DOJ report on tackling cyber threats forthcoming

Justice Department will soon release a report describing how its many agencies and components tackle cyber threats. DOJ officials delivered the report to Attorney General Jeff Sessions late last week, a department spokesman told Eric, four months after Sessions created a cyber task force to study DOJ’s role in areas like election security, botnets, encryption and data breaches. “We plan to release the report at the Aspen Security Forum later this month,” the spokesman, Ian Prior, said in an email. Prior didn’t say exactly when that would happen, but the Aspen agenda shows that Deputy Attorney General Rod Rosenstein is scheduled to make “an exclusive policy announcement” there on July 19.

Confirmation of the report’s completion and its impending release came hours after the DNC tried to score points against the Trump administration for missing the June 30 deadline that Sessions set for the report. “It’s clear Trump does not take the ongoing threat foreign adversaries pose to our election systems seriously,” DNC Chief Technology Officer Raffi Krikorian said in a statement. But the June 30 deadline was for DOJ to submit the report to Sessions, not for it to publish the document

The oddly named Cyber-Digital Task Force was supposed to examine ways in which the Justice Department can better coordinate its law enforcement and digital defense work, which occurs through agencies like the FBI and the Drug Enforcement Agency and components like the Criminal Division, the National Security Division and local U.S. attorney’s offices. In a statement in February, Session said he was expecting recommendations about “the most effective ways” for DOJ to “confront these threats and keep the American people safe.” His creation of the task force came several months after senators scolded him for not doing enough to combat election meddling, although that work falls primarily to the Department of Homeland Security.

HAPPY TUESDAY and welcome to Morning Cybersecurity! Well, crap, your MC host is doomed to an early death. Send your thoughts, feedback and especially tips to tstarks@politico.com, and be sure to follow @POLITICOPro and @MorningCybersec. Full team info below.

Join POLITICO at 8:15 a.m. on July 11 at Washington Court Hotel for a dynamic conversation on the role of government and its implications for AI growth in national public safety, privacy and civil rights. RSVP here.

OLD DOG, NEW TRICKS — One of the oldest hacking tactics, phishing, is still showing signs of evolving, Brianna reported. For instance, Barracuda Networks “cataloged various phishing schemes in which hackers imitated Netflix’s login landing pages and misspelled Netflix as ‘Netfliix’ to trick email readers into clicking infectious links containing malware.” The British counterfraud agency, meanwhile, found a scheme capitalizing on the WannaCry outbreak that “attempts to fool users into thinking their computers are infected with the ransomware and demands Bitcoin payments to protect their files.” The silver lining is that fewer phishing emails are making it into users’ inboxes, according to Trustwave. Pros can read the full story here.

NEW TECH, OLD FUEL — The Department of Energy is investing part of a $9 million grant in four projects aimed at enhancing cybersecurity infrastructure, DOE announced Monday. The projects are centered around building sensors and controls technology to enhance the operations, reliability and economic performance of fossil power systems. All four projects would get approximately $312,000 in federal funds. The Electric Power Research Institute will use its grant to improve threat detection. General Electric plans to use its share of the money to reduce cybersecurity risks in industrial control systems. Siemens plans to use the money to develop joint cyber-physical security solutions within fossil fuel power plants. Southern Company will attempt to create an efficient and cost effective system that identifies, predicts and responds to operational problems using existing plant data. These cybersecurity efforts come from the DOE’s larger initiative to develop technologies that enhance fossil energy power systems.

PROTECTING CONSUMER DATA COLLECTION — A government watchdog announced Monday that it found fault with the cybersecurity protections of a Consumer Financial Protection Bureau system that collects, monitors and responds to complaints, even though overall the safeguards tested were effective. “However, stronger identity and access management controls can ensure that the security control environment for Mosaic remains effective,” the inspector general for the CFPB and Board of Governors of the Federal Reserve System found. “Our report includes one recommendation and several matters for management’s consideration in the areas of audit and accountability, contingency planning, and configuration management.” The IG didn’t make the full report public. The bureau recently lifted a six-month hold on data collection, a hold that proved controversial.

ALL FOR NOTHING? MAYBE? — At least one of the USB fans given to journalists covering President Donald Trump’s recent meeting with North Korean leader Kim Jong-un is malware-free, according to a security researcher at the University of Cambridge. Sergei Skorobogatov, a senior research associate at the university’s Computer Laboratory, took apart the fan, which journalists could pick up in the media filing center in Singapore on June 12. The device Skorobogatov tested “does not have any computer functionality on [its] USB interface” and “can only be used for driving the motor” for the fan, he wrote in his paper. Cybersecurity experts joked about the possibility of North Korea using the fans to hack journalists covering the summit — a completely plausible notion given how voraciously nation-state hacking groups target participants in high-stakes diplomatic summits. Skorobogatov’s findings suggest that the fans may have been clean after all, though as the Cato Institute’s Julian Sanchez pointed out, a smart intelligence agency wouldn’t infect all of the fans, so one safe device doesn’t proveanything about the broader collection.

(NEXT) CHINESE TELECOM ON U.S. LIST — Another Chinese telecom company on Monday ran into a brick wall from U.S. policymakers. The National Telecommunications and Information Administration recommended that the FCC prevent China Mobile from entering the U.S. market. “After significant engagement with China Mobile, concerns about increased risks to U.S. law enforcement and national security interests were unable to be resolved,” said David J. Redl, administrator of the NTIA. In April, Commerce initiated a ban against ZTE, only for Trump to take steps to reverse it and seek to save the company, despite worries from intelligence officials and lawmakers about ZTE’s cyber and other security risks.

126 DAYS AWAY — Unease that the federal government hasn’t done enough to protect the upcoming midterm elections just keeps growing. On Monday, the Transatlantic Commission on Election Integrity declared neither the U.S. nor Europe is adequately prepared to fend off outside meddling. “The lack of cohesion among U.S. elected officials in addressing this problem is especially unfortunate given the ample means the U.S. government has to confront this threat head on,” according to the bipartisan group, which is co-chaired by former Homeland Security Secretary Michael Chertoff. Meanwhile, Florida’s senators urged their state’s election officials to accept security aid from DHS. The department “will follow your lead and meet your needs with a tailored set of options,” Sens. Bill Nelson and Marco Rubio wrote. “We encourage you in the strongest terms to take advantage of those resources, and to let us know about your experience with DHS and FBI.”

This article originally appeared on Politico.com

Source: Politico