Lawmakers Weigh in on the White House Cyber Policy

The Trump administration earned rare bipartisan praise after committing to expand the country’s offensive cyber operations.

Foreign adversaries looking to do harm via cyberspace will be met with equally devastating counterattacks, both online and elsewhere, National Security Adviser John Bolton said Thursday in his announcement of the White House’s National Cyber Strategy. Going forward, he said, the authority to launch offensive cyber operations will reside in the agencies authorized to launch them, namely the Defense Department and intelligence agencies.

The policy, officially released Friday, also directs more resources to U.S. innovation in cyberspace and expanding the nation’s cyber workforce.

“This strategy will help better combat malicious cyber acts from foreign adversaries like Russia, China, Iran and North Korea,” said House Homeland Security Committee Chairman Michael McCaul, R-Texas. “I have consistently said we must call out our enemies, send a strong message that we will respond when attacked. and ensure there are real consequences if we are.”

Even Senate Intelligence Committee Vice Chair Mark Warner, D-Va., lauded the priorities outlined in the strategy.

“The administration must now move beyond vague policy proposals and into concrete action towards achieving those goals,” he said in a statement.

It’s Not Over for ZTE Yet

The Chinese telecom ZTE won a reprieve in July from a Commerce Department punishment for sanctions violations that would have effectively put the company out of business. Now, a sextet of senators wants to make sure ZTE stays in good standing.

The ZTE Enforcement Review and Oversight, or ZERO, Act, introduced Tuesday, would automatically reimpose the restrictions, which barred ZTE from using any U.S.-built parts if Commerce can’t verify ZTE is complying with every single element of the deal.

The bill’s sponsors include Sens. Marco Rubio, R-Fla., and Mark Warner, D-Va., who were instrumental in another piece of legislation earlier this year that banned ZTE from all government contracts. That action was sparked by concern the company could be used as a Chinese spying tool.

Say It in English

Over in the House, Rep. Suzan DelBene, D-Wash., and Hakeem Jeffries, D-N.Y., introduced a bill Thursday that would require companies to write privacy policies in “plain English.”

The Information Transparency and Personal Data Control Act would also bar companies from sharing users’ sensitive data unless they opt in and require companies that collect personal information to undergo third-party privacy audits.

Politics is Personal (on Email at Least)

Sophisticated foreign hacking groups are targeting the personal emails of senators and Senate staff and the chamber’s tech office isn’t authorized to help, according to a letter Sen. Ron Wyden, D-Ore., sent to leadership Wednesday.

Numerous Senate offices reached out to the Senate Sergeant at Arms Office after being told by Google that hackers were targeting their personal emails. In each case, the Sergeant at Arms office said it’s only allowed to use appropriated funds to help protect official office emails, Wyden said.

Congressional staffers frequently mix work and personal accounts making it easy for a hacker who has compromised the personal account of an office staffer to worm into work accounts in numerous offices. Here’s a good rundown of the situation from former congressional staffer Daniel Schuman.

Wyden plans to introduce legislation to expand the Sergeant at Arms’ cybersecurity mandate to helping secure personal accounts, he said. He urged leadership to support the forthcoming bill.

CISA’s Coming

The Senate may vote as early as this week on a bill that would dramatically simplify the name of the Homeland Security Department’s lead cybersecurity agency, Politico reported Wednesday.

The division is currently named the National Protection and Programs Directorate. NPPD leader Chris Krebs frequently jokes that when he introduces himself people are confused about what he does.

Under the bill, which was already passed by the House, the division will be called the Cybersecurity and Infrastructure Security Agency, or CISA.

Everyone on Alert

Sens. Brian Schatz, D-Hawaii, and Lisa Murkowski, R-Alaska, on Friday introduced legislation that would grant funding for the AMBER Alert network to all U.S. territories. Today, American Samoa, Guam, the Northern Marianas Islands and the U.S. Virgin Islands aren’t eligible for government funds to stand up the alert system for child abductions.

“AMBER Alerts have helped save hundreds of children,” Schatz said in a statement. “There’s no good reason for U.S. territories to be excluded from this system.”

Coming Up

Capitol Hill will be buzzing this week with hearings on cyber, emerging tech and IT infrastructure. Here’s a rundown:

The Senate Energy and Natural Resources Committee will kick things off at 10 a.m. on Tuesday with a hearing to explore to Energy Department’s quantum computing initiatives.

On Wednesday at 10 a.m., the Senate Commerce Committee will examine the data privacy practices of top tech companies.

Also at 10:30 a.m., the House Energy and Commerce Committee will look for ways to strengthen the country’s public safety communications infrastructure.  

At 2 p.m., the House Science subcommittee on Space will review the past six decades of NASA leadership before turning an eye to the agency’s upcoming exploration efforts.

At 2:30 p.m., the Senate Armed Services subcommittees on Cybersecurity and Peronnell will hold a joint hearing to assess the Pentagon’s cyber readiness.

At 11 a.m. on Thursday, the House Ways and Means Committee will explore ways to modernize IT at the Social Security Administration.

Then at 2:30 p.m., the House Energy and Commerce Committee will examine modernization efforts related to the Energy Department’s cybersecurity, energy security and emergency response systems.