National Security – Page 2

CyberScoop: GAO report shows how easy it is to hack DOD weapon systems

By Sean Lygaas

In cybersecurity probes of Department of Defense weapon systems in recent years, penetration testers were able to gain control of systems with relative ease and generally operate undetected, according to a Government Accountability Office report.

“We found that from 2012 to 2017, DOD testers routinely found mission-critical cyber vulnerabilities in nearly all weapon systems that were under development,” the report states.

In one test, a two-person team gained initial access to a system in an hour, then gained full control of the system in a day, the watchdog said. In another, the pen-testers seized control of the operators’ terminals, could see what the operators saw on their screens, and “could manipulate the system,” GAO found. Many of the testers said they could change or delete data. In one case they downloaded 100 gigabytes of it.

The scathing report chalks up the insecurities in the Pentagon’s weapon systems to defense officials’ “nascent understanding of how to develop more secure weapon systems” and the fact that those systems are more networked than ever. Until recently, according to GAO, the Pentagon did not prioritize weapon-system cybersecurity. Furthermore, DOD program officials the watchdog met with “believed their systems were secure and discounted some test results as unrealistic,” the report says.

“Due to this lack of focus on weapon systems cybersecurity, DOD likely has an entire generation of systems that were designed and built without adequately considering cybersecurity,” GAO researchers added.

DOD’s evaluators did not pull out top-drawer tools to breach the weapon systems, but instead used simple techniques that were sufficient in the face of a “poor password management and unencrypted communications,” according to GAO.

The report, which focuses mainly on under-development weapon systems, is the product of a 15-month audit that included interviews with officials from the National Security Agency, military testing organizations, and DOD acquisition offices, among other agencies. GAO said its researchers will give Congress a classified briefing on their findings.

Not all of GAO’s findings were negative. The Pentagon has recently moved to improve weapon-system cybersecurity through policy guidance and initiatives to better understand vulnerabilities, according to the watchdog. And one penetration test reviewed by GAO “found that the weapon system satisfactorily prevented unauthorized access by remote users,” albeit not from insiders.

But the report makes clear that DOD’s work to date is far from sufficient in tackling the problem.

“Several DOD officials explained that it will take some time, and possibly some missteps, for the department to learn what works and does not work with respect to weapon-systems cybersecurity,” the report says.

Due to testing limitations, “the vulnerabilities that DOD is aware of likely represent a fraction of total vulnerabilities” in systems, according to GAO.

Defense officials provided technical comments in response to a draft of the GAO report. CyberScoop has requested further comment from the Pentagon.

“The GAO report released today highlighted a shocking reality: just how far behind we actually are in adequately protecting our weapons systems and industrial suppliers from cyber threats,” said Sen. Jim Inhofe, R-Okla., chairman of the Senate Armed Services Committee.

Rep. Jim Langevin, D-R.I., a member of the House Armed Services Committee, said he wasn’t surprised by GAO’s findings. “While DOD has made progress in lowering its cybersecurity risks, it has not moved fast enough,” Langevin said. That is why, he added, Congress has mandated that the Pentagon carry out cyber vulnerability assessments.

EcoWatch: The U.S. Defense Department Is Losing the Battle Against Climate Change

By Daniel Ross

A rock seawall protecting the Air Force’s Cape Lisburne Long Range Radar Station on the North East Alaska coast is under increasing duress from extreme weather patterns affecting Arctic sea ice. early $50 million has been spent replacing vulnerable parts of the wall already.

In 2013, a late summer monsoon rainstorm struck Fort Irwin, in California, flooding more than 160 buildings and causing extensive damage that took weeks to clean up. Some buildings were out of commission for months.

The 2012 Waldo Canyon Fire, one of the most destructive wildfires in Colorado’s history, only narrowly missed Peterson Air Force Base. The fire cost some $16 million to battle.

These are just some of the findings that make up a U.S. Department of Defense vulnerability report, published earlier this year, looking at the impact of climate change on more than 3,500 military installations. Its conclusion? That more than half of these installations are affected by flooding, drought, winds, wildfires, storm surges and extreme temperatures. Drought proved the single biggest challenge to the military, affecting nearly 800 bases. Next up was wind, which affected more than 750 bases, while non-storm surge-related flooding impacted a little more than 700 bases.

“As an institution, the military sees climate change as a threat to what they do on multiple levels,” said Michael Klare, professor emeritus of peace and world security studies at Hampshire College. “It’s a threat to their bases. It’s a threat to their operations. It creates insurgencies. t creates problems for them. They’re aware of that, and they want to minimize those impediments.”

Indeed, climate change has long been on the military’s radar. It was the George W. Bush administration, for example, that required the Defense Department to procure 25 percent of its energy for its buildings from renewables by 2025. Even President Ronald Reagan received military memos warning of global warming. While in 2014, the department published a roadmap establishing an outline to deal with the threats from climate change within the military, as ordered by then-President Barack Obama.

Although President Trump’s administration is known for its climate change denialism, major figures within the military are still noticeably vocal about the issue. In February, Director of National Intelligence Dan Coats warned in a Worldwide Threat Assessment that the impacts from global warming—more air pollution, biodiversity loss and water scarcity—are “likely to fuel economic and social discontent—and possibly upheaval—through 2018.” Defense Secretary Jim Mattis has been called the “lone green hope” for his long-established views on the threat of global warming.

Given the immediate threat of rising sea levels, the U.S. Navy is leading the charge to better understand these impacts at the ground level. Last year, a Navy handbook provided a planning framework for incorporating the threat of climate change into development projects at Navy installations. To put this into context, a 2016 Union of Concerned Scientists (UCS) analysis of 18 military installations along the U.S. East coast and the Gulf of Mexico found that by 2050, most of these bases will experience 10 times the number of floods than they do currently. In about 80 years, eight of the bases could lose as much as 50 percent of their land to rising seas. Naval Air Station Key West, in Florida, could be almost entirely underwater by the end of the century.

“We did use the high sea level rise scenario because generally, the military has a low tolerance for risk,” said Shana Udvardy, UCS climate preparedness specialist and a co-author on the study. “And we’re basically on track for the high scenario because of the rate of ice sheet melting. It’s very likely to happen, and it’s after mid-century that we’ll really see the changes in the extent and frequency of tidal flooding.”

According to U.S. Geological Survey scientist Curt Storlazzi, who has studied the effects of global warming on military installations on the Marshall Islands for the Defense Department, the twin impacts of rising sea levels and storm waves will increase the magnitude of flooding there by “double” in the next couple of decades. “That’s going to negatively impact both the military and civilian populations,” he said. “That’s the big takeaway—most civilian and defense infrastructure doesn’t do well with salt water.”

The Center for Climate and Security, a non-partisan group of defense and national security experts, continues to study the myriad threats of climate change on the military. In this recent report, the group outlined how extreme weather patterns will expand the department’s role in tackling national and global security threats, highlighting how humanitarian assistance and disaster relief missions are “increasingly important responsibilities for military commanders around the world.”

But former Rear Admiral David Titley, professor of meteorology at Penn State University and an expert in climate change, the Arctic and national security, argues that the military as a whole has yet to really grapple with the problem of climate change in any long-term strategic way, nor has it looked at how to cost-effectively prioritize resources—views mirrored in a recent Government Accountability Office report.

Change could be on its way in this regard. Rep. Jim Langevin, the ranking Democrat on the Emerging Threats and Capabilities Subcommittee, pushed through an amendment in the 2018 defense spending bill directing the Defense Department to identify the 10 military installations most vulnerable to climate change and to identify ways to mitigate the forecasted damage. “You would argue that that’s where you put your first dollar towards buying down the risk,” Titley said. “There may be bases that have higher climate vulnerability, but the impact may not be that big a deal relative to others.”

Langevin also included a provision in the 2019 defense spending bill requiring the department to factor energy and climate resiliency efforts into major military installation plans. But Titley is circumspect about the Defense Department’s overall ability and willingness to institutionally get to grips with the problems climate change poses. “We’ll see whether the department of defense actually does that or not,” said Titley. “There’s no real leadership on this issue.”

Miriam Pemberton, a research fellow at the Institute for Policy Studies, a progressive think tank, said that the military’s public overtures on climate change ring a little hollow when stacked up against the actual dollars directed toward green initiatives within the military—efforts like biofuel to power aircraft carriers and solar energy in combat zones.

According to an Institute report from last year, “Combat vs. Climate,” the ratio in military spending in 2017 to deal with regular security threats versus climate change was 28:1—a slight improvement on the 2015 ratio of 30:1. But as the report finds, “spending 28 times as much on traditional military security as on climate security is hardly commensurate with the magnitude of this ‘urgent and growing threat,’ as the military has defined it.”

Further, while the military’s budget grew by $61 billion in 2018, the amount of money the department continues to funnel toward green initiatives and renewable energies hasn’t grown proportionately, said Andrew Holland, the American Security Project’s director of studies. Nor does the military, he said, see its primary mission as tackling climate change. Indeed, the military is the world’s largest institutional consumer of fossil fuels. Last year, the department used more than 85 million barrels of fuel to power ships, aircraft, combat vehicles and contingency bases. The cost? Nearly $8.2 billion.

“We have a military whose job is to fight and win America’s wars,” Holland said. “But where you can take clean energy initiatives that fight climate change and also increase the military’s operational ability to fight and win those wars, that’s a double win.”

Another obstacle is that there’s no “line item for climate change” within the defense spending bill, said the UCS’s Shana Udvardy. “So, it’s really up to each installation to figure out where they’re going to get the resources, and which resources they’re going to allocate to these types of adaptation measures,” she said. What’s more, both Udvardy and Holland agree that the military has recently grown increasingly secretive about its green initiatives, for fear of retaliation by the White House.

Trump has already pulled out of the Paris Climate Accord, for example, and signed an executive order rolling back all Obama-era climate change related actions within federal agencies. There are notable signs that this has trickled down to the Defense Department—the latest National Defense Strategy had been scrubbed clean of any reference to climate change, for example.

“None of us have any clue as to how bad it’s going to be,” said Michael Klare, about the impacts from global warming. “But this something that the military does understand better than most people—it’s not the polar bears we should be worried about, it’s about whole societies that are going to collapse and send out waves of migration, which we’re seeing already.”

The Hill: Congress falls flat on election security as midterms near

By Jacqueline Thomsen

Congress has failed to pass any legislation to secure U.S. voting systems in the two years since Russia interfered in the 2016 election, a troubling setback with the midterms less than six weeks away.

Lawmakers have repeatedly demanded agencies step up their efforts to prevent election meddling but in the end struggled to act themselves, raising questions about whether the U.S. has done enough to protect future elections.

A key GOP senator predicted to The Hill last week that a bipartisan election security bill, seen as Congress’s best chance of passing legislation on the issue, wouldn’t pass before the midterms. And on Friday, House lawmakers left town for the campaign trail, ending any chance of clearing the legislation ahead of November.

Lawmakers have openly expressed frustration they were not able to act before the 2018 elections.

Rep. Tom Rooney (R-Fla.), who introduced the House version of the election security bill, said it was “disappointing.”

“If you want to call it a message that we’re sending to the American people, that we’re doing everything that we can to ensure that the integrity of the vote is sacred,” he said, “If we have these opportunities to do something and we don’t, then that definitely sends the wrong message. That maybe we just don’t care or whatever.”

Rep. James Langevin (D-R.I.), the co-founder of the Congressional Cybersecurity Caucus, said not passing the legislation was “a missed opportunity” to better protect U.S. elections.

“Every community needs to be on guard, alert and realize that the Russians are a very well-resourced and capable bad actor that are again trying to interfere with our elections,” he said.

Sen. James Lankford (R-Okla.), one of the bill’s cosponsors, told The Hill that the text of the bill is still being worked out after recent changes prompted concerns from state election officials and the White House.

It had appeared the bill would make it across the finish line but last month Reuters reported that the White House had stepped in to hold up the bill. A GOP Senate aide told The Hill at the time that it was paused over a lack of Republican support and over concerns raised by outside groups.
The White House did not return multiple requests for comment, and a spokesperson for Senate Rules and Administration Committee Chairman Roy Blunt (R-Mo.), who delayed the bill’s markup, declined to comment further.

Lankford said the White House told him it had not held up the bill. But he added that “they didn’t talk to me about it in advance.”

Like other lawmakers and experts, Lankford pointed out that even if the bill had passed ahead of the midterms, it would still be too late to implement any of the measures ahead of November’s elections.

“The bigger issue is not the legislation,” Lankford said. “The bigger issue is what the administration has done in the meantime to try to actually get all this done.”

The Department of Homeland Security has offered some cybersecurity support to state election officials, and President Trump signed an executive order earlier this month authorizing sanctions against those found interfering in U.S. elections.

Lawmakers also included $380 million for states to update and secure their election systems in an appropriations bill passed in March. That funding was initially authorized under the Help America Vote Act of 2002, passed in response to the 2000 presidential election, but this year’s grants were the first authorized under the law since fiscal 2010.

However, when Democrats tried to pass more election security funding earlier this year, Republicans knocked down the measure, arguing that substantial funds had already been allocated.

Other security bills have also been introduced after the 2016 elections, but the bipartisan bill spearheaded by Lankford and Sen. Amy Klobuchar(D-Minn.) was touted as the best shot to legislation on the books shielding U.S. election systems from cyber attacks.

Even so, it remained the subject of extensive debate: The original bill included a pilot program for states to conduct audits on limiting risks, which would examine a number of ballots to ensure that systems weren’t compromised.

But that program became mandatory in a later version of the bill, costing it support from state officials and advocacy groups who argued the measure would be too great of a burden.

Voting groups have also voiced disappointment at the lack of action, but were quick to praise Klobuchar and Lankford’s bipartisan push to pass legislation.

Vermont Secretary of State Jim Condos (D), the president of the National Association of Secretaries of State (NASS), told The Hill that while many states are already implementing the measures that would be included in the bill, it was disappointing to not have them on the books. NASS has not taken a public stance on the legislation.

He said that the bill would “send a strong message” to bad cyber actors like Russia, which interfered in the 2016 election, as well as to Americans that their election systems are secure.

“I think this would go a long way to helping us let the public know that our systems are strong and, on top of that, that everyone takes [the issue] seriously,” Condos said.

It is unclear if Congress will be any closer to overcoming the hurdles to legislation after the midterms.

But advocates insist they will keep pushing for a solution.

“This is a time for unity where the country has to unite to fight off foreign meddling in our election because that undermines our democracy,” said Marian Schneider, the president of Verified Voting.
But she also noted that the Lankford-Klobuchar bill was originally introduced in December 2017 and that lawmakers had months to finalize the text.

“I think there’s an unfortunate thing going on here that whenever elections is the topic or is the subject area that it becomes politicized,” she said.

Inside Cybersecurity: Pelosi appoints Langevin to Cyberspace Solarium Commission, as House passes four cyber-related bills

By Maggie Miller

House Minority Leader Nancy Pelosi (D-CA) appointed Rep. James Langevin (D-RI) to the newly created Cyberspace Solarium Commission on Tuesday, while the House passed four cyber-related bills including one to create a vulnerability disclosure program at the Department of Homeland Security.

Pelosi named Langevin and former Rep. Patrick Murphy (D-PA) to the commission, created under the 2019 National Defense Authorization Act. The House minority leader is required to appoint two members of the Commission, one of whom must not be a current member of the House.

“Cyberspace is the future, and will grow even more important to driving American leadership and innovation in the years to come,” Pelosi said in a statement. “Guided by Rep. Langevin and former Rep. Murphy, this Commission will be a vital tool in keeping America safe, strong and free.”

Langevin, the co-founder and co-chair of the Congressional Cybersecurity Caucus, said in a statement he was “honored” to be appointed, and called for the commission to develop a “strategic framework” for international cyber “stability.”

“It is imperative that we use the opportunity afforded by the Solarium Commission to develop a strategic framework that encompasses these challenges and ensures the United States continues to benefit from global cyber stability,” Langevin said. “It is my expectation that such a strategy will encompass all elements of national power – economic, diplomatic and military – and help contextualize cyber in the broader national and economic security discussion.”

The Speaker of the House is designated to appoint three members, with the Senate majority leader to designate three, and the Senate minority leader to pick two members. Other members of the commission automatically include the FBI director, the deputy secretaries of the departments of Defense and Homeland Security, and the principal deputy director of National Intelligence.

The commission is charged with developing a “strategic approach” to defend the U.S. in cyberspace against “cyber attacks of significant consequences.”

Bills move in House

On Tuesday, the House approved four cybersecurity bills, including H.R. 6735, the Public-Private Cybersecurity Cooperation Act. The bill sponsored by House Majority Leader Kevin McCarthy (R-CA) directs the DHS secretary to establish a “vulnerability disclosure policy” for DHS internet sites within 90 days of the legislation being signed into law.

The House Homeland Security Committee approved the bill earlier this month, and Chairman Michael McCaul (R-TX) spoke on the floor in favor of passage, saying it would give a “legal avenue” to allow researchers from the private sector to identify cyber flaws in DHS’ systems.

“Between 2011 and 2013, Iranian hackers attacked dozens of American banks and even tried to shut down a dam in New York,” McCaul said. “In 2014, Chinese hackers stole over 22.5 million security clearances, including my own, from the Office of Personnel Management. In 2016, Russia meddled in our Presidential election, and because we use computer networks in our personal and professional lives, almost everyone is a target. With each passing day, cyber threats continue to grow. But the government cannot face these threats alone. We need help from the private sector.”

McCaul also spoke in favor of another bill passed Tuesday, H.R. 6620, the Protecting Critical Infrastructure Against Drones and Emerging Threats Act, sponsored by Homeland Security cyber subcommittee ranking member Cedric Richmond (D-LA). This bill would require DHS to prepare a threat assessment related to unmanned aircraft systems, and was previously approved by the House Homeland Security Committee.

“The threats we face from drones are constantly evolving as the technology becomes more accessible across the globe,” McCaul said on H.R. 6620. “We need to do more to confront these dangers.”

The House passed two more bills: H.R. 5433, the Hack Your State Department Act, sponsored by Rep. Ted Lieu (D-CA), to establish a “bug bounty” program at the State Department; and H.R. 6229, the National Institute of Standards and Technology Reauthorization Act, sponsored by Rep. Barbara Comstock (R-VA), which supports cyber programs at NIST.

MeriTalk: Langevin, Murphy Added to Cyberspace Solarium Commission

By MeriTalk

House Democratic Leader Nancy Pelosi, D-Calif., has appointed Rep. Jim Langevin, D-R.I., and former Rep. Patrick Murphy, D-Pa., to the recently created Cyberspace Solarium Commission, a 14-member public-private panel charged with developing consensus and actionable strategy to protect and defend the U.S. in cyberspace. Legislation creating the commission was approved as part of the FY 2019 National Defense Authorization Act (NDAA). Rep. Langevin is a co-chair of the Congressional Cybersecurity Caucus and ranking member of the House Armed Services Committee’s Emerging Threats and Capabilities Subcommittee. Murphy was a congressman from 2007 to 2011, and is a former under Secretary of the Army.

NY Times: Trump Loosens Secretive Restraints on Ordering Cyberattacks

By David E. Sanger

WASHINGTON, D.C — President Trump has authorized new, classified orders for the Pentagon’s cyberwarriors to conduct offensive attacks against adversaries more freely and frequently, the White House said on Thursday, wiping away Obama-era restrictions that his advisers viewed as too slow and cumbersome.

“Our hands are not as tied as they were in the Obama administration,” John R. Bolton, the national security adviser, told reporters in announcing a new cyberstrategy.

Mr. Bolton rewrote a draft of the strategy after joining the administration in April. Many of his remarks on Thursday focused on a secret order — which Mr. Trump signed in August but which has never been publicly described — that appears to give far more latitude for the newly elevated United States Cyber Command to act with minimal consultation from a number of other government agencies.

The order essentially delegates more power to Gen. Paul M. Nakasone, who took over this year as the director of the National Security Agency and the commander of United States Cyber Command. During his Senate confirmation hearing in March, General Nakasone complained that America’s online adversaries attacked with little concern about retaliation.

“I would say right now they do not think that much will happen to them,” said General Nakasone, who previously oversaw the Army’s cybercommand. “They don’t fear us.”

But this month, General Nakasone said he was more comfortable with the new guidance issued by the White House, even though the administration has not made any of it public.

Senior officials have said it eliminates a lengthy process of consensus-building across the government — the Departments of Commerce, Treasury and Homeland Security among them — before the United States conducts an offensive action.

It is not clear whether Mr. Trump must still approve every major offensive online operation, as Presidents George W. Bush and Barack Obama did.

Mr. Bolton did not shed much light. “Our presidential directive effectively reversed those restraints, effectively enabling offensive cyberoperations through the relevant departments,” he said.

He said that since Mr. Trump took office, the administration has “authorized cyberoperations” against rivals, though he gave no details.

Much of the strategy that was made public on Thursday strongly echoes similar documents issued by Mr. Obama and Mr. Bush. They focus on improving digital defenses for the United States government, bettering training, working with private industry to share information about vulnerabilities and working with allies.

While the words in the strategy differ from the past, the impetus is the same. It did, however, identify specific countries as adversaries.

“Russia, Iran and North Korea conducted reckless cyberattacks that harmed American and international businesses and our allies and partners without paying costs likely to deter future cyberaggression,” the strategy read. “China engaged in cyberenabled economic espionage and trillions of dollars of intellectual property theft.”

But the classified directive appears to be significantly different, as Mr. Bolton said on Thursday.

His indictment of the previous administration omitted the fact that Mr. Obama continued or initiated three of the most aggressive cyberoperations in American history: one to disable Iran’s nuclear fuel production, another to attack North Korea’s missile programs and a third against online recruitment and communications by the Islamic State.

The first, code-named Olympic Games, was judged successful at destroying about 1,000 nuclear centrifuges for a year. The Korea operation had only mixed results at best, and Mr. Obama’s own defense secretary later wrote that the operation against the Islamic State proved largely ineffective.

But Mr. Obama hesitated to strike back at Russia in 2016 after revelations of its breach into the Democratic National Committee, and acted only after the presidential election.

And, as Mr. Bolton noted, the United States declined to name other attackers, including the Chinese, for stealing roughly 22 million files on Americans with security clearances from the Office of Personnel Management. He noted that those files, “my own included, maybe yours, found a new residence in Beijing.”

Mr. Bolton became the first American official to formally acknowledge what was widely known: that the Chinese government was behind that intrusion.

Additionally, the Trump administration accused North Korea of mounting the WannaCry attack that brought down the British health care system, and Russia of initiating the NotPetya attack that was aimed at Ukraine and cost hundreds of millions of dollars in damage, including to shipping companies like Maersk.

But Mr. Bolton, whose concepts of deterrence were formed in the Cold War, is likely to discover what his predecessors learned: Almost every strategy that worked in deterring nuclear attacks does not fit the digital era, and even figuring out where an attack originated can be a challenge.

The government has grown more skilled at attributing the source of a cyberattack, but the process remains lengthy. By the time a conclusion is reached, it is often too late to mount a successful counterstrike.

Mr. Trump has particularly muddied the waters in assigning blame for attacks, repeatedly expressing doubts that Russia was behind the hacking of the Democratic National Committee and members of Hillary Clinton’s 2016 presidential campaign. The Justice Department has indicted officers of Russia’s military intelligence unit, once known as the G.R.U., and the Internet Research Agency, in those attacks.

Part of the strategy calls for the United States to develop what it describes as an international cyberdeterrence initiative, which sounds similar to efforts to develop a theory of nuclear deterrence. The document provides few details, but says the Trump administration will build “a coalition and develop tailored strategies to ensure adversaries understand the consequences of their malicious cyberbehavior.”

Some of those efforts have already begun: The American accusations against North Korea and Russia last year were immediately echoed by Britain and other Western powers.

Representative Jim Langevin, Democrat of Rhode Island who has been active in developing new cyberstrategies, said that the White House approach was focused “in starkly offensive terms.”

“I agree that our adversaries need to know that we can — and will — challenge them in cyberspace,” Mr. Langevin said. “But as the country with the most innovative economy in the world, we must also acknowledge the abiding interest of the United States in encouraging stability in this domain.”

Cyber Scoop: House passes deterrence bill that would call out nation-state hackers

By Sean Lyngaas

The House of Representatives on Wednesday passed a bipartisan bill aimed at deterring foreign governments from conducting hacking operations against U.S. critical infrastructure.

The Cyber Deterrence and Response Act put forth by Rep. Ted Yoho, R-Fla., calls on the president to identify individuals and organizations engaged in state-sponsored hacking that significantly threatens U.S. interests, and then to impose one or more of a slew of sanctions on them.

That “naming and shaming” approach is an effort to ward off future cyberattacks from China, Russia, Iran, and North Korea — four countries that U.S. officials routinely label as top adversaries in cyberspace.

The bill, which passed the House by voice vote, also calls for a uniform list of foreign hacking groups to be published on the Federal Register. Sen. Cory Gardner, R-Colo., last month introduced companion legislation in the Senate.

“Our foreign adversaries have developed sophisticated cyber capabilities that disrupt our networks, threaten our critical infrastructure, harm our economy, and undermine our elections,” Yoho said in a statement. “Collectively, we must do more to combat this digital menace.”

Rep. Jim Langevin, D-R.I., co-founder of the Congressional Cybersecurity Caucus, said the bill is an “important step forward in recognizing that cyberthreats are the new weapon of choice for states who seek to sow discord and engage in conflict below the threshold of war.”

Lawmakers have long urged the executive branch to delineate a cyber deterrence strategy after high-profile breaches of the Office of Personnel Management in 2015 and the Democratic National Committee in 2016.

In response to the demand for a deterrence strategy, the State Department in May recommended that the U.S. government develop a broader set of consequences that can be imposed on adversaries to deter cyberattacks.

Washington should work with allies to inflict “swift, costly, and transparent consequences” on foreign governments that use “significant” malicious cyber activity to harm U.S. interests, the unclassified version of the State Department report says.

Officials such as Vice President Mike Pence and Homeland Secretary Kirstjen Nielsen have touted the administration’s efforts to crack down on foreign hackers. “[T]his administration is replacing complacency with consequences, replacing nations’ deniability with accountability,” Nielsen said in a speech Wednesday.

Federal Times: New bill looks to end Trump’s security clearance threats

By Jessica Bur

Three House democrats introduced a bill Aug. 24 that would prevent President Donald Trump from revoking security clearances for political purposes.

“President Trump has shown an alarming tendency to attack members of our intelligence and law enforcement communities when he believes it will be to his political benefit. His recent decision and subsequent threats to revoke the clearances of current and former national security officials is an unconscionable abuse of power, and it underscores the need to protect this process from further political influence,” said bill cosponsor Rep. Jim Langevin, D-R.I.

“This legislation takes important steps to ensure security clearance decisions are based solely on national security considerations, not political bias or retribution.”

Trump drew the censure of many members of the intelligence community and Congress after revoking the security clearance of ex-CIA Director John Brennan, a vocal critic of the president, Aug. 15.

“Trump’s revocation of John Brennan’s security clearance is petty and vindictive. The president has made a sport of using his broad authority to help his friends and attack his perceived enemies. That’s why safeguarding our security clearance process is critical — we have to prevent these kinds of abuses and provide proper recourse for those impacted,” said cosponsor Rep. Ted Lieu, D-Calif.

“Trump shouldn’t be playing games with our national security. I’m grateful to join Representatives Langevin and Schiff in introducing this bill, though I wish our president didn’t make it necessary.”

Trump also indicated that he was considering revoking the clearances of other frequent critics, including former FBI Director James Comey, former Director of National Intelligence James Clapper, former CIA Director Michael Hayden, former national security advisor Susan Rice and former deputy FBI Director Andrew McCabe.

“President Trump has set a dangerous precedent by revoking or threatening to revoke the security clearances of current and former law enforcement and intelligence officials to punish his critics. For those who depend on a security clearance for their livelihood, this effort to create and impose potentially career ending consequences on individuals who appear on the president’s enemies list is unlawful and un-American,” said cosponsor Rep. Adam Schiff, D-Ca.

“In July, Speaker [Paul] Ryan suggested the president was simply ‘trolling’ in making threats — that is clearly not the case. The Congress must ensure that the process by which clearances are granted and revoked is governed by national security concerns, not politics or presidential temper tantrums.”

The text of the bill resembles an amendment to the fiscal year 2019 defense appropriations bill offered by Sens. Mark Warner, D-Va., and Jeff Flake, R-Ariz., earlier that week.

Providence Journal: R.I. delegation blasts Trump over Iran deal pullout

By Mark Reynolds

Rhode Island’s lawmakers in the U.S. Senate and the U.S. House of Representatives on Tuesday strafed President Donald Trump’s decision to pull out of an agreement with Iran and impose sanctions on the country.

Meanwhile, some others, elsewhere in the political sphere, supported the president. U.S. Rep. David N. Cicilline was not one of them.

“This is a reckless decision,” said the member of the House Foreign Affairs Committee, who called the inspection routine set up for keeping nuclear weapons away from Iran “the most intrusive in the history of the world.”

U.S. Rep. James Langevin, a senior member of the House Armed Service and Homeland Security Committees, called Trump’s decision a threat to national security.

To walk away from the agreement negotiated under the Obama administration, said Langevin, “abandons our allies, weakens our credibility, and harms our ability to foster similar diplomatic agreements in the future. Worse, it undermines the central goal of the agreement — to prevent Iran from obtaining a nuclear weapon. The fact is that the nuclear deal is working.”

Said U.S. Sen. Jack Reed: “It is irresponsible for President Trump to abandon this international agreement and needlessly isolate the United States in the absence of an Iranian violation and without presenting a credible alternative to prevent Iran from acquiring nuclear weapons.”

Like Cicilline, U.S. Sen. Sheldon Whitehouse said the policy is “reckless.” He also called it “reflexive.”

“The President’s refusal to waive sanctions puts the United States in violation of the nuclear agreement, moves the United States away from our allies, and reopens a path for Iran to obtain the nuclear arms it seeks,” Whitehouse said.

All of Rhode Island’s elected representatives in the U.S. Senate and the U.S. House of Representatives are Democrats.

Trump’s decision won applause from a former Rhode Island Supreme Court justice, Republican Robert Flanders, who has mounted a bid to unseat Whitehouse in this year’s midterm elections.

“Now, with new economic sanctions placed on Iran, and a president who puts America’s interests first, the United States will be able to negotiate a better, more enforceable agreement to protect the world’s safety,” Flanders said.

Another Republican candidate for the U.S. Senate, Bobby Nardolillo, said that Trump will “impose the strongest unilateral sanctions available on Iran” within six months.

He said he anticipates that the Iranians will exchange “their traditional chant of ‘Death to America’ for one much closer to ‘Let’s Make a Deal!

“When that happens,” he said. “I hope the president gets some credit for real leadership on the world stage.”

The preexisting agreement with Iran has also drawn fire in recent days from the Rhode Island Coalition for Israel. The group of Jewish and Christian residents says Iranian documents, obtained by Israel, undermine the deal.

“The administration,” said the coalition in a May 4 statement, “has hard choices to make about keeping nuclear weapons out of Iran’s hands and pushing back on Iran’s destabilizing behavior, especially in the Middle East.”