Defense Intelligence Agency needs focus on cyber, House panel recommends

The House Intelligence Committee is finishing up work on a report that will call for a major restructuring of the Defense Intelligence Agency that would allow it to refocus on core missions, including digital espionage and cyber threats, Martin reports.

In the coming weeks, the panel hopes to release “Charting the Future of Defense Intelligence,” a roadmap for a leaner, faster DIA that shifts — or nixes — many of the Pentagon intelligence arm’s extraneous missions and roles. Today the organization runs 87 distinct missions and employs 16,500 people across 140 countries.

“It’s scattered,” according to Rep. Chris Stewart, who leads the Intelligence Committee’s defense subpanel. “It worries us that they’ve lost their focus on why they were created and what it is they’re supposed to be really, really good at.”

Lawmakers and intelligence officials alike argue the smorgasbord of duties, including managing an accredited university, has degraded DIA’s abilities to provide strategic-level intelligence on a host of growing threats, including Russia’s offensive digital operations. Other agencies in the government tend to view the organization “as a place that has a military can-do attitude. You give something to the military and they’re not going to push back,” said an official within the U.S. intelligence community. “But that does come with some costs,” namely that DIA has become “a landing pad anytime anyone has a job that kind of doesn’t fit anywhere, or maybe would fit in a bunch of places,” the official added.

The findings and recommendations contained in the committee’s report — already written in draft form — will likely be incorporated into the fiscal 2019 intelligence authorization bill, which the panel will mark up behind closed doors on June 28. Pros can read the full story here.

HAPPY THURSDAY and welcome to Morning Cybersecurity! Your MC host naturally runs across things that have the word “cyber” in them, like this Six Flags “Cyborg Cyber Spin” ride. Really, though, it just looks like a good vehicle for maximum 360-degree distribution of vomit. Send your thoughts, feedback and especially tips to tstarks@politico.com, and be sure to follow @POLITICOPro and @MorningCybersec. Full team info below.

IN CASE YOU WERE MISSING THIS ISSUE — Apple fired another shot at law enforcement over encryption on Wednesday, announcing that it will soon be impossible to extract data from iPhones and iPads using their Lightning port if they have been locked for more than an hour. The company said in a statement that it had “the greatest respect for law enforcement” and didn’t “design our security improvements to frustrate their efforts to do their jobs,” but the move will severely complicate some investigations where authorities have been using special hardware tools to unlock these mobile devices. Companies like Grayshift and Cellebrite sell products that can connect to locked phones through their Lightning ports and offload data; the FBI likely used one of these devices to access an iPhone owned by one of the terrorists in the December 2015 San Bernardino, Calif., shooting.

Apple’s decision is the latest headache for the Justice Department and the FBI, following the bureau’s revelation that it improperly calculated how many encrypted phones it couldn’t access and a damning inspector general’s report about the FBI’s handling of the San Bernardino phone. Senior department officials have spent months arguing that tech companies must do more to ensure that investigators can access locked data, and Attorney General Jeff Sessions even hinted recently that it might be time for Congress to step in. The Justice Department and the FBI declined to comment on Apple’s decision.

But a DOJ official, who requested anonymity to candidly discuss a specific company, said the Apple change might force authorities to play hardball by skipping the warrant process when downloading data from seized devices. “It may be [that] we can articulate an argument that we now have an exigency to use Cellebrite to unlock and dump an iPhone as soon as we possess it, even without a warrant,” the official said. “Under that scenario, I’d say we’d still get a warrant before actually reviewing the data,” this official added, “but if we only have an hour max from the time the phone is seized … I don’t know.” Cybersecurity experts noted that the government could already cite an exigent circumstance to bypass the warrant requirement in some cases — and that simply facing a one-hour lockout didn’t count.

CHASING TAILS — DHS has spent too much time chasing the latest cyber threat, the newly confirmed head of DHS’s cyber wing said Wednesday, and he wants to change that. “We have a threat intelligence problem. We obsess about the threat,” said Chris Krebs, undersecretary of the National Protection and Programs Directorate. The department is frequently “running this way and that way” and “reacting without a lot of context,” he said at the event hosted by Forcepoint and CyberScoop. The focus should be managing risk, and last year’s directive ordering agencies to evict Kaspersky Lab software from their systems over fears about the company’s ties to Russia is an example of that, Krebs said, dubbing Kaspersky an “unacceptable risk.” Amid criticism of the White House for eliminating its cybersecurity coordinator job, Krebs called it a “nasty rumor” that there was no cybersecurity leadership in the federal government, citing his division’s work.

404 ERROR, VOTE NOT FOUND — The Senate Homeland Security Committee delayed a scheduled vote Wednesday on legislation (S. 2392)expanding the 2002 SAFETY Act’s liability protections to cybersecurity vendors in certain situations, with the panel’s chairman telling MC that he believed its language needs to be narrowed. Chairman Ron Johnson said he was talking to its sponsor, Sen. Steve Daines, on changes. “We are still trying to work through different issues, there are some concerns in terms of how broad that is and what the language is, we are going to continue to work with Sen. Daines,” Johnson said in a statement. The existing SAFETY Act offers liability protections to manufacturers of anti-terrorism technologies that DHS deems qualified, so that they don’t face lawsuits in the event that their product does its job but still fails to prevent a terror attack.The Daines bill would clarify that cyber products could receive similar protections in the event of certain destructive attacks.

“Sen. Daines believes the Cyber SAFETY Act is an important bill that will lead to new technologies that will help keep Americans safe,” a Daines spokesperson said. “While he is disappointed that a consensus on the bill was not made, he looks forward to working with the Committee and stakeholders to get this bill to the president’s desk.”

WON’T YOU JOIN US? — The Senate Rules Committee will bring state and county election officials to Washington next week for the first in a series of hearings examining the nation’s readiness to fend off hackers in the midterm elections. The June 20 hearing will be divided into two panels, according to an announcement Wednesday from the Rules Committee, which has jurisdiction over election issues. The first panel will feature the secretaries of state from Missouri, Indiana, Vermont and Minnesota. The second panel will feature election officials representing Cook County, Ill., and Greene County, Mo.

The Rules Committee said the hearing would let lawmakers “hear from state and local election officials about the steps they are taking to secure election infrastructure and ensure confidence in our elections.” It will include “a discussion of issues relating to information sharing efforts coordinated by the Department of Homeland Security, the awarding of $380 million in grants to states to improve their election infrastructure, and current legislative proposals before the Senate.” One of those proposals is the Secure Elections Act (S. 2593), considered Congress’ best hope of bolstering the digital security of the voting process before November. Its main Democratic sponsor, Sen. Amy Klobuchar, is also the ranking member of the Rules Committee, and she has spent months pushing Rules to tackle the subject.

All four invited state officials have been active on election security issues. Indiana’s secretary, Connie Lawson, is the current president of the National Association of Secretaries of State, while Vermont’s secretary, Jim Condos, is the president-elect. Three of the four secretaries recently spoke with the co-sponsors of the Secure Elections Act to offer their feedback and share concerns.

DOLLAR, DOLLAR BILLS — The House Appropriations Committee on Wednesday approved annual defense spending legislation that would allocate nearly $675 billion for the Pentagon in the next fiscal year. The legislation requires the department to brief both Appropriations panels every quarter about its cyberspace activities and orders DoD to develop a cloud computing strategy in the face of cyber threats. “Secure vital communications and data transmission is at risk,” according to the report accompanying the measure. The panel also approved by voice vote an amendment from Stewart that encourages the Pentagon to continue developing prototypes that boost cyber situational awareness and electronic warfare capabilities.

The House Appropriations panel Wednesday also approved a bill paying for the Election Assistance Commission, drawing protests from Democrats who sought more election security funding in the legislation. “We are shocked that House Republicans failed to appropriate a single dollar for states’ election security in the bill passed by the House Committee on Appropriations today,” said House Administration top Democrat Robert Brady and fellow committee members Zoe Lofgren and Jamie Raskin.

TRACE THOSE PACKETS — Anyone studying global internet issues has a new resource to track disruptions, slowdowns and other potential signs of trouble. On Wednesday, Oracle unveiled an Internet Intelligence Map that logs internet routing issues in various countries and rates the severity based on a handful of technical measurements. “Since major Internet outages (whether intentional or accidental) will be with us for the foreseeable future, we believe offering a self-serve capability for some of the insights we produce is a great way to move towards a healthier and more accountable Internet,” wrote Doug Madory, director of internet analysis at Oracle’s Dyn research subsidiary. The map shows a ranked list of countries experiencing disruptions, with information about the number of functional Border Gateway Protocol, or BGP, routes into the country; the time a packet took to go from Oracle’s servers to those of the affected country; and the rate at which devices in the country queried Oracle’s DNS servers, which route traffic around the world. “This free site,” Madory wrote, “will help to democratize Internet analysis by exposing some of our internal capabilities to the general public in a single tool.”

RECENTLY ON PRO CYBERSECURITY — The European Parliament dubbedKaspersky Lab “malicious.” … Belgium’s intelligence watchdog predicted that Russia would interfere in local elections this fall. … The head of the National Telecommunications and Information Administration told a Senate panel he wasn’t involved in the White House negotiations over Chinese telecom giant ZTE.

This article originally appeared on Politico.com

Source: Politico