WASHINGTON – Congressman Rob Wittman (R-VA), U.S. Senators Mark R. Warner and Tim Kaine, and Representatives Bobby Scott (D-VA), Gerry Connolly (D-VA), Morgan Griffith (R-VA), Don Beyer (D-VA), A. Donald McEachin (D-VA), Ben Cline (R-VA), Elaine Luria (D-VA), Denver Riggleman (R-VA), Abigail Spanberger (D-VA), and Jennifer Wexton (D-VA) sent a letter to Assistant Secretary of the Navy James Guerts expressing strong support for the shipbuilding and ship maintenance industrial base.  

“We believe that the private shipbuilding and ship maintenance industrial base is performing a vital public function during this pandemic and should remain open for business, sustaining employment and providing products and services which contribute to our Navy’s recapitalization and readiness,” they wrote. “During these challenging times, we are particularly concerned about the shipbuilding and ship repair enterprise and safety of our ship workers.”  

The entire Virginia Delegation requested that the Navy ensure that safety of shipworkers remain the highest priority. They also requested the Navy’s support with expeditious contractual adjustments between Navy and industry to ensure a healthy partnership that fully alleviates the negative impacts, to both workers and shipyards, associated with COVID-19 relief, for the Navy’s support in expediting access to loans and loan guarantees provided that could be used to assist the shipbuilding and ship maintenance industrial base, for the Navy to ensure small business participation in ship repair, and for the Navy to ensure a sustained industrial base, development of the LHA-9 acquisition effort and use of the FY19 LHA-9 Advanced Procurement monies to accelerate construction of an additional large deck amphibious ship.

See signed letter here and text below. 

The Honorable James F. Geurts

Assistant Secretary of the Navy (Research, Development, and Acquisition)

1000 Navy Pentagon

Washington, DC 20350-1000

Dear Mr. Geurts,

We are writing to express strong support for the shipbuilding and ship maintenance industrial base. Because of our support of this critical but fragile industry, we are deeply concerned about their viability during the national emergency caused by the COVID-19 pandemic. We applaud the actions you directed in your March 20 memorandum and encourage your continued engagement on contracting issues which may arise as the shipbuilding and ship maintenance industrial base works through the pandemic.

We believe that the private shipbuilding and ship maintenance industrial base is performing a vital public function during this pandemic and should remain open for business, sustaining employment and providing products and services which contribute to our Navy’s recapitalization and readiness. During these challenging times, we are particularly concerned about the shipbuilding and ship repair enterprise and safety of our ship workers.  We would ask your support for the following items: 

• We request your support in ensuring that the safety of our shipworkers remains the bedrock of any future discussion with additional contractual adjustments provided to alleviate any hazards experienced by workers during the COVID-19 pandemic.
• Similar to the authority provided by section 3610 of the CARES Act (P.L. 116-136), we request your support with expeditious contractual adjustments between Navy and industry to ensure a healthy partnership that fully alleviates the negative impacts, to both workers and shipyards, associated with COVID-19 relief. 
• Pursuant to section 4003 of the CARES Act, we request your support to expediting access to loans and loan guarantees provided that could be used to assist the shipbuilding and ship maintenance industrial base.
• To ensure continued small business participation in ship repair, your assurance that previously programmed continuous maintenance availability will continue.
• To ensure a sustained industrial base, development of the LHA-9 acquisition effort and use of the FY19 LHA-9 Advanced Procurement monies to accelerate construction of an additional large deck amphibious ship. 

We would like to thank you for your leadership of Navy acquisition during this critical time for our Navy and our nation. We look forward to continuing to work with you on providing for our future fleet with a strong, robust, and resilient shipbuilding and ship maintenance industrial base.

Sincerely, 

# # #

WASHINGTON – U.S. Sens. Mark R. Warner and Tim Kaine (both D-VA) today expressed concern with the health and welfare of military personnel aboard the USS Theodore Roosevelt – an American aircraft carrier that has been reported to have more than 100 sailors aboard who have tested positive for the novel coronavirus (COVID-19). In a letter, the Senators questioned Secretary of the Navy Thomas B. Modly about the conditions aboard the vessel and about any actions being taken to ensure the health and safety of sailors and other military personnel.

“We are writing about the recent developments aboard the USS Theodore Roosevelt (CVN-71) due to coronavirus (COVID-19) infections, so we can better understand the Navy’s plans for safeguarding its personnel and what Congress can do to assist your efforts,” wrote the Senators.“As you are aware, there are countless Virginians with family members serving aboard Navy warships who are all concerned about the health and well-being of their loved ones.  We share these concerns for all our personnel serving in the military at this challenging time.” 

On Monday, in a letter to senior military officials, Capt. Brett Crozier detailed the USS Theodore Roosevelt’s deteriorating conditions, noting that the ship’s environment is especially conducive to the spread of the disease due to the large number of confined sailors and the sharing of resources and facilities, among other things. The vessel – which is currently docked in Guam – has more than 4,000 crew members onboard, including the more than 100 sailors who have tested positive for COVID-19.

In their letter to the Navy, the Senators – who have heard directly from the relatives of servicemembers aboard the ship – requested answers to the following questions: 

1. Has the Navy developed new measures and policies to ensure critical components are managed by crew that are known to be free of COVID-19?   How many COVID-19 tests would the Navy require to implement such a policy?  How many tests do you currently possess?
2. Does the Navy have an adequate number of berthing barges to house crewmembers for nuclear vessels that require daily maintenance of critical components while those ships are cleaned/decontaminated?  
3. Does the Navy have an adequate number of berthing barges to house crewmembers for vessels slated for deployment in the next 120 days while they are cleaned and decontaminated?
4. Is there any plan, similar to those being pioneered by the US Transportation Command for military airlift pilots, to effectively “cocoon” ships’ crews to avoid new contamination from outside sources?
5. What measures are in place to safely re-supply currently deployed ships without unnecessarily exposing the crew to COVID-19?
6. Is there any requirement to extend personnel slated for retirement or separation to safely operate Navy vessels?  Can Congress provide additional incentive pay for Navy personnel whose separations, retirements, deployments or working conditions have been impacted by COVID-19?
7. Have you been in contact with the Department of Energy about the lessons learned from the COVID-19 outbreak on the USS Roosevelt for dissemination amongst nuclear power plants operating in the U.S.?
8. Are there any other authorities or resources the Navy requires to better secure the health and safety of Navy personnel & their families during this crisis? 

Text of the letter is available here and below. 

April 1, 2020       

The Honorable Thomas B. Modly

Secretary of the Navy 

1000 Navy Pentagon 

Washington, DC 20350-1000  

Dear Acting Secretary Modly: 

We are writing about the recent developments aboard the USS Theodore Roosevelt (CVN-71) due to coronavirus (COVID-19) infections, so we can better understand the Navy’s plans for safeguarding its personnel and what Congress can do to assist your efforts. 

As you are aware, there are countless Virginians with family members serving aboard Navy warships who are all concerned about the health and well-being of their loved ones.  We share these concerns for all our personnel serving in the military at this challenging time. 

In an effort to ensure Congress is best assisting the Navy in meeting the challenges posed by the coronavirus, we ask that you provide a response to the following in an appropriate format, as we understand that details affecting readiness are sensitive and potentially classified: 

1. Has the Navy developed new measures and policies to ensure critical components are managed by crew that are known to be free of COVID-19?   How many COVID-19 tests would the Navy require to implement such a policy?  How many tests do you currently possess?
2. Does the Navy have an adequate number of berthing barges to house crewmembers for nuclear vessels that require daily maintenance of critical components while those ships are cleaned/decontaminated?  
3. Does the Navy have an adequate number of berthing barges to house crewmembers for vessels slated for deployment in the next 120 days while they are cleaned and decontaminated?
4. Is there any plan, similar to those being pioneered by the US Transportation Command for military airlift pilots, to effectively “cocoon” ships’ crews to avoid new contamination from outside sources?
5. What measures are in place to safely re-supply currently deployed ships without unnecessarily exposing the crew to COVID-19?
6. Is there any requirement to extend personnel slated for retirement or separation to safely operate Navy vessels?  Can Congress provide additional incentive pay for Navy personnel whose separations, retirements, deployments or working conditions have been impacted by COVID-19?
7. Have you been in contact with the Department of Energy about the lessons learned from the COVID-19 outbreak on the USS Roosevelt for dissemination amongst nuclear power plants operating in the U.S.?
8. Are there any other authorities or resources the Navy requires to better secure the health and safety of Navy personnel & their families during this crisis? 

Thank you for your time and consideration. 

Sincerely, 

###

WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence, pushed the Department of Defense (DoD) to issue guidance for uniformed, civilian, and contractor personnel to help them better understand their options for paid leave and telework amid the COVID-19 outbreak. In a letter to Secretary Mark T. Esper, Sen. Warner requested that the DoD clarify what types of leave are applicable in a variety of COVID-19 related scenarios, and provide guidance on the types of DoD workers that are eligible for telework.

“An area of particular concern is how administrative leave, weather and safety leave, sick leave, and annual leave apply under a variety of COVID-19 related scenarios,” wrote Sen. Warner. “These personnel should not face uncertainty or obstacles in their efforts to preserve our individual or collective health.” 

Currently, there is fragmentation in the DoD’s current leave policy that creates ambiguity regarding the kind of leave that would apply if employees needed to take time off work in the event that they were symptomatic, exposed but not symptomatic, or if they needed to care for family members who have contracted COVID-19. 

In his letter, Sen. Warner, who has heard from several Virginians who have been forbidden from teleworking despite considerable safety concerns, also urged the DoD to clarify which employees occupy mission-critical positions, and which are eligible for telework.

“The Office of Management and Budget (OMB) and Office of Personnel Management (OPM) issued guidance for agencies to expand telework flexibility, but at present, guidance issued by OMB, OPM, and the Department have ambiguity that is creating confusion and anxiety,” he continued. “Personnel whose duties and responsibilities do not immediately contribute to a critical national security function would benefit from a clear directive instructing them to work remotely and would make a significant impact for our nation.”

In his letter, Sen. Warner encouraged the Department to create further telework options, as appropriate, for employees currently deemed ineligible for telework in order to protect their safety and health and that of their family members. He also emphasized that any guidance should be consistent and transparent for all eligible personnel stationed across the country and abroad.  

Sen. Warner has been a strong advocate for federal workers amid the COVID-19 outbreak. Yesterday, he led seven of his Senate colleagues in calling on the Office of Management and Budget (OMB) and Office of Personnel Management (OPM) to post department and agency contingency plans amid the COVID-19 outbreak as more federal agencies begin to ramp up teleworking capabilities. Additionally, he has urged President Trump to immediately issue an executive order directing agencies to utilize telework capabilities to the maximum possible extent, and has called on the House and Senate to address the potential financial hardship for Congress’ support workforce if their work schedules are unexpectedly disrupted as the result of changes to congressional operations.

A copy of the letter is available here and below, and a full list of Sen. Warner’s work to protect Americans amid the coronavirus outbreak is available here.

The Honorable Mark T. Esper

Secretary

U.S. Department of Defense 

Washington, D.C.  20301

Dear Secretary Esper:

I write to ask you to clarify personnel policy governing the Department’s response to COVID-19 so that uniformed, civilian, and contractor personnel better understand how they can and should adapt to minimize the spread and impact of this virus.

An area of particular concern is how administrative leave, weather and safety leave, sick leave, and annual leave apply under a variety of COVID-19 related scenarios, to include for personnel whose normal duty station is a classified facility, whether personnel occupy a mission critical position or not, if they are symptomatic or exposed but not symptomatic, and if they must care for family members who have contracted COVID-19.

These personnel should not face uncertainty or obstacles in their efforts to preserve our individual or collective health. The Office of Management and Budget (OMB) and Office of Personnel Management (OPM) issued guidance for agencies to expand telework flexibility, but at present, guidance issued by OMB, OPM, and the Department have ambiguity that is creating confusion and anxiety.  For example, personnel should have due flexibility to telework, as appropriate, to protect their safety and health and that of their family members.

Personnel whose duties and responsibilities do not immediately contribute to a critical national security function would benefit from a clear directive instructing them to work remotely and would make a significant impact for our nation.  For personnel deemed ineligible for telework, the Department should investigate and create further options, when possible, to temporarily make them eligible. The urgency for the Department to take necessary steps and clarify concerns about telework options for personnel will ensure personnel do not feel aggrieved during the outbreak of COVID-19.  This guidance should be consistent and transparent for all eligible personnel stationed across the country and abroad.

Maintaining a healthy workforce with confidence in the government’s commitment to their welfare is of the utmost importance to us.  Thank you in advance for your prompt response and attention to this matter.

I look forward to working with you to address this matter of urgent priority.

Sincerely,

###

WASHINGTON, DC – Today, U.S. Senators Rob Portman (R-OH) and Mark Warner (D-VA) led a letter urging Secretary of State Mike Pompeo to continue to prioritize American leadership in talks about international standards for artificial intelligence, and to build an international coalition to preserve the integrity of international standards setting bodies. The letter responds to efforts by China, and technology companies closely aligned with the Chinese Communist Party, to utilize international standards setting bodies, such as the International Telecommunications Union (ITU), to advance and legitimize artificial intelligence-based technologies, such as facial recognition technologies, that have been used to oppress Uyghur Muslims. The United States must ensure that American values remain a part of the international conversation about artificial intelligence and facial recognition.

“We are writing to share our concerns regarding efforts by China, and technology companies closely aligned with the Chinese Communist Party, to utilize international standards setting bodies, such as the International Telecommunications Union (ITU), to internationalize standards for advanced surveillance technology. The evidence from Xinjiang Province of how artificial intelligence-based technologies, such as facial recognition technologies, are used to oppress Uyghur Muslims makes clear that standards setting bodies should not be used to advance or legitimize such practices. We urge you to continue to prioritize American leadership on this issue, and build an international coalition to preserve international standards setting bodies as technical economic fora,” wrote the senators.

Portman and Warner were joined in sending the letter by Senators Tom Cotton (R-AR), Richard Blumenthal (D-CT), Cory Gardner (D-CO), Chris Coons (D-DE), Steve Daines (R-MT), Chris Murphy (D-CT), Mike Braun (R-IN), Ed Markey (D-MA), John Cornyn (R-TX), Gary Peters (D-MI), Josh Hawley (R-MO), Jeanne Shaheen (D-NH), Marco Rubio (R-FL), Brian Schatz (D-HI), and Jacky Rosen (D-NV).

The full text of the letter to Secretary Pompeo can be found below and here. 

Dear Secretary Pompeo,

 Thank you for your efforts to draw attention to, and address, the ever growing number of concerns about totalitarian activities by the People’s Republic of China. We are writing to share our concerns regarding efforts by China, and technology companies closely aligned with the Chinese Communist Party, to utilize international standards setting bodies, such as the International Telecommunications Union (ITU), to internationalize standards for advanced surveillance technology. The evidence from Xinjiang Province of how artificial intelligence-based technologies, such as facial recognition technologies, are used to oppress Uyghur Muslims makes clear that standards setting bodies should not be used to advance or legitimize such practices. We urge you to continue to prioritize American leadership on this issue, and build an international coalition to preserve international standards setting bodies as technical economic fora.

International standards setting bodies are foundational to international trade and commerce. Without them, a litany of technical and logistical barriers to trade erected by different countries – with divergence on things as wide-ranging as food labeling, construction materials, and wireless communications standards – would balkanize our global economy. Thanks to American industry’s leadership, the United States has consistently set the bar for international standards setting. We believe it is vital for our economy, and foreign policy, to maintain that leadership.

Unfortunately, China has indicated a willingness to use standard setting bodies in perverse ways to normalize global opinions about Orwellian surveillance technology. By shaping the debate about the legitimate uses of artificial intelligence and facial recognition, China can expand opportunities for countries, particularly those in the developing world, to utilize Chinese surveillance technology. According to the Carnegie Endowment for International Peace, Chinese companies have supplied AI-based surveillance systems to 63 countries, including 36 of which are part of China’s Belt and Road Initiative. 

With respect to the Uyghurs, China is using technology in ways never seen before. China use facial recognition to profile Uyghur individuals, classify them on the basis of their ethnicity, and single them out for tracking, mistreatment, and detention. The machine learning techniques used in Xinjiang Province, and throughout China, which are designed specifically, and intentionally, to classify people on the basis of physical traits harken back to troubling practices related to phrenology and eugenics. And these technologies are deployed in service of a dystopian vision for technology governance, that harnesses the economic benefits of the internet in the absence of political freedom and sees technology companies as instruments of state power.

As you know, China is currently working to use standards setting bodies to gain the imprimatur of international legitimacy and support across a range of emerging technologies. China’s censorship and surveillance technologies are the envy of autocratic regimes around the world, with China exporting both its technology and its technology governance vision to countries such as Venezuela, Ethiopia, Pakistan, Rwanda, Mongolia, and Zimbabwe. China’s efforts to steer standards setting bodies towards work in service of this anti-democratic vision for technology undermines the apolitical purposes standard setting bodies serve.

At the same time, we have seen our position as a global leader on technology issues weakened by a retreat of the United States from the global stage. The United States and its allies must build international support for rules and standards that address the internet’s potential for censorship and repression, presenting alternatives that explicitly embrace a free and open internet. To that end, we urge you to work closely with other countries to ensure China cannot use the ITU to advance its techno-nationalist agenda.

Some argue that China has an inherent advantage over the United States with respect to artificial intelligence because of China’s lax privacy standards and lack of respect for human rights—we disagree. We believe privacy and human rights protections are features, not bugs, of our democracy and our culture of innovation; they make America stronger, and more likely to win any “artificial intelligence race” going forward. Ultimately, technology is shaped by the norms of its development. Thank you for your consideration of our views on the intersection of human rights and artificial intelligence in China, and we look forward to working with you to ensure that the American values remain part of the international conversation about artificial intelligence and facial recognition.

Sincerely,

WASHINGTON – Today, U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence, sent a letter to the Acting Director of National Intelligence (DNI) and the Director of the Office of Personnel Management (OPM) urging them to issue clear guidance that ensures the security clearances of intelligence community personnel and contractors will not be jeopardized due to the financial impact of the coronavirus outbreak.

“I write to ask you to issue guidance directing agencies to exercise appropriate leniency in considering how the coronavirus (COVID-19) may be negatively impacting adjudications for a security clearance or determination of trust,” wrote Sen. Warner.

A key element of the background investigation that supports a security clearance or a determination of trustworthiness is an individual’s financial stability. In his letter, Sen. Warner raised concerns that COVID-19’s impact could not only lead to financial duress for employees with security clearances, but that this financial duress could lead to delays in renewing security clearances. It could even result in personnel losing their positions in the event that they must heed the advice of health professionals and subsequently lose out on a paycheck in order to self-quarantine. The problem is particularly true for younger workers who lack a long credit history.

“While I understand that departments and agencies may already have certain discretion to consider broader contextual factors that may affect personnel vetting decisions, I ask you to issue clear and public guidance that departments and agencies may in no way penalize employees’ clearances or determinations of trustworthiness due to circumstances associated with coping with COVID-19. This guidance should apply to any information used in an initial clearance, a periodic reinvestigation, or a continuous evaluation program,” continued Sen. Warner.

Earlier this week, the Intelligence and National Security Alliance (INSA) issued a statement that supports Sen. Warner’s recommendation for the DNI Acting Director to mitigate the impact of the coronavirus by issuing guidance that acknowledges that “financial difficulties incurred as a result of a work stoppage should not be treated as derogatory factors affecting workers’ security clearances.”

A copy of the letter is found here and below. A list of Sen. Warner’s work on coronavirus is available here.

The Honorable Dale Cabaniss

Director, Office of Personnel Management

1900 E Street, NW

Washington, D.C.  20415

Ambassador Richard Grenell

Acting Director of National Intelligence

Washington, D.C.  20511

Dear Director Cabaniss and Acting Director Grenell:

I write to ask you to issue guidance directing agencies to ensure that the coronavirus (COVID-19) does not negatively impact adjudications for government or contractor employees’ security clearances or determinations of trust.

COVID-19 may have many effects on our workforce, to include financial difficulty and psychological stress.  Efforts to prevent the spread of COVID-19 may require government and contractor personnel to self-quarantine or tend to family members, which in may cause them miss payments on things like rent, mortgage, credit cards, or other forms of debt.  The impact may be particularly acute for hourly workers.  This could impact their credit scores and jeopardize their ability to secure or maintain a clearance or hold a position of trust.  The problem is particularly acute for younger workers who lack a long credit history.  Psychological strain can naturally accompany such circumstances, exacerbating the situation.

While I understand that departments and agencies may already have certain discretion to consider broader contextual factors that may affect personnel vetting decisions, I ask you to issue clear and public guidance to ensure that departments and agencies do not penalize employees’ clearances or determinations of trustworthiness due to circumstances associated with COVID-19.  This guidance should apply to any information used in an initial clearance, a periodic reinvestigation, or a continuous evaluation/vetting program.

Thank you for your prompt attention to this matter.

###

WASHINGTON- U.S. Senator John Cornyn (R-TX), Senate Select Committee on Intelligence Chairman Richard Burr (R-NC), and Vice Chairman Mark Warner (D-VA) issued the following statements after the Senate passed their legislation, the Secure 5G and Beyond Act, yesterday to require the President to develop a strategy to ensure the security of next-gen mobile telecommunications systems and infrastructure in the United States, as well as assist allies in maximizing the security of their systems, infrastructure, and software:

“As our telecommunications technology advances, we must have plans in place to keep it secure from foreign interference,” said Sen. Cornyn. “I’m grateful to my colleagues for recognizing the risks that come along with the rewards of 5G technology, and I urge the House to pass this legislation as soon as possible.”

“It’s imperative we not only understand the revolutionary value of next-gen communications, but also the security measures required to ensure the deployment of safe and secure 5G networks,” said Sen. Burr. “I’m proud to work with my colleagues on this important legislation, which will bring together a variety of industry experts, further protect Americans’ privacy rights, and better equip our nation with a comprehensive strategy as we continue to be a global leader in technology.”

“5G promises to usher in a new wave of innovations, products, and services. At the same time, the greater complexity, density, and speed of 5G networks relative to traditional communications networks will make securing these networks harder and more complex. It’s why we need a coherent, national strategy to harness the advantages of 5G in a way that addresses those risks,” said Sen. Warner.

Background on the Secure 5G and Beyond Act:

• Requires the President to create an inter-agency strategy to secure 5th generation and future generation technology and infrastructure in the United States and with our strategic allies.
• Designates NTIA to coordinate implementation of the plan in coordination with: the Chairman of the FCC, the Secretary of Homeland Security, the Director of National Intelligence, the Attorney General, Secretary of State and the Secretary of Defense.
• Ensures that the strategy and implementation plan do not include a recommendation to nationalize 5th generation deployment or future generations of mobile telecommunications infrastructure in the United States.

Senator John Cornyn, a Republican from Texas, is a member of the Senate Finance, Intelligence, and Judiciary Committees.

###

Washington, D.C. — U.S. Senators Susan Collins (R-ME) and Mark Warner (D-VA) sent a letter to President Donald Trump urging him to reverse his decision that would negatively impact the collective bargaining rights of Department of Defense (DOD) employees.  The letter was also signed by Senators Ben Cardin (D-MD), Tim Kaine (D-VA), Chris Van Hollen (D-MD), and Gary Peters (D-MI).

“More than 700,000 Americans work civilian jobs for the Department of Defense.  They are dedicated to the Department’s mission and a part of the Department’s successes,” the Senators wrote.  “This new memorandum provides the Secretary of Defense and other department officials with the blanket authority to waive the collective bargaining rights of all of these employees when, in fact, labor organizations and collective bargaining in the civil service are in the public interest.”

“A fair collective bargaining process is a cornerstone of American labor law and a right afforded to employees within the federal government.  Any exemptions permitted by the process are not meant to be given widely to an entire Department as a sweeping declaration, but to be carefully considered,” the Senator continued.  “The Department of Defense has a history of working with labor unions that represent the interests of employees…We urge you to reconsider this new memorandum and work to protect the collective bargaining rights of federal employees, including those at the Department of Defense.” 

On January 29, 2020, President Trump issued a memorandum granting the Secretary of Defense the authority to exempt DOD agency employees from collective bargaining. 

Since enactment of the Civil Service Reform Act of 1978, no president has found it necessary to issue a blanket exemption of all DOD employees from collective bargaining.

Click HERE to read the letter.

###

WASHINGTON – Today, U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence and co-chair of the bipartisan Senate Cybersecurity Caucus, stressed the importance of vulnerability disclosure programs, such as the one at the Department of Defense (DoD) that recently allowed a researcher to report malware that was actively exploiting a security misconfiguration on a DoD server. In a letter to the DoD’s Chief Information Officer, Sen. Warner highlighted his Internet of Things (IoT) Cybersecurity Improvement Act, noting that the piece of legislation would help advance similar coordinated vulnerability programs and work in conjunction with the procedures in place at DoD.

The bipartisan, bicameral legislation, which successfully passed through the Senate Homeland Security and Governmental Affairs Committee in June, would improve the cybersecurity of Internet-connected devices and require that devices purchased by the U.S. government meet certain minimum security requirements.

“This incident demonstrates the inherent value of vulnerability disclosure programs for information technology products operated by federal agencies,” wrote Sen. Warner. “These programs are a crucial force multiplier for federal cybersecurity efforts. Clear guidelines and a process for security researchers to find and share vulnerabilities enabled this malware discovery, and ultimately prompt remedial action by DoD. Continuing to encourage the responsible discovery and disclosure of bugs or vulnerabilities on federal information technology systems with both internal and outside security researchers can only strengthen the cybersecurity posture of federal and DoD systems.”

According to ZDNet, a security researcher searching for bots discovered that a DoD automation server running on an Amazon Web Services (AWS) cloud-computing platform was publicly accessible and did not require login credentials. Later on, the researcher discovered that the server had been compromised and was being used to mine cryptocurrency by a botnet.

In his letter, the Senator also emphasized the need to utilize proper cybersecurity measures and monitoring, including on commercial cloud-computing platforms and open source software, such as the server involved in the DoD incident.  

“I am hopeful that DoD will take the lessons from this incident seriously and reassess current processes as necessary. It is crucial to ensure that future incidents involving open vulnerabilities and improper access configurations that permit malware installation on federal information technology systems cannot reoccur, including on systems hosted by commercial cloud service providers,” he continued. “I also hope to continue to work with you on passing my legislation and continuing to push for strong, thoughtful, cybersecurity policies.”

A copy of the letter can be found here and below.

Dana Deasy

Chief Information Officer

U.S. Department of Defense

1300 Defense Pentagon

Washington, DC 20301-1300

Dear Mr. Deasy:

I write about some recently reported cybersecurity issues at DoD.  In particular, I read about malware actively exploiting a security misconfiguration that was recently discovered on a Department of Defense (DoD) web server. From the current analysis and reporting of the incident, the malware was part of a botnet that apparently mined cryptocurrency using DoD resources and IT systems and raises broader cybersecurity concerns.

According to news reports, a security researcher first found the vulnerability on a DoD-managed cloud computing system exposed to the internet. The researcher then discovered that malware associated with mining Monero cryptocurrency was installed and operating on the same server. In January, once the security certificate identified the web server as an official DoD resource, the researcher reported the vulnerability and subsequent malware discovery under DoD’s official vulnerability disclosure program. 

This incident demonstrates the inherent value of vulnerability disclosure programs for information technology products operated by federal agencies. These programs are a crucial force multiplier for federal cybersecurity efforts. Clear guidelines and a process for security researchers to find and share vulnerabilities enabled this malware discovery, and ultimately prompt remedial action by DoD. Continuing to encourage the responsible discovery and disclosure of bugs or vulnerabilities on federal information technology systems with both internal and outside security researchers can only strengthen the cybersecurity posture of federal and DoD systems.

There is pending bipartisan, bicameral legislation that I have introduced which would ensure that vendors of key information technology products, such as Internet of Things devices, maintain coordinated vulnerability programs.  This bill would serve as a complement to the procedures DoD already employs.

While the use of commercial cloud computing can be a cost effective method to deploy and manage information technology and services, the use of a cloud itself does not ensure cybersecurity. Rigorous cybersecurity defensive measures and monitoring remain crucial for systems, even when DoD resources are deployed on commercial cloud computing platforms. While open source software, such as the automation server employed in this incident, may be beneficial, it is also essential to monitor all software for vulnerabilities and ensure they are promptly mitigated. Likewise, continuous use of software requires an effective continuous monitoring process for addressing newly discovered vulnerabilities in the software. And perhaps most importantly in the shared security model of commercial cloud computing, ensuring safe and secure configurations related to access is a key concern. 

I am hopeful that DoD will take the lessons from this incident seriously and reassess current processes as necessary. It is crucial to ensure that future incidents involving open vulnerabilities and improper access configurations that permit malware installation on federal information technology systems cannot reoccur, including on systems hosted by commercial cloud service providers. I also hope to continue to work with you on passing my legislation and continuing to push for strong, thoughtful, cybersecurity policies.

As always, I appreciate your service in this important role.

Sincerely,

###

WASHINGTON, D.C – Today, U.S. Senators Mark R. Warner and Tim Kaine, a member of the Senate Armed Services Committee, joined a bipartisan group of fifteen senators, led by Senator Richard Blumenthal (D-CT), in writing to Acting Secretary of the Navy Thomas Modly to express concern over proposed funding reductions for the Virginia Class submarine program, which could negatively impact both the United States’ undersea superiority and the submarine industrial base. Virginia Class submarines are constructed, in part, at Newport News Shipbuilding. The Navy’s Fiscal Year (FY) 2021 budget request signals that the Navy will not exercise the option for a tenth Block V submarine, which as the senators note in their letter, “directly contradicts the National Defense Strategy and inexplicably delays the Navy’s goal of reaching 66 fast-attack submarines by 2048.”

The Senators said, “This gap could contribute to supplier instability and workforce shortfalls at a time when the industrial base should be simultaneously executing Columbia Class construction.”

The bipartisan letter was also signed by U.S. Senators Chris Murphy (D-CT), Jeanne Shaheen (D-NH), Jack Reed (D-RI), Tammy Baldwin (D-WI), Sheldon Whitehouse (D-RI), Lindsey Graham (R-SC), Kyrsten Sinema (D-AZ), Maggie Hassan (D-NH), Bob Casey (D-PA), Marco Rubio (R-FL), Roger Wicker (R-MS), Mazie Hirono (D-HI), Sherrod Brown (D-OH) and Josh Hawley (R-MO).

In today’s letter, the Senators asked for additional information from the Navy to justify the proposed submarine fleet reduction, citing Assistant Secretary Geurts’ testimony before the Senate Armed Services Committee in March 2019, which warned: “Our biggest shortfall…is in attack submarines. And that situation will get worse before it gets better. And so we are looking for any opportunity to accelerate that.”

The full text of the Senators’ letter is available here and copied below.

February 13, 2020 

The Honorable Thomas B. Modly

Acting Secretary of the Navy

1000 Navy Pentagon

Washington, DC  20350

Dear Acting Secretary Modly:

We write to express our concern regarding the Fiscal Year (FY) 2021 budget request, which includes only $4.9 billion in full procurement funding for the Virginia Class program. With this proposal, the Navy signals that it will not exercise the option for a tenth Block V submarine–a decision that directly contradicts the National Defense Strategy and inexplicably delays the Navy’s goal of reaching 66 fast-attack submarines by 2048. We request that you include funding for a second Virginia Class submarine on the Navy’s unfunded requirements list, and we request an assessment of how this budget request, if enacted, would impact the delivery schedule for the Virginia and Columbia Class programs and the submarine industrial base. 

In March 2019, Assistant Secretary Geurts testified before the Senate Armed Services Committee: “Our biggest shortfall…is in attack submarines. And that situation will get worse before it gets better. And so we are looking for any opportunity to accelerate that.” This budget request exacerbates this shortfall by decreasing investment in the Virginia Class program. Fast attack submarines will help ensure our asymmetric advantage and undersea superiority during a potential conflict with near-peer adversaries, and investment in the Virginia Class program is an indicator of progress toward countering Russian and Chinese aggression. 

Given the importance of the Virginia Class program in achieving our strategic objectives, we request additional information on any new fleet design proposals–particularly any reductions in submarines–and whether fully funding only one Virginia Class submarine in FY 2021 would compromise submarine force readiness. Although we anticipate that the upcoming Force Structure Assessment might recommend augmenting submarines with smaller surface and subsurface vessels, we are alarmed by any fleet design proposals that would decrease the size of the submarine fleet. Such a decision would likely yield a loss in capability that does not justify any short-term cost savings, particularly as Russia and China continue significant investment in their respective submarine fleets.

In FY 2020, Congress signaled support for ten submarines in Block V by appropriating an additional $200 million in advanced procurement funding for a tenth Virginia Class submarine with the Virginia Payload Module. But if the Navy does not intend to pursue the option submarine in Block V, we request an assessment of how procurement funding for only one Virginia Class submarine in the FY 2021 budget will impact the delivery schedules for both the Virginia and Columbia Class programs. Congress intended for the Navy to continue the two-per-year delivery cadence for the Virginia Class program that began in 2011, and we are concerned by the potential precedent of deviating from this cadence. With only 9 submarines in Block V, there would be a construction gap between the end of Block V construction and the beginning of Block VI construction. This gap could contribute to supplier instability and workforce shortfalls at a time when the industrial base should be simultaneously executing Columbia Class construction. We seek information about the broader impact on the submarine industrial base–which consists of almost 5,000 suppliers across almost all 50 states–and whether this budget proposal will prevent cost savings or compromise construction efficiencies.

The Navy’s budget request projects uncertainty about the future of submarine construction and lacks clarity regarding the long-term budgetary and strategic impact of only funding one Virginia Class submarine in FY 2021. We look forward to receiving additional information, and working with you during this budget cycle to ensure robust funding for the Virginia Class program.

###

WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence, announced that he will vote in favor of the two articles of impeachment against President Trump.

In a speech on the floor of the U.S. Senate, Sen. Warner said in part, “The allegations against the President are grave. The House managers presented a compelling case based on the testimony of more than a dozen witnesses—Trump political appointees and career public servants who had the courage to speak truth to power. Their testimony, and the House managers’ case, present a clear fact pattern that even many of my Republican colleagues acknowledge is true. This evidence reflects a corrupt scheme to solicit foreign interference in support of the President’s re-election.”

Warner continued, “I will vote to convict the President because I swore an oath to do impartial justice and the evidence proves the charges against him are true. There must be consequences for abusing the power of the Presidency to solicit foreign interference in our election. If the Senate fails to hold him accountable we will be setting a dangerous precedent. We will be giving the green light to foreign adversaries and future presidents that this is okay. I will vote to convict the President because it is the Senate's constitutional responsibility to uphold this bedrock American principle: that no one is above the law, not even the President, and especially not the President.”

The full text of Sen. Warner’s remarks as prepared for delivery follows:

Madam President: I want to begin my remarks the way we began this trial: with the oath we each took to do impartial justice. Now, any other day we walk into this chamber as Republicans and Democrats. But in this trial, we have a much greater responsibility.

The allegations against the President are grave. The House managers presented a compelling case based on the testimony of more than a dozen witnesses—Trump political appointees and career public servants who had the courage to speak truth to power. Their testimony, and the House managers’ case, present a clear fact pattern that even many of my Republican colleagues acknowledge is true. This evidence reflects a corrupt scheme to solicit foreign interference in support of the President’s re-election. The President both unlawfully withheld aid to an ally at war with Russia and he withheld a White House meeting that would have strengthened our relationship with the democratically elected leader of Ukraine—a leader that was trying to prevent further Russian occupation of his country. The President used these powerful tools of American foreign policy as leverage to secure investigations into a political opponent as well as the “Crowdstrike” conspiracy theory— the notion that has been repeatedly debunked by our intelligence agencies that it was Ukraine, not Russia, that attacked our democracy in 2016.

Since this information came to light, the President has attempted to confound the House of Representatives’ constitutional role in the impeachment process. The White House issued a blanket refusal to provide any witnesses or documents, without any historical precedent or sound legal argument to support this position. For this reason, President Trump is also charged with obstruction of Congress.

Frankly, I understand some of the points the President’s defense team has raised concerning this second article of impeachment. There are legitimate questions to consider about executive privilege and separation of powers. But we cannot accept the “absolute immunity” argument this White House has invented. This absolute stance and the evidence we’ve seen about the President’s corrupt actions and intentions do not reflect a principled, good-faith defense of executive privilege. Rather it suggests an effort to deny Congress its Constitutional authority to investigate Presidential wrongdoing and, ultimately, to prevent exposure of the President’s conduct.

In reviewing this evidence, I have stuck to my oath of impartiality. I have tried to keep an open mind about what witnesses like John Bolton and Mick Mulvaney—people who were in the room with the President—could tell us. If anyone can provide new information that further explains the President’s actions, it is them. But I don’t see how the White House’s desperate efforts to block witnesses is anything but an admission that what they'd say under oath would not be good for this President. And I am deeply disappointed that the Senate could not achieve the majority necessary for a full, fair trial.

The defense of the President that we are left with is thin, legalistic, and frankly cynical. Instead of disputing the core facts, which are damning on their own terms, the President’s lawyers have resorted to remarkable legal gymnastics: The notion that even if the President did what he’s accused of, abuse of power is not impeachable. That foreign election interference is not a crime. That even calling witnesses to seek the truth about the President’s actions and motivations might somehow endanger the republic.

When Professor Dershowitz made his bizarre argument that abusing Presidential power to aid your reelection cannot be impeachable if you believe your own election to be in the national interest, I paid close attention—closer attention than I probably paid when I took his class back in 1977. But you don’t need a Harvard Law degree to understand what nonsense that argument is and where it could take us if followed to its logical conclusion. The framers wrote impeachment into the Constitution precisely because they were worried about the abuse of Presidential power. And if an abuse of power is what the framers had in mind when they crafted impeachment, then the two questions remaining in our deliberations are simple: did President Trump abuse his power and should he be removed from office?

The House managers have presented a compelling case that the President did pressure Ukraine to announce politically motivated investigations. A number of my Republican colleagues have acknowledged these facts acknowledged that what the President did was wrong. And frankly, it is clear why he did it. Does anyone here honestly believe Donald Trump wanted an investigation into the Bidens for any other reason than to damage Joe Biden politically and therefore aid in his own reelection? Time and again, the President has shown a willingness to attack anyone who stands in his way—Republicans, Democrats, members of his staff, members of this body. No one is off-limits. There is nothing out of character about this President using every available tool to damage an opponent regardless of their political party. I don’t fault the President for his unorthodox style. That is not an impeachable offense. The long list of things I disagree about with this President are not impeachable offenses, either. But the Constitution draws a line that is much clearer than the President’s lawyers have tried to argue.

The President crossed it. He abused his power. He commandeered America’s foreign policy not to advance America’s interests but to advance Donald Trump’s political interests. And despite his efforts to cover it up, he got caught. Now each one of us must vote: guilty or not guilty.

I will vote to convict the President because I swore an oath to do impartial justice and the evidence proves the charges against him are true. There must be consequences for abusing the power of the Presidency to solicit foreign interference in our election. If the Senate fails to hold him accountable we will be setting a dangerous precedent. We will be giving the green light to foreign adversaries and future presidents that this is okay. I will vote to convict the President because it is the Senate's constitutional responsibility to uphold this bedrock American principle: that no one is above the law, not even the President, and especially not the President.

### 

WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence and co-chair of the Senate Cybersecurity Caucus, issued the following statement after the United Kingdom announced its decision to allow Chinese equipment provider Huawei to help build its 5G wireless network:

"I am disappointed by the UK’s decision today, especially since the security risks are so well understood. But under current circumstances, I remain committed to working with the UK and other key allies to build more diverse and secure telecommunication options that provide competitive alternatives to Huawei.  I have introduced legislation that seeks to accomplish that, including a Multilateral Telecommunications Security Fund, and hope the UK will commit to partnering on this effort in the coming months. It is critical that countries committed to building and maintaining secure networks come together. Current financial support by China for Huawei puts any Western alternative at a serious disadvantage.”

Sen. Warner, a former telecommunications entrepreneur, has been outspoken about the dangers of allowing the use of Huawei equipment in U.S. telecommunications infrastructure, and that of U.S. allies. Earlier this month, Sen. Warner and a bipartisan group of leading national security Senators introduced legislation to encourage and support U.S. innovation in the race for 5G, providing over $1 billion to invest in Western-based alternatives to Chinese equipment providers Huawei and ZTE. Last year, he and Sen. Marco Rubio (R-FL) warned the Trump Administration against using Huawei as a bargaining chip in trade negotiations, and urged Canadian Prime Minister Justin Trudeau to reconsider Huawei’s inclusion in Canada’s 5G development, introduction and maintenance.

###

WASHINGTON – Today, U.S. Sen. Mark R. Warner (D-VA), co-chair of the bipartisan Senate Cybersecurity Caucus, urged the Defense Health Agency to remove sensitive medical data belonging to servicemembers exposed online, where it remains vulnerable due to insecure data practices at Ft. Belvoir Medical Center, Ireland Army Health Clinic, and the Womack Army Medical Center.

“As a matter of national security, the sensitive medical information of our men and women of the armed services is particularly vulnerable and should be, at a minimum, protected by robust security controls and routine scans,” wrote Sen. Warner. “The exposure of this information is an outrageous violation of privacy and represents a grave national security vulnerability that could be exploited by state actors or others.”

He continued, “We owe an enormous debt to our armed forces, and at the very least, we ought to ensure that their private medical information is protected from being viewed by anyone without their express consent. Whenever data moves from one entity to another it should be protected by encryption, proper hashing, segmentation, identity and access controls, and vulnerability management capabilities that include diligent monitoring, auditing, and logging practices.”

In September 2019, Sen. Warner sought answers from TridentUSA Health Services regarding reports that many unsecured picture archiving and communication servers (PACS) left the names, dates of birth, medical images, and medical procedures of more than one million Americans accessible to anyone with basic computer expertise. Following that letter, the images were removed but millions of records were left online. Nearly two months later, Sen. Warner called out the U.S. Department of Health and Human Services (HHS) for its failure to act following the exposure.

Since the letter to HHS, 16 systems, 31 million images and 1.5 million exam records have been removed from the internet. However, a significant number of personally identifiable and sensitive medical information belonging to servicemembers remains online, due to unsecured Army PACS.

In his letter to the Assistant Secretary, Sen. Warner asked the agency to remediate the situation immediately and posed the following questions for Assistant Secretary Thomas McCaffery:

1. Please describe the information security management practices at military medical hospitals. Do you require organizations to operate on a segmented network? To implement micro-segmentation? To implement access controls? If so, what kind? Do you require the hospitals to implement multifactor authentication, logging, and monitoring?
2. Do you audit and monitor logs? 
3. Do you require full-disk encryption and authentication for PACS?
4. Do you require the hospitals to have a Chief Information Security Officer?
5. Please describe what steps you took to address this issue, and when you were able to remove these systems from the internet.  

A copy of the letter can be found here and below.

Mr. Thomas McCaffery

Assistant Secretary of Defense for Health Affairs

Defense Health Agency

7700 Arlington Boulevard

Falls Church, VA 22042

Dear Mr. McCaffery,

As the healthcare sector becomes increasingly reliant on technology to deliver essential services to patients, it also faces rising threats from malicious actors that seek to compromise the personally identifiable and other sensitive information of Americans. As a matter of national security, the sensitive medical information of our men and women of the armed services is particularly vulnerable and should be, at a minimum, protected by robust security controls and routine scans. It is with great alarm that I recently learned that unsecured Picture and Archiving Servers (PACS) at Ft. Belvoir Medical Center, Ireland Army Health Clinic, and the Womack Army Medical Center have left personally identifiable and sensitive medical information available online for anyone with a DICOM viewer to find.

Following a report  in September of 2019 highlighting the exposure of sensitive medical images belonging to millions of American through unsecured PACS, I wrote letters  to two healthcare entities that controlled the PACS, and those images were removed. However, millions of records remained online. The following month, I wrote  to the Department of Health and Human Services (HHS) Office of Civil Rights (OCR) regarding the remaining exposure of the personally identifiable information belonging to 6 million American patients. Since that letter, 16 systems, 31 million images and 1.5 million exam records were removed from the internet. However, I recently learned that a significant number of medical records belonging to servicemembers remain online. This information was discovered by the German researchers at Greenbone Networks, who accessed the information using German IP addresses; this itself should have triggered alarms by the hospital information security systems.

The exposure of this information is an outrageous violation of privacy and represents a grave national security vulnerability that could be exploited by state actors or others. We owe an enormous debt to our armed forces, and at the very least, we ought to ensure that their private medical information is protected from being viewed by anyone without their express consent. Whenever data moves from one entity to another it should be protected by encryption, proper hashing, segmentation, identity and access controls, and vulnerability management capabilities that include diligent monitoring, auditing, and logging practices. To better understand how this happened, I would like information about your organization’s oversight of the information security practices at military hospitals, particularly at Ft. Belvoir Medical Center and Womack Army Medical Center.

I ask that you immediately remediate this situation, and remove the vulnerable PACS from open access to the internet. To understand how these records have been exposed and accessed repeatedly by a German IP address, please also answer the following questions:

1. Please describe the information security management practices at military medical hospitals. Do you require organizations to operate on a segmented network? To implement micro-segmentation? To implement access controls? If so, what kind? Do you require the hospitals to implement multifactor authentication, logging, and monitoring?
2. Do you audit and monitor logs? 
3. Do you require full-disk encryption and authentication for PACS?
4. Do you require the hospitals to have a Chief Information Security Officer?
5. Please describe what steps you took to address this issue, and when you were able to remove these systems from the internet.

Given the gravity of this issue, I would appreciate a response within two weeks.

Sincerely,

###