At a glance.
- Paycheck Protection Program funding passes US Senate.
- US Senate Select Committee on Intelligence reports on Intelligence Community's performance in investigating 2016 election Russian active measures.
- US Senators call for cyber deterrence of Russia, China, and Iran.
- CISA expresses approval of cybersecurity volunteers.
US Senate approves $310 billion in Paycheck Protection Program.
Tuesday afternoon the US Senate voted to approve an additional $310 billion in the Small Business Administration's Paycheck Protection Program (PPP). Fortune reports that the House, which is expected to vote in favor of the measure, could do so as early as tomorrow. The entire stimulus bill is larger than that—Bloomberg says it totals $484 billion.
US Senate Select Committee on Intelligence releases volume 4 of its report on the Intelligence Community's assessment of Russian influence operations.
The Select Committee's report, volume four of a projected five, is heavily redacted to protect intelligence sources and methods and runs to 158 pages. The full title, "Report of the Select Committee on Intelligence, United States Senate, on Russian Active Measures Campaigns and Interference in the 2016 U.S. Election, Volume 4: Review of the Intelligence Community Assessment with Additional Views," gives a fair picture of the scope of the report. It's the latest in a series of reports on the Intelligence Community Assessment ("ICA," as it's called throughout the document). This review of the Intelligence Community's work is generally a favorable one, and was passed out of committee with unanimous bipartisan support.
The Committee set out to answer four questions:
- Did the ICA meet the tasking it received from President Obama on December 6th, 2016? The answer is a qualified yes, with some reservations about whether the ICA addressed the historical context of Russian active measures in the 2008 and 2012 US elections.
- Did the intelligence presented support the analysis? Yes.
- "Was the analytic tradecraft sound?" Yes.
- "Does the Committee accept the analytic line?" Yes.
The Committee concluded that the Intelligence Community conducted its investigation properly, and that its analysis supported the conclusion that Russia sought to damage the Clinton campaign to the advantage of the Trump campaign.
The Intelligence Community did not offer recommendations for protecting future elections against foreign influence, but as the IC people interviewed told the Committee, making recommendations like that isn’t something the Intelligence Community is supposed to do. Congress will have, the Washington Post thinks, plenty of recommendations of its own before November rolls around.
Five Senators ask US Cyber Command and CISA to move against cyber threats to the US pandemic response.
On Monday US Senators Blumenthal (Democrat of Connecticut), Cotton (Republican of Arkansas), Warner (Democrat of Virginia), Perdue (Republican of Georgia), and Markey (Democrat of Massachusetts) wrote to CISA Director Krebs and US Cyber Command's General Nakasone, asking that their organizations increase their efforts against cyber threats that have emerged during the COVID-19 pandemic. "We write to urge the Cybersecurity and Infrastructure Security Agency (CISA), in coordination with United States Cyber Command, and its partners to issue guidance to the health care sector, convene stakeholders, provide technical resources, and take necessary measures to deter our adversaries in response to these threats," they said in their letter.
The call for deterrence is directed against Russia, China, Iran, and North Korea, all of whom the Senators say are currently engaged in attacks against "healthcare, public health, and research" organizations, a particularly threatening target set as the US attempts to contain and recover from the COVID-19 pandemic.
Some public approval of a private, volunteer cybersecurity organization.
The CTI-League (its full name is the Cyber Threat Intelligence League), a voluntary group of information security professionals, has gained some positive reviews for their work helping organizations, especially hospitals, during the COVID-19 pandemic. Founded just last month, on March 14th, the CTI-League's services are in, CyberScoop says, "in high demand," and the Hill describes the group's activities as "a quiet, daily war." US Cybersecurity and Infrastructure Security Agency Director Krebs tweeted his appreciation for the CTI-League's work during the emergency.
The CTI-League's inaugural report says the organization has grown to "over 1,400 vetted members in 76 countries, from 45 different sectors, including cybersecurity, healthcare, technology, telecommunications, Computer Emergency Response Teams (CERTs), government, and law enforcement." There have long been discussions of the ways in which volunteer organizations might help enhance cybersecurity, but the CTI-League may afford the first clear example of how one might actually work in practice. It seems closer in conception to earlier models from outside the sector, like the US Civil Air Patrol or the ham operators of the Amateur Radio Relay League.