Cybersecurity received short shrift at this week’s Democratic debates as the U.S. presidential contenders jockeyed for an early lead ahead of next year’s election. But one related topic did catch a modicum of airtime: Russian election interference.
During the first night’s verbal brawl, New York City Mayor Bill de Blasio made the most noise. He ranked Moscow’s meddling at the top of America’s national security threat list. Russia has “been trying to undermine our democracy and they’ve been doing a pretty damn good job of it and we need to stop them,” he said. His rivals cited climate change, nuclear proliferation, China, and President Donald Trump as the U.S.’s most pressing threats.
Despite the rancor caused by Russian hackers in 2016, the subject of election insecurity surfaced just a few times on Wednesday. An hour and 20 minutes into the 2-hour debate, Beto O’Rourke, former Texas congressman, called out Russian President Vladimir Putin who, he said, “has attacked and invaded our Democracy in 2016 and who President Trump has offered another invitation to do the same.” Ten minutes later, Senator Amy Klobuchar of Minnesota, talked up her proposed election security legislation while knocking its biggest opponent, Republican Senate Majority Leader Mitch McConnell. “If we do not do something about Russian interference in the elections and we let Mitch McConnell stop all the backup paper ballots, then we’re not going to get what we want,” Klobuchar said. (Her bill intends to make mandatory voter-verified paper ballots, designed to prevent election tampering.)
Mentions of voting vulnerabilities remained sparse during the next day’s debate; the matter arose mostly as a proxy for censuring Trump. Senator Kamala Harris of California, widely recognized as Thursday evening’s breakout star, justified labeling Trump as the U.S.’s top national security threat by saying “he takes the word of the Russian president over the word of the American intelligence community when it comes to a threat to our democracy and our elections.”
The other contestants raised the election interference issue a few times too. Andrew Yang said the Russians have “been laughing their assess off about” subverting the last U.S. presidential election and “we should focus on that before we start worrying about other threats.” Eric Swalwell, a California congressman, said he would prioritize “breaking up with Russia and making up with NATO” if elected president. And Senator Michael Bennet of Colorado placed Russia atop America’s list of threats “because of what they’ve done with our election.”
(Trump was apparently unfazed by the remarks. A few hours after the Democrats’ debate concluded, he made light of Russia’s electoral intrusions during a meeting with Putin at the G20 summit in Osaka, Japan. “Don’t meddle in the election,” he said, playfully admonishing Putin with a grin.)
Russia is not the only mischief-maker, of course. Multiple adversaries—China, Iran, and others—seek to influence and interfere with elections both at home and abroad. In those fleeting moments when our presidential hopefuls talked about the importance of election security, they tended to play up the Moscow menace at the expense of other threats. The tactic can make for an effective soundbite. But let’s not kid ourselves. Moscow is hardly the only foreign power angling to sway the 2020 race.
While the Democrats were facing off Thursday night, I attended the Loeb Awards dinner where Andy Greenberg, senior writer at Wired, deservedly won the “international” category for his piece, “The Code that Crashed the World.” Read it. It’s an outstanding, insider account documenting the wreckage of NotPetya, one of the worst cyberattacks in history. In his acceptance speech, Greenberg called attention to the murky world of cyberwar, which is having disastrous, life-threatening effects in places such as Russia-besieged Ukraine. Distances between nation states have collapsed in the digital realm. Congrats and good on you for raising awareness, Andy.
Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. Fortune reporter Robert Hackett here. You may reach Robert Hackett via Twitter, Cryptocat, Jabber (see OTR fingerprint on my about.me), PGP encrypted email (see public key on my Keybase.io), Wickr, Signal, or however you (securely) prefer. Feedback welcome.
Bull in a China shop. While the U.S. and China look to restart trade talks, there’s been no shortage of cybersecurity news pertaining to China. Reuters dug into years-long Chinese hacks of major technology providers, such as Hewlett Packard Enterprise and IBM. Huawei claimed that it does not cooperate with the Chinese military, despite reports saying otherwise. The Wall Street Journal reported that Huawei’s telecommunications equipment is far more vulnerable to hacking than rivals’ gear, based on findings from an Ohio-based cybersecurity firm. And Brian Krebs, an independent cybersecurity journalist, made a compelling case that mobile malware Google said has affected its Android operating system originated with a certain Chinese vendor.
Who you gonna call? The Washington Post’s editorial board argues that the federal government should make it illegal for cities, lately besieged by hacks, to make ransomware payments. Instead, the paper recommends the Department of Homeland Security “set up a digital ghostbusters task force to help municipalities come back online after an attack.”
Gathering clouds. Western intelligence agencies infiltrated Yandex, the Russian search engine company, to spy on users in late 2018, Reuters reported. PCM, a cloud solutions provider based in Calif., seems to have suffered a data breach. Years ago, employees of MySpace used a tool called Overlord to spy on users, Motherboard reports. And the U.S. National Security Agency is alleged once again to have improperly collected people’s phone records, per the Wall Street Journal.
Upstarts and false starts. Google Cloud has snapped up Chronicle, the cybersecurity startup that recently spun out of Alphabet’s moonshot factory X. The two will be fully integrated by the fall, Chronicle’s CEO said in a blog post. Antivirus firm McAfee is suing former employees who left for competitor Tanium, claiming that the three took trade secrets with them. Moody’s teamed up with Team8, an Israeli startup accelerator, to create a joint venture that will perform cybersecurity risk assessments for businesses.
Big un-Friendly Giant. Border Gateway Protocol, or BGP, a fixture of the Internet’s data-routing backbone, continues to cause trouble, despite people knowing about these issues for decades. Cloudflare, an Internet infrastructure startup based in Calif., blamed the technology—and Verizon—for causing big outages this week. Wired has a great piece explaining what’s going on behind the scenes.
Let he who is without sin lob the first Molotov cocktail.
Share today’s Cyber Saturday with a friend:
Looking for previous Data Sheets? Click here
Hear me out. In response to mass shootings, some schools and hospitals are installing in their facilities audio sensors designed to detect stress and anger before violent outbursts. But an investigation by ProPublica, the nonprofit news organization, finds that the technology often misidentifies sounds and fails to trigger at appropriate times.
Worrying About Artificial Intelligence Starting a Nuclear War: Eye on A.I. by Jonathan Vanian
ONE MORE THING
Breach the Street. Data breaches are good for business—if you’re a cybersecurity firm. A blog post on the website of the Nasdaq stock exchange claims that one of its cybersecurity indexes, NQCYBR, which tracks the stock performance of cybersecurity firms, has consistently beaten the S&P 500 index in the aftermath of hacks. Over the last five years, the cybersecurity index outperformed the S&P 500 on average by 34 basis points both one week and one month after data breaches, and by 17 basis points three months after data breaches, the exchange said.
Interested investors may take note of an associated exchange-traded fund: the First Trust Nasdaq Cybersecurity ETF, which goes by the ticker CIBR. Thanks for the bump, hackers.