MeriTalk News Briefs: Senate Judiciary Protects Elections; Cyber and Chemical Protection Don’t Mix; New DoE IG

Welcome to MeriTalk News Briefs, where we bring you all the day’s action that didn’t quite make the headlines. No need to shout about ‘em, but we do feel that they merit talk.

Senate Judiciary Holds Hearing on Improving Election Security

In what is neither the first, nor the last, hearing on the topic, the Senate Judiciary Committee held a hearing today on preventing interference in U.S. elections. Today’s hearing, led by Chairman Chuck Grassley, R-Iowa, and Ranking Member Dianne Feinstein, D-Calif., heard testimony from Departments of Justice and Homeland Security officials, as well as experts from academia, think tanks, and the private sector. In addition to significant discussion regarding Russia’s involvement in the 2016 election, the hearing zeroed in on what the Federal government can do to secure elections moving forward, and focused on improving communication and collaboration between Federal agencies and state election officials. Adam S. Hickey, deputy assistant attorney general, Department of Justice, highlighted his department’s Cyber-Digital Task Force, which was created earlier this year with the intention of addressing efforts to interfere with U.S. elections. Matthew Masterson, who is with the National Protection and Programs Directorate at the Department of Homeland Security (DHS), focused on DHS’ work in providing states with voluntary cybersecurity assistance for election infrastructure.

Sen. Johnson: Cyber, Chemical Protection Don’t Mix in Statute

Sen. Ron Johnson, R-Wis., chairman of the Senate Homeland Security and Governmental Affairs Committee, said today he would prefer to keep separate the issues of chemical sector cybersecurity and those covered by the existing Chemical Facility Anti-Terrorism Standards (CFATS), which are government security regulations for high-risk chemical and related facilities including some electrical generating facilities. Speaking at a committee hearing today to discuss reauthorizing CFATS, Sen. Johnson said that cybersecurity is “incredibly complex and changing all the time,” and that “we have to guard against mission creep” that would occur if CFATS had cybersecurity provisions included in it. “Let the cyber issue be dealt with by other people” at the Department of Homeland Security, the senator said.

White House DoE Inspector General Nomination

The White House has announced the nomination of Terri Donaldson to become inspector general at the Department of Energy. She has been general counsel for the Senate Environment and Public Works Committee, and before that was a partner at DLA Piper.

OIG Report Finds U.S. Hydroelectric Dams at Risk From Insider Threats

A June 7 Interior Department Office of the Inspector General (OIG) report found that a sampling of U.S. hydroelectric dams show little risk of outside hackers breaching their advanced industrial control systems (ICS). However, some hydroelectric dams are highly vulnerable to insider threats due to significant weaknesses in the management of employee access, the report says. The U.S. Bureau of Reclamation (USBR) manages more than 600 dams in the Western United States – of those 600, five are hydroelectric.  The OIG report released last week examines the cybersecurity strength of two hydroelectric dams. The report found that USBR’s account management and personnel security practices put the ICS and the infrastructure it operates at high risk from insider threats. Specifically, USBR failed to limit the number of ICS users with system administrator access and had an extensive number of group accounts; did not comply with password policies and failed to remove inactive system administrator accounts; and did not follow best practices recommending that personnel with elevated system privileges complete more rigorous background investigations. OIG offered up five recommendations; USBR partially concurred with two recommendations and did not concur with three of them.

Recent