Overnight Cybersecurity: Obama faces new scrutiny for Russia response | UK parliament cyberattacked | Election hacking fears put heat on DHS | Feds appeal to Supreme Court over data warrants

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …

THE BIG STORIES:

–OBAMA CRITICIZED FOR TOO-CAUTIOUS RUSSIA RESPONSE: The Obama administration is under fresh scrutiny for its response to Russian meddling in the election after new details emerged last week about how the White House weighed its actions against the 2016 political environment. Then-President Obama was too cautious in the months leading up to the election, frustrated Democratic lawmakers and strategists say. “It was inadequate. I think they could have done a better job informing the American people of the extent of the attack,” said Rep. Eric Swalwell (D-Calif.), a member of the House Intelligence Committee who co-chairs the Democratic Steering and Policy Committee. And even after the election was over, they say, the penalties Obama levied were too mild to appropriately punish what by all accounts was an unprecedented attack on a U.S. election. Rep. Jim Himes (D-Conn.), another House Intelligence member, called the penalties “barely a slap on the wrist.” The new details of the administration’s response came in a Washington Post article. President Trump has also taken aim at Obama, deflecting from scrutiny of his own administration amid the federal investigation into whether there was coordination between Trump campaign associates and Moscow. “The reason that President Obama did NOTHING about Russia after being notified by the CIA of meddling is that he expected Clinton would win,” Trump tweeted early Monday. “And did not want to ‘rock the boat.’ He didn’t ‘choke,’ he colluded or obstructed, and it did the Dems and Crooked Hillary no good.” “The real story is that President Obama did NOTHING after being informed in August about Russian meddling. With 4 months looking at Russia … under a magnifying glass, they have zero ‘tapes of T people colluding. There is no collusion & no obstruction. I should be given apology!” he wrote.

To read the rest of our piece, click here.

{mosads}–BRITISH PARLIAMENT CYBERATTACKED: The British parliament was hit by a cyberattack Friday night that left members and staffers unable to access emails as hackers attempted to exploit weak passwords and gain access to accounts. Multiple news agencies reported Saturday that the U.K. parliament was hit by a “sustained and determined” effort by hackers, which was later confirmed by members of parliament on Twitter. “Sorry no parliamentary email access today – we’re under cyber attack from Kim Jong Un, Putin or a kid in his mom’s basement or something…” Henry Smith, a Conservative member, tweeted. A spokesperson for the House of Commons released a statement confirming “unauthorised attempts to access parliamentary user accounts.” “We are continuing to investigate this incident and take further measures to secure the computer network, liaising with the National Cyber Security Centre,” the statement read. “We have systems in place to protect member and staff accounts and are taking the necessary steps to protect our systems.”

To read the rest of our piece, click here.

–OHIO WEBSITES HACKED: The website of Ohio Gov. John Kasich as well as other state websites were hacked on Sunday to show pro-Islamic State propaganda. “You will be held accountable Trump, you and all your people for every drop of blood flowing in Muslim countries,” the website’s home page read for a short time. “I Love Islamic state,” the message continued. The page displayed an Arabic message and played a call to Islamic prayer. Ohio first lady Karen Kasich’s website, along with websites for the Ohio Department of Rehabilitation and Corrections and the Office of Workforce Transformation, were also hacked. “All affected servers have been taken off line and we are investigating how these hackers were able to deface these websites. We also are working with law enforcement to better understand what happened,” the governor’s office said in a statement.

To read the rest of our piece, click here.

A POLICY UPDATE: 

DEMS WANT ACTION TO SECURE POWER GRID: Democratic senators are pushing for the Department of Energy “to conduct a thorough analysis of Russian capabilities with respect to cyberattacks on our energy infrastructure” after researchers detailed the malware used to black out part of Ukraine’s power grid in December.

A letter dated Thursday to President Trump cosigned by 19 senators asks him to order the Energy Department to make such an inspection, chiding him for not conducting the analysis the first time the group sent him a request to do so on March 19.

“Your administration failed to respond. In the meantime, the threat Russia poses to our critical infrastructure has become increasingly clear,” reads the letter.

The letter followed a meeting between Trump and leaders of the energy sector on cybersecurity, which took place on Wednesday and involved discussion about threats to the power grid.

The malware used in Ukraine was described in reports by Dragos Security and ESET on June 12, alternately nicknamed “CrashOverride” and “Industroyer.”

To read the rest of our piece, click here.

A LIGHTER CLICK: 

Oscar Meyer has unveiled a ‘WienerDrone‘ to make it rain … hot dogs. (CNET)

A CASE IN FOCUS: 

DOJ ASKS SCOTUS TO TAKE UP MICROSOFT CASE: The Justice Department on Friday filed a motion to take a landmark case about the limits of U.S. warrants in the information age to the Supreme Court.

The case, U.S. v. Microsoft, concerns whether data stored in a foreign server is under the jurisdiction of a U.S. warrant. A lower court had ruled that it was not – that law enforcement agencies would have to follow the same rules to obtain extraterritorial data as it would with physical evidence and seek the cooperation of a foreign government.

“The panel reached that unprecedented holding by reasoning that such a disclosure would be an extraterritorial application of the Act–even though the warrant requires disclosure in the United States of information that the provider can access domestically with the click of a computer mouse,” the DOJ argued in its filing.

The court ruling raised a number of thorny legal issues and has spawned hearings in both the House and Senate, with both sides arguing that the ideal solution would be Congress updating the laws.

In this case, Microsoft refused to deliver emails stored in Ireland to the DOJ based on a warrant, arguing instead that the DOJ had to petition Ireland under a joint agreement to share evidence known as a Mutual Law Enforcement Treaty (MLAT).

Microsoft argued successfully that if it was forced to hand over the emails it would be put in a situation where it may have to choose between obeying the laws of one nation or obeying the laws of another.

The Justice Department argued that the search and seizure of the emails would not take place in Ireland. Instead, they would take place in America, where Microsoft accessed the data.

Brad Smith, president and chief legal officer at Microsoft, wrote on a corporate blog Friday following the filing that, “It seems backward to keep arguing in court when there is positive momentum in Congress toward better law for everyone.”

On Monday, business leaders expressed surprise at the Justice Department’s decision to appeal the case. “It does seem so clear that in this case, the Congress must speak,” said Patrick Forrest, vice president and deputy general counsel for the National Association of Manufacturers. “We expected them not to appeal.”

To read the rest of our coverage, click here and here.

WHAT’S IN THE SPOTLIGHT: 

DHS: Growing concerns about threats to U.S. election systems have put the heat on the Department of Homeland Security (DHS) and its efforts to boost national cybersecurity.

Homeland Security officials testified on Wednesday before the Senate Intelligence Committee that they have evidence that Russia targeted election-related systems in 21 states as part of its wider effort to influence the presidential election.

Now, lawmakers concerned about future foreign interference in U.S. elections are pressuring the department to offer more help to states and provide more details about what happened in 2016.

“I’m deeply concerned about the danger posed by future interference in our elections,” Sen. Mark Warner (D-Va.), the vice chairman of the intelligence panel, said Wednesday. “We have elections in 2018, but in my home state of Virginia, we have statewide elections this year. So this needs a sense of urgency.”

Homeland Security, which was involved in preparing January’s unclassified report on Russian election interference, is responsible for sharing cybersecurity threat information and safeguarding the nation’s critical infrastructure.

Warner has appealed to Homeland Security Secretary John Kelly to tell the public which states were targeted. Other lawmakers are pressing officials to offer more information about the extent of Russia’s efforts.

The development has also put a greater focus on what the department can and will do to work with state and local officials to secure their systems in the future, causing lawmakers to zero in on Homeland Security’s decision to designate election infrastructure as critical–a move that has proven controversial among state officials.

To read the rest of our piece, click here. 

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

Trump admin unveils cyber pact with Israel. (The Hill).

CIA head Mike Pompeo says leaks ‘seem to be on the increase’. (The Hill)

Senate Intel panel to hold hearing on Russian meddling in Europe. (The Hill)

Trump believes Russia ‘probably’ behind election hacking. (The Hill)

Dems push leaders to talk less about Russia. (The Hill)

Anthem agrees to pay $115 million to settle lawsuits over data breach that exposes personal information on 79 million people. (Reuters)

The director of Georgetown University’s Center on National Security and the Law lays out recommended reforms to Section 702 of foreign surveillance law. (Council on Foreign Relations)

Western tech firms are giving up cybersecurity secrets to Russia. (Reuters)

The Pentagon is going to hold contractors to higher cybersecurity standards. (Fedscoop)

If you’d like to receive our newsletter in your inbox, please sign up here.