China Won and America Lost on ZTE, but Our Offensive Cyber is Super Awesome

Senate Democrats lashed out Friday after Republicans reportedly dropped an effort to force the Trump administration to reimpose penalties on the Chinese telecom giant ZTE.

The penalties for violating U.S. sanctions are separate from concerns that ZTE could be used as a Chinese government spying tool, but Democrats and many Republicans have cited the cybersecurity dangers ZTE poses as a chief reason for keeping the penalties in place.

“By stripping the Senate’s tough ZTE sanctions provision from the defense bill, President Trump—and the congressional Republicans who acted at his behest—have once again made President Xi and the Chinese government the big winners and the American worker and our national security the big losers,” Senate Minority Leader Chuck Schumer, D-N.Y., said.

Senate Intelligence Committee ranking member Mark Warner, D-Va., tweeted that he was “beyond frustrated” by the move, which “can only make our country less safe.”

A Step in the Right Direction

Democrats were more pleased with Thursday’s announcement that the Justice Department will begin routinely disclosing foreign government influence operations to the public—including efforts to influence the 2018 midterm elections.

The House Intelligence Committee’s ranking member, Rep. Adam Schiff, D-Calif, called the move a “vital and necessary step to protect the integrity of our elections” that would have “served as a meaningful deterrent” to Russia’s efforts to undermine the 2016 contest.

The announcement came in a massive report from Justice’s Cyber-Digital Task Force detailing the agency’s strategies for fighting online threats.

Pwn the Drones

As commercial drones become ever more popular, lawmakers want to make sure bad guys don’t weaponize them.

House Homeland Security Chairman Michael McCaul, R-Texas, and Small Business Chairman Steve Chabot, R-Ohio, introduced legislation Tuesday that would allow the Homeland Security and Justice departments to use counter-drone technology around government facilities and at large-scale events, such as sports matches and concerts.

The Preventing Emerging Threats Act would also limit areas where drones can collect data and give agencies broad say in how to fight drone threats at different locations. The Federal Aviation Administration currently regulates drone registration and operations for commercial and private use. 

Our Offensive Cyber is Awesomer than Yours

How good is the United States’ offensive cyber capability? “It’s awesome. We have the capability to shut down governments,” McCaul crowed during a Q and A at the American Enterprise Institute think tank Wednesday.

The problem is, the other guy’s pretty good too. Russia has “fingerprints” in U.S. industrial control systems that manage energy and other utilities, McCaul said, which should make Americans very nervous.

“If they have their fingerprints in there, that means they have the ability to turn the switch on and off,” he said. “If you turn the northeast grid off, you’re going back to caveman times.”

McCaul and other lawmakers have routinely praised the Defense Department and intelligence community’s offensive cyber capabilities, but it’s difficult to vet those claims because the government doesn’t share much information about its cyber weapons or offensive operations. The only publicly acknowledged offensive U.S. cyber operation is aimed at disrupting ISIS recruitment and planning.

We’ve Been Emailing for How Long?

The House, on Monday, passed a bill that would require agencies to not only preserve email records, but to preserve them in a searchable format.

Government records retention procedures have been slow to adapt to the digital age. According to a 2017 National Archives study, nearly half of agencies are still printing out email records that they’re required to preserve.

The bill, sponsored by House Oversight ranking member Elijah Cummings, D-Md., previously passed the House in 2014 but has yet to pass the Senate.

No More Missile Mishaps

Sens. Brian Schatz, D-Hawaii, and John Thune, R-S.D., introduced a bill Wednesday that would prevent people from blocking federal emergency alerts on their mobile phones and allow agencies to broadcast alerts across streaming services like Netflix and Spotify.

The Reliable Emergency Alert Distribution Improvement Act would also establish emergency alert best practices and set up a system for tracking and retracting false alerts.

The legislation comes after a government employee accidentally sent Hawaii residents a mistaken ballistic missile warning that went uncorrected for more than half an hour.

Give Us a Heads Up Next Time, Maybe

An organization that coordinates information sharing between computer emergency response groups should re-think how it manages the response to major computer vulnerabilities, leaders of the House and Senate Commerce Committees said last week.

The letter from Thune and Rep. Greg Walden, R-Ore., to the CERT Coordination Center, comes after news that the center and the U.S. government were both largely out of the loop during a six-month secret process to repair the Spectre and Meltdown vulnerabilities.

Failure to adequately coordinate the [coordinated vulnerability disclosure] process and provide timely notice to companies that need to test patches extensively before applying them can significantly increase the risks associated with the vulnerabilities,” the lawmakers wrote, adding that “the Spectre and Meltdown CVD showed that additional improvements can and should be made.”

Let’s Make This CDM Thing Official

Rep. John Ratcliffe, R-Texas, introduced a bill Wednesday that would put the power of legislation behind the Continuous Diagnostics and Mitigation program, a suite of pre-vetted cyber tools that the Homeland Security Department provides to federal agencies.

One main goal for the bill is “safeguarding agencies from getting stuck with technologies that will soon become outdated or unsupported by their vendors,” said Ratcliffe, who chairs the House Homeland Security Committee’s cyber panel.

Coming Up

It’s another week jam-packed with tech and cyber hearings on the Hill. Here’s a rundown.

At 10 a.m. Tuesday, the House Oversight Committee will tackle election security.

At that same time, the House Science Committee will ask the burning question: “Are Flying Cars Ready for Take-Off?” [TL;DR: They’re not ;)]

At 9:30 a.m. Wednesday, the Senate Intelligence Committee will consider retired Vice Adm. Joseph Maguire’s nomination to lead the National Counterterrorism Center.

At 10 a.m. Wednesday, the House Appropriations Committee will mark up the Homeland Security Department’s fiscal 2019 funding bill.

Also at 10 a.m., the Senate Commerce Committee will ponder 5G and U.S. spectrum needs.

At 10:30 a.m., the House Homeland Security Committee will assess the state of federal cybersecurity risk determinations.

At 2 p.m., House Homeland will investigate Homeland Security and Commerce Department efforts to use technology to help first responders.

Also at 2 p.m., House Oversight will drill in on cybersecurity items on the Government Accountability Office’s high-risk list.

At 2:15 p.m., Senate Commerce’s space panel will ask when the heck Americans will make it to Mars.

At 10 a.m. Thursday, the Senate Homeland Security Committee will hold another hearing on the Trump administration’s government reorganization proposals.