Trump says he won’t use hacked materials for 2020
With help from Mike Farrell, Eric Geller and Martin Matishak
Editor's Note: This edition of Morning Cybersecurity is published weekdays at 10 a.m. POLITICO Pro Cybersecurity subscribers hold exclusive early access to the newsletter each morning at 6 a.m. To learn more about POLITICO Pro's comprehensive policy intelligence coverage, policy tools and services, click here.
Story Continued Below
— President Donald Trump pledged not to use information from foreign agents in his reelection bid because he wouldn’t “need it.” He also insisted he never did.
— Trump cyber officials will warn lawmakers on the dangers of Huawei equipment in 5G infrastructure today on the Hill. It’s too risky given Beijing’s history of cyber-enabled intellectual-property theft, they’ll say.
— Presidential hopeful Seth Moulton is advocating for new digital defenses against Chinese hacking. He wants a “cyber wall.”
HAPPY TUESDAY and welcome to Morning Cybersecurity! Does this still happen? (smh.) Send your thoughts, feedback and especially tips to tstarks@politico.com, and be sure to follow @POLITICOPro and @MorningCybersec. Full team info below.
TRUMP SAYS NO THANKS TO HACKED MATERIALS — The president on Monday pledged not to use any hacked or stolen data from foreign adversaries in his 2020 reelection campaign. “Well, I never did use [it], as you probably know,” he said, when asked by a reporter in the Oval Office whether he would make the commitment. "That's what the Mueller report was all about. They said 'no collusion,' and I would certainly agree to that. I don't need it.”
Last month, the heads of the DNC and the DCCC both pledged not to use hacked materials in 2020 and asked their GOP counterparts to do the same. Trump, who had welcomed the political boost his bid got from WikiLeaks during the 2016 presidential election and encouraged the release of opponent Hillary Clinton’s campaign emails, sarcastically added that he likes the looks of the 2020 Democratic field. “All I need is the opponents that I'm looking at,” he said. “I'm liking what I see.”
MAKING THE CASE AGAINST HUAWEI — Trump administration officials will warn senators today about the risks of building 5G networks with Huawei equipment, saying the Chinese firm endangers the cybersecurity of U.S. and international supply chains. The Senate Judiciary Committee hearing will feature Chris Krebs, head of the DHS Cybersecurity and Infrastructure Security Agency, and top State Department cyber official Rob Strayer. Krebs will discuss “the growing presence of Chinese telecom equipment” and “CISA’s work with government and industry partners, including internationally, to take a more strategic approach in defending against malicious cyber activity,” a CISA official told MC. He will discuss the DHS supply chain task force and the work of its advisory committees and mobile networks research team.
Strayer will outline the argument that he and his colleagues make when they meet with foreign counterparts to discuss Huawei. This argument, according to an excerpt of his remarks shared with MC, urges countries to examine how foreign governments exert influence over domestic companies and what the legal regime is in those countries. Strayer regularly notes that Chinese law gives Beijing vast, undefined authority to order companies to compromise their products. He will point to Chinese technology companies’ partnerships with authoritarian regimes and Beijing’s own history of cyber-enabled intellectual-property theft.
BUILD A CYBER WALL. REALLY? — Moulton, a Democratic 2020 hopeful, panned Trump’s escalating trade war with China on Monday, asserting in a tweet the need to counter Beijing with a “better trade deal, a Pacific NATO, and a cyber wall.” This isn’t the first time he’s called for a “cyber wall” to block foreign hackers. Also on Monday, he told former CBS anchor Dan Rather in a Facebook Live interview that America needs a new generation of arms to thwart Chinese and Russian cyberattacks. “We need to get rid of the old and expensive legacy weapons systems” and “make sure we’re protected against cyberattacks.”
"National security is economic security,” Moulton warned, contending the U.S. doesn’t have a “good” strategy to confront China. “If candidates in this race forget about [the] Chinese threat to our economy, to our national security — literally stealing things through the internet every day — then we’re not going to be able to succeed in the coming decades.”
DANGEROUS FLAWS AHEAD (AND 3 ANGRY CATS) — A pair of security vulnerabilities inside Cisco’s enterprise products could give attackers access to organizations’ most valuable information, according to research from the firm Red Balloon that Wired reported on Monday. And there are millions of companies that could be affected by these problems given Cisco’s worldwide customer base. The researchers uncovered one vulnerability in Cisco’s operating system that could allow remote access to the firm’s enterprise devices. The other one, according to researchers, could give attackers a way around Cisco’s Trust Anchor module, a piece of technology that’s fundamental to the security of the firm’s firewalls, routers and switches.
Used together, the vulnerabilities could lead to a devastating attack. “In practice, this means an attacker could use these techniques to fully compromise the networks these devices are on. Given Cisco's ubiquity, the potential fallout would be enormous,” Wired reported. Cisco is working on a patch but a fix could be months away. And it’s challenged Red Balloon’s findings as it relates to Trust Anchor. “The Trust Anchor module is not directly involved in the work demonstrated by Red Balloon,” Cisco told Wired.
So, what’s with the three cats? Red Balloon decided to use emojis of three angry cats to name the vulnerabilities. Is that a first? MC isn’t sure, but it’s definitely novel. Here’s the reasoning: “First, emoji sequences are universally understood across nearly all natural languages,” the firm wrote. “Second, emojis are indexical to the digital age.” How it recommends pronouncing the emoji trio? “Thrangrycat.”
LISTENING TO LOCALS — The House Administration Committee’s top Republican met with election officials from his home state on Monday to discuss election security and said he came away from the meeting newly convinced that federal oversight of elections would be a mistake.
“We need to continue to keep our elections local and the federal government needs to help [counties] invest in technology and methods to secure their election process,” Rep. Rodney Davis said in a statement after the meeting. The Illinois Republican has sharply criticized House Democrats’ election reform bill, H.R. 1 — which included provisions requiring paper ballots, risk-limiting audits and stricter voting technology vendor regulation — but he has offered no ideas of his own for protecting elections from hackers. In his statement, though, he praised the Cyber Navigator program established in Illinois, the only state where Russian hackers are known to have stolen voter data in 2016.
ON THE HILL — Both chambers are in today with a trio of intelligence hearings: one in the House on the compartmentalized fiscal 2020 budget request and a pair of hearings in the Senate on intelligence matters and 5G, featuring Krebs and Strayer. The House Homeland Security Committee will hold a markup on Wednesday to consider a bill, H.R. 1158 (116), that would create a Cyber Incident Response Team within DHS. On Thursday, the Senate Judiciary Committee will mark up two measures: S. 1328 (116), which would designate foreign persons who improperly interfere in U.S. elections as inadmissible aliens, and S. 1321 (116), the Defending the Integrity of Voting Systems Act. Also on Thursday, the House Intelligence Committee holds a hearing on Chinese surveillance and the Senate Intelligence panel holds a closed briefing.
TWEET OF THE DAY — Oops!
RECENTLY ON PRO CYBERSECURITY — Trump will meet with Russian President Vladimir Putin and Chinese President Xi Jinping at the G-20 summit. … Twitter disclosed a privacy issue involving users’ location data with an unidentified corporate partner. … European countries are expected to adopt an EU cyber sanctions regime this week. … Ransomware attacks on state and local governments are on the rise.
— Lawyers representing a Navy SEAL say prosecutors in a war crimes case spied via tracking software. Associated Press
— North Korean state-sponsored hackers deployed a new strain of malware that harvests information about Bluetooth devices. ZDNet
— Cisco Talos identified multiple vulnerabilities in the dashboard camera Roav A1 Dashcam.
— The U.S. needs to rethink critical election technology infrastructure amid new emerging threats. Medium
— Hackers broke into an unknown number of Boost Mobile customer accounts. TechCrunch
— Cyberhedge launched a cybersecurity performance benchmarks tool that ranks companies worldwide by their cyber defenses. Yahoo
— WhatsApp discovered attackers injected Israeli spyware on phones by calling them. Financial Times
That’s all for today.
Stay in touch with the whole team: Mike Farrell (mfarrell@politico.com, @mikebfarrell); Eric Geller (egeller@politico.com, @ericgeller); Martin Matishak (mmatishak@politico.com, @martinmatishak) and Tim Starks (tstarks@politico.com, @timstarks).
Gloss