WASHINGTON – Science, Space, and Technology Committee Chairman Lamar Smith (R-Texas) and Space Subcommittee Chairman Brian Babin (R-Texas) yesterday sent letters to four senior officials following up on requests for information about the current U.S. policy governing the export of U.S. commercial satellites for launch on Indian launch vehicles.
On July 6 Chairmen Smith and Babin wrote Director of Office of Science and Technology Policy John Holdren, Secretary of State John Kerry, United States Trade Representative Michael Froman, and U.S. Department of Commerce Secretary Penny Pritzker, seeking this information.
Yesterday’s letters reiterate requests for a briefing and documentation on the current U.S. policy. The letters can be found here. Read More
WASHINGTON – U.S. House Science, Space, and Technology Committee Chairman Lamar Smith (R-Texas) and Oversight Subcommittee Chairman Barry Loudermilk (R-Ga.) today sent a letter to Federal Deposit Insurance Corporation (FDIC) Chairman Martin Gruenberg, requesting an explanation of actions Chairman Gruenberg will immediately take to fulfill his commitment to report incidents in a timely manner to the committee. Today’s request follows a notification from Chairman Gruenberg about an additional breach, involving the compromise of over 400 FDIC employees’ documents, including 27 Office of Inspector General (OIG) field agents, due to improper permissions set for the agency’s “Search+” tool. All FDIC employees and contractors were able to view these individuals’ materials, including Suspicious Activity Reports, Grand Jury materials, ongoing OIG investigative materials, and OIG deliberative materials. The FDIC learned about this breach as early as Aug. 9, but did not notify Congress of the breach for over two months.
“This recent incident, coupled with the agency’s slow-moving response, raises significant concerns about confusion at the FDIC on how to manage cybersecurity incidents, as well as a lack of leadership within the agency on cybersecurity issues,” today’s letter states.
The committee is concerned that the FDIC’s Data Breach Management Team (DBMT) chose not to classify this incident as major, therefore not triggering a formal notification to Congress. It appears that the FDIC never intended to inform Congress of the incident, which is not the first time the FDIC has decided to conceal a breach from Congress or has failed to report a breach to Congress in a timely manner.
“The FDIC’s lackluster response to cybersecurity incidents, evidenced by its response thus far to the “Search+” breach, raises significant questions about the FDIC’s cybersecurity posture as a whole under your leadership, as well as your testimony before the Committee during its July 14, 2016, hearing,” the letter continues.
The committee expects Chairman Gruenberg to follow through on his commitments made under oath to the committee to enact substantive changes to the cybersecurity culture at the FDIC to ensure incidents are reported timely to Congress.
Today’s letter can be found here.
On August 30, the committee sent a letter, along with the House Financial Services Oversight Subcommittee, on an advanced persistent threat at the FDIC, dating back to 2010.
On July 14 the committee held a hearing titled “Evaluating FDIC’s Response to Major Data Breaches: Is the FDIC Safeguarding Consumers’ Banking Information?” At the hearing Chairman Gruenberg testified that the FDIC is incorporating policies and procedures to ensure that any incidents are reported in a timely manner.
On July 13, the committee released an interim report on FDIC cybersecurity.
On May 24, Chairmen Smith and Loudermilk sent a letter to FDIC requesting transcribed interviews of nine FDIC employees following the FDIC’s discreditable performance at an Oversight Subcommittee May 12 hearing, along with their obstruction and concealment of facts and documents.
On May 19, Chairmen Smith and Loudermilk sent a letter to the FDIC outlining numerous inconsistencies in CIO Larry Gross’s testimony at the May 12 hearing.
On May 10, allegations of the FDIC withholding documents led Chairman Smith to write a letter to the IG requesting all documents not produced.
On April 20, Chairman Smith wrote the FIDC requesting information related to unreported breaches.
On April 8, Chairman Smith sent a letter to FDIC Chairman Martin Gruenberg requesting documents, information, and a briefing from the agency after noticing anomalies in FDIC’s annual FISMA report.
The letter to U.S. Department of Commerce Secretary Penny Pritzker can be found HERE.
The letter to Office of Science and Technology Policy Director John Holdren can be found HERE.
The letter to Secretary of State John Kerry can be found HERE.
The letter to United States Trade Representative Michael Froman can be found HERE.
WASHINGTON - U.S. Rep. Lamar Smith (R-Texas), chairman of the U.S. House Science, Space, and Technology Committee, today announced plans to hold the company that set up and maintained former Secretary Clinton’s private server, Platte River Networks, in contempt of Congress.
“Platte River Networks has unfortunately chosen to intentionally obstruct and delay my Committee’s investigation,” said Smith. “I’ve determined that Platte River Networks is in contempt of Congress and I plan to seek a Committee vote as required by the rules of the U.S. House of Representatives. At the direction of former Secretary Clinton, Platte River Networks has continuously refused to provide any information. The American people have a right to know, what, if any, steps former Secretary Clinton took to secure her communications with the president and others in government. She and others are entrusted to protect our nation’s secrets and not jeopardize national security. My Committee wants the truth, Americans deserve the truth, and the Constitution requires that we seek the truth.”
At today’s press conference, Rep. Smith reiterated the need to obtain materials in Platte River’s possession and outlined the obstruction the Committee has faced from Platte River in obtaining their documents and communications pertaining to the security of the private server:
To date, the Committee has not received any documents or materials from Platte River Networks responsive to Chairman Smith’s request despite issuing a subpoena after exhaustive efforts to accommodate Platte River.
The two other companies involved in backing up and securing the Clinton server provided documents containing communications in Platte River’s possession that are clearly responsive to the Committee’s subpoena.
The Clintons are quarterbacking Platte River’s response to the Committee’s subpoena, dictating whether the company can produce materials that are under subpoena.
The Clintons’ role in actively obstructing the Committee’s investigation shows just how far they will go to shield information about the security of Secretary Clinton’s unique and unprecedented server arrangement from coming to light.
The Committee will continue to work to get to the truth of what steps, if any, former Secretary Clinton took to protect our nation’s most precious secrets.
Today’s press conference can be viewed here.
Smith issued subpoenas to the three companies who maintain former Secretary Clinton’s private server with the support of U.S. Sen. Ron Johnson (R-Wis.), chairman of the U.S. Senate Homeland Security and Governmental Affairs Committee, after the companies failed to comply with the Science Committee’s voluntary request for documents and interviews. Smith is seeking information critical to understanding Secretary Clinton’s private server and informing policy changes in how to prevent similar email arrangements in the future.
Smith’s subpoenas built on July 12 bicameral efforts to request information and earlier investigations initiated separately by Chairman Smith and Chairman Johnson.
The Science Committee has jurisdiction over the National Institute of Standards and Technology, which sets standards pursuant to the Federal Information Security Modernization Act of 2014 (FISMA). The materials subpoenaed by the Science Committee center exactly around the Committee’s jurisdiction over cybersecurity standards in FISMA. Read More
WASHINGTON - U.S. House Science, Space, and Technology Committee Chairman Lamar Smith (R-Texas) and Energy Subcommittee Chairman Randy Weber (R-Texas) today sent a letter to Federal Bureau of Investigation (FBI) Director James Comey and U.S. Department of Energy (DOE) Acting Inspector General Rickey Haas requesting all documents and communication referring to a leak of classified information identified by committee staff.
On June 21 Chairmen Smith and Weber wrote the FBI to request an investigation of what appears to be a leak of classified information, which may have been made as part of an effort to garner support for the Obama administration’s nuclear agreement with Iran, the Joint Comprehensive Plan of Action. The chairmen also wrote the DOE Office of Inspector General to determine if the Department had undertaken an internal review of the incident. Based on information provided by each agency, it appears that each involved agency is placing the responsibility for pursuing this leak of classified information elsewhere.
“While both involved agencies claim that these protocols were followed, it is also clear that no investigation into a leak of classified information is taking place. Several statutes provide both criminal and civil penalties for unauthorized disclosure of classified information. Since these statutes would most certainly be applicable given the facts in this case, it is disturbing that no investigation has been undertaken by the appropriate federal agencies. This is even more concerning given the fact that this leak appears to be politically motivated, and may have been part of a coordinated effort by the Obama Administration to garner support for the Joint Comprehensive Plan of Action prior to its adoption,” today’s letter states.
The committee seeks to ensure that an appropriate investigation is undertaken to determine the motivation and source of this leak of classified information, and to stop further dissemination of classified information.
Today’s letter to FBI Director Comey can be found here.
Today’s letter to DOE Acting Inspector General Rickey Haas can be found here. Read More
WASHINGTON – House Committee on Science, Space, and Technology Chairman Lamar Smith (R-Texas) issued the following statement in response to the Environmental Protection Agency’s (EPA) announcement that the Scientific Advisory Panel’s upcoming meeting on the chemical glyphosate has been further delayed.
Chairman Lamar Smith (R-Texas): “It is inexcusable that EPA continues to delay its review of glyphosate. Today’s announcement that the Scientific Advisory Panel will not meet next week as scheduled means that a final recommendation will not be made until 2017. The Science Committee is already aware that at least one of the members of the previously announced panel has close ties to the questionable research conducted by IARC, which has been criticized by EPA’s own Cancer Assessment Review Committee. The unwillingness of the agency to move forward with this important analysis may be an attempt to pack the panel with individuals who have a pre-determined agenda or bias not based on sound science.”
On June 7, Chairman Smith sent a letter to the EPA Administrator Gina McCarthy requesting transcribed interviews with four EPA employees to better understand the process the EPA used to evaluate the chemical glyphosate.
In April, the EPA posted what appeared to be the final risk assessment for glyphosate prepared by the Cancer Assessment Review Committee (CARC). EPA subsequently removed the report from its website stating it was posted “inadvertently.” The report was clearly marked as “Final Report” and signed by the thirteen members of CARC. The CARC report found that glyphosate was not likely to be carcinogenic. Read More
By Rep. Lamar Smith, R-Texas
Foreign governments that sponsor cyberattacks intended to damage our national security and disrupt our upcoming elections pose very real, very serious threats. It’s long past time for the Obama administration to take decisive steps to defend our country against these attacks.
Under our Constitution, the individual states have authority over voting and elections. The House Science, Space, and Technology Committee, which I chair, held a hearing last month about cybersecurity threats to our voting and election system. Our witnesses described how state officials are working to defend against cyberattacks and attempted hacks of our election system.
State election officials can and do rely on federal law enforcement and cybersecurity resources. But the Obama administration stubbornly refuses to take action that could deter attacks such as holding specific foreign governments accountable for their continuing attempts to disrupt our elections.
Cyberattacks and hacks of U.S. government and corporate data by China and Russia and other adversary nations are a growing problem. Matters have gone from bad to worse, but the White House still refuses to confront the responsible foreign governments.
Last year, hackers from China infiltrated the Office of Personnel Management’s main database and stole confidential records and personal information of more than 22 million current and former federal employees, including those involved in our national security effort with the highest security clearances. U.S. national security agencies linked the Chinese Ministry of State Security to the OPM breaches. The OPM hack was an outrageous act of espionage that will harm our national security and the lives of millions of citizens and affected individuals for years to come.
China isn’t the only perpetrator. According to U.S. law enforcement and national security agencies, the Russian intelligence service hacked and then released tens of thousands of emails from the Democratic National Committee. This unprecedented criminal act could have been for no other purpose than to disrupt U.S. politics during an election year.
To punctuate Russia’s hostile intentions, recent news of cyberattacks on voter registration databases in Illinois and Arizona have also been tracked to Russia’s doorstep. Although neither attack seems to have damaged the states’ voter registration lists, it’s obvious that Russia has ambitions not just to exert influence but to subvert our election system.
Despite these repeated, foreign-sponsored cyberattacks, the Obama administration has done little more than wring its hands and issue diplomatic protests. The president and his closest political advisers are said to be worried about provoking a new Cold War in cyberspace. But if we are attacked repeatedly and do nothing, we will have surrendered unilaterally and put at risk our national security and our very freedoms.
The president boasts that the U.S. is more technologically advanced, both offensively and defensively, in cyber-capabilities than our adversaries. So why won’t he take the necessary steps to deter cyberattacks on our elections system by foreign governments?
State and local officials are doing everything they can to defend our election system against foreign threats. But their efforts are undermined by the Obama administration’s refusal to take effective action in the face of an obvious threat from other nations. Even worse, because there are apparently no consequences for their repeated cyberattacks, unfriendly foreign governments will be encouraged to increase their attacks.
When Americans vote, we not only elect our leaders, we choose a direction and set priorities for our nation. Voting is the very essence of what President Abraham Lincoln meant when he spoke of a government “by the people.”
Elections with integrity strengthen democracy. They confer legitimacy and boost public trust in government. If Americans doubt the legitimacy of our elections, our democracy will be weakened. That will be the lasting Obama legacy unless his administration takes decisive steps to defend our country against those who are trying to undermine our economy, our government, and our vital democratic institutions.
Rep. Lamar Smith, R-Texas, is the chairman of the House Science, Space, and Technology Committee. He also serves on the Judiciary Committee and the Homeland Security Committee. Read More
Newly released emails sent by employees at a technology company that was hired to protect Hillary Clinton's private email traffic suggest those employees knew the records they were about to handle would be sensitive or classified.
SECNAP Network Security Corp. was hired by Clinton's team in mid-2013 to provide cybersecurity to the server managed by another company, Platte River Networks. Both companies, as well as a third that provided back-up storage called Datto, Inc., have denied knowing the sensitivity of the records they handled and, ultimately, deleted.
But emails obtained by the House Science, Space & Technology Committee and shared with the Washington Examiner show SECNAP sought "background checks" and security "credentials" in June 2013 for the employees that would work on Clinton's email network.
SECNAP was also asked to "limit" the number of employees who could monitor the Clintons' email traffic. Infograte, a consulting outfit hired briefly by the Clintons to find technology firms that could manage the "clintonemail.com" network after Clinton left the State Department, said only "two folks" should be allowed to alter the settings of the system, and told SECNAP that most of its employees "would not know their name[s]."
The "two folks" were a pair of "very tenured employees" in whom a SECNAP executive expressed confidence and trust. That executive, Dale Sigarny, offered to provide "additional information on those two" upon request.
The previously undisclosed emails indicate the Clinton consultant asked "how much of the body of the email we can limit" from the staffers who would eventually monitor Clinton's email traffic for potential cybersecurity threats.
While SECNAP registered dozens of attempted breaches in the roughly two years before the server was taken offline, investigators have not yet uncovered evidence that any were successful.
Sigarny assured Clinton's consultant that his staff could "adjust [the email settings] so all we see is the To & From & Date."
The new emails suggest employees involved in the management of Clinton's network were aware of the possibility that emails on her server could contain highly sensitive or classified information. SECNAP did not return a request for comment about the conversations.
Nearly all witnesses interviewed by the FBI during its year-long investigation of the email system denied having any awareness at the time of the thousands of classified emails that ended up on Clinton's unauthorized server.
Bryan Pagliano, the former State Department IT aide who built the physical hardware on which the "clintonemail.com" domain resided, admitted to investigators while under the protection of an immunity deal that he had been warned about the likelihood of classified material passing through the server.
An employee from Platte River Networks who managed the Clinton account, Paul Combetta, also received immunity from the Justice Department after scrubbing Clinton's emails with a digital deletion tool. Combetta, like other Platte River employees, has refused to cooperate with congressional investigators.
Rep. Lamar Smith, chairman of the House Science Committee, began asking the three companies involved in managing Clinton's emails — SECNAP, Platte River and Datto — for documents and testimony in January.
While Datto and SECNAP have provided at least some of the records requested by Congress, Platte River has dug in its heels at every opportunity, committee staff said.
The House Science Committee has asked SECNAP for information about the device used to secure Clinton's server, as well as data from the known attempts to breach the system.
Smith has joined a number of congressional chairmen in pursuing records related to the Clinton email case amid skepticism over the FBI's handling of the investigation.
Rep. Jason Chaffetz, chairman of the House Oversight Committee, has sought notes from the bureau's closed investigative file, and Rep. Bob Goodlatte, chairman of the House Judiciary Committee, has demanded answers about the five immunity deals handed out to witnesses throughout the year-long probe.
Many of the FBI's explanations have failed to satisfy Republicans who were already miffed about the conclusion of the case. FBI Director James Comey said, for example, that Platte River employees' emails describing a "Hillary cover-up operation" were merely jokes.
In other records obtained by Congress, Platte River staff worried they had stumbled upon "some shaddy [sic] s——" in 2014 as they sought ways to put in writing requests from Clinton to delete emails.
Comey also declined to specify whether his agents were aware of Reddit posts authored by Combetta in July 2014 in which the Platte River specialist asked for help from the online forum in stripping Clinton's email address out of records he had been asked to prepare for submission to the State Department.
His Reddit posts, which indicate he was acting at the behest of someone on the Clinton team, suggest the former secretary of state's aides had concerns about the government discovering the inbox in which her official emails were stored. Combetta aimed to replace the original address with her new one in existing emails that had been requested by the House Select Committee on Benghazi.
Cheryl Mills, Clinton's former chief of staff, told the FBI she had concerns about Clinton's email address becoming public knowledge.
But after the 2013 hack of Clinton associate Sidney Blumenthal exposed her address in a Gawker article that printed screenshots of the records stolen from Blumenthal's inbox, Clinton's email address was changed. That public revelation would appear to undercut Mills' argument that privacy concerns drove the effort to paper over Clinton's original email address.
Republicans have been frustrated by what they say is the FBI's inability or unwillingness to drill down on these kinds of inconsistencies. Agents seemingly searched for "the most charitable explanation" for each aberration they discovered, one GOP staffer lamented. Read More