NY Times: Trump Picks Thomas Bossert as Top Counterterrorism Adviser

NY Times: Trump Picks Thomas Bossert as Top Counterterrorism Adviser

WEST PALM BEACH, Fla. — President-elect Donald J. Trump has named Thomas P. Bossert, a top national security aide under President George W. Bush, to be his homeland security adviser, the Trump transition team announced Tuesday morning.

Mr. Bossert will become assistant to the president for homeland security and counterterrorism, a position the transition team said would be equal in status to that of Lt. Gen. Michael T. Flynn, whom Mr. Trump has chosen to be his national security adviser. The same position under President Obama has been a deputy national security adviser.

The change in rank “reflects the unwavering commitment President-elect Trump has to the safety and security of the nation, its people and territory,” the transition team said in a statement.

“Mr. Bossert will focus on domestic and transnational security priorities as General Michael Flynn remains steadfastly focused on international security challenges,” it said.

Officials on Mr. Obama’s national security team challenged the assertion that Mr. Bossert had been elevated to a higher position than his counterpart in the current administration, Lisa Monaco, who also has the title assistant to the president.

A senior national security official, who spoke on the condition of anonymity to discuss personnel matters relating to the incoming administration, noted that Ms. Monaco was the chairwoman of the Principals Committee of the Homeland Security Council, had a seat on the National Security Council and participated alongside the national security adviser during daily national security briefings for Mr. Obama.

The new designation for Mr. Bossert may suggest a desire by the new administration to reconfigure the national security apparatus at the White House.

Before Mr. Obama, the homeland security adviser oversaw a staff that was separate from the one run by the national security adviser. Mr. Obama combined those into a single, unified staff when he came into office. Mr. Trump may be thinking about splitting them again.

In the statement, Mr. Trump called Mr. Bossert “an invaluable asset” and praised the breadth of experience he would bring to the new administration. “He has a handle on the complexity of homeland security, counterterrorism and cybersecurity challenges,” Mr. Trump said.

Mr. Bossert served as deputy homeland security adviser for Mr. Bush, and he runs a risk management consulting firm in Washington. He is also a senior fellow at the Atlantic Council, working on the research institution’s Cyber Statecraft Initiative.

Helping to protect the country from cybercrimes is likely to be a major focus for Mr. Bossert in light of the hacking of the Democratic National Committee and other incidents in recent years. Mr. Bossert will face the challenge of balancing cybersecurity needs against the privacy concerns of internet companies.

“We must work toward cyber doctrine that reflects the wisdom of free markets, private competition and the important but limited role of government in establishing and enforcing the rule of law, honoring the rights of personal property, the benefits of free and fair trade, and the fundamental principles of liberty,” Mr. Bossert said in the statement announcing his appointment.

News of Mr. Bossert’s selection drew praise from some members of Congress and former colleagues in the Bush administration, who described him as capable and knowledgeable about threats to the country.

Representative Jim Langevin, Democrat of Rhode Island, also praised the choice. Mr. Langevin, a founder of the Congressional Cybersecurity Caucus, said Mr. Bossert had approached the issues of cyberthreats in a “centrist, bipartisan” manner.

“I also hope that he will impress upon the president-elect the vital national security concerns tied to Russian information warfare activities, and I encourage him to work closely with Congress in attempting to build our resilience and our defenses to forestall such operations in the future,” Mr. Langevin said in a statement.

Frances F. Townsend, who was Mr. Bush’s homeland security adviser, said she was confident that Mr. Bossert would “continue to demonstrate the capacity and insight needed to take on the tough challenges facing the country.”

She focused in particular on Mr. Bossert’s expertise in another key part of the job: responding to natural disasters and other crises that require coordination among the White House, governors and other state officials.

In a brief text message, Ms. Townsend called Mr. Bossert a “great pick” and recalled that he had helped lead the “after-action review” after Hurricane Katrina in 2005, helping to create more than 100 recommendations about how to better respond to such crises. “Tom knows the importance of public-private partnerships and most importantly how best to establish and strengthen them,” she said.

Also on Tuesday, the transition team formally announced that Jason D. Greenblatt, the chief legal officer of the Trump Organization and a longtime adviser to Mr. Trump, would serve as his special representative for international negotiations. Mr. Greenblatt has been the president-elect’s business attorney for years, and in a statement, Mr. Trump called him “one of my closest and most trusted advisers.”

“He has a history of negotiating substantial, complex transactions on my behalf, as well as the expertise to bring parties together and build consensus on difficult and sensitive topics,” Mr. Trump said.

As the president’s special representative, Mr. Greenblatt is likely to focus on peace between the Israelis and the Palestinians, renegotiating trade agreements and the relationship between the United States and Cuba, among other international issues.

SC Media: Wassenaar Arrangement talks collapse

SC Media: Wassenaar Arrangement talks collapse

By Rene Millman
This article originally appeared on SC Magazine UK.

Uncertainty reigns as the Wassenaar cyber weapons control pact renegotiations is rejected

A two-year attempt to change the language used in relation to export controls around surveillance software and other hacking tools has collapsed after the US government failed to renegotiate parts of the Wassenaar Arrangement.

The Wassenaar Arrangement is an arms control pact between 41 countries. While most of this refers to conventional arms, in 2013 it was broadened in scope to include surveillance software—or intrusion software as it’s branded in the agreement. This wording banned the export of software that could be used to conduct cyber warfare, in particular, tools to exploit and attack vulnerable IT infrastructure.

These changes were set to be implemented by member countries last year in a bid to prevent repressive regimes from gaining access to commercial malware.

Critics have labelled the current language in the agreement as too broad as it includes tools that IT professionals use on a daily basis, such as penetration testing tools and other legitimate security software. It also includes proof-of-concept exploits used during vulnerability research and disclosure. As it stands, the rules as written have not been implemented in the US.

With the talks collapsing, it will now be up to the incoming Trump administration to decide whether to continue renegotiations. It was hoped that the talks would have clarified matters allowing security researchers to participate in events such as Pwn2Own and share research among professionals and academics.

In the US, the bipartisan Congressional Cybersecurity Caucus has urged the incoming administration to continue talks.

Congressman Jim Langevin (D-RI), cofounder and co-chair of the Congressional Cybersecurity Caucus and a senior member of the House Committees on Armed Services and Homeland Security, said in a statement that he was “deeply disappointed that Wassenaar member states declined to make needed updates to the intrusion software controls, particularly those related to technologies necessary for their development.”

“For over a year, I have led my colleagues in Congress in calling for a careful review of these controls, which could harm our nation’s cybersecurity by making it more difficult to quickly share defensive tools and close vulnerabilities. The small changes clarifying the role of ‘command and control’ functionality that were made at the annual meeting, while needed, are simply insufficient to address the broader flaws in the language.”

Stephen Gates, chief research intelligence analyst at NSFOCUS, told SC Media UK it’s well known in cybersecurity circles that ethical hackers, researchers, penetration testers, and security vendors often have tools that can be used to hack, loaded on virtual machines, running on the very laptops they carry.

“These tools are used for ethical purposes to demonstrate how hacks work, and what defences can defeat the various hack tools,” he said.

“Ethical hackers and the like must be made aware of the fact, if they travel internationally, and enter a country where these tools are identified as ‘weaponry’, these individuals could face criminal charges and other possible penalties.   Best to remove the tools, before you travel.”

Block Island Times: Q & A with Congressman Langevin

Block Island Times: Q & A with Congressman Langevin

This interview was conducted, edited, and condensed by Lars Trodson.

Congressman Jim Langevin, D-R.I., is the co-chair and co-founder of the Congressional Cybersecurity Caucus. He has written to House Speaker Paul Ryan asking Ryan to appoint a Select Committee on Cybersecurity, given the concern over possible Russian interference in the recent Presidential election. We checked in with Langevin to discuss his concerns.

Q: There has been a lot of talk about cybersecurity and the hacking that may have impacted this year’s election. Do you personally believe that our electoral system was hacked during this cycle?

A: Let’s break this down to three things. There is the issue of the alleged Russian attempts to compromise our voter registration system. Then there is our election system that counts the votes on election day. Three, was there a Russian or foreign entity that impacted our elections by hacking into email accounts and then sending those to Wikileaks, which then sent them out to the world?

Clearly the intelligence community is pretty unanimous there were Russian attempts to hack into our voter registrations systems. We don’t believe anything was compromised that would undermine confidence in the election system itself. But our intelligence community and Homeland Security believe there were Russian attempts to do that, to clearly undermine that.

Q: Do you personally believe the Russians were involved? 

A: I do believe that they were poking around to get into voter registration systems. It’s unclear as to how effective that was at the end of the day, to cast a cloud over it, if you will.

In terms of the election, we don’t have any evidence — on Election Day — that there was an attempt to meddle with the vote count. We have a disconnected system. It’s diverse, it’s not co-ordinated. Most states don’t have a statewide voter election system. It’s town by town, city by city, or even the county may be responsible for its own voting equipment. There are multiple election systems and none of them are linked to the internet. There is no way to break into the voting system.

It’s early to prejudge that the Russians were successful at influencing the outcome of the election. This is what we need to confirm. Looking at everything, I have confidence that the vote count is accurate, but this is really unprecedented. I’ve never seen anything on this scale before, that a foreign power used this type of capability to influence the outcome of an election. But we have to understand all the facts. We have to make sure it never happens again. This is a new attack vector that many people did not anticipate happening, but we need to find out who is involved and hold them accountable. This is why I have called for a Select Committee to investigate those Russian attempts.

Q: Do you think the election results are credible? 

A: Yes. I may not like the outcome, but yes.

Q: Do you think there are other entities involved besides Russia?

A: I think we should look at everything. I have not seen anything that would indicate it was anyone other than the Russians, but this is what a Select Committee would look at: Look at all information, classified and open source. They should evaluate everything and whatever those findings are, make them available to the American people. I want everything to be transparent for the American people.

Q: Did the Obama Administration react strongly enough?

A: We’re in uncharted territory, but I always like a stronger response than what the President had, but he said the U.S. will respond at a time and place of our choosing. Some of that response may be known and some of it may not be known.

Q: Is there anything that you could be doing, with the committees you sit on, to look at this concurrently with a Select Committee?

A: It depends on the route the leadership in congress goes. It’s unclear who will do the review. There are 80 committees or subcommittees that this involves. This cuts across jurisdictional lines, so we need to have a bipartisan committee that cuts across lines, to look at information both classified and open source to get a full understanding of what happened.

Q: I think you touched on this, but we can’t overestimate how serious this is.

A: That’s right.

Q: How quickly would you like to start looking into this?

A: Immediately. As soon as the new Congress comes back and I will be all too happy to have the Speaker announce the Select Committee, and I would like to be a part of it.

Q: Is there anything we haven’t touched on that we should mention? 

A: I guess the only thing I would underscore is that this is a serious issue, a big deal, it’s unprecedented and we need to understand how it happened and who is responsible and take the necessary steps to send a signal that it won’t be tolerated. We don’t want this to go unanswered.

Latino Public Radio: Langevin, Ratcliffe U.S.-Israel cybersecurity legislation signed into law

Latino Public Radio: Langevin, Ratcliffe U.S.-Israel cybersecurity legislation signed into law

By Reynaldo Almonte

WASHINGTON – Legislation introduced by Rep. Jim Langevin (D-RI) and Rep. John
Ratcliffe (R-TX) was signed into law Friday to strengthen collaborative
cybersecurity research and development efforts between the United States and Israel.
The pair of lawmakers introduced the United States-Israel Advanced Research
Partnership Act of 2016 (H.R. 5877) after returning from a congressional delegation
trip to Israel in July that focused on addressing key cybersecurity issues facing
both countries.

“Cybersecurity is the national and economic security challenge of our time, and we
must use every resource at our disposal to support research, foster innovation, and
fortify our cyber defenses. This must include a collaborative approach that allows
us to work with our leading partners, like Israel, to develop new technologies for
our cyber incident responders,” Langevin said. “Passage of this law will enhance
cybersecurity for the United States and Israel, putting us on a shared path toward
innovative solutions to the threats we face. I look forward to continuing to work
with Chairman Ratcliffe to strengthen our relationship with Israel, including by
passage of the United States-Israel Cybersecurity Cooperation Enhancement Act next
Congress.”

“My work as a cybersecurity subcommittee chairman over the past two years has
focused on ensuring American citizens are protected from the growing national
security threats posed by malicious cyber actors who intend to do our nation harm.
I’m glad I was able to work closely with Rep. Langevin to craft legislation to
advance this important fight that is now the law of the land,” Ratcliffe said.

The lawmakers said their meetings with top Israeli officials, including Prime
Minister Benjamin Netanyahu and Minister of Defense Moshe Ya’alon, laid a critical
foundation for their U.S.-Israel cybersecurity legislation.

“When Rep. Langevin and I traveled to Israel earlier this year, our discussions with
Israeli national security and cybersecurity leaders revealed the immense wealth of
untapped potential we can leverage together to collectively vamp up our efforts to
combat growing cyber threats. We are extremely grateful for the opportunity to work
more closely with a country that’s a proven pioneer in cyber science and a top
leader in cyber expertise,” Ratcliffe said.

The United States-Israel Advanced Research Partnership Act expands a successful
binational research and development program at the Homeland Security Advanced
Research Projects Agency to include cybersecurity technologies. This collaboration
between DHS and the Israeli Ministry of Public Security helps new products through
the “valley of death” between basic and early-phase applied research and successful
commercialization, and will help both countries develop solutions to the unique
security problems found in the cyber domain.

Langevin is a senior member of the House Homeland Security Committee, and the
co-founder and co-chair of the Congressional Cybersecurity Caucus. Ratcliffe chairs
the House Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection
and Security Technologies.

AP NEWS: US fails to renegotiate arms control rule for hacking tools

AP NEWS: US fails to renegotiate arms control rule for hacking tools

By TAMI ABDOLLAH
Dec. 20, 2016
WASHINGTON (AP) — The Obama administration has failed to renegotiate portions of an international arms control arrangement to make it easier to export tools related to hacking and surveillance software — technologies that can be exploited by bad actors, but are also used to secure computer networks.

The rare U.S. move to push for revisions to a 2013 rule was derailed earlier this month at an annual meeting in Vienna, where officials from 41 countries that signed onto it were meeting. That leaves it up to President-elect Donald Trump’s administration whether the U.S. will seek revisions again next year.

U.S. officials had wanted more precise language to control the spread of such hacking tools without the unintended negative consequences for national cybersecurity and research that industry groups and lawmakers have complained about for months. Critics have argued that the current language, while well meaning, broadly sweeps up research tools and technologies used to create or otherwise support hacking and surveillance software.

Rep. Jim Langevin, D-R.I., said in a statement Monday that he is “deeply disappointment” by the plenary’s decision and hoped the incoming administration will continue the effort. Langevin co-chairs the Congressional Cybersecurity Caucus.

“U.S. cybersecurity and that of our allies will be imperiled if companies and researchers are not able to quickly share defensive tools,” said Langevin, who co-chairs of the Congressional Cybersecurity Caucus.

The White House referred questions Monday to the State and Commerce departments, neither of which responded to requests for comment.

As one of those 41 member countries of the 1996 Wassenaar Arrangement, which governs the highly technical world of export controls for arms and certain technologies, the United States agreed to restrict tools related to cyber “intrusion software” that could fall into the hands of repressive regimes.

The voluntary arrangement relies on unanimous agreement to abide by its rules on export controls for hundreds of items, including arms such as tanks or military aircraft and “dual-use” technologies such as advanced radar that can be used for both peaceful and military means.

The failed effort was a “bummer” said Katie Moussouris, CEO and founder of Luta Security who was part of this year’s Wassenaar delegation as a U.S. industry expert.

“If anybody understands how quickly you need to respond to a fire, this would essentially impede the internet’s firefighters if it was left in place,” Moussouris said. But she also noted that such work involving an international body also can take time and finding precise language is critical.

The plenary did agree to tighten up language essentially specifying that the rule should apply to attacker code used to command and control malware, not regular computer defense tools that might have been caught in the rule, Moussouris said.

Efforts to come up with a workable U.S. rule have highlighted the difficulty of applying the export controls restricting physical items to a virtual world that relies on the free flow of information for network security. Many companies operate in multiple countries and routinely employ foreign nationals who test their own corporate networks across borders.

The difficulties with the rule came to light in May 2015 after the Commerce Department’s Bureau of Industry and Security began working on its rule to abide by the arrangement and proposed denying the transfer of offensive tools — defined as software that uses “zero-day” exploits, or unpatched new vulnerabilities, and “rootkit” abilities that allow a person administrator-level access to a system.

Because in the cyber world testing a network often requires determining first how to exploit it and attempting to do so.

“Exploit code today is relatively routinely shared for purposes of security research and identifying and mitigating security vulnerabilities,” said Harley Geiger, director of public policy for Boston-based Rapid7, Inc., a cybersecurity company which makes software that can test for network vulnerability.

Geiger said the rule could require security researchers to obtain an export license when sharing across borders — a process that can take months.

CyberScoop: One of two U.S.-Israel cybersecurity cooperation bills signed

CyberScoop: One of two U.S.-Israel cybersecurity cooperation bills signed

Written by Shaun Waterman Dec 19, 2016
President Obama has signed into law a bill aiming to strengthen collaboration on cybersecurity research and development efforts between the U.S. and Israel.

H.R. 5877, the U.S.-Israel Advanced Research Partnership Act of 2016 passed the House unanimously last month under suspension of the rules and passed the Senate without opposition during a flurry of last minute activity overnight Dec. 9-10. The president signed it Friday.

The bill was one of two introduced in July after Reps. John Ratcliffe, R-Texas and Jim Langevin, D-R.I., visited Israel on a congressional delegation focused on key cybersecurity issues facing both countries, such as protecting power grids from hackers.

“I’m glad I was able to work closely with Rep. Langevin to craft legislation to advance this important fight [to protect America from hackers] that is now the law of the land,” said Ratcliffe, who chairs the House Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies.

The law will “enhance cybersecurity for the United States and Israel, putting us on a shared path toward innovative solutions to the threats we face,” said Langevin, co-founder and co-chairman of the Congressional Cybersecurity Caucus. He added, “I look forward to continuing to work with Chairman Ratcliffe to strengthen our relationship with Israel, including by passage of the U.S.-Israel Cybersecurity Cooperation Enhancement Act next Congress.”

Langevin introduced that bill, numbered H.R. 5843, with Ratcliffe’s support, but it was not taken up in the Senate.  Supporters hope to get it re-introduced, and passed, next year.

The U.S.-Israel Advanced Research Partnership Act will expand a successful binational research and development program at the Homeland Security Advanced Research Projects Agency to include cybersecurity technologies. This collaboration between DHS and the Israeli Ministry of Public Security helps new products through the “valley of death” from basic and early-phase applied research to successful commercialization.

The other bill, the U.S.-Israel Cybersecurity Cooperation Enhancement Act, would have created a cybersecurity grant program for joint research and development ventures between Israeli and American companies, universities and/or nonprofits. The Homeland Security secretary would determine research requirements with help from an advisory board made up of members from successful U.S.-Israeli partnerships, but they would address research and development priorities across the spectrum from basic to applied to commercialization.

WPRI: Johnson & Johnson to hire 75 at new RI office

WPRI: Johnson & Johnson to hire 75 at new RI office

By Ted Nesi

PROVIDENCE, R.I. (WPRI) – Johnson & Johnson will establish a new technology office in Providence to develop health-related software, with initial plans to employ 75 people, state and company leaders announced Monday.

Gov. Gina Raimondo’s aides confirmed a deal with the Fortune 100 company to locate a new health technology center in the city. The new office will employ high-skill IT workers such as developers and engineers, creating software and running analytics to support Johnson & Johnson efforts to improve health outcomes, they said.

“I’m excited,” Raimondo said in an interview. “It’s a big deal. It’s another sign of our momentum. It’s a big, brand-name company that quite literally could have chosen anywhere they wanted – everyone would want Johnson & Johnson to put a center of excellence in their hometown, and they picked us.”

Raimondo said she views the potential for Johnson & Johnson in Rhode Island along the same lines as General Electric, which earlier this year reached a similar deal with her administration to put new tech jobs in Providence.

“Plant the flag,” she said. “Open a center. I have no doubt they’re going to fall in love with Rhode Island and grow and grow and grow, and I’ve been – as you can imagine – not shy about expressing to them that that’s my plan.”

Raimondo’s office said Johnson & Johnson will seek nearly $5 million in tax credits over 10 years as part of the deal: $4.1 million in Qualified Jobs Incentive credits tied to the new employees’ income tax payments, and up to $500,000 to subsidize worker recruitment and rent payments. A spokesman said the new office is projected to generate about $775,000 in new state revenue per year.

Johnson & Johnson becomes the third major global company to announce plans to put tech jobs in Providence this year, along with GE and Virgin Pulse, which Raimondo suggested is a sign her economic strategy is starting to pay off. All three companies have been attracted in part through incentive programs championed by the governor, at a combined price tag of about $16 million.

Steve Wrenn, a Johnson & Johnson global vice president who previously worked at CVS, lavished praise on the state during a news conference at the Providence Public Library that was attended by university presidents, business executives and nonprofit leaders.

“Providence is an unknown gem to a lot of people,” Wrenn said, adding that the company was also lured by the new tax incentives created in recent years by Raimondo and the General Assembly.

Raimondo acknowledged that providing such tax breaks frustrates many people, but defended it as a necessary evil for economic development.

“I find it annoying myself,” she said. “I do, really. But the best analogy is, we can’t unilaterally disarm. If every state said at the same time we’re disbanding our economic-development incentives, then I would do it. But when I have places like Boston – which is about as hot of an economy as you’ll find – throwing $130 million to get a few hundred GE jobs, it’s foolish to think we can compete if we don’t.”

She added: “And 10 years from now, when GE has 700 employees there and J&J has 700 employees there and Virgin Pulse has 700 employees there and it’s tens of millions of dollars of revenue for the state, great, I did my job.”

Congressman Jim Langevin said before the new tax breaks were put in place Rhode Island had difficulty competing for new jobs with its neighbors in New England. “Rhode Island didn’t really have those kinds of incentives at all,” he said. “It was a source of frustration for so many of us.”

Johnson & Johnson is based in New Jersey and posted $70 billion in sales last year. Its consumer division currently has an office in Cumberland that works with Woonsocket-based CVS Health, a major seller of the company’s products, which include Band-Aids, Tylenol and Listerine. It also has a sizable medical-device factory across the border in Raynham, Massachusetts.

Johnson & Johnson plans to start hiring for Providence just after the new year, with plans to open the office by the spring, Raimondo’s aides said. The new office will initially be located at One Ship Street, a property owned by Wexford Science & Technology, the developer that reached a deal last week to build a new innovation complex on the old I-195 land; Wexford is receiving about $1 million in tax breaks to renovate the building.

Raimondo said she hopes Johnson & Johnson will make the Wexford complex its permanent home once that facility is ready, though she said the decision will be up to executives there. She said the company has similar offices to the new Rhode Island one in Limerick, Ireland, and Sao Paulo, Brazil, and she hopes it will grow to a similar size as those.

Johnson & Johnson’s interest in Rhode Island was first piqued last spring when Raimondo appeared on a panel in Washington at The Brookings Institution, a think tank that has advised her administration. Also on the panel was Johnson & Johnson Chairman and CEO Alex Gorsky, who Raimondo said told her afterwards he was intrigued by her description of Rhode Island’s potential.

Raimondo said that conversation started months of discussions between state and company officials led by Sandra Peterson, a top Johnson & Johnson executive, including a meeting Commerce Secretary Stefan Pryor had during a trip to the U.K. A “turning point” in the talks, Raimondo said, was a State House meeting last summer where senior Johnson & Johnson executives met with officials from local colleges including RISD, URI, CCRI and Bryant.

“The I-195 corridor is uniquely suited to support Johnson & Johnson’s new health technology center and Rhode Island gives us access to the economic development tools and university assets we need to stay competitive in the rapidly growing health tech space,” Wrenn said.

“That’s another reason why I’m so excited,” Raimondo said. “This isn’t just them tossing a few jobs here. This is them having spent a year – they did a deep analysis on why Rhode Island.”

That was also another sign, she argued, that tax breaks are “necessary, but insufficient” to attract companies.

Raimondo said she’s hopeful more companies will announce new commitments to Rhode Island next year, though she also emphasized that she spends a significant amount of time talking about expansion with businesses that are already in the state. She singled out Electric Boat as a key example, noting the company provides good-paying jobs to workers who don’t have a college degree.

“As I go into 2017 I have to stay focused on creating jobs at every level,” she said.

Narragansett Times: Rhode Island leaders active in Russian hacking inquiry

Narragansett Times: Rhode Island leaders active in Russian hacking inquiry

By KENDRA GRAVELLE

PROVIDENCE — As numerous House leaders and senators have called for an inquiry into the Russian hacking of the November election — among them, Rhode Island Senator Jack Reed, who released a joint-statement with New York Senator Charles Schumer, Arizona Senator John McCain and South Carolina Senator Lindsey Graham calling for a serious investigation into the cyberattacks — Rhode Island Congressman Jim Langevin, who has made protection against cyber threats a top priority, weighed in on the news of Russia’s election interference.

“It’s important that we do as thorough an investigation as possible to determine the degree to which [Russia] or anybody else was involved,” Langevin said, “and to try to get a full understanding of how far this went and what we can do in the future to better protect the integrity of our elections and prevent outside interference, wherever possible.”

Langevin identified three means by which Russia could have interfered with the November election.
The first: by hacking into the U.S. voter registration system.

In October, it was revealed that Russia had made attempts to hack the computer systems of the Democratic National Committee (DNC) and had attempted to hack into the U.S. voter registration system.

“They were trying to undermine confidence in U.S. elections,” Langevin said.

He added that there had also been concerns that Russia was trying to hack into the U.S. election system to alter election results.

“There’s a danger that a nation-state could actually penetrate into our system and prevent or mess with the vote total,” he said.

Currently, there is no evidence that any outside entity achieved success in penetrating the election system to alter vote counts, Langevin explained, adding that the system is not actually connected to the internet.

“Then there’s the third area,” Langevin said, “which were the efforts by Russia to conduct operations that actually tried to influence the outcome of the election — tried to favor one candidate over another.”

On Dec. 9, the CIA conceded that Russian intelligence agents had procured thousands of confidential DNC documents and private emails, which were then leaked throughout the months leading up to the November election, sabotaging the Democratic Party.

“That, right now, is the most troubling aspect of this,” Langevin said, “and that’s where we need to take further steps to hold an investigation.”

“This is a new attack vector,” he continued, “that many people would not have thought about previously, and we’re going to have to take further steps in the future to protect against.”

In the wake of the news of Russia’s interference with the election, president-elect Donald Trump has made a slew of comments indicating that he distrusts U.S. intelligence agencies.

“I found Trump’s comments troubling,” said Langevin, who served for eight years on the House Intelligence Committee. “I’ve dealt with many individuals from the CIA and I’ve always found these people to be incredibly dedicated patriots and professionals in the intelligence world.”

“It’s troubling to hear president-elect Trump all of the sudden casting dispersion on the motivations of members of the CIA,” he continued.

He added that he hopes Trump will take the time to look more objectively at how the CIA derives its intelligence.

“I hope he will be satisfied that they are giving him good information,” Langevin said, “and that their job is not to be political, but to gather, present and connect the dots on objective information.”

Although Russians have taken aggressive steps toward other countries in the past, Langevin added, this case is unprecedented.

“This is certainly a paradigm shift that has taken place,” he continued, “and something we’ll have to guard against in the future.”

These kinds of cyber attacks can hopefully be prevented in the future, Langevin said, through electronic as well as diplomatic actions.

“There has to be strong signals sent both publicly and privately,” he said, “if anybody tries to influence our elections, there will be consequences for doing such a thing.”

He added that the U.S. shouldn’t be afraid to levy sanctions in response in order to such hacks to send a strong message.

Langevin, a member of the Homeland Security and the House Armed Services committees, said the United States makes more use of and is more dependent on the internet than any other country, making it a highly vulnerable target for cyberattacks.

“We have to be aware of our surroundings and aware of the potential threats,” he said. “That’s the challenge with protecting the country in cyberspace. There’s such a vast area to cover.”

Educating its citizens in the fields of computer science and technology is one tool the U.S. should utilize to protect against cyber threats in the future, Langevin said.

“I am deeply troubled by how under-resourced we are in terms of the number of people who have the right skills to do the jobs that we need done in protecting the country in cyberspace,” he added. “That’s going to be something I will continue to work on — trying to develop a stronger cyber workforce.”

He lauded programs like CS4RI, Rhode Island’s initiative to have computer science taught in every public school statewide by December, 2017, and CyberCorps, a scholarship program aimed at attracting students to the fields of cybersecurity and information assurance.

“I continue to be a strong advocate for the country taking more aggressive cyber security measures,” he said. “This is a moving target, and there’s never going to be a point where we are 100 percent secure in cyberspace. Right now the aperture of vulnerability in cyberspace is very wide and we need to collapse it down, so the risk is something that’s much more manageable.”

“We need to be ever-vigilant about cyber vulnerability,” he continued, “and we need to make sure we have the right people and resources in place to better protect the country.”

In their bipartisan statement, Reed, McCain, Schumer and Graham identified the need for Democrats and Republicans to work together to ensure such cyber attacks come to an end.

“This cannot become a partisan issue,” the statement reads. “The stakes are too high for our country. We are committed to working in this bipartisan manner, and we will seek to unify our colleagues around the goal of investigating and stopping the grave threats that cyberattacks conducted by foreign governments pose to our national security.”

Nextgov: House Cyber Leader Calls for Special Cyber Committee

Nextgov: House Cyber Leader Calls for Special Cyber Committee

By Joseph Marks

One of the Congress’ top cyber advocates on Friday called on House Speaker Paul Ryan to create a special cybersecurity committee that would lead an investigation into Russian hacks aimed at disrupting the 2016 election.

The proposed select committee would cut across jurisdictional lines to “investigate pressing cybersecurity matters, starting with Russian interference with the election,” according to the statement from Rep. Jim Langevin, D-R.I.

The FBI now agrees with a CIA assessment that Russia’s interference in the election was aimed at helping President-elect Donald Trump win, rather than simply sowing chaos, according to a Washington Post report out Friday based on anonymous sources.

The intelligence community’s official determination thus far is only that the top levels of the Russian government directed the breaches and that they intended to “interfere with the U.S. election process.”

House Intelligence Chairman Devin Nunes has declined to launch a special investigation into the election-year hacks, while Ryan has not taken a firm position on the question.

“I believe a Select Committee on Cybersecurity is the best way to streamline oversight and ensure a thorough, fair investigation into this disturbing attack on our democracy,” said Langevin, who co-founded the House Cybersecurity Caucus and has served on major House panels with cyber jurisdiction, including the Armed Services, Homeland Security and Intelligence committees.

The call comes a day after losing Democratic nominee Hillary Clinton reportedly attributed the breaches at the Democratic National Committee and Democratic Congressional Campaign Committee to a “personal beef” between herself and Russian President Vladimir Putin over her assertion while secretary of state that Russian parliamentary elections were rigged. She said the breaches contributed to her losing the election during a meeting with campaign donors.

Clinton also reportedly endorsed a 9/11 Commission-style investigation into the breaches.

President Barack Obama also pledged a response to the Russian hacking in an interview with NPR posted Thursday, saying the response would be both “proportional” and “meaningful.” Vice President Joe Biden previously made a similar pledge.

“I think there is no doubt that when any foreign government tries to impact the integrity of our elections that we need to take action and we will at a time and place of our own choosing,” Obama said, adding that “some of it may be explicit and publicized, some of it may not be.”

Obama said he has spoken with Putin directly about the breach.

PBN: Virgin Pulse expanding in R.I., to bring 300 jobs over next five years

PBN: Virgin Pulse expanding in R.I., to bring 300 jobs over next five years

BY PBN Staff

PROVIDENCE – Citing Providence’s “hip vibe” and talent pool, Virgin Pulse, which acquired ShapeUp Inc. earlier this year, plans to expand its Rhode Island presence and create nearly 300 new jobs in the city over the next five years.

David Osborne, president and chief operating officer of Virgin Pulse, said the company considered a Boston office, but selected Providence because of the “access to talent and supportive business climate.”

The company, which provides software and technology solutions that increase employee productivity by improving employee health, well-being and engagement, already employs 65 in Providence.

“Our growth strategy is centered on hiring high-potential, early-in-career talent. With its hip vibe, low cost of living and high density of college students, Providence was a great fit from both a business and cultural perspective,” Osborne said in a statement.

Gov. Gina M. Raimondo announced Virgin Pulse’s plan to bring 300 jobs to the state at a press conference Thursday along with Virgin Pulse executives.

“When Virgin Pulse bought ShapeUp, the worst kept secret among business leaders was that they were looking to move north to Boston. Because of the great, talented people who live here and because of the economic tools we’ve created with help from the General Assembly, instead of losing 65 good paying jobs to Boston, we’re going to create nearly 300,” Raimondo said in a statement. “I am thrilled that Dave, Derek and the Virgin Pulse executive team took a fresh look at Rhode Island. I look forward to bringing a box of Dunkin’ Donuts coffee to their offices to meet their new employees. We will continue to make the necessary investments in our people so that Rhode Islanders have the skills they need to compete for the jobs Virgin Pulse, GE Digital, CIC, Wexford and others are creating right here in Rhode Island.”

Virgin Pulse will begin hiring nearly 300 additional staff over the next three to six months and is already seeking applications for open positions. It is working with TechHire Rhode Island, a statewide initiative for delivering in-demand tech talent for Rhode Island employers, to fill positions.

“Not only does it make good business sense for us, growing our presence in Providence allows our employees to take advantage of the wide range of healthy lifestyle experiences that the city offers,” Chris Boyce, CEO of Virgin Pulse, said. “As a company that cares about the health and well-being of its employees, it was clear that this walkable city has an active living culture that is well aligned with our corporate mission and values.”

Virgin Pulse has applied for $2.5 million in Qualified Jobs Tax Credits and $3.2 million in Rebuild Rhode Island Tax Credits. The Qualified Tax Credit would not take effect until the jobs are created and those hired are paying state income tax. The Rebuild Rhode Island Tax Credits would support expanding Virgin Pulse’s current 29,000-square-foot space to a nearly 90,000-square-foot office in downtown Providence. The request for incentives will be discussed at the R.I. Commerce Corp. meeting on Dec. 19.

David Ortiz, a spokesman for Raimondo, said the company has not said where it plans to move in Providence. It currently is in the Jewelry District at 111 Chestnut St.

U.S. Rep. James R. Langevin said this announcement is important because it preserves existing jobs, adds hundreds more and promotes economic development.

“This is a signal to the rest of the country that Rhode Island is making strides to roll out the welcome mat for new and growing businesses,” Langevin said.

Dr. Rajiv Kumar, chief medical officer at Virgin Pulse, said prior to the acquisition by Virgin Pulse, ShapeUp “benefitted immensely from strong partnerships with the Rhode Island state government, local institutions and community leaders.”

“I’m thrilled that Virgin Pulse saw the potential that exists here and decided not only to stay, but to grow our footprint in this supportive and vibrant community,” Kumar said.

A third-party analysis projects that the expansion will generate $10.5 million in additional revenue to the state and nearly $60 million of additional gross domestic product, once Virgin Pulse completes its full hiring.

Virgin Pulse is the latest company that has announced plans to move to Rhode Island. GE Digital, which opened a temporary office on Dorrance Street this year, will move into a new spot at 75 Fountain St. next year.

On Dec. 13, the morning after the I-195 Commission voted on an $18.5 million incentive package, the governor announced that Wexford/CV Properties has secured key tenants – including Cambridge Innovation Center – for its anchor property in the I-195 Innovation and Design District.