Press Releases

WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence, issued the following statement after the Senate voted in favor of a war powers resolution introduced by Sen. Tim Kaine (D-VA) to require the President to consult Congress before going to war with Iran:

“Today, I voted to support Senator Kaine’s War Powers Resolution (SJ Res 68), which requires the President to seek congressional authorization before going to war with Iran. There is no question that Iran continues to pose a threat to the United States and to global security through its backing of terrorist and armed groups, its support for brutal dictators such as Syrian President Bashar al-Assad, and its repeated attempts to target of the United States and our closest allies in domains including cyber, sea and air. 

“These dangers are real, but I have had serious concerns about whether the administration’s unilateral withdrawal from the JCPOA and its adoption of a so-called ‘maximum pressure’ strategy have made the American people safer – or whether it has instead brought us dangerously close to the brink of war.

“This resolution does not constrain the U.S. government from acting in self-defense against Iranian provocation. It does, however, ensure that Congress has a say before the President goes to war – a constitutional responsibility dictated by our founders in Article I. Presidential administrations from both parties have traditionally consulted with Congress before taking the country to war for good reason. Not only is congressional consultation required by the Constitution, but it also creates a process for the airing of outside perspectives that might not otherwise be considered – ensuring that difficult questions are thought through, and blind spots exposed. Frankly, this process is essential when the stakes are so high, when we are talking about escalating a conflict with serious, long-term consequences and potentially putting American men and women in harm’s way.

The measure passed through the Senate by a vote of 55-45.

###

WASHINGTON, D.C – Today, U.S. Senators Mark R. Warner and Tim Kaine, a member of the Senate Armed Services Committee, joined a bipartisan group of fifteen senators, led by Senator Richard Blumenthal (D-CT), in writing to Acting Secretary of the Navy Thomas Modly to express concern over proposed funding reductions for the Virginia Class submarine program, which could negatively impact both the United States’ undersea superiority and the submarine industrial base. Virginia Class submarines are constructed, in part, at Newport News Shipbuilding. The Navy’s Fiscal Year (FY) 2021 budget request signals that the Navy will not exercise the option for a tenth Block V submarine, which as the senators note in their letter, “directly contradicts the National Defense Strategy and inexplicably delays the Navy’s goal of reaching 66 fast-attack submarines by 2048.”

The Senators said, “This gap could contribute to supplier instability and workforce shortfalls at a time when the industrial base should be simultaneously executing Columbia Class construction.”

The bipartisan letter was also signed by U.S. Senators Chris Murphy (D-CT), Jeanne Shaheen (D-NH), Jack Reed (D-RI), Tammy Baldwin (D-WI), Sheldon Whitehouse (D-RI), Lindsey Graham (R-SC), Kyrsten Sinema (D-AZ), Maggie Hassan (D-NH), Bob Casey (D-PA), Marco Rubio (R-FL), Roger Wicker (R-MS), Mazie Hirono (D-HI), Sherrod Brown (D-OH) and Josh Hawley (R-MO).

In today’s letter, the Senators asked for additional information from the Navy to justify the proposed submarine fleet reduction, citing Assistant Secretary Geurts’ testimony before the Senate Armed Services Committee in March 2019, which warned: “Our biggest shortfall…is in attack submarines. And that situation will get worse before it gets better. And so we are looking for any opportunity to accelerate that.”

The full text of the Senators’ letter is available here and copied below.

 

February 13, 2020 

The Honorable Thomas B. Modly

Acting Secretary of the Navy

1000 Navy Pentagon

Washington, DC  20350

Dear Acting Secretary Modly:

We write to express our concern regarding the Fiscal Year (FY) 2021 budget request, which includes only $4.9 billion in full procurement funding for the Virginia Class program. With this proposal, the Navy signals that it will not exercise the option for a tenth Block V submarine–a decision that directly contradicts the National Defense Strategy and inexplicably delays the Navy’s goal of reaching 66 fast-attack submarines by 2048. We request that you include funding for a second Virginia Class submarine on the Navy’s unfunded requirements list, and we request an assessment of how this budget request, if enacted, would impact the delivery schedule for the Virginia and Columbia Class programs and the submarine industrial base. 

In March 2019, Assistant Secretary Geurts testified before the Senate Armed Services Committee: “Our biggest shortfall…is in attack submarines. And that situation will get worse before it gets better. And so we are looking for any opportunity to accelerate that.” This budget request exacerbates this shortfall by decreasing investment in the Virginia Class program. Fast attack submarines will help ensure our asymmetric advantage and undersea superiority during a potential conflict with near-peer adversaries, and investment in the Virginia Class program is an indicator of progress toward countering Russian and Chinese aggression. 

Given the importance of the Virginia Class program in achieving our strategic objectives, we request additional information on any new fleet design proposals–particularly any reductions in submarines–and whether fully funding only one Virginia Class submarine in FY 2021 would compromise submarine force readiness. Although we anticipate that the upcoming Force Structure Assessment might recommend augmenting submarines with smaller surface and subsurface vessels, we are alarmed by any fleet design proposals that would decrease the size of the submarine fleet. Such a decision would likely yield a loss in capability that does not justify any short-term cost savings, particularly as Russia and China continue significant investment in their respective submarine fleets.

In FY 2020, Congress signaled support for ten submarines in Block V by appropriating an additional $200 million in advanced procurement funding for a tenth Virginia Class submarine with the Virginia Payload Module. But if the Navy does not intend to pursue the option submarine in Block V, we request an assessment of how procurement funding for only one Virginia Class submarine in the FY 2021 budget will impact the delivery schedules for both the Virginia and Columbia Class programs. Congress intended for the Navy to continue the two-per-year delivery cadence for the Virginia Class program that began in 2011, and we are concerned by the potential precedent of deviating from this cadence. With only 9 submarines in Block V, there would be a construction gap between the end of Block V construction and the beginning of Block VI construction. This gap could contribute to supplier instability and workforce shortfalls at a time when the industrial base should be simultaneously executing Columbia Class construction. We seek information about the broader impact on the submarine industrial base–which consists of almost 5,000 suppliers across almost all 50 states–and whether this budget proposal will prevent cost savings or compromise construction efficiencies.

The Navy’s budget request projects uncertainty about the future of submarine construction and lacks clarity regarding the long-term budgetary and strategic impact of only funding one Virginia Class submarine in FY 2021. We look forward to receiving additional information, and working with you during this budget cycle to ensure robust funding for the Virginia Class program.

 

###

WASHINGTON – Today, the U.S. Eastern District of New York announced charges against Huawei Technologies Co., LTD and several of its subsidiaries. Senate Select Committee on Intelligence Chairman Richard Burr (R-NC) and Vice Chairman Mark Warner (D-VA) released the following statement:

“Today's announcement by the Eastern District of New York is an important step in combatting Huawei's state-directed and criminal enterprise. The indictment paints a damning portrait of an illegitimate organization that lacks any regard for the law. Intellectual property theft, corporate sabotage, and market manipulation are part of Huawei's core ethos and reflected in every aspect of how it conducts business. It uses these tactics indiscriminately against competitors and collaborators alike. Huawei's unlawful business practices are a threat to fair and open markets, as well as to legitimate competition in a tech space that is critical for the global economy. We commend the men and women of the FBI who pursued this investigation, and the prosecutors in New York who brought this indictment.”

###

WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence and co-chair of the Senate Cybersecurity Caucus, issued the following statement regarding the Iowa caucuses:

“As the Department of Homeland Security has said, there is no indication that the failures associated with the app from last night’s caucuses were the result of malicious cyber activity.

“But the continuing chaos in Iowa is illustrative of our overall failure to take sufficient steps to protect the integrity of our election systems.   

“We need to look holistically at protecting the security, integrity, and resiliency of election systems – from registration systems, to e-poll books, voting machines, tabulation machines, and election night reporting systems. As the Senate Intelligence Committee has repeatedly emphasized, paper ballots are the least vulnerable to cyberattack, and at a minimum, all voter machines should have a voter-verified paper trail. What happened in Iowa last night underscores the necessity of all these measures were election-night systems to face a devastating hack.

“But what we’ve also seen that this chaos has created an environment where misinformation is now running rampant online, further undermining confidence in the democratic process. As we’ve seen in the past, foreign actors like Russia and China won’t hesitate to latch onto this kind of content in order to add to the domestic discord and distrust in our elections.

“As we get further into the 2020 primaries, what happened in Iowa is an early warning sign that Congress, local officials, and the social media platform companies have much more work to do to ensure the integrity of our elections.”

###

WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence, announced that he will vote in favor of the two articles of impeachment against President Trump.

In a speech on the floor of the U.S. Senate, Sen. Warner said in part, “The allegations against the President are grave. The House managers presented a compelling case based on the testimony of more than a dozen witnesses—Trump political appointees and career public servants who had the courage to speak truth to power. Their testimony, and the House managers’ case, present a clear fact pattern that even many of my Republican colleagues acknowledge is true. This evidence reflects a corrupt scheme to solicit foreign interference in support of the President’s re-election.”

Warner continued, “I will vote to convict the President because I swore an oath to do impartial justice and the evidence proves the charges against him are true. There must be consequences for abusing the power of the Presidency to solicit foreign interference in our election. If the Senate fails to hold him accountable we will be setting a dangerous precedent. We will be giving the green light to foreign adversaries and future presidents that this is okay. I will vote to convict the President because it is the Senate's constitutional responsibility to uphold this bedrock American principle: that no one is above the law, not even the President, and especially not the President.”

 

The full text of Sen. Warner’s remarks as prepared for delivery follows:

Madam President: I want to begin my remarks the way we began this trial: with the oath we each took to do impartial justice. Now, any other day we walk into this chamber as Republicans and Democrats. But in this trial, we have a much greater responsibility.

The allegations against the President are grave. The House managers presented a compelling case based on the testimony of more than a dozen witnesses—Trump political appointees and career public servants who had the courage to speak truth to power. Their testimony, and the House managers’ case, present a clear fact pattern that even many of my Republican colleagues acknowledge is true. This evidence reflects a corrupt scheme to solicit foreign interference in support of the President’s re-election. The President both unlawfully withheld aid to an ally at war with Russia and he withheld a White House meeting that would have strengthened our relationship with the democratically elected leader of Ukraine—a leader that was trying to prevent further Russian occupation of his country. The President used these powerful tools of American foreign policy as leverage to secure investigations into a political opponent as well as the “Crowdstrike” conspiracy theory— the notion that has been repeatedly debunked by our intelligence agencies that it was Ukraine, not Russia, that attacked our democracy in 2016.

Since this information came to light, the President has attempted to confound the House of Representatives’ constitutional role in the impeachment process. The White House issued a blanket refusal to provide any witnesses or documents, without any historical precedent or sound legal argument to support this position. For this reason, President Trump is also charged with obstruction of Congress.

Frankly, I understand some of the points the President’s defense team has raised concerning this second article of impeachment. There are legitimate questions to consider about executive privilege and separation of powers. But we cannot accept the “absolute immunity” argument this White House has invented. This absolute stance and the evidence we’ve seen about the President’s corrupt actions and intentions do not reflect a principled, good-faith defense of executive privilege. Rather it suggests an effort to deny Congress its Constitutional authority to investigate Presidential wrongdoing and, ultimately, to prevent exposure of the President’s conduct.

In reviewing this evidence, I have stuck to my oath of impartiality. I have tried to keep an open mind about what witnesses like John Bolton and Mick Mulvaney—people who were in the room with the President—could tell us. If anyone can provide new information that further explains the President’s actions, it is them. But I don’t see how the White House’s desperate efforts to block witnesses is anything but an admission that what they'd say under oath would not be good for this President. And I am deeply disappointed that the Senate could not achieve the majority necessary for a full, fair trial.

The defense of the President that we are left with is thin, legalistic, and frankly cynical. Instead of disputing the core facts, which are damning on their own terms, the President’s lawyers have resorted to remarkable legal gymnastics: The notion that even if the President did what he’s accused of, abuse of power is not impeachable. That foreign election interference is not a crime. That even calling witnesses to seek the truth about the President’s actions and motivations might somehow endanger the republic.

When Professor Dershowitz made his bizarre argument that abusing Presidential power to aid your reelection cannot be impeachable if you believe your own election to be in the national interest, I paid close attention—closer attention than I probably paid when I took his class back in 1977. But you don’t need a Harvard Law degree to understand what nonsense that argument is and where it could take us if followed to its logical conclusion. The framers wrote impeachment into the Constitution precisely because they were worried about the abuse of Presidential power. And if an abuse of power is what the framers had in mind when they crafted impeachment, then the two questions remaining in our deliberations are simple: did President Trump abuse his power and should he be removed from office?

The House managers have presented a compelling case that the President did pressure Ukraine to announce politically motivated investigations. A number of my Republican colleagues have acknowledged these facts acknowledged that what the President did was wrong. And frankly, it is clear why he did it. Does anyone here honestly believe Donald Trump wanted an investigation into the Bidens for any other reason than to damage Joe Biden politically and therefore aid in his own reelection? Time and again, the President has shown a willingness to attack anyone who stands in his way—Republicans, Democrats, members of his staff, members of this body. No one is off-limits. There is nothing out of character about this President using every available tool to damage an opponent regardless of their political party. I don’t fault the President for his unorthodox style. That is not an impeachable offense. The long list of things I disagree about with this President are not impeachable offenses, either. But the Constitution draws a line that is much clearer than the President’s lawyers have tried to argue.

The President crossed it. He abused his power. He commandeered America’s foreign policy not to advance America’s interests but to advance Donald Trump’s political interests. And despite his efforts to cover it up, he got caught. Now each one of us must vote: guilty or not guilty.

I will vote to convict the President because I swore an oath to do impartial justice and the evidence proves the charges against him are true. There must be consequences for abusing the power of the Presidency to solicit foreign interference in our election. If the Senate fails to hold him accountable we will be setting a dangerous precedent. We will be giving the green light to foreign adversaries and future presidents that this is okay. I will vote to convict the President because it is the Senate's constitutional responsibility to uphold this bedrock American principle: that no one is above the law, not even the President, and especially not the President.

### 

WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence and co-chair of the Senate Cybersecurity Caucus, issued the following statement after the United Kingdom announced its decision to allow Chinese equipment provider Huawei to help build its 5G wireless network:

"I am disappointed by the UK’s decision today, especially since the security risks are so well understood. But under current circumstances, I remain committed to working with the UK and other key allies to build more diverse and secure telecommunication options that provide competitive alternatives to Huawei.  I have introduced legislation that seeks to accomplish that, including a Multilateral Telecommunications Security Fund, and hope the UK will commit to partnering on this effort in the coming months. It is critical that countries committed to building and maintaining secure networks come together. Current financial support by China for Huawei puts any Western alternative at a serious disadvantage.”

Sen. Warner, a former telecommunications entrepreneur, has been outspoken about the dangers of allowing the use of Huawei equipment in U.S. telecommunications infrastructure, and that of U.S. allies. Earlier this month, Sen. Warner and a bipartisan group of leading national security Senators introduced legislation to encourage and support U.S. innovation in the race for 5G, providing over $1 billion to invest in Western-based alternatives to Chinese equipment providers Huawei and ZTE. Last year, he and Sen. Marco Rubio (R-FL) warned the Trump Administration against using Huawei as a bargaining chip in trade negotiations, and urged Canadian Prime Minister Justin Trudeau to reconsider Huawei’s inclusion in Canada’s 5G development, introduction and maintenance.

###

 

WASHINGTON – Today U.S. Sens. Mark R. Warner and Tim Kaine (both D-VA) and the entire Virginia congressional delegation urged the U.S. Army National Guard to prioritize funding for a new aviation facility in Richmond, Va. as part of the Future Years Defense Program (FYDP). With the current facility already impacting mission execution, the funding will help complete a much-needed facility to house the Virginia Army National Guard’s 28-aircraft fleet by the time its current lease with the Richmond Airport expires in 2032. The FYDP is typically included as part of the President’s budget, which outlines the programs and budget requests for the U.S. Department of Defense (DoD).

“This project is the number one priority for the Virginia Army National Guard and is desperately needed to replace aging and undersized facilities at Richmond International Airport, which are no longer suitable for mission execution,” wrote the members of Congress. “Additionally, the existing facility must be vacated by the National Guard as they have been formally notified by the airfield that their lease will not be renewed in order to make way for a planned runway expansion. Due to the criticality of this capability for the National Guard, the Commonwealth of Virginia has appropriated $4.5 million in state funding to support this project, even though state contribution is not required.”

To date, the project has been dependent on incremental phases and funding. In their letter to the U.S. Army National Guard, the members of Congress reiterated full federal funding is required to complete the aviation facility that is better suited for their operational needs and ensures that it will be ready in time for the pending relocation.

“The Virginia Army National Guard continues to compete the Army Aviation Support Facility project in phases, with Phase I being successfully placed on the FY24 FYDP. Unfortunately, the algorithms used for such competition make it highly unlikely that the entire requirement will be funded before the Virginia Army National Guard’s aviation fleet is ejected from its current facility. This concern, in conjunction with the cost savings and operational efficiencies of designing and constructing the facility as a single project, lead us to believe that the best solution for the mission and the taxpayers is to fund the entire requirement of $89 million in one fiscal year,” concluded the members of Congress.

In addition to Sens. Warner and Kaine, the letter was signed by U.S. Reps. Bobby Scott (D-VA), Rob Wittman (R-VA), Gerry Connolly (D-VA), Morgan Griffith (R-VA), Don Beyer (D-VA), A. Donald McEachin (D-VA), Ben Cline (R-VA), Elaine Luria (D-VA), Denver Riggleman (R-VA), Abigail Spanberger (D-VA), and Jennifer Wexton (D-VA).

A copy of the letter can be found here and below.

 

LTG Daniel R. Hokanson

Director, Army National Guard

111 S. George Mason Drive

Arlington, VA 22204

Dear LTG Hokanson,

We write in strong support of the proposed Army Aviation Support Facility (AASF) for the Virginia National Guard. We urge you to consider identifying this project in the Future Years Defense Program (FYDP), and ideally request funding in the upcoming release of the President's Budget for Fiscal Year 2021.

As you are aware, this project would construct a 228,000 square foot facility to support the Virginia National Guard's Army aviation mission. This project is the number one priority for the Virginia Army National Guard and is desperately needed to replace aging and undersized facilities at Richmond International Airport, which are no longer suitable for mission execution. Additionally, the existing facility must be vacated by the National Guard as they have been formally notified by the airfield that their lease will not be renewed in order to make way for a planned runway expansion. Due to the criticality of this capability for the National Guard, the Commonwealth of Virginia has appropriated $4.5 million in state funding to support this project, even though state contribution is not required.

This military construction project will move the AASF to land already licensed to the Virginia Army National Guard that has an existing armory and airport access, two factors that yield significant construction and operational savings. The new facility is optimally located to support the National Capital Region and Hampton Roads military economic complex during natural or man-made disasters, while far enough removed to be less impacted by such events in these critical national security regions. The project will support the Virginia Army National Guard’s entire aviation fleet consisting of 28 aircraft. These aircraft support the combined arms training and readiness of forces for national defense, as well as the Commonwealth of Virginia's disaster response and recovery capabilities for Title 32 and Title 10 National Guard Civil Support missions.

The Virginia Army National Guard continues to compete the Army Aviation Support Facility project in phases, with Phase I being successfully placed on the FY24 FYDP. Unfortunately, the algorithms used for such competition make it highly unlikely that the entire requirement will be funded before the Virginia Army National Guard’s aviation fleet is ejected from its current facility. This concern, in conjunction with the cost savings and operational efficiencies of designing and constructing the facility as a single project, lead us to believe that the best solution for the mission and the taxpayers is to fund the entire requirement of $89 million in one fiscal year.

The Virginia Army National Guard completed an extensive site selection study and master plan to 10% design, as well as environmental, historical, and soils studies for the proposed location. This project is critical to the viability of the Army aviation mission for the Virginia Army National Guard and would help the National Guard save lease costs necessitated by the loss of the current facility, absent this MILCON. Given the critical nature of the operational needs for the Army aviation mission and the upcoming deadline for the relocation of these operations, we hope you will give all due consideration to funding this project in the near future. As you know, the Virginia National Guard always answers the call to service for the defense of the nation, and plays a pivotal role in the safekeeping of the National Capital Region and the Hampton Roads military economic complex.

We appreciate your attention to and consideration of this request, and we look forward to your favorable response on this matter. Our Congressional Delegation stands ready to support you in this important military construction project.

Sincerely,

###

WASHINGTON – Today, U.S. Sen. Mark R. Warner (D-VA), co-chair of the bipartisan Senate Cybersecurity Caucus, urged the Defense Health Agency to remove sensitive medical data belonging to servicemembers exposed online, where it remains vulnerable due to insecure data practices at Ft. Belvoir Medical Center, Ireland Army Health Clinic, and the Womack Army Medical Center.

“As a matter of national security, the sensitive medical information of our men and women of the armed services is particularly vulnerable and should be, at a minimum, protected by robust security controls and routine scans,” wrote Sen. Warner. “The exposure of this information is an outrageous violation of privacy and represents a grave national security vulnerability that could be exploited by state actors or others.”

He continued, “We owe an enormous debt to our armed forces, and at the very least, we ought to ensure that their private medical information is protected from being viewed by anyone without their express consent. Whenever data moves from one entity to another it should be protected by encryption, proper hashing, segmentation, identity and access controls, and vulnerability management capabilities that include diligent monitoring, auditing, and logging practices.”

In September 2019, Sen. Warner sought answers from TridentUSA Health Services regarding reports that many unsecured picture archiving and communication servers (PACS) left the names, dates of birth, medical images, and medical procedures of more than one million Americans accessible to anyone with basic computer expertise. Following that letter, the images were removed but millions of records were left online. Nearly two months later, Sen. Warner called out the U.S. Department of Health and Human Services (HHS) for its failure to act following the exposure.

Since the letter to HHS, 16 systems, 31 million images and 1.5 million exam records have been removed from the internet. However, a significant number of personally identifiable and sensitive medical information belonging to servicemembers remains online, due to unsecured Army PACS.

In his letter to the Assistant Secretary, Sen. Warner asked the agency to remediate the situation immediately and posed the following questions for Assistant Secretary Thomas McCaffery:

  1. Please describe the information security management practices at military medical hospitals. Do you require organizations to operate on a segmented network? To implement micro-segmentation? To implement access controls? If so, what kind? Do you require the hospitals to implement multifactor authentication, logging, and monitoring?
  2. Do you audit and monitor logs? 
  3. Do you require full-disk encryption and authentication for PACS?
  4. Do you require the hospitals to have a Chief Information Security Officer?
  5. Please describe what steps you took to address this issue, and when you were able to remove these systems from the internet.  

A copy of the letter can be found here and below.

 

Mr. Thomas McCaffery

Assistant Secretary of Defense for Health Affairs

Defense Health Agency

7700 Arlington Boulevard

Falls Church, VA 22042

Dear Mr. McCaffery,

As the healthcare sector becomes increasingly reliant on technology to deliver essential services to patients, it also faces rising threats from malicious actors that seek to compromise the personally identifiable and other sensitive information of Americans. As a matter of national security, the sensitive medical information of our men and women of the armed services is particularly vulnerable and should be, at a minimum, protected by robust security controls and routine scans. It is with great alarm that I recently learned that unsecured Picture and Archiving Servers (PACS) at Ft. Belvoir Medical Center, Ireland Army Health Clinic, and the Womack Army Medical Center have left personally identifiable and sensitive medical information available online for anyone with a DICOM viewer to find.

Following a report  in September of 2019 highlighting the exposure of sensitive medical images belonging to millions of American through unsecured PACS, I wrote letters  to two healthcare entities that controlled the PACS, and those images were removed. However, millions of records remained online. The following month, I wrote  to the Department of Health and Human Services (HHS) Office of Civil Rights (OCR) regarding the remaining exposure of the personally identifiable information belonging to 6 million American patients. Since that letter, 16 systems, 31 million images and 1.5 million exam records were removed from the internet. However, I recently learned that a significant number of medical records belonging to servicemembers remain online. This information was discovered by the German researchers at Greenbone Networks, who accessed the information using German IP addresses; this itself should have triggered alarms by the hospital information security systems.

The exposure of this information is an outrageous violation of privacy and represents a grave national security vulnerability that could be exploited by state actors or others. We owe an enormous debt to our armed forces, and at the very least, we ought to ensure that their private medical information is protected from being viewed by anyone without their express consent. Whenever data moves from one entity to another it should be protected by encryption, proper hashing, segmentation, identity and access controls, and vulnerability management capabilities that include diligent monitoring, auditing, and logging practices. To better understand how this happened, I would like information about your organization’s oversight of the information security practices at military hospitals, particularly at Ft. Belvoir Medical Center and Womack Army Medical Center.

I ask that you immediately remediate this situation, and remove the vulnerable PACS from open access to the internet. To understand how these records have been exposed and accessed repeatedly by a German IP address, please also answer the following questions:

  1. Please describe the information security management practices at military medical hospitals. Do you require organizations to operate on a segmented network? To implement micro-segmentation? To implement access controls? If so, what kind? Do you require the hospitals to implement multifactor authentication, logging, and monitoring?
  2. Do you audit and monitor logs? 
  3. Do you require full-disk encryption and authentication for PACS?
  4. Do you require the hospitals to have a Chief Information Security Officer?
  5. Please describe what steps you took to address this issue, and when you were able to remove these systems from the internet.

Given the gravity of this issue, I would appreciate a response within two weeks.

Sincerely,

###

WASHINGTON – Today, U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence and co-chair of the bipartisan Senate Cybersecurity Caucus, voiced deep concerns with the ability of the U.S. Department of State to address the surge of offensive cyber activity by Iran. In a letter, which comes on the heels of a U.S. airstrike that killed Iranian general Qassem Soleimani, Sen. Warner notes Iran’s growing cybersecurity capabilities and presses Secretary Mike Pompeo for answers on how the Department plans to defend its information security systems in light of its long history of information breaches.

The Iranian government’s state-sponsored cybersecurity capabilities have grown in sophistication and intensity in recent years, and they have developed a number of advanced persistent threat (APT) groups that conduct various offensive operations. Examples include prolonged espionage, destructive malware and ransomware attacks, and social media manipulation through influence campaigns,” wrote Sen. Warner. “These attacks serve both political and economic purposes, and use methods like password spray attacks, scanning for VPN vulnerabilities, DNS hijacking, spear-phishing emails, and social engineering.”

As recently as 2018, the Department of Justice indicted two Iranian individuals who conducted a 34-month-long international scheme, in which they used ransomware to extort hospitals, municipalities and public institutions, causing $30 million in losses.

In his letter, Sen. Warner cites two separate reports by the Department of State’s Office of the Inspector General (OIG) that detail a number of cybersecurity risks presented by the structure of the Department of State and by hiring freezes affecting the department. These risks include a diminished ability to respond to malicious cyber activity targeting personnel and information assets due to the hiring freeze, as well as a lack of cybersecurity oversight resulting in unauthorized and misconfigured network devices comprising the Department’s sensitive network.

“The State Department has a long history of information security breaches, beginning with a series of blunders in the late 1990’s, and including a massive and prolonged attack in 2014, when the National Security Agency (NSA) and Russian hackers fought for control of State Department servers,” wrote Sen. Warner. “In September 2018, after an email breach of unclassified systems, a bipartisan group of Senators asked you how the State Department was addressing the issue.  Two months later, hackers with suspected ties to the Russian government were found to be impersonating State Department officials in an attempt to infiltrate computers belonging to the U.S. government, the military, and defense contractors.”

Noting the Department of State’s cybersecurity vulnerabilities and the risks of Iran carrying out cyberattacks with disruptive effects, Sen. Warner posed the following questions for Secretary Pompeo, requesting an answer by January 31st:

  1. Currently, cybersecurity personnel are dispersed organizationally across different bureaus within the Department of State, and across embassies around the world. Since the OIG report was issued in August 2019, what personnel changes have you made to more efficiently and effectively address both the hiring freeze impacts and the earlier security and audit concerns presented by the OIG?
  2. The OIG report noted that the Chief Information Security Officer (CISO) of the Department of State lacked necessary seniority for effectiveness or accountability. My understanding is that the current CIO reports to the Undersecretary for Management to the Secretary of State, and that the CISO reports to the CIO. In 2018 a study by the Financial Services Information Sharing and Analysis Center (FS-ISAC) recommended that CISO’s have clear and direct communication with the CEO, rather than just to the CIO.  Most organizations provide at least a dotted-line reporting structure from the CISO to the CEO. What kind of direct communication do you have with the CISO, given that the position sits below a CIO and an Undersecretary?
  3. What kind of employee training changes have you made to protect employees from phishing and other social engineering attacks?
  4. What technical changes have you made within the information security organization of the State Department to protect against ransomware and wiper malware attacks?
  5. Have you addressed the August 2019 OIG report’s hiring concerns for information and IT security personnel at our embassies? Are you up-to-date on your information security audits? Does the State Department, at the very least, conduct routine scanning, patching, and utilize multifactor authentication?

Earlier this month, Sen. Warner cautioned the Trump Administration on the dangers of escalating tensions with Iran and urged the Administration to prepare for the long-term potential consequences of targeting Soleimani.

A copy of the letter can be found here and below.

 

The Honorable Mike Pompeo

Secretary of State

U.S. Department of State

2201 C Street NW

Washington, DC 20520

Dear Secretary Pompeo:

As tensions between the United States and Iran rise, and the risks of Iran carrying out cyberattacks with “disruptive effects” grow, I write to express my deep concern about the State Department’s ability to defend its information security systems and that of our embassies around the world, and request a plan for how you will bolster these systems. 

The Iranian government’s state-sponsored cybersecurity capabilities have grown in sophistication and intensity in recent years, and they have developed a number of advanced persistent threat (APT) groups that conduct various offensive operations. Examples include prolonged espionage, destructive malware and ransomware attacks, and social media manipulation through influence campaigns. These attacks serve both political and economic purposes, and use methods like password spray attacks, scanning for VPN vulnerabilities, DNS hijacking, spear-phishing emails, and social engineering. Iran’s threat group APT33 has been linked to notorious disk-wiping malware including SHAMOON and SHAPESHIFT (which attacked industrial systems across the Middle East and in Europe). As recently as 2018, the Department of Justice indicted two Iranian men for deploying ransomware to extort hospitals, municipalities, and public institutions, causing over $30 million in losses. 

In August 2019, the Department of State’s Office of Inspector General (OIG) issued a report on the effects of the hiring freeze on the State Department, finding in particular, serious impacts on the cybersecurity functions of the Department. The IG found the following:

The bureau was unable to fill two Senior Executive Service positions responsible for cybersecurity, which it said delayed implementing an enterprise risk management program for IT systems. The DS [Bureau of Diplomatic Security] Computer and Technical Security Directorate reported that staffing shortfalls hampered its ability to develop tools and procedures to react and respond to malicious cyber activity targeting Department personnel and information assets. DS also reported delays in conducting penetration testing of Department networks and providing IT security support for integrating cybersecurity for new and existing systems, which they attributed, in part, to the hiring freeze.

That IG report followed a 2017 report by the State Department OIG that noted a number of cybersecurity risks presented by the structure of the State Department. The report noted that the Chief Information Security Officer was not well placed to be held fully accountable for State Department cybersecurity issues, and highlighted an incident in Guatemala City where unauthorized and misconfigured network devices comprised the Department’s sensitive network.

The State Department has a long history of information security breaches, beginning with a series of blunders in the late 1990’s, and including a massive and prolonged attack in 2014, when the National Security Agency (NSA) and Russian hackers fought for control of State Department servers.  In September 2018, after an email breach of unclassified systems, a bipartisan group of Senators asked you how the State Department was addressing the issue.  Two months later, hackers with suspected ties to the Russian government were found to be impersonating State Department officials in an attempt to infiltrate computers belonging to the U.S. government, the military, and defense contractors.  In March 2019, a State Department contractor was convicted of theft and embezzlement of 16 computers from your organization. 

Given Iran’s technical capabilities and threats to retaliate, as well as the State Department’s systemic organizational and functional problems addressing cybersecurity vulnerabilities, I ask you to answer the following questions on how the State Department will address a surge of offensive cyber activity by Iran:

  1. Currently, cybersecurity personnel are dispersed organizationally across different bureaus within the Department of State, and across embassies around the world. Since the OIG report was issued in August 2019, what personnel changes have you made to more efficiently and effectively address both the hiring freeze impacts and the earlier security and audit concerns presented by the OIG?
  2. The OIG report noted that the Chief Information Security Officer (CISO) of the Department of State lacked necessary seniority for effectiveness or accountability. My understanding is that the current CIO reports to the Undersecretary for Management to the Secretary of State, and that the CISO reports to the CIO. In 2018 a study by the Financial Services Information Sharing and Analysis Center (FS-ISAC) recommended that CISO’s have clear and direct communication with the CEO, rather than just to the CIO.  Most organizations provide at least a dotted-line reporting structure from the CISO to the CEO. What kind of direct communication do you have with the CISO, given that the position sits below a CIO and an Undersecretary?
  3. What kind of employee training changes have you made to protect employees from phishing and other social engineering attacks?
  4. What technical changes have you made within the information security organization of the State Department to protect against ransomware and wiper malware attacks?
  5. Have you addressed the August 2019 OIG report’s hiring concerns for information and IT security personnel at our embassies? Are you up-to-date on your information security audits? Does the State Department, at the very least, conduct routine scanning, patching, and utilize multifactor authentication?

I would appreciate your answers by January 31, 2020.

Sincerely,

###

WASHINGTON – Today, a bipartisan group of leading national security Senators introduced legislation to encourage and support U.S. innovation in the race for 5G, providing over $1 billion to invest in Western-based alternatives to Chinese equipment providers Huawei and ZTE.  

Heavily subsidized by the Chinese government, Huawei is poised to become the leading commercial provider of 5G, with far-reaching effects for U.S. economic and national security. With close ties to the Communist Party of China, Chinese state-directed technology companies present unacceptable risks to our national security and to the integrity of information networks globally. However, U.S. efforts to convince foreign partners to ban Huawei from their networks have stalled amid concerns about a lack of viable, affordable alternatives.

Today’s bipartisan legislation, the Utilizing Strategic Allied (USA) Telecommunications Act, would reassert U.S. and Western leadership by encouraging competition with Huawei that capitalizes on U.S. software advantages, accelerating development of an open-architecture model (known as O-RAN) that would allow for alternative vendors to enter the market for specific network components, rather than having to compete with Huawei end-to-end.

“Every month that the U.S. does nothing, Huawei stands poised to become the cheapest, fastest, most ubiquitous global provider of 5G, while U.S. and Western companies and workers lose out on market share and jobs. Widespread adoption of 5G technology has the potential to unleash sweeping effects for the future of internet-connected devices, individual data security, and national security. It is imperative that Congress address the complex security and competitiveness challenges that Chinese-directed telecommunication companies pose,” said Sen. Mark R. Warner (D-VA), who co-founded the wireless company Nextel before entering public service and currently serves as Vice Chairman of the Senate Select Committee on Intelligence. “We need to move beyond observing the problem to providing alternatives for U.S. and foreign network operators.”

“When it comes to 5G technology, the decisions we make today will be felt for decades to come. The widespread adoption of 5G has the potential to transform the way we do business, but also carries significant national security risks. Those risks could prove disastrous if Huawei, a company that operates at the behest of the Chinese government, military, and intelligence services, is allowed to take over the 5G market unchecked. This legislation will help maintain America’s competitive advantage and protect our national security by encouraging Western competitors to develop innovative, affordable, and secure 5G alternatives,” said Sen. Richard Burr (R-NC), Chairman of the Senate Select Committee on Intelligence.

“The Trump Administration’s lecturing of our allies about the dangers of relying on the Chinese for 5G is no replacement for the development of 5G alternatives,” said Sen. Bob Menendez (D-NJ), Ranking Member of the Senate Foreign Relations Committee. “This bill, which will supply the U.S. government with resources to help the private sector create viable 5G alternatives from all ends of the supply chain, is a long overdue step in the right direction. As I’ve said over and over again, confronting China is not the same as being competitive with China. It is time we do just that.”

“We are at a critical point in history for defining the future of the U.S.-China relationship in the 21st century, and we cannot allow Chinese state-directed telecommunications companies to surpass American competitors,” Sen. Marco Rubio (R-FL), a member of the Senate Intelligence and Foreign Relations Committees, said. “It is not only in our national security interests to support American competition in the 5G market, but it is also in our economic interests to continue to build and support an economy that leverages American strengths and creates American jobs in the industries of the future without relying on malign Chinese state-directed actors like Huawei and ZTE.”

“We should not accept a world that is forced to rely on Chinese telecommunication companies to unlock the benefits of 5G and next generation wireless technologies,” said Sen. Michael Bennet (D-CO), a member of the Senate Intelligence Committee. “It is imperative for America’s competitiveness and security that we develop alternatives for U.S. and foreign network operators. This $1 billion investment will send a strong, bipartisan signal that the United States is committed to developing viable, secure, and cutting-edge alternatives to China’s 5G technology while eliminating dependence on technology that poses real security threats.”

“5G technology presents a host of opportunities to transform American telecommunications,” Sen. John Cornyn (R-TX), a member of the Senate Intelligence Committee, said. “By helping to spur innovations in 5G, we can inoculate ourselves against the threat posed by China and encourage the development of technology that is secure, affordable, and economically beneficial to our allies.”

The Utilizing Strategic Allied (USA) Telecommunications Act would:

  • Require the Federal Communications Commission (FCC) to direct at least $750 million, or up to 5 percent of annual auction proceeds, from new auctioned spectrum licenses to create an O-RAN R&D Fund to spur movement towards open-architecture, software-based wireless technologies, funding innovative, ‘leap-ahead’ technologies in the U.S. mobile broadband market. The fund would be managed by the National Telecommunications and Information Administration (NTIA), with input from the FCC, Defense Advanced Research Project Agency (DARPA), and National Institute of Standards and Technology (NIST), among others;
  • Create a $500 million Multilateral Telecommunications Security Fund, working with our foreign partners, available for 10 years to accelerate the adoption of trusted and secure equipment globally and to encourage multilateral participation, and require reports for Congress on use of proceeds and progress against goals to ensure ample oversight;
  • Create a transition plan for the purchase of new equipment by carriers that will be forward-compatible with forthcoming O-RAN equipment so small and rural carriers are not left behind;
  • Increase U.S. leadership in International Standards Setting Bodies (ISSBs) by encouraging greater U.S. participation in global and regional telecommunications standards forums and requiring the FCC write a report to Congress with specific recommendations;
  • Expand market opportunities for suppliers and promote economies of scale for equipment and devices by encouraging the FCC to harmonize new commercial spectrum allocations with partners where possible, thus promoting greater alignment with allies and driving down the cost of Huawei alternatives.

“VMware is very supportive of the Utilizing Strategic Allied (USA) Telecommunications Act. Moving towards an open, virtualized RAN infrastructure will speed up 5G network integration and rollout, while decreasing deployment costs. We thank Senator Warner for his approach, which will foster U.S.-led innovation in the mobile technology space and give carriers more secure options to buildout our next-generation wireless infrastructure,” said Allwyn Sequeira, SVP & GM of Telco Edge Cloud Products for VMware.

“The security of America's communications networks is an essential component in ensuring our nation's economic leadership, now and in the future.  It  requires all of us -- the industry, the government and those who live and work here – collaborating on efforts to build and maintain smart and secure communications.  Verizon appreciates the forward-thinking, bipartisan Members of Congress that introduced this bill today.  We look forward to working with Congress as we move forward with this important measure,” said Robert Fisher, SVP Federal Government Relations, Verizon.

“AT&T applauds Senator Warner, Senator Burr and the bipartisan group of cosponsors for introducing legislation that will promote the development and deployment of open standards-based advanced telecommunications networks.  We look forward to working with Congress through the legislative process to see this measure enacted,” said Tim McKone, Executive Vice President, Federal Relations, AT&T.

“Juniper Networks supports the ‘USA Telecommunications Act’ introduced by Senator Mark Warner, Senator Richard Burr and the bipartisan group of original cosponsors. The development of open standards and deployment of open standards-based interoperable equipment are crucial to the building of secure 5G networks. The Trust Funds that the Warner-Burr bill proposes would boost R&D spending as well as U.S. leadership in 5G. We look forward to working with Congress and the Administration to get this bill enacted into law and implemented," said Manoj Leelanivas, Executive Vice President and Chief Product Officer, Juniper Networks.

Bill text is available here.

###

 

WASHINGTON – U.S. Sens. Mark R. Warner (D-VA) and Cory Gardner (R-CO), the bipartisan co-chairs of the Senate Cybersecurity Caucus, issued a statement after convening a classified briefing with Senators and Chris Krebs, Director of the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA), to discuss the growing threat posed by ransomware attacks:

“The continued prevalence of ransomware should really capture our attention. It’s costly, devastatingly high-impact, growing, and, in most cases, easily preventable with basic responsible cybersecurity practices.

“Ransomware and its destructive cousin wiperware are designed to inflict fear and uncertainty, disrupt vital services, and sow distrust in public institutions. While often viewed as basic digital extortion, ransomware has had materially adverse impacts on markets, social services like education, water, and power, and on healthcare delivery, as we have seen in a number of states and municipalities across the United States.

“We are glad our colleagues in the Senate Cybersecurity Caucus could join Director Krebs for this much-needed conversation about ways Congress and the federal government can better address this important issue.”

###

WASHINGTON – U.S. Sens. Mark R. Warner (D-VA) and John Cornyn (R-TX) today introduced the UIGHUR Protection Act, which would place export controls on critical technologies to China, such as facial recognition software, that can be used to facilitate mass surveillance and detention.

“As we have seen from extensive reporting and leaked Chinese government documents, the Chinese government is undertaking systematic repression and internment of Uighurs and other ethnic minorities in the Xinjiang Uighur Autonomous region in the People’s Republic of China. This behavior extends beyond Xinjiang to other regions and online communities. We need to ensure that US companies are not enabling these efforts, intentionally or inadvertently, by selling specific technology items that provide critical capabilities to the Chinese government for their surveillance, censorship, and social control efforts,” said Sen. Warner.

“For years, members of China’s Uighur population have been unjustly detained and surveilled by the Chinese government,” said Sen. Cornyn. “American technology should not be used for the oppression of ethnic minority groups by foreign governments, and this legislation would ensure that the United States has no part in these despicable practices.”

Background:

The UIGHUR Protection Act would require the President, no later than 120 days after enactment, to identify and place items and technologies on the Commerce Control List that provide a critical capability to the Chinese government for suppressing human rights. Special licenses may be granted by the President for the export, re-export, or in-country transfer to or within China for these critical technologies but the bill would require a presumption of denial.

Uighurs, or Uyghurs, are an ethnic group living primarily in the Xinjiang Uyghur Autonomous Region (XUAR) in China’s northwest. Since an outbreak of demonstrations and ethnic unrest in 2009 and clashes involving Uyghurs and Xinjiang security personnel that spiked between 2013 and 2015, the Chinese Community Party (CCP) began a policy of mass internment through labor camps they refer to as “reeducation camps.”

According to various estimates, Xinjiang authorities have detained over one million Turkic Muslims, mostly ethnic Uyghurs, and Kazakhs, in these camps without formal charges, trials or hearings, and with no timetable for release. According to former detainees, treatment and conditions in the camps include beatings, food deprivation, and crowded and unsanitary conditions.

###

WASHINGTON, D.C. – U.S. Senators Mark R. Warner and Tim Kaine, a member of the Senate Armed Services Committee, released the following statement after the Navy signed a contract to block buy nine Virginia-class submarines:

“We’re glad the Navy reached this deal to save taxpayer dollars and help protect our nation. We’ve long supported Virginia-class submarines, and we’re excited that this move will strengthen our shipbuilding community in Hampton Roads, where these submarines are built.”

Warner and Kaine have supported funding for the submarines in the annual defense bill and discussed the benefits of Virginia-class submarines with military leadership.

###

 

WASHINGTON – U.S. Sen. Mark R. Warner, Vice Chairman of the Senate Select Committee on Intelligence, spoke at a bipartisan event in the U.S. Capitol hosted by the Washington Kurdish Institute. In his remarks, Warner called on the Senate to take up and pass the Syrian Allies Protection Act, legislation Warner introduced that would make U.S. visas available to Kurdish Syrians who worked directly with the U.S. armed forces in Syria.

These individuals’ lives now may be in danger after President Trump abruptly withdrew American troops from northern Syria and allowed a Turkish military operation to move forward against Kurdish fighters, who have been integral partners in the fight against ISIS. Since the Turkish offensive began last month, there have been reports of executions and human rights abuses against Kurdish fighters and civilians, and at least 99,200 people in northeastern Syria remain displaced, with 14,000 refugees seeking shelter in Iraq, according to the United Nations.

 Responding to the President’s decision to withdraw U.S. forces from northern Syria, Warner said, “It's now a month and a half since the President of the United States – in one phone call – undermined our Kurdish allies, completely caught the American military and the American intelligence community totally off-guard, and threw the region into chaos. As a result of that telephone conversation, men and women of the SDF [Syrian Defense Forces] and other Kurdish allies – who literally up until that phone call, in many cases, were standing with the American military – are now subject to being killed.”

The Senator continued, “I also think the President's decision to abandon the Kurds will be a disaster for American foreign policy for decades. How do we go back to allies or potential allies in a very troubled region and say, ‘If you align with us and promote democratic values and promote human rights and stand with us, we will stand with you?’”

On the question of who benefits most from the withdrawal of American troops, Warner noted, “Who are the winners? Iran… [Syrian Dictator Bashar al] Assad… Vladimir Putin… ISIS. These are not allies of the United States or the Kurdish people.”

According to a report from the Defense Department released Tuesday, the Turkish incursion into northeastern Syria and the drawdown of U.S. troops allowed ISIS to “reconstitute capabilities and resources within Syria and strengthen its ability to plan attacks abroad... In the longer term, ISIS will probably seek to regain control of some Syrian population centers and expand its global footprint.” The report also noted that the Turkish offensive allowed Russian and Syrian government forces to move into northeast Syria, a development the State Department and U.S. Agency for International Development (USAID) said “would likely impact” U.S. goals for a peaceful end to the Syrian civil war.

In his remarks, Warner called on Congress to pass his legislation to protect Kurdish Syrians who worked directly with the U.S. armed forces in Syria prior to the President’s withdrawal.

“One thing that is the bare minimum we should do is support legislation that I've put forward called the Syrian Allies Protection Act. What that says is very simply that the men and women, the Kurdish men and women allies who had been working with the United States military or our intelligence services for at least six months, ought to be protected on a going-forward basis,” Warner said.

Similar to congressionally-directed programs that made select Iraqi and Afghan nationals who worked as interpreters or in other vital military support positions eligible for special immigrant visas, the Syrian Allies Protection Act would protect those Kurds in Syria who worked most closely with the United States, usually as translators, and whose lives are now threatened not only by the ongoing Turkish incursion, but by potential retaliation by freed ISIS fighters, regime forces, and other foreign interests in Syria now that the protection of American forces has been removed. The legislation would provide permanent American residence to Syrian nationals who worked for the U.S. armed forces for at least six months, have obtained a favorable recommendation from a general or flag officer in the chain of command, and have passed a background check and screening. The legislation would also direct the Secretary of Defense, in consultation with the Secretaries of State and Homeland Security, to develop and implement a framework to evacuate these eligible individuals to safety – either in the United States or a third country – while vetting takes place, if their lives are at risk remaining in Syria.  

The Washington Kurdish Institute is a 501(c)(3) non-profit, research and educational organization that was established in 1996, which represents Kurdish American interests and advocates for policies supporting the development of Kurdistan’s civil society.

###

WASHINGTON – Today, the bipartisan leadership of several key Senate committees urged President Trump’s national security adviser to designate a senior coordinator dedicated to leading the nation’s effort to develop and deploy next-generation communications technologies. In a letter to Robert O’Brien, who was appointed as national security adviser in September, the top Republican and Democratic Senators on the Senate Select Committee on Intelligence, the Senate Homeland Security and Governmental Affairs Committee, the Senate Foreign Relations Committee and the Senate Armed Services Committee stressed the urgent need for the Trump administration to develop a national strategy for 5G, and to prioritize across government agencies the nation’s effort to develop and deploy the technology. 

“While we appreciate the progress being made within and across departments and agencies, we are concerned that their respective approaches are not informed by a coherent national strategy. In our view, the current national level approach to 5G comprises of a dispersed coalition of common concern, rather than a coordinated, interagency activity. Without a national strategy, facilitated by a common understanding of the geopolitical and technical impact of 5G and future telecommunications advancements, we expect each agency will continue to operate within its own mandate, rather than identifying national authority and policy deficiencies that do not neatly fall into a single department or agency. This fractured approach will not be sufficient to rise to the challenge the country faces. We hope that you, as the new National Security Adviser, will make this issue a top priority. We would further urge you to designate a dedicated, senior individual focused solely on coordinating and leading the nation’s effort to develop and deploy future telecommunications technologies. We believe that having a senior leader would position the United States to lead on telecommunications advancements, ensure the United States is appropriately postured against this strategic threat, and demonstrate to our allies the seriousness with which the nation considers the issue,” wrote Sens. Mark R. Warner (D-VA) and Richard Burr (R-NC), the Vice Chairman and Chairman of the Intelligence Committee; Sens. Ron Johnson (R-WI) and Gary Peters (D-MI), the Chairman and Ranking Member of the Homeland Security and Governmental Affairs Committee; Sens. Jim Risch (R-ID) and Bob Menendez (D-NJ), the Chairman and Ranking Member of the Foreign Relations Committee; and Sens. Jim Inhofe (R-OK) and Jack Reed (D-RI), the Chairman and Ranking Member of the Armed Services Committee.

The Senators stressed the dangers of allowing China to continue to lead the development of 5G technology. Maintaining White House focus on 5G is especially important in light of last week’s decision to eliminate the emerging technologies directorate at the National Security Council. 

“While the United States has led in the development and deployment of previous telecommunications evolutions, 5G represents the first evolutionary step for which an authoritarian nation leads the marketplace for telecommunications solutions. China’s leadership, combined with the United States’ increased reliance on high-speed, reliable telecommunications services to facilitate both commerce and defense, poses a strategic risk for the country. We cannot rely exclusively on defensive measures to solve or mitigate the issue, but rather we must shape the future of advanced telecommunications technology by supporting domestic innovation through meaningful investments, leveraging existing areas of U.S. strength, and bringing together like-minded allies and private sector expertise through a sustained effort over the course of decades, not months. A challenge of this magnitude requires a more ambitious response than traditional agency processes can support,” wrote the Senators.

A copy of the letter is available here. 

###

WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Intelligence Committee, joined his Senate colleagues in requesting information from the U.S. Department of Veterans Affairs (VA) and the U.S. Department of Defense (DoD) on the agencies' efforts to educate veterans and servicemembers about online disinformation campaigns and other malign influence operations by Russian, Chinese, and other foreign entities. Today’s letters follow a two-year investigation by Vietnam Veterans of America (VVA) that documented persistent, pervasive, and coordinated online targeting of American servicemembers, veterans, and their families by foreign entities seeking to disrupt American democracy.

In particular, the VVA report found that the Russian Internet Research Agency (IRA) specifically targeted American veterans and the social media followers of several congressionally-chartered veterans service organizations during and after the 2016 election. The report also revealed that foreign entities are targeting servicemembers and veterans for the purpose of interference in the upcoming federal election.

Virginia is home to roughly 714,000 veterans, approximately 130,000 active duty servicemembers, and their families.

In their letter to VA Secretary Robert Wilkie, the Senators noted that while the VA has prioritized the security of its information systems and infrastructure – including veterans' personal information – the VA does not appear to have an established strategy for educating veterans about online disinformation efforts targeting them. The Senators urged Secretary Wilkie to consider implementing the VVA report's recommendations.

“While countering disinformation targeting veterans is not a core VA function, identifying these tactics helps improve veterans' cyber security and their ability to detect and avoid falling prey to scams and other forms of manipulation,” the Senators wrote in their letter to VA.

In their letter to Defense Secretary Mark Esper, the senators acknowledged DoD has worked to deter online disinformation and other malign influence campaigns by foreign adversaries, but they also called on the Department to implement VVA's recommendations, consistent with existing efforts to counter foreign malign influence operations.

“Malicious foreign actors are targeting servicemembers using disinformation through social media platforms and other online tools and ... countering foreign interference in American elections is critical to protecting the integrity of our democracy,” the Senators wrote in their letter to DoD.

The VVA report's recommendations for addressing online disinformation targeting servicemembers include directing DoD to “create a working group to study the security risks inherent in the use of common personal electronic devices and apps at home and abroad by servicemembers,” and to “direct commanders to include personal cybersecurity training and regular cyber-hygiene checks for all servicemembers.”

 

The report also recommended that the VA immediately develop plans to make the cyber-hygiene of veterans an urgent priority within the VA, and educate and train veterans on personal cyber security, “including how to identify instances of online manipulation.”

In addition to Sen. Warner, the letter was led by Sen. Elizabeth Warren (D-MA) and cosigned by Sens. Sherrod Brown (D-OH), Tammy Duckworth (D-IL), Richard Blumenthal (D-CT), Edward J. Markey (D-MA), Chris Van Hollen (D-MD), Richard Durbin (D-IL), Democratic Whip, Catherine Cortez Masto (D-NV), Tom Udall (D-NM), Bernie Sanders (I-VT), Tammy Baldwin (D-WI), Doug Jones (D-AL), Ron Wyden (D-OR), Robert Menendez (D-NJ), Ranking Member of the Senate Foreign Relations Committee, Mazie Hirono (D-HI), Kirsten Gillibrand (D-NY), Jack Reed (D-RI), Ranking Member of the Senate Armed Services Committee, Amy Klobuchar (D-MN), Ranking Member of the Senate Rules Committee, and Kamala Harris (D-CA).

Following Russia’s unprecedented use of social media to sow discord and influence the 2016 presidential elections, Sen. Warner wrote a social media white paper highlighting ways to protect users on social media against misinformation and disinformation campaigns. Sen. Warner has also written and introduced a series of bipartisan bills designed to protect consumers and reduce the power of giant social media platforms like Facebook. His work as Vice Chairman of the Senate Select Committee on Intelligence helped uncover Russia’s extensive efforts to exploit social media in the 2016 elections.

A copy of the letter to the VA can be found here. A copy of the letter to the DoD can be found here.

###

WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Intelligence Committee and co-founder of the Senate Cybersecurity Caucus, today raised concern with the U.S. Department of Health and Human Services (HHS)’s failure to act, following a mass exposure of sensitive medical images and information by health organizations. In a letter to the HHS Director of the Office for Civil Rights, Sen. Warner identified this exposure as damaging to individual and national security, as this kind of information can be used to target individuals and to spread malware across organizations.

“I am alarmed that this is happening and that your organization, with its responsibility to protect the sensitive personal medical information of the American people, has done nothing about it,” wrote Sen. Warner. “As your agency aggressively pushes to permit a wider range of parties (including those not covered by HIPAA) to have access to the sensitive health information of American patients without traditional privacy protections attaching to that information, HHS’s inattention to this particular incident becomes even more troubling.”

“These reports indicate egregious privacy violations and represent a serious national security issue -- the files may be altered, extracted, or used to spread malware across an organization,” he continued. “In their current unencrypted state, CT, MRI and other diagnostic scans on the internet could be downloaded, injected with malicious code, and re-uploaded into the medical organization’s system and, if capable of propagating, potentially spread laterally across the organization. Earlier this year, researchers demonstrated that a design flaw in the DICOM protocol could easily allow an adversary to insert malicious code into an image file like a CT scan, without being detected.”

On September 17th, a report revealed that millions of Americans had their private medical images exposed online, due to unsecured picture archiving and communication servers (PACS) that utilize the Digital Imaging and Communications in medicine (DICOM) protocol. Along with the medical images, these PACS also exposed the names and social security numbers of those affected, leaving this information open to anyone with basic computer expertise, as these required no authentication to access or download.

This exposure was uncovered by German researchers, who contacted the German Federal Office for Information Security (BSI). BSI then alerted the United States Computer Emergency Readiness Team (US-CERT), who confirmed the exposure and reached out to HHS. However, if they received this information, HHS has failed to act on it, even failing to list TridentUSA Health Services – one of the main companies responsible for the exposure – on its breach portal website.

In his letter to Director Roger Severino, Sen. Warner also raised alarm with the fact that TridentUSA Health Services successfully completed an HHS Health Insurance Portability and Accountability Act (HIPAA) Security Rule compliance audit in March 2019, while patient images were actively accessible online.

Sen. Warner also posed the follow questions for HHS regarding the incident, and its current cybersecurity requirements and procedures:

  1. Did HHS receive a notice from US-CERT regarding the open PACS ports available with diagnostic imaging available on the internet without any restrictions?
    1. If so, what actions were taken to address the issue?
  2. What evidence do you require organizations to produce during a HIPAA Security Rule audit? Are organizations asked to turn over their audit logs? How does OCR review the logs?
    1. Does OCR have information security experts on staff or does it rely on external consultants as part of these audits? 
  3. What are the follow-up procedures if an organization’s log files reveal access to sensitive data from outside the United States, such as in this case?
  4. Please describe your information security audit process.
  5. Please describe your oversight of the DICOM protocol and PACS security. Do you require organizations to implement access controls? If so, what kind? Do you require full-disk encryption and authentication for PACS? Are the DICOM protocol implementations included in the audits?

Sen. Warner has been a champion for cybersecurity throughout his career, and has been an outspoken critic of poor cybersecurity practices that compromise Americans’ personal information. In September, Sen. Warner wrote to TridentUSA Health Services to inquire about the company’s data security practices, following reports that a company affiliate exposed medical data belonging to millions of Americans. Earlier that month, Sen. Warner demanded answers from U.S. Customs and Border Protection (CBP) and South Korean company Suprema HQ, following separate incidents that affected both entities and exposed the personal, permanently identifiable data of many Americans. Sen. Warner has introduced legislation to empower state and local government to counter cyberattacks, and to increase cybersecurity among public companies.

The letter text can be found below and a PDF is available here.

 

Mr. Roger Severino                                                                

Director, Office for Civil Rights

Department of Health and Human Services

200 Independence Ave SW

Washington, DC 20201

Dear Director Severino,

As the health care industry increasingly harnesses internet connectivity and software, including machine learning systems, to improve patient care, a long overdue focus on data privacy and information security has come into sharper focus. This is particularly evident in light of reports that sensitive medical records of potentially millions of Americans were recently exposed online – and that your agency has done little to address this issue. Prompting even greater concern, one of the companies that left the data exposed online also successfully completed one of your Health Insurance Portability and Accountability Act (HIPAA) Security Rule compliance audits in March. I am alarmed that this is happening and that your organization, with its responsibility to protect the sensitive personal medical information of the American people, has done nothing about it. As your agency aggressively pushes to permit a wider range of parties (including those not covered by HIPAA) to have access to the sensitive health information of American patients, without traditional privacy protections attaching to that information, HHS’s inattention to this particular incident becomes even more troubling.

On September 17th ProPublica published a shocking report that the sensitive medical images of millions of American patients were exposed online through unsecured picture and archiving and communications servers (PACS) that utilize the Digital Imaging and Communications in medicine (DICOM), protocol. The publicly-accessible information that had been accessed from Germany included MRI’s, X-rays, and CT scans, as well as names and social security numbers of the patients. The 13.7 million images found on the internet required absolutely no authentication to access or download. As of writing this letter, there are 779 million image records attached to 21.6 million patient records, impacting an estimated 5 million patients in 22 states. The largest system accessed holds 61 million diagnostic images attached to 1.23 million exam records of American patients and remains available on the internet.

In late August, German researchers initiated an investigation to determine the global accessibility and remote access capabilities of PACS. On September 9th, the researchers concluded their two week inquiry and submitted their findings to the German Federal Office for Information Security (BSI). By September 17th, BSI had addressed the affected systems which were removed from the internet prior to the publishing of the ProPublica report.

After US-CERT was notified of the problem by BSI, US-CERT contacted the German researchers at Greenbone Networks, confirming they received the data on September 20th. US-CERT stated the agency would convey the information to the U.S. Department of Health and Human Services (HHS). According to the researchers, however, there has been no further communication from US-CERT or HHS, even though data privacy authorities from other countries like France and the UK contacted Greenbone Networks following the publication of ProPublica’s report.

On September 23rd, I wrote to TridentUSA Health Services expressing my concern regarding the issues raised in the ProPublica report, and pointed out that MobilexUSA, a TridentUSA Health Services affiliate, was identified as controlling one of the unsecured PACS. On October 15th, the German researchers demonstrated to my office a number of US-based PACS have open ports, supporting unencrypted communications protocols, exposing images to the internet like chest X-rays and mammograms, and identifying details like names and social security numbers. Those images and medical records continue to be accessible.

These reports indicate egregious privacy violations and represent a serious national security issue -- the files may be altered, extracted, or used to spread malware across an organization. Earlier this year, researchers demonstrated that a design flaw in the DICOM protocol could easily allow an adversary to insert malicious code into an image file like a CT scan, without being detected. The researchers who discovered the flaw in the DICOM protocol were able to use a polyglot file, which can contain more than one stream of data with different file formats, and hide the malicious code in the scan. In their current unencrypted state, CT, MRI and other diagnostic scans on the internet could be downloaded, injected with malicious code, and re-uploaded into the medical organization’s system and, if capable of propagating, potentially spread laterally across the organization.

In their response to my letter, TridentUSA Health Services noted that they successfully completed the Department of Health and Human Services audits, confirming compliance with the HIPAA Security Rule, the last of which concluded in March 2019, while patient images were accessible online.

While the information security lapses by the medical companies using the PACS are clear, it is unclear how your agency has addressed this issue. As of the writing of this letter, TridentUSA Health Services is not included on your breach portal website, and I have seen no evidence that, once contacted by US-CERT, you acted on that information in any meaningful way.

To understand how such an enormous oversight in your organization has allowed medical companies to leave insecure ports open to the internet and accessed repeatedly by a German IP address, I ask that you answer the following questions:

1.      Did HHS receive a notice from US-CERT regarding the open PACS ports available with diagnostic imaging available on the internet without any restrictions?
a.      If so, what actions were taken to address the issue?
2.      What evidence do you require organizations to produce during a HIPAA Security Rule audit? Are organizations asked to turn over their audit logs? How does OCR review the logs?
a.      Does OCR have information security experts on staff or does it rely on external consultants as part of these audits? 
3.      What are the follow-up procedures if an organization’s log files reveal access to sensitive data from outside the United States, such as in this case?
4.      Please describe your information security audit process.
5.      Please describe your oversight of the DICOM protocol and PACS security. Do you require organizations to implement access controls? If so, what kind? Do you require full-disk encryption and authentication for PACS? Are the DICOM protocol implementations included in the audits?

The American people deserve to have their sensitive private information protected and their government held accountable for enforcing the rules in place to keep that information private. I hope that you will share what immediate actions you are taking, along with answering the questions above. I look forward to hearing your response no later than November 18, 2019.

Sincerely,

###

WASHINGTON – After ISIS terrorists in Syria escaped from detention facilities that had been run by America’s Kurdish partners in the Syrian Defense Forces (SDF) following the withdrawal of U.S. troops and subsequent incursion by Turkey, U.S. Sen. Mark R. Warner, Vice Chairman of the Senate Select Committee on Intelligence, and U.S. Sen. Susan Collins (R-ME), a senior member of the Committee, today requested that the Office of the Director of National Intelligence produce an unclassified assessment regarding the escape’s impact on the security of United States and our allies.

In a letter to the acting Director of National Intelligence Admiral Joseph Maguire, the Senators wrote, “The SDF has been holding more than 10,000 captured ISIS fighters, including 2,000 so-called ‘foreign fighters,’ committed jihadists who traveled from Europe, the Middle East, and elsewhere, to join ISIS. Many of these individuals are hard-core terrorists, with the kinds of expertise – bomb-making, leadership and propaganda – that had made ISIS such a threat to the United States and our allies. As the Kurds understandably shift their focus to defending themselves, their ability to securely detain these ISIS fighters will become increasingly uncertain. Already, press reports have indicated that senior U.S. officials say they have ‘no real idea’ how many fighters may have already escaped, and how many more are likely to do so.”

“If the past is any indication, it was escaped al-Qaeda in Iraq (AQI) prisoners that formed the core of what became known as ISIS, contributing to the group’s eventual takeover of Mosul and much of northern Iraq.  The subsequent influx of foreign fighters into Iraq and Syria increased the terrorist threat to the United States and Europe.  If left unchecked, the escape of ISIS detainees in Syria could lead to similar counterterrorism setbacks,” continued the Senators. “Therefore, please provide to the Senate Select Committee on Intelligence an assessment of the impact the escape of ISIS detainees in SDF custody could have on the security of United States and our allies, including the detainees who have escaped and those still residing in SDF custody.  In order to better inform the American public, the Congress, policymakers and America’s allies, this assessment should be unclassified to the extent possible, with a classified annex if needed.”

The Senators asked that ODNI provide a response to the request within two weeks, by November 19, 2019. The full text of today’s letter is below. A signed copy is available here.

 

November 5, 2019

The Honorable Joseph Maguire

Acting Director of National Intelligence

Office of the Director of National Intelligence

Washington, DC 20511

Dear Director Maguire:

We write to express our grave concern about the instability in Syria, and particularly about the escape of numerous Islamic State (ISIS) detainees from detention facilities that had been run by America’s Kurdish partners in the Syrian Defense Forces (SDF).

The SDF has been holding more than 10,000 captured ISIS fighters, including 2,000 so-called “foreign fighters,” committed jihadists who traveled from Europe, the Middle East, and elsewhere, to join ISIS. Many of these individuals are hard-core terrorists, with the kinds of expertise – bomb-making, leadership and propaganda – that had made ISIS such a threat to the United States and our allies.

As the Kurds understandably shift their focus to defending themselves, their ability to securely detain these ISIS fighters will become increasingly uncertain. Already, press reports have indicated that senior U.S. officials say they have “no real idea” how many fighters may have already escaped, and how many more are likely to do so.

If the past is any indication, it was escaped al-Qaeda in Iraq (AQI) prisoners that formed the core of what became known as ISIS, contributing to the group’s eventual takeover of Mosul and much of northern Iraq. The subsequent influx of foreign fighters into Iraq and Syria increased the terrorist threat to the United States and Europe. If left unchecked, the escape of ISIS detainees in Syria could lead to similar counterterrorism setbacks.

Therefore, please provide to the Senate Select Committee on Intelligence an assessment of the impact the escape of ISIS detainees in SDF custody could have on the security of United States and our allies, including the detainees who have escaped and those still residing in SDF custody. In order to better inform the American public, the Congress, policymakers and America’s allies, this assessment should be unclassified to the extent possible, with a classified annex if needed. Please provide a response to this request by November 19, 2019.

Sincerely,

Mark R. Warner

Vice Chairman

Susan M. Collins

United States Senator

CC: The Honorable Mark T. Esper, Secretary of Defense

###

 

WASHINGTON – Senator Bob Menendez (D-N.J.), Ranking Member of the Senate Foreign Relations Committee, Senator Mark Warner (D-Va.), Ranking Member of the Senate Intelligence Committee, and Senator Jack Reed (D-R.I.), Ranking Member of the Senate Armed Services Committee, today sent a letter to President Trump fiercely opposing his plan to pay for his border wall using money meant to help our European allies deter Russian aggression. Nearly $1.3 billion, including $700 million designated by Congress for the European Defense Initiative (EDI), will be diverted from confronting one of our greatest national security challenges—all to fund a medieval vanity project that was supposed to be paid for by Mexico.

“In light of the Kremlin’s ongoing assault on our democracy and its malign actions in Ukraine, Syria, and Venezuela, U.S. national security requires our close cooperation with our NATO allies and maintaining a robust presence in Europe,” wrote the senators. “These cuts signal to the Kremlin that you do not view its interference in Europe as a serious concern and potentially serve as a green light for Moscow to expand their malign activities”

Diverting these funds from their original mission will impact critical military infrastructure projects in the countries most threatened by Russian aggression, and will cut more than half a billion dollars in funding for U.S.-operated facilities in Europe.

A copy of the letter can be found here and below:

 

Dear Mr. President:

We are writing to express deep concern about your decision to divert nearly $1.3 billion in U.S. funding away from critical national security projects in NATO countries, including funds specifically designated by Congress to deter Russian aggression and reassure our allies, in favor of your proposed border wall with Mexico.  On numerous occasions you promised the American people that Mexico would pay for this wall. However, your administration’s diversion of funding from our core security interests and Secretary Esper’s statement that our NATO allies should pick up the tab, shows that the American people and our NATO allies, and not Mexico, are, in fact, paying. Your decision endangers our national security and signals to the Kremlin that the United States is not willing to stand up to its aggression.

In light of the Kremlin’s ongoing assault on our democracy and its malign actions in Ukraine, Syria, and Venezuela, U.S. national security requires our close cooperation with our NATO allies and maintaining a robust presence in Europe.  Congress has strongly supported the European Deterrence Initiative (EDI) to bolster U.S. and NATO’s military preparedness in Europe in the face of the persistent Kremlin threat.

This diversion of $770 million in EDI funds, in particular, will impact critical projects such as a special operations training facility in Estonia, airfield upgrades in Slovakia, and ammunition storage in Poland. These cuts signal to the Kremlin that you do not view its interference in Europe as a serious concern and potentially serve as a green light for Moscow to expand their malign activities. Cutting EDI also again raises questions about the United States’ commitment to NATO and to Article Five, which has been repeatedly reaffirmed by Congress on a strong bipartisan basis. In addition to the EDI cut, your $1.3 billion cuts divert an additional $520 million from U.S.-operated facilities in Europe, that are vital to support the military families based there and to sustain our missions in the Middle East. 

Instead of sending a signal that could be interpreted by Vladimir Putin as an invitation to further aggression in Europe, we strongly urge you to support U.S. national security interests and reverse this decision.

Sincerely,

###

 

WASHINGTON – Yesterday, just 377 days before the presidential election, Senators Mark Warner (D-VA), Amy Klobuchar (D-MN), and Ron Wyden (D-OR), asked for unanimous consent for the immediate consideration of legislation to stop foreign interference in our elections. Senator Warner spoke first and asked for the immediate consideration of the Foreign Influence Reporting in Elections (FIRE) Act (which is in the House SHIELD Act). Senator Klobuchar asked for the immediate consideration of the Stopping Harmful Interference in Elections for a Lasting Democracy (SHIELD) Act, which includes three Klobuchar provisions to secure U.S elections and passed the House yesterday. Senator Wyden asked for the immediate consideration of the Securing America's Federal Elections (SAFE) Act, legislation that passed the House of Representatives in June. Senator Marsha Blackburn (R-TN) objected to all three requests, preventing the Senate from immediately considering these important election security measures.

“Earlier this month, the Senate Intelligence Committee released its report on Russia’s use of social media to undermine our democracy. The committee’s bipartisan conclusion is clear: Russia attacked our democracy in 2016. Their efforts are ongoing, and they will be back in 2020,” said Warner, Vice Chairman of the Senate Select Committee on Intelligence. “The alarm bells are going off – and we are running out of time to do something about it. History will not look kindly on Republican leaders’ refusal to consider bipartisan election security legislation following Russia’s attack on our democracy.”

The next major elections are just three hundred seventy seven days away,” said Klobuchar, Ranking Member of the Senate Rules Committee with jurisdiction over federal elections. “We must take action now to secure our elections. Fundamental to our democracy and our founding fathers was this simple idea that we would determine our fate in America. That we would not let foreign powers influence our elections. That is what this is about. It's about protecting our election hardware and infrastructure, but it is also about protecting us from disinformation campaigns.

“Despite all of the ways foreign hackers have already made it into our election infrastructure, Congress has refused to arm state and county elections officials with the knowledge and funding they need to secure their systems,” said Wyden. “The SAFE Act has all three key elements recommended by our nation’s top cybersecurity experts: paper ballots, security standards, and post-election audits, as well as the funding necessary to make sure states can get the job done. I urge my Republican colleagues to reconsider their opposition to this vitally important legislation.”

In Senator Blackburn’s remarks she stated that the Senators were attempting to “circumvent going to the Rules Committee and trying to bring these bills to the floor,” despite the fact that multiple election security bills have been introduced since 2017 and have yet to be brought to the floor by Senate Republicans for an up or down vote. Last year, the Senate Rules Committee was scheduled to mark-up Ranking Member Klobuchar’s comprehensive election security legislation, and Republicans cancelled the markup the night before.

###

WASHINGTON – U.S. Sen. Mark R. Warner (D-VA) said today that he was optimistic about the chances of passing bipartisan anti-money laundering legislation this Congress after the House voted yesterday to advance a bill that would curb illicit financial activities by requiring companies to disclose their true beneficial owners, and increasing information-sharing between law enforcement, financial institutions, and the Treasury Department.

Last month, Sen. Warner – along with Sens. Tom Cotton (R-AR), Doug Jones (D-AL), Mike Rounds (R-SD), Bob Menendez (D-NJ), John Kennedy (R-LA), Catherine Cortez Masto (D-NV), and Jerry Moran (R-KS) – introduced the Improving Laundering Laws and Increasing Comprehensive Information Tracking of Criminal Activity in Shell Holdings (ILLICIT CASH) Act, which would, for the first time, require shell companies – often used as fronts for criminal activity – to disclose their true owners to the U.S. Department of Treasury.

“Today’s House vote is an encouraging sign of progress on this important issue, and it demonstrates that there is widespread support in Congress for reforming our laws to combat money laundering, fight crime, and improve our national security,” said Sen. Warner following the House vote. “I appreciate the Treasury Department’s willingness to work with Congress on this matter, and am hopeful that the Senate will soon move forward on our bipartisan proposal to crack down on shell companies, while also prioritizing data security and protecting small businesses from unnecessary regulation.”

According to research from the University of Texas and Brigham Young University, the U.S. remains one of the easiest places in the world to set up an anonymous shell company. A recent report by Global Financial Integrity demonstrates that, in all 50 U.S. states, more information is required to obtain a library card than to register a company. Human traffickers, terrorist groups, arms dealers, transnational criminal organizations, kleptocrats, drug cartels, and rogue regimes have all used U.S.-registered shell companies to hide their identities and facilitate illicit activities. Meanwhile, U.S. intelligence and law enforcement agencies find it increasingly difficult to investigate these illicit financial networks without access to information about the beneficial ownership of corporate entities involved.

The ILLICIT CASH Act would crack down on anonymous shell companies by requiring these companies to disclose their true owners to the U.S. Department of Treasury. It would also update decades-old anti-money laundering (AML) and combating the financing of terrorism (CFT) policies by giving Treasury and law enforcement the tools they need to fight criminal networks. A section-by-section analysis of this bill is available here. A one-pager is available here. The full text of the bill is available here

###

WASHINGTON – U.S. Sen. Mark R. Warner, Vice Chairman of the Senate Select Committee on Intelligence, today introduced the Syrian Allies Protection Act, which would make U.S. visas available to Kurdish Syrians who worked directly with the U.S. armed forces in Syria and whose lives may now be in danger after President Trump abruptly withdrew American troops from northern Syria and allowed a Turkish military operation to move forward against Kurdish fighters who have been integral partners in the fight against ISIS. Since the Turkish offensive began last week, the UN has received reports of executions and human rights abuses against Kurdish fighters and civilians, and at least 160,000 civilians have been displaced.

“America has always stood by her allies. It’s shameful that as a result of President Trump’s reckless actions in Syria, the lives of our Kurdish allies are now in danger,” said Sen. Warner. “Our friends should not pay the price for the President’s irresponsible decision. This bill would establish a program, like those Congress has already established for Iraqi and Afghan nationals, that would allow Kurdish Syrians who worked directly with American troops in the fight against ISIS to come to safety here in the U.S.”

Similar to congressionally-directed programs that made select Iraqi and Afghan nationals who worked as interpreters or in other vital military support positions eligible for special immigrant visas, the Syrian Allies Protection Act would protect those Kurds in Syria who worked most closely with the United States, usually as translators, and whose lives are now threatened not only by the ongoing Turkish incursion, but by potential retaliation by freed ISIS fighters, regime forces, and other foreign interests in Syria now that the protection of American forces has been removed. The legislation would provide permanent American residence to Syrian nationals who worked for the U.S. armed forces for at least six months, have obtained a favorable recommendation from a general or flag officer in the chain of command, and have passed a background check and screening.

The legislation would also direct the Secretary of Defense, in consultation with the Secretaries of State and Homeland Security, to develop and implement a framework to evacuate these eligible individuals to safety  – either in the United States or a third country – while vetting takes place, if their lives are at risk remaining in Syria.  

The text of the Syrian Allies Protection Act is available here.

###

WASHINGTON, D.C. – Today, Senate Select Committee on Intelligence Chairman Richard Burr (R-NC) and Vice Chairman Mark Warner (D-VA) released a new report titled, “Russia’s Use of Social Media.” It is the second volume released in the Committee’s bipartisan investigation into Russia’s attempts to interfere with the 2016 U.S. election.

The new report examines Russia’s efforts to use social media to sow societal discord and influence the outcome of the 2016 election, led by the Kremlin-backed Internet Research Agency (IRA). The analysis draws on data provided to the Committee by social media companies and input from a Technical Advisory Group comprising experts in social media network analysis, disinformation campaigns, and the technical analysis of complex data sets and images to discern the dissemination of disinformation across social media platforms.

Statement from Chairman Burr:

“Russia is waging an information warfare campaign against the U.S. that didn’t start and didn’t end with the 2016 election. Their goal is broader: to sow societal discord and erode public confidence in the machinery of government. By flooding social media with false reports, conspiracy theories, and trolls, and by exploiting existing divisions, Russia is trying to breed distrust of our democratic institutions and our fellow Americans. While Russia may have been the first to hone the modern disinformation tactics outlined in this report, other adversaries, including China, North Korea, and Iran, are following suit.

“Any solution has to balance America’s national security interests with our constitutionally-protected right to free speech. Social media companies, federal agencies, law enforcement, and Congress must work together to address these challenges, and I am grateful for the cooperation our Committee has gotten from both the Intelligence Community and the tech industry. My hope is that by continuing to shine a light on this issue, we will encourage more Americans to use social media responsibly, as discerning and informed consumers.”

Statement from Vice Chairman Warner:

“The bipartisan work that this Committee has done to uncover and detail the extent of that effort has significantly advanced the public’s understanding of how, in 2016, Russia took advantage of our openness and innovation, exploiting American-bred social media platforms to spread disinformation, divide the public, and undermine our democracy. Now, with the 2020 elections on the horizon, there’s no doubt that bad actors will continue to try to weaponize the scale and reach of social media platforms to erode public confidence and foster chaos. The Russian playbook is out in the open for other foreign and domestic adversaries to expand upon – and their techniques will only get more sophisticated.

“As was made clear in 2016, we cannot expect social media companies to take adequate precautions on their own. Congress must step up and establish guardrails to protect the integrity of our democracy. At minimum, we need to demand transparency around social media to prevent our adversaries from hiding in its shadows. We also need to give Americans more control over their data and how it’s used, and make sure that they know who’s really bankrolling the political ads coming across their screens. Additionally, we need to take measures to guarantee that companies are identifying inauthentic user accounts and pages, and appropriately handling defamatory or synthetic content. It’s our responsibility to listen to the warnings of our Intelligence Community and take steps to prevent future attacks from being waged on our own social media platforms.”

The Committee has held five open hearings on Russia’s use of social media, including a September 2018 open hearing with Facebook’s Chief Operating Officer Sheryl Sandberg and Twitter’s Chief Executive Officer Jack Dorsey. In December 2018, the Committee released two independent analyses of IRA activity, produced by New Knowledge and Graphika and the University of Oxford

The Committee released the first volume of its Russia investigation in July 2019. You can read, “Volume I: Russian Efforts Against Election Infrastructure,” here.

You can read, “Volume II: Russia’s Use of Social Media,here.

Key Findings and Recommendations:

  • The Committee found that the IRA sought to influence the 2016 U.S. presidential election by harming Hillary Clinton’s chances of success and supporting Donald Trump at the direction of the Kremlin.  The Committee found that IRA social media activity was overtly and almost invariably supportive of then-candidate Trump to the detriment of Secretary Clinton’s campaign.  
  • The Internet Research Agency’s (IRA) targeting of the 2016 U.S. election was part of a broader, sophisticated, and ongoing information warfare campaign designed to sow discord in American politics and society. While the IRA exploited election-related content, the majority of its operations focused on exacerbating existing tensions on socially divisive issues, including race, immigration, and Second Amendment rights.
  • The Committee found the IRA targeted African-Americans more than any other group or demographic. Through individual posts, location targeting, Facebook pages, Instagram accounts, and Twitter trends, the IRA focused much of its efforts on stoking divisions around hot-button issues with racial undertones. 
  • The IRA engaged with unwitting Americans to further its reach beyond the digital realm and into real-world activities. For example, IRA operatives targeting African-Americans convinced individuals to sign petitions, share personal information, and teach self-defense courses. Posing as U.S. political activists, operatives sought help from the Trump Campaign to procure campaign materials and to organize and promote rallies.
  • The Committee found IRA activity increased, rather than decreased, after Election Day 2016. Analysis of IRA-associated accounts shows a significant spike in activity after the election, increasing across Instagram (238 percent), Facebook (59 percent), Twitter (52 percent), and YouTube (84 percent). Researchers continue to uncover IRA-associated accounts that spread malicious content.
  • The Committee recommends social media companies work to facilitate greater information sharing between the public and private sector. Because information warfare campaigns are waged across a variety of platforms, communication between individual companies, government authorities, and law enforcement is essential for fully assessing and responding to them. Additionally, social media companies do not consistently provide a notification or guidance to users who have been exposed to inauthentic accounts.
  • The Committee recommends Congress consider ways to facilitate productive coordination and cooperation between social media companies and relevant government agencies. Congress should consider whether any existing laws may hinder cooperation and whether information sharing should be formalized. The Committee also recommends Congress consider legislation to ensure Americans know the source behind online political advertisements, similar to existing requirements for television, radio, and satellite ads.
  • The Committee recommends the Executive Branch publicly reinforce the danger of attempted foreign interference in the 2020 election. The Executive Branch should establish an interagency task force to monitor foreign nations’ use of social media platforms for democratic interference and develop a deterrence framework. A public initiative to increase media literacy and a public service announcement (PSA) campaign could also help inform voters. 
  • The Committee recommends candidates, campaigns, and other public figures scrutinize sourcing before sharing or promoting new content within their social media network. All Americans should approach social media responsibly to prevent giving “greater reach to those who seek to do our country harm.” The Committee recommends that media organizations establish clear guidelines for using social media accounts as sources to prevent the spread of state-sponsored disinformation.

###

WASHINGTON – U.S. Sens. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence, and Marco Rubio (R-FL), member of the Senate Select Committee on Intelligence, have expressed concern over the growing threat posed by deepfakes – sophisticated audio and video technologies that allow users to create fake audio and/or video files that falsely depict someone saying or doing something. In letters to 11 social media companies, including Facebook, Twitter, and YouTube, Sens. Warner and Rubio urged the platforms to develop industry standards for sharing, removing, archiving, and confronting the sharing of synthetic content as soon as possible, in light of foreign threats to the upcoming U.S. election. The letters also encouraged the platforms to develop clear policies to ensure their platforms are not exploited to spread disinformation or misinformation, including through authenticating media, labeling and archiving synthetic media content, and providing access to qualified outside researchers.

“As concerning as deepfakes and other multimedia manipulation techniques are for the subjects whose actions are falsely portrayed, deepfakes pose an especially grave threat to the public’s trust in the information it consumes; particularly images, and video and audio recordings posted online,” wrote the Senators. “If the public can no longer trust recorded events or images, it will have a corrosive impact on our democracy.”

“Despite numerous conversations, meetings, and public testimony acknowledging your responsibilities to the public, there has been limited progress in creating industry-wide standards on the pressing issue of deepfakes and synthetic media,” they continued. “Having a clear strategy and policy in place for authenticating media, and slowing the pace at which disinformation spreads, can help blunt some of these risks.  Similarly, establishing clear policies for the labeling and archiving of synthetic media can aid digital media literacy efforts and assist researchers in tracking disinformation campaigns, particularly from foreign entities and governments seeking to undermine our democracy.”

Deepfake technologies allow users to superimpose existing images and videos onto unrelated images or videos, essentially giving users the ability to create false and defamatory content that can be easily spread on social media.

In their letters to Facebook, Twitter, YouTube, Reddit, LinkedIn, Tumblr, Snapchat, Imgur, TikTok, Pinterest, and Twitch, the Senators emphasized that more than two-thirds of Americans get their news from social media sites, and stressed that online media platforms must assume a heightened responsibility for safeguarding public confidence. They also posed the following series of questions about each company’s ability to prevent, detect, and address deepfakes and other synthetic media:

  1. What is your company’s current policy regarding whether users can post intentionally misleading, synthetic or fabricated media?
  2. Does your company currently have the technical ability to detect intentionally misleading or fabricated media, such as deepfakes? If so, how do you archive this problematic content for better re-identification in the future?
  3. Will your company make available archived fabricated media to qualified outside researchers working to develop new methods of tracking and identifying such content?  If so, what partnerships does your company currently have in place?  Will your company maintain a separate, publicly accessible archive for this content?
  4. If the victim of a possible deepfake informs you that a recording is intentionally misleading or fabricated, how will your company adjudicate those claims or notify other potential victims?
  5. If your company determines that a media file hosted by your company is intentionally misleading or fabricated, how will you make clear to users that you have either removed or replaced that problematic content?
  6. Given that deepfakes may attract views that could drive algorithmic promotion, how will your company and its algorithms respond to, and downplay, deepfakes posted on your platform?
  7. What is your company’s policy for dealing with the posting and promotion of media content that is wholly fabricated, such as untrue articles posing as real news, in an effort to mislead the public? 

###

WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence, released the following statement:

“It is deeply disturbing that the president went on national television and told the American people that he’s trying to find out the whistleblower’s identity. The president’s comments about ‘spies and treason’ and ‘what we used to do in the old days’ are downright dangerous and will do serious damage to our national security long after this news cycle is over. That kind of rhetoric can only serve one purpose: intimidation of this whistleblower and anyone else within the intelligence community who is considering stepping forward to report wrongdoing.

“It is incumbent upon the Acting Director of National Intelligence and other intelligence leaders to publicly pledge that they will protect and stand by this whistleblower, and any other individual within the intelligence community who steps forward to lawfully report illegal or unethical behavior within the federal government, anonymously or otherwise.”

 

###