A Senate Armed Services Committee hearing Thursday focused almost as much on validating the U.S. intelligence community's assessment that Russia masterminded the hacking of U.S. entities' IT systems aimed at affecting the outcome of the 2016 presidential election as it did on how to counter the cyberthreat posed by Russia and other foreign state actors. The hearing came amid renewed criticism and doubt from President-elect Donald Trump about intelligence agencies' assessment that Russia provided WikiLeaks with hacked emails from officials at the Democratic National Committee and the campaign of Democratic presidential nominee Hillary Clinton (see 1701040066). The hearing had been expected to focus primarily on the Russia-led hacks (see 1612300032), though committee members and intelligence officials also highlighted the threat posed by China, Iran and North Korea.
Russia export controls and sanctions
The use of export controls and sanctions on Russia has surged since the country's invasion of Crimea in 2014, and especially its invasion of Ukraine in in February 2022. Similar export controls and sanctions have been imposed by U.S. allies, including the EU, U.K. and Japan. The following is a listing of recent articles in Export Compliance Daily on export controls and sanctions imposed on Russia:
A Thursday Senate Armed Services Committee hearing on foreign-based cyberthreats to U.S. entities may signal how top Senate cybersecurity-focused lawmakers like committee Chairman John McCain, R-Ariz., will proceed with examining Russia’s involvement in election-related hacks and cyberattacks, a cybersecurity lobbyist told us Wednesday. The hearing is expected to primarily focus on the Russia hacks (see 1612300032). President Barack Obama last week imposed sanctions against Russian intelligence officials and took other actions against the nation's intelligence community in response to the hacks (see 1612290040). The hearing is to occur a day after President-elect Donald Trump again questioned the U.S. intelligence community’s assertion that Russia masterminded hacks and cyberattacks against the IT systems at the Democratic National Committee and other U.S. institutions aimed at affecting the outcome of the 2016 presidential election. Trump highlighted in a Twitter post Wednesday WikiLeaks founder Julian Assange’s assertion that Russia didn’t give him documents stolen from the hacked accounts of officials from the DNC and former Democratic presidential candidate Hillary Clinton’s campaign. Trump later criticized the DNC for not having an effective “hacking defense.”
Russian interference with the U.S. presidential election and Yahoo's announcements of two massive data breaches (see 1612150010) weren't necessarily wake-up calls for U.S. corporations, which have ramped up efforts to enhance network security against cyberattacks over the past few years, said some cybersecurity experts in interviews over the past two weeks. But they described an arms race of sorts in which nation states and cyber criminals are using increasingly sophisticated techniques to penetrate the defenses of corporations, which are having a hard time keeping up through educating and training employees, changing policies and deploying new technologies.
The Senate Armed Services Committee scheduled a hearing for Thursday on foreign-based cyberthreats to U.S. entities that will focus primarily on Russia's involvement in hacks and cyberattacks against the IT systems at the Democratic National Committee and other U.S. institutions aimed at affecting the outcome of the 2016 presidential election, a committee aide told us Friday. The hearing will begin at 9:30 a.m. in G50 Dirksen. Director of National Intelligence James Clapper, NSA Director Michael Rogers and Undersecretary of Defense-Intelligence Marcel Lettre are to testify, Senate Armed Services said. President Barack Obama on Thursday announced a set of sanctions and other actions against Russia over its cyber activities, which also included cyberattacks against U.S. critical infrastructure entities and harassment of U.S. diplomats (see 1612290040). The hearing could be another platform for committee Chairman John McCain, R-Ariz., to push for Senate Majority Leader Mitch McConnell, R-Ky., to form a select committee with consolidated jurisdiction over cybersecurity issues, an industry lobbyist told us. McCain and incoming Senate Minority Leader Chuck Schumer, D-N.Y., are among the lawmakers calling for creation of a select cybersecurity committee after the Russian hacks (see 1612190061 and 1612200044).
President Barack Obama took action Thursday against Russia for its involvement in hacks and cyberattacks against the IT systems at the Democratic National Committee and other U.S. institutions aimed at affecting the outcome of the 2016 presidential election. Some in Congress are seeking a formal investigation over Russia’s election-related hacks, including calls for both the House and Senate to create select committees with consolidated jurisdiction over a range of cybersecurity policy issues (see 1612190061 and 1612200044).
Sen. Cory Gardner, R-Colo., plans to file legislation in the next Congress aimed at creating a Senate select cybersecurity committee, two industry lobbyists told us Tuesday. Gardner's legislative push for a unified Senate cybersecurity effort follows a similar call over the weekend from incoming Senate Minority Leader Chuck Schumer, D-N.Y., Senate Armed Services Committee Chairman John McCain, R-Ariz., and two other senators (see 1612190061). Schumer and Sen. Lindsey Graham, R-S.C., who's also supporting creating a Senate cyber committee, pushed during a Tuesday appearance on NBC's Today Show for Senate Majority Leader Mitch McConnell, R-Ky., to create the committee in part to investigate recent Russia-led hacks aimed at influencing the presidential election. Foreign governments' involvement in cyberattacks against U.S. interests predating the Russia hacks shows “it's evident that we are facing a growing cybersecurity challenge,” Gardner said in a statement. “The nature and complexity of recent cyber-attacks require a whole of government approach to cyberspace and the development of federal policy to mitigate the threat and protect everything from personal information to the security of our critical infrastructure.” Gardner began favoring a select cyber committee in 2015 and said earlier this year it was needed “because I think it reflects that we don't have a specific body that is looking at all of these challenges at the same time across the government” (see 1606140048).
A renewed and bipartisan push for a Senate panel on cybersecurity may not result in the creation of such an entity, lawyers and lobbyists said in interviews Monday. Four senior senators, including incoming Senate Minority Leader Chuck Schumer, D-N.Y., and Senate Armed Services Committee Chairman John McCain, R-Ariz., intensified a push for Senate Majority Leader Mitch McConnell, R-Ky., to create a Senate select committee on cybersecurity in response to claims that Russia hacked U.S. institutions to affect the outcome of the 2016 presidential election. Sens. Lindsey Graham, R-S.C., and Jack Reed, D-R.I., joined McCain and Schumer Sunday in calling for the new committee. Congressional Cybersecurity Caucus Co-Chairman Jim Langevin, D-R.I., called Friday for Speaker Paul Ryan, R-Wis., to create a House select cybersecurity committee.
Learning about Yahoo's recent revelation that a billion user accounts were compromised three years ago (see 1612140076), experts' views were mixed among those we interviewed Thursday on whether more congressional and regulatory scrutiny would be helpful and how the latest incident would affect the company's takeover by Verizon. It's the second data breach incident Yahoo revealed within three months. In September, the company said 500 million user accounts were compromised in late 2014 (see 1609220046).
House and Senate lawmakers Thursday introduced legislation that would delay from going into effect Dec. 1 a controversial administrative procedural change that many critics have decried as expanding the government's computer hacking powers. “This rule change would give the government unprecedented power to hack into Americans’ personal devices,” said Sen. Ron Wyden, D-Ore., in a news release. “This was an alarming proposition before the election. Today, Congress needs to think long and hard about whether to hand this power to [FBI Director] James Comey and the administration of someone who openly said he wants the power to hack his political opponents the same way Russia does.” Wyden has led the charge against the implementation of Rule 41 of the Federal Rules of Criminal Procedure (see 1608310021), which was changed because DOJ said it needed a way to conduct remote searches, which the department maintained are the only way to find and apprehend criminals who are increasingly using sophisticated anonymizing technology to hide themselves. The Rule 41 change would allow Justice to get a warrant from any magistrate judge in the country. Opponents of the change repeatedly have said the government could potentially hack into computers of innocent Americans and internationally. In recent weeks, some experts said they expected the new rule to take effect, but stressed Congress can still act afterward (see 1610250049). The new bill -- called the Review the Rule Act -- would delay implementation of Rule 41 until July 1. Sens. Chris Coons, D-Del.; Steve Daines, R-Mont.; Al Franken, D-Minn.; and Mike Lee, R-Utah, as well as Reps. John Conyers, D-Mich., and Ted Poe, R-Texas, also signed onto the bill. Civil liberties and privacy groups have campaigned actively against the change as have technology companies and associations. Computer & Communications Industry Association CEO Ed Black said in a statement that expanding U.S. surveillance authority has "far-reaching consequences" for everyone, affects the relationship between the country and allies and "merits careful consideration by Congress."
Sen. Kelly Ayotte, R-N.H., and Democratic challenger Gov. Maggie Hassan critiqued each other’s record on cybersecurity issues Wednesday during a debate in the campaign for Ayotte’s Senate seat. Ayotte declined to directly answer a question about whether Russia had influenced next week's election via the hacking of national Democratic Party-related servers. The real issue is Democratic presidential nominee Hillary Clinton’s use of a private email server during her tenure as secretary of state and the possibility it resulted in the transmission of “classified information,” Ayotte said. If Hassan is “not going to break with Hillary Clinton on this, when is she ever going to break with Hillary Clinton?” Ayotte said. Hassan said Clinton’s use of the private server was wrong, but “it is concerning to me that” Republican presidential nominee Donald Trump “has showered praise on [Russian President] Vladimir Putin and in some ways invited him to” launch an attack on election-related IT systems. “That’s “one of the reasons I’m so concerned that [Ayotte] spent so much time supporting her nominee,” Hassan said.