   POLITICO Weekly Cybersecurity Delivered every Monday by 10 a m Weekly Cybersecurity examines the latest news in cybersecurity policy and politics  Get the Weekly Cybersecurity Newsletter Your email… By signing up you agree to receive email newsletters or updates from POLITICO and you agree to our privacy policy and terms of service You can unsubscribe at any time and you can contact us here This sign-up form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply A look at the two parties’ cyber platforms By ERIC GELLER 10 26 2020 10 00 AM EDT With help from Martin Matishak Editor’s Note Weekly Cybersecurity is a weekly version of POLITICO Pro’s daily Cybersecurity policy newsletter Morning Cybersecurity POLITICO Pro is a policy intelligence platform that combines the news you need with tools you can use to take action on the day’s biggest stories Act on the news with POLITICO Pro QUICK FIX — Election security and consumers’ digital rights are two of the starkest divides between the latest Democratic and Republican party platforms — A public-private supply chain task force will release a suite of recommendations next week to help organizations better manage their digital risks — A Trump administration official repeated the assertion that Iran was trying to hurt President Donald Trump with emails that demanded that people vote for him but did not provide evidence HAPPY MONDAY and welcome to Morning Cybersecurity You had one job NASA probe As always send your thoughts feedback and especially tips to egeller@politico com and be sure to follow @POLITICOPro and @MorningCybersec Full team info below EXCLUSIVE THE CIRCUS POLITICO TEAM UP TO PULL BACK THE CURTAIN ON THE MOST UNPRECEDENTED PRESIDENTIAL ELECTION IN HISTORY It’s been the most unconventional and contentious election season of our lifetime The approach taken by each candidate couldn’t be more different yet the stakes couldn’t be higher as we cross the finish line Join POLITICO’s John Harris Laura BarrónLópez Gabby Orr and Eugene Daniels in a conversation with John Heilemann Alex Wagner Mark McKinnon and Jennifer Palmieri of Showtime's The Circus on Thursday Nov 5 at 8 p m EST for an insiders’ look at the Trump and Biden campaigns behind-the-scenes details and nuggets from the trail and the latest on where things stand and where they are heading DON'T MISS THIS REGISTER HERE C A M PA I G N S MAJOR CONTRASTS IN PARTIES’ CYBER STANCES — Trump and Vice President Joe Biden have said very little about cybersecurity during the campaign but the Democratic and Republican Party platforms offer a few hints about the parties’ priorities With a week to go before Election Day the National Security Archive released a report on Monday comparing the discussions of cybersecurity in the 2020 Democratic platform and the current Republican platform Republicans affirmed their 2016 platform at their 2020 convention by opting not to replace its text Democrats want to enact strong consumer privacy and security standards an increasingly important issue as more people entrust more of their data to tech companies In their platform Democrats promise to update the Obama administration’s Consumer Privacy Bill of Rights proposal with “strong national standards to protect consumers employees patients and students from data breaches ” As Cristin Monahan of the National Security Archive notes that proposal “was roundly criticized from privacy advocates and technology companies alike ” with the former calling a toothless product of an industrycaptured Commerce Department and the latter warning that it would hurt innovation Republicans focused their privacy and security attention on discussing the harms of encryption Their platform touts “the government’s legitimate need to access encrypted information” and the way encryption can protect bad actors Senate Republicans recently introduced a bill to outlaw end-to-end encryption which immediately drew scorn from technologists who have been fighting such efforts for decades Evidence suggests that encryption is less of a hurdle to law enforcement than critics of the technology claim and the current expert consensus is that it is impossible to design sufficiently secure warrantcompatible encryption Democrats also homed in on election security marking a contrast with the Republicans In their document Democrats promised to “increase investments to help state and local governments upgrade election technology” and “increase oversight of private election vendors ” These priorities appear in House Democrats’ SAFE Act H R 2722 but Monahan noted some experts’ suggestion that “the legislation does not provide enough specificity to truly engender election security ” Meanwhile the Republicans’ platform does not address election security despite being written at the height of Russia’s 2016 intervention MORE HELP KEEPING HACKERS OUT — Detailed recommendations for protecting supply chains from hackers are coming soon from a CISA-led task force At a U S Chamber of Commerce event Friday the group’s industry co-leads Robert Mayer of USTelecom and John Miller of the Information Technology Industry Council described four task force working group reports that will be published on Nov 6 Group one addressed how to report risks without lawsuits Some organizations may want to report potentially risky suppliers but are afraid of being sued The working group identified three potential areas of liability resulting from that kind of notification — anticompetitive behavior false information and breach of obligations of confidentiality — and created a framework that companies can follow to safely share such warnings as well as an analysis of ways for policymakers to reduce legal uncertainty Group two focused on helping organizations assess their suppliers’ riskiness The team organized its existing list of almost 200 types of threats into categories that make them easier to understand It also updated its list of threat scenarios with “concrete practical examples that can be used to inform procurement actions ” Miller said Group three worked on trusted-entities lists It further developed its guidance for creating “qualified bidder lists” and “qualified manufacturer lists” — essentially lists of companies that are considered trustworthy enough to become suppliers The working group studied how the Pentagon GSA and other agencies were implementing these lists which helped its members understand when and how they could be useful From there the working group began “developing evaluation criteria” that organizations can use to make their own lists Mayer said Group four looked at vendor security audits It combined the other groups’ insights into a template that companies can use to examine vendors’ supply chain security practices Mayer said that the group “produced a flexible and agile template to answer key questions … and analyze comparative risk among all types and sizes of organizations ” As POLITICO first reported CISA and its industry partners have agreed to reauthorize the supply chain task force for six more months beginning in January enabling the working groups to complete their current activities while policymakers assess how to move forward ELECTION SECURITY STANDING BY THEIR STORY — Robert O’Brien Trump’s national security adviser reassured Americans on Sunday that their votes are safe from hackers but he also repeated an unverified claim about the goal of the Iranian agents who allegedly sent intimidating emails to Democratic voters The messages threatened the recipients with harm if they didn’t vote for Trump but on CBS’ “Face the Nation ” O’Brien described the emails as “an Iranian effort to hurt the president ” Director of National Intelligence John Ratcliffe first made that claim while revealing the alleged Iranian campaign earning immediate scorn from Democratic lawmakers who pointed out that the message warned people to support Trump not oppose him Trump has repeatedly dismissed claims of Russian election interference as a hoax and infuriated the national security community with flattering comments about Russian President Vladimir Putin but O’Brien maintained that the Trump administration would not tolerate Putin or any other world leader disrupting the ongoing contest There will be “severe consequences to anyone who attempts to interfere with our elections on Election Day ” O’Brien said on CBS declining to elaborate on what that meant LOCAL GOVERNMENTS IN THE CROSSHAIRS — In case you missed on Friday Hackers have hit several local governments in Louisiana with malware in recent weeks reigniting fears about election system breaches in the leadup to Election Day The malware found on Louisiana computer systems has been linked to the North Korean regime in the past but it has also appeared on a public code repository making attribution harder The Louisiana National Guard stepped in to help end the outbreak and there is no sign of any impact to election systems but the incident is part of a recent trend that has worried U S officials As cyber criminals increasingly turn their attention to local governments officials are trying to determine whether the hackers are working with foreign adversaries seeking to undermine U S stability GET MOVING ON THIS — “Longstanding cybersecurity weaknesses” are one of the biggest management challenges facing the Transportation Department auditors said in a report publicized on Friday “Addressing internal control weaknesses will be key to protect information and systems from attacks and other compromises that may pose risks to safety or taxpayer dollars including DOT’s large infusion of CARES Act funding ” the department’s inspector general said The report recommended that DOT officials implement security reviews for their cloud services improve annual security trainings and develop better contingency plans According to the IG DOT has yet to implement 51 cybersecurity recommendations from its most recent Federal Information Security Management Act audit POKING THE BEAR — In another signal to Moscow ahead of Election Day the Treasury Department on Friday announced sanctions on a Russian government lab for helping to create Triton the first malware strain designed to attack the safety components of industrial control systems “The Russian Government continues to engage in dangerous cyber activities aimed at the United States and our allies ” Treasury Secretary Steven Mnuchin said in a statement about the action against the Central Scientific Research Institute of Chemistry and Mechanics in Moscow “This Administration will continue to aggressively defend the critical infrastructure of the United States from anyone attempting to disrupt it ” Triton was used in an attack that targeted safety instrumentation systems at a petrochemical plant in Saudi Arabia in 2017 The employment of Triton malware “against our partners is particularly troubling given the Russian government’s involvement in malicious and dangerous cyber-enabled activities ” Treasury said The sanctions came the day after the Treasury announced sanctions against five Iranian organizations including the elite Islamic Revolutionary Guard Corps for allegedly attempting to influence the 2020 U S election The punitive measure is the follow-up to last week’s disclosure by senior national security officials that Iran was behind a series of menacing emails to U S voters TWEET OF THE WEEKEND — Just when you thought ransomware couldn’t get more despicable SUBSCRIBE TO TRANSITION PLAYBOOK No matter who wins this week a lot will change in the coming months Advisers to both candidates have been working behind the scenes for months vetting potential nominees political appointments and drafting policy proposals for the first 100 days Our Transition Playbook newsletter written for political insiders tracks the appointments the people and the next administration’s power centers Don't miss out Subscribe today QUICK BYTES — The Washington Post Biden’s campaign is overstating the evidence of Russian involvement in the story of his son’s laptop — The New York Times looks at the hacker group that has been targeting state and local governments — CyberScoop Foreign cyber threats aren’t just coming from the Big Four — Atlanta Journal-Constitution Georgia disabled the password feature on its e-poll books — The Evening Sun A ransomware attack has crippled computers in a New York county and officials aren’t paying the ransom That’s all for today Stay in touch with the whole team Eric Geller egeller@politico com @ericgeller Bob King bking@politico com @bkingdc Martin Matishak mmatishak@politico com @martinmatishak and Heidi Vogt hvogt@politico com @heidivogt Follow us on Twitter Heidi Vogt @HeidiVogt Eric Geller @ericgeller Martin Matishak @martinmatishak F O L LOW US About Us Advertising Breaking News Alerts Careers Credit Card Payments Digital Edition FAQ Feedback Headlines Photos POWERJobs Press Print Subscriptions Write For Us RSS Site Map Terms of Service Privacy Policy Do not sell my info Notice to California Residents © 2020 POLITICO LLC