this Wednesday.
Sen. Ron Wyden, D-Ore., last week also announced a new endorsement for his election security bill, which would require a paper ballot backup for all votes. The watchdog group, Common Cause, said Wyden’s bill would ensure states “have the resilience they need in this Code Red cybersecurity environment.”
Let There Be Clearances
A number of technology and defense industry trade organizations recently urged lawmakers to use a must-pass Intelligence Community appropriations bill to make sweeping reforms to the security clearance process. The groups highlighted 10 provisions in the bill that would streamline background check processes and chip away at a backlog of some 700,000 pending investigations.
In 2017, it took 134 days on average to issue secret clearances and 331 days for top secret clearances, according to the Office of Personnel Management. Among other changes, the bill would set new timeliness goals.
“The persistent backlog of nearly 700,000 cases in process and the unacceptably long wait times for a security clearance are pressing matters for industry, but more importantly, they undermine the national security missions our members support,” the groups wrote in a letter to Senate and House Intelligence Committee leaders.
Not So Humble Pai
Sen. Brian Schatz, D-Hawaii, squared off with Federal Communications Commission Chairman Ajit Pai Wednesday over the long delay between when Pai learned his agency incorrectly claimed it suffered a cyberattack aimed at its public commenting system and when it informed Congress about the error.
The alleged attack–which was really just a surge of comments–came after comedian John Oliver urged viewers to bombard the system with comments opposing a rollback of net neutrality in May.
Pai told members of the Senate Commerce Committee that he couldn’t correct the record because the inspector general asked him to keep mum during the investigation, which could have included criminal charges. Schatz countered that Pai could have found some way to “thread the needle” of keeping Congress informed without undermining the investigation.
The Washington D.C. U.S. Attorney’s Office ultimately declined to make any criminal prosecutions.
The Full Nelson
Sen. Bill Nelson, D-Fla., caused a lot of head scratching last week, insisting numerous times that Russian hackers had infiltrated Florida voting systems and were just waiting to pull the trigger on manipulating voter rolls.
That assertion, which hasn’t been backed up by U.S. intelligence officials or Florida election runners, goes far beyond any claims so far of Russian interference in the midterm elections. Nelson said the information came to him and Sen. Marco Rubio, R-Fla., from leaders of the Senate Intelligence Committee Richard Burr, R-N.C., and Mark Warner, D-Va. The other senators, thus far, have been mum on the claims.
Here's a fact check from the Washington Post.
The Businesses are Secure, Sir
President Trump on Wednesday signed the NIST Small Business Cybersecurity Act into law. The legislation provides small businesses that often lack resources to invest in robust security with a thorough set of guidance and resources to help bolster their defenses against cyberattacks.
Coming Up:
The House is still in recess, but the Senate is back in action this week. Here’s a rundown.
On Tuesday at 10 a.m., the Senate Energy and Natural Resources Committee will examine ways blockchain and other emerging tech can help secure the energy industry.
At that same time, the Senate Foreign Relations Committee will probe U.S.-Russia relations and the Banking Committee will ponder next steps on Russian sanctions.
At 2:30 p.m., the Senate Judiciary Subcommittee on Crime and Terrorism will discuss cyber threats to America’s critical infrastructure.
At 10 a.m. Wednesday, the Senate Homeland Security Committee will consider the nomination of William Bryan to lead Homeland Security’s science and technology division.
At 10:30 a.m., the Senate Rules Committee will vote on amendments to the Secure Elections Act, which would clarify authorities and create a grant program for election security.