By Joseph Marks
Sen. Kamala D. Harris (D-Calif.) speaks to members of the news media at Howard University in Washington on Jan. 21. (Manuel Balce Ceneta/AP)
Harris (Calif.) was a sponsor of the most successful bipartisan election cybersecurity bill last Congress while Sen. Kirsten Gillibrand (N.Y.) backed a separate bill that would have launched a 9/11 Commission-style investigation into Russian interference in the 2016 election. Sen. Elizabeth Warren (D-Mass.), meanwhile, introduced legislation in the wake of the massive Equifax data breach to ratchet up consequences for credit ratings agencies that fail to protect people’s data.
This sets the stage for cybersecurity — traditionally a fringe issue during presidential races — to be a big part of the national conversation during the 2020 contest. Democratic senators will almost certainly seek to turn cybersecurity into a wedge issue to attack President Trump, who has been hesitant to acknowledge Russia’s culpability for a hacking and disinformation campaign to influence the 2016 election in his favor.
“RT if you agree: Americans deserve a transparent, independent investigation into Russia’s involvement with the Trump camp.” Harris tweeted on Valentine’s Day 2017 in what could be a model for calling out the president on cyber issues.
RT if you agree: Americans deserve a transparent, independent investigation into Russia’s involvement with the Trump camp.— Kamala Harris (@KamalaHarris) February 15, 2017
This cycle, cybersecurity could prove an important issue to the Democratic base: Democrats are both more concerned about election security and more skeptical of the government’s ability to manage a major cyberattack than Republicans, according to recent public opinion polls. And the 2020 candidates entering the race with lengthy cyber policy records have the potential to be judged on their accomplishments on this complex topic -- and are likely to face tough questions about Russian hacking and disinformation operations, election security and Chinese intellectual property theft.
Harris, who joined the Senate only in 2016, has the most substantive cyber record among the candidates so far. As a member of the Senate's Homeland Security, Intelligence and Judiciary committees, she's at the heart of the cybersecurity policy action on the Hill.
She was one of five co-sponsors of the Secure Elections Act, the election security measure that came closest to becoming law last Congress, and helped deliver $380 million in election security money to states. She was also a co-sponsor on a separate bill from Sen. Ron Wyden (D-Ore.) that would require all elections to use paper ballots, a mandate favored by security experts.
She's also focused on Chinese cyber threats, introducing legislation that would make it easier for U.S. companies to sue foreign actors including China for digital intellectual property theft.
Harris also sponsored smaller legislation that would create a cyber workforce exchange program between the Homeland Security Department and the private sector and upgrade cybersecurity at U.S. ports. As California’s attorney general, she built up the state’s ability to fight digital crimes, including identity theft.
Harris has been a frequent critic of Trump on cyber issues. Most recently, she lashed out at Trump’s assertion without evidence that China was interfering in the midterm elections, penning a letter with other Democrats asking the director of national intelligence to either back up Trump’s assertion or refute it.
Gillibrand’s cyber focus has largely been on getting to the bottom of Russia’s 2016 election interference. She cosponsored a bill in 2017 with Sen. Lindsey Graham (R-S.C.) to launch a 9/11 Commission-style investigation into Moscow's hacking and influence operations and make recommendations for future elections, though it did not pass.
Our country’s election systems remain vulnerable to cyber attack. We must figure out how we are vulnerable and how we can fix it.— Kirsten Gillibrand (@SenGillibrand) September 15, 2017
Warren, a longtime critic of the financial sector who serves on the Senate Banking Committee, has focused most of her cyber work on holding companies in that sector accountable for breaches. A bill she introduce with Sen. Mark R. Warner (D-Va.) in the wake of the Equifax breach would have imposed fines in the billions for similar breaches.
My investigation revealed the depth of the breach and cover-up at @Equifax. And since I published the report, Equifax has confirmed it is even worse than they told us. https://t.co/6bGvZWqlQI— Elizabeth Warren (@SenWarren) February 10, 2018
As the campaign heats up, expect these Democratic senators to take even more opportunities to position themselves against Trump -- and further outline their own policy positions.
They've already started laying the groundwork during their time in the Senate. Shortly after the president’s July summit with Russian President Vladimir Putin in Helsinki, for example, Gillibrand tweeted: “.@realDonaldTrump, instead of inviting Putin to the White House, how about you condemn him, and hold him accountable, for Russia’s interference in the 2016 elections and their continuing efforts to undermine our democracy?”
|You are reading The Cybersecurity 202, our must-read newsletter on cybersecurity policy news.|
|Not a regular subscriber?|
Passengers wait for trains along the Red Line at the Cleveland Park station on Nov. 29, 2018, in Washington. (Katherine Frey/The Washington Post)
Sens. Mark R. Warner (D-Va.), Tim Kaine (D-Va.), Ben Cardin (D-Md.) and Chris Van Hollen (D-Md.) said that automatic train control and video surveillance are among the types of technology that could be added to the 8000-series rail cars. “Many of these technologies could be entirely susceptible to hacking, or other forms of interference, if adequate protections are not in place to ensure they are sourced from safe and reliable suppliers,” the senators said. They did not mention China by name in their letter but it was clear that Beijing was the subject of their concern, according to Robert.
“Metro’s response was mixed,” my colleague wrote. “Wiedefeld issued a brief statement saying the agency was strengthening its protections against cyberespionage, while Metro Board Chairman Jack Evans criticized the senators.”
Hands type on a computer keyboard in this photo illustration in Los Angeles on Feb. 27, 2013. (Damian Dovarganes/AP)
However, one factor that can complicate hackers' attempts to compromise industrial robots is their price. “The machines often cost tens of thousands of dollars, if not much more, meaning hackers — for now — can’t easily obtain an industrial robot to dissect and study for cyber infiltration,” according to the Journal. “But prices will eventually fall and industrial robots will become more widespread, bolstering the need to fortify cyber defenses before that time comes.”
Sen. Marco Rubio (R-Fla.) on Capitol Hill in Washington on Nov. 29, 2018. (Susan Walsh/AP)
Sen. Marco Rubio (R-Fla.), who also sits on the Senate Intelligence Committee, said in a statement to the Hill that deepfakes represent a real threat. “America’s enemies are already using fake images to sow discontent and divide us,” Rubio said. “Now imagine the power of a video that appears to show stolen ballots, salacious comments from a political leader, or innocent civilians killed in conflict abroad.”
Sen. Ron Wyden (D-Ore.) on Capitol Hill in Washington on June 28, 2018. (Jacquelyn Martin/AP)
This month, Motherboard reported that T-Mobile, Sprint and AT&T sold access to their customers' location information to third-party companies. “Wyden on Thursday also began to apply some additional pressure on other wireless carriers he claims have been negligent and secretive when it comes to treatment of this data,” according to Bode.
— Assistant Attorney General John Demers defended the Trump administration's policy of “naming and shaming” and indicting hackers who are tied to foreign states, according to FCW's Derek B. Johnson. “What the government is saying is not only, ‘We think this is happening’ or ‘We assess with a high likelihood this is happening,’ but it's saying ‘I can get up in court and prove every element of what I've laid out in this indictment beyond a reasonable doubt,’” Demers said during an event hosted by the Center for Strategic and International Studies, according to FCW.
— More cybersecurity news from the public sector:
Facebook Chief Operating Officer Sheryl Sandberg testifies before the Senate Intelligence Committee in Washington on Sept. 5, 2018. (Jose Luis Magana/AP)
— France is considering cracking down on Chinese telecommunications giant Huawei, according to Reuters. “France is considering introducing a bill amendment to empower its security and defence watchdogs to make retroactive checks to telecoms operators’ equipment once installed, targeting China’s Huawei, Les Echos newspaper reported on Monday without citing sources,” according to Reuters.
— More cybersecurity news from abroad:
- SANS Cyber Threat Intelligence Summit in Arlington, Va.
- Data Connectors’ Houston Cybersecurity Conference in Houston on Thursday.
- The Atlantic Council hosts an event titled “Cyber Risk Wednesday: Operationalizing Cyber Strategies” on Jan. 30.
Unpaid Pittsburgh TSA workers demand end to shutdown:
Lawmakers grasp for agreement to end shutdown:
Five ways the shutdown is affecting the economy: