Senators also want to know why it's taking the agencies so long to remove Kaspersky anti-virus.
Congress is moving closer to approving the fiscal 2018 budget, with the Senate passing its version 51-49 Thursday night.
An amendment proposed by Sen. Rand Paul, R-Ky., would have required the Homeland Security and Governmental Affairs committee to find almost $17 million in savings, but the measure was voted down. The House version, however, requires steeper cuts to government spending, with some proposals suggesting reducing some Federal Employee Retirement System benefits and cutting the rate of return on the Thrift Savings Program.
We Leave a Seat for…Rob Joyce
Senate Armed Services Chairman John McCain, R-Ariz., and other committee members lashed out at the White House Thursday over its decision not to allow Cybersecurity Coordinator Rob Joyce to testify about governmentwide cyber issues.
The entire committee will meet to consider a subpoena if Joyce does not testify in future, McCain said. He was backed up by other members including Sens. Claire McCaskill, D-Mo., Bill Nelson, D-Fla., and Angus King, I-Maine.
“To me, the empty chair before us represents a fundamental misalignment between authority and accountability in our government today when it comes to cyber,” McCain said referencing an empty chair at the witness table that signified Joyce’s absence.
Former President Barack Obama’s Cybersecurity Coordinator Michael Daniel also did not testify before Congress under a White House policy that National Security Council staff who are not confirmed by the Senate should not testify before Congress.
Why does removing Kaspersky take so long?
During Thursday’s hearing, McCaskill also needled the Homeland Security Department’s top cyber official Christopher Krebs about a three-month lead time the department gave agencies to remove the Kremlin-linked Kaspersky anti-virus from their systems. “[Russian hackers] get another 90 days to get stuff because you’re giving them a long time?” McCaskill asked incredulously.
Some agencies have already removed Kaspersky, Krebs responded, but, in other cases, removing the anti-virus without a replacement could create more dangerous vulnerabilities. Kaspersky has consistently denied any wrongdoing.
Commerce Chairman: NotPetya Investigation Isn't Over
The chairman of the House Energy and Commerce Committee wants a leading medical transcription service to share lessons-learned from the NotPetya malware attack earlier this year. The letter from Rep. Greg Walden, R-Ore., to the company Nuance follows similar letters to the Health and Human Services Department and the pharmaceutical firm Merck.
Equifax Breach Prompts Broader Review of Contractor Data Security
Top House Energy and Commerce lawmakers want a full accounting from the General Services Administration about how it vets government contractors’ data security practices.
The request comes in the wake of a controversial, and now canceled, $7 million bridge contract the IRS awarded to breached credit rating agency Equifax. The request, however, goes far beyond the Equifax contract, asking what role data security plays in contractor reviews, how significantly past breaches are considered and whether subcontractors are subject to the same scrutiny.
Apple Responds to (Some) Face ID Concerns
Apple has responded to an inquiry from Sen. Al Franken, D-Minn, about how its face-scanning technology called Face ID works and how it plans to keep customers’ biometric data secure. The company offered a detailed explanation about how it works and that the data never leaves the device, but didn’t answer questions about how it would respond to law enforcement requests.
Russian Facebook Ads Are Going to Keep Being a Thing
Sens. Amy Klobuchar, D-Minn., and Mark Warner, D-Va., on Thursday introduced the Honest Ads Act, which would increase the transparency of online political ads by requiring web platforms to disclose who paid for the ads. The bill comes after an investigation by the Senate Intelligence Committee, where Warner serves as vice chair, revealed that Russian groups had purchased 3,000 ads on Facebook, Google and Twitter as part of an attempt to interfere in the 2016 election. Sen. John McCain, R-Ariz., has also signed onto the bill.
House Oversight’s IT subcommittee will examine the issue Tuesday, focusing on if existing rules and regulations could be updated to address the issue.
Restarting Startup Funding
Reps. Lisa Blunt Rochester, D-Del., and Brian Fitzpatrick, R-Pa., revived legislation that would funnel more dollars into programs supporting startups, including business accelerators, especially in rural and suburban areas. The Startup Opportunity Accelerator Act would direct the Small Business Administration to hand out up to $50,000 to eligible organizations. Sen. Cory Booker, D-N.J., is sponsoring the SOAR Act in the Senate, three years after he originally introduced it.
FCC Thrown into Fake News Fight
The president’s Oct. 11 tweets about reviewing and possibly revoking the licenses of networks news did more than rile up the press corps. Sen. Richard Blumenthal, D-Conn., in a letter urged Federal Communications Commission Chairman Ajit Pai to condemn the president’s tweets and asked for a written statement about where he stands on press freedom by Nov. 1.
Though Pai publicly said the commission doesn’t have the power to revoke a license based on content, a group of Senate Commerce, Science and Transportation Democrats in a letter asked Chair John Thune, R-S.D., and ranking member Nelson to hold oversight hearings with the newly appointed commission members and the media landscape in general.
A House Energy and Commerce subcommittee will hold its own FCC oversight hearing Tuesday.
Another busy week for cyber and tech is coming to the Hill next week.
A House Homeland Security panel will meet at 2 p.m. Tuesday to learn about best practices for educating a future cyber workforce.
The House Science Committee will meet at 10 a.m. Wednesday to discuss the risk Kaspersky anti-virus poses to government systems. Company founder Eugene Kaspersky does not appear on the witness list, though he’s frequently said he’s willing to testify if he can get a visa. Kaspersky has denied any wrongdoing.
The Senate Homeland Security and Governmental Affairs committee will consider the nominees for the leaders of the Office of Personnel Management and GSA in a 10:30 a.m.business meeting.
The House Financial Services Committee is planning another hearing about the Equifax data breach at 2 p.m. that day.
The Senate Energy Committee will meet at 10 a.m. Thursday to hear about cyber technologies that might help protect the electric grid.
Jack Corrigan, Mohana Ravindranath and Caitlin Fairchild contributed to this article.