OVERNIGHT CYBERSECURITY: Playing the waiting game on cyber sharing

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry wrap their arms around cyberthreats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …

THE BIG STORIES:

–SO CLOSE YOU CAN FEEL IT: The eagerly awaited final text of the Senate Intelligence Committee’s major cyber bill is expected Monday night or Tuesday morning, Committee Chairman Richard Burr (R-N.C.) told The Hill. “We’re real close,” he said. The Cybersecurity Information Sharing Act (CISA) would give legal liability protections to private firms sharing cyber threat data with the government. It advanced out of committee last Thursday by a 14-1 vote.

{mosads}–PRIVACY COMMUNITY SATISFIED?: Privacy advocates are anxious to see if Burr and Committee Ranking Member Dianne Feinstein (D-Calif.) followed through on a promise that they had addressed the privacy concerns raised about a CISA discussion draft. Many are worried CISA would simply give the intelligence community another venue to collect Americans’ sensitive data. “I’ve made it very clear,” Sen. Patrick Leahy (D-Vt.) told The Hill on Monday. “If my concerns are not answered, then I’m going to have to vote against it.” To read our full piece, click here.

–WILL THEY OR WON’T THEY?: Just days after it seemed China was pressing pause on its much criticized cybersecurity rules, a top Beijing official confirmed the country was moving forward with its efforts. The new regulations, part of a broader counterterrorism law, have alarmed foreign businesses and drawn opposition from President Obama. Under the measure, foreign firms would be required to submit source code for inspection and use Beijing-approved encryption keys. During a Monday briefing, Foreign Ministry spokesman Hong Lei insisted “the deliberation on this law is going.” The remarks came three days after White House Cybersecurity Coordinator Michael Daniel indicated that China had at least delayed its efforts. “China will formulate its anti-terrorism law based on its own counterterrorism needs, and protect national security,” Hong said Monday. To read our full piece, click here.

–FULL STEAM AHEAD: The Wall Street Journal also reported that similar banking security laws that could reduce reliance on foreign technology are still on track. Chinese banks have started to file initial plans for how they will comply.

–MIXED FEELINGS ABOUT SURVEILLANCE: The nation is split on its feelings about government surveillance programs, with 52 percent saying they are “very” or “somewhat” concerned about broad spying powers, according to a new Pew Research Center poll. Yet only about 30 percent of Americans have taken some measures to protect their personal information, such as editing privacy controls on social media sites, avoiding certain applications or speaking on social media less often. The survey’s results paint a picture of general unease with operations of the National Security Agency nearly two years after Edward Snowden’s revelations about the spy agency, though many people appear unprepared to employ robust digital protections. To read our full piece, click here.

 

UPDATE ON CYBER POLICY:

Sen. Tom Carper (D-Del.) believes the Senate Intelligence Committee has heard at least some of his CISA concerns, he told The Hill on Monday.

Carper, the top Democrat on the Senate Homeland Security and Governmental Affairs Committee, said he “submitted a fairly lengthy letter” to the Intelligence Committee with his privacy-enhancing suggestions for CISA. “We believe that some of those have been incorporated,” he said. “We’ll find out how many and see what else needs to be done.”

Carper is backing his own cyber info-sharing bill that would put the Department of Homeland Security (DHS) at the center of nearly all public-private cyber data exchanges. CISA would mostly encourage companies to go through the DHS, but also allow a greater degree of sharing directly with the intelligence community.

 

LIGHTER CLICK:

THIS T-SHIRT, featuring a Pulp Fiction-era Samuel L. Jackson screaming, “SAY CYBER ONE MORE TIME…”

BONUS: Employees of major tech companies are requiring non-disclosure agreements of people who remodel their homes.

 

WHO’S IN THE SPOTLIGHT:

Veteran cryptographer Bruce Schneier has been making the rounds to promote his new book, “Data and Goliath: The Hidden Battle to Collect Your Data and Control Your World.” The book lays out “the dizzying array of laws, regulations, international accords and not-so-secret orders governing” data collection, according to The New York Times‘s Monday review.

“Mr. Schneier’s use of concrete examples of bad behavior with data will make even skeptics queasy and potentially push the already paranoid over the edge,” writes Jonathan Knee. “Mr. Schneier writes clearly and simply about a complex subject and is most convincing when arguing that the subject demands at a minimum a more public and transparent debate about how and what lines to draw.”

But those lines might not be drawn for a long time, Schneier said Friday during an extensive interview on “Democracy Now!”

“My fear,” he said, “is that it’s going to take a couple of generations to figure it out.”

 

A LOOK AHEAD:

TUESDAY: 

–House Homeland Security Committee Chairman Michael McCaul will discuss cybersecurity policy at the Center for Strategic and International Studies. 

–The House Appropriations Committee will hold a hearing on the Federal Aviation Administration, which government investigators see as vulnerable to cyberattacks. 

–The House Appropriations Committee will also hold a budget hearing on the Secret Service, which helps to investigate cyber crimes. 

–The Senate Armed Services Committee will meet for a closed briefing on cybersecurity and competition between the United States and Russia on Tuesday morning.

WEDNESDAY:

–The House Energy and Commerce Subcommittee on Commerce, Manufacturing, and Trade will discuss newly unveiled data breach legislation. 

–The House Oversight Subcommittee on Information Technology will hold a hearing on cybersecurity threats to the private sector. 

–The Atlantic Council will hold a panel discussion on the healthcare Internet of Things.

THURSDAY:

–The House Intelligence Committee will hold a hearing on cyber threats.

–The Senate Armed Services Committee will hold a hearing on the fiscal year 2016 request for the U.S. Cyber Command. Commander and National Security Agency Director Adm. Mike Rogers will testify. 

 

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

Yahoo wants to erase the need for its email users to memorize a password, introducing an “on demand” password feature, which sends a time-sensitive password to your phone for each login. (The Hill)

–Not all security experts are convinced Yahoo’s new password effort is the best idea. (Dark Reading)

How you can make it harder for hackers to collect your personal data. (Slate)

Could the government’s attempts to crack down on cyber crime accidentally criminalize private security industry professionals? (Dark Reading)

“GCHQ’s hacking operations are conducted with little to no oversight and risk ‘undermining the security of the internet, ‘leading online privacy experts have warned.” (Wired UK)

Once famous for its Johnny Cash visits, San Quentin prison is now teaching its inmates to code. (CBS News)

Two recent European court verdicts, barely noticed in the U.S. could have serious ramifications for Americans’ cybersecurity. (Forbes)

ICYMI: Newly-installed Secretary of Defense Ash Carter made his first cyber-focused speech at the U.S. Cyber Command on Friday. “We need to build bridges to society,” Carter said. “Bridges that aren’t as necessary in other fields of warfare that don’t have a civilian or a commercial counterpart to the extent that this field does.”

ICYMI: The energy sector continues to get most hammered by cyberattacks, according to a Department of Homeland Security (DHS) report released Friday.

We’ll be working to stay on top of these and other stories throughout the week, so check The Hill’s cybersecurity page early and often for the latest. And send any comments, complaints or cyber news tips our way, via cbennett@digital-staging.thehill.com or eviebeck@digital-staging.thehill.com. And follow us at @cory_bennett and @eliseviebeck.

If you’d like to receive our newsletter in your inbox, please sign up here: http://goo.gl/KZ0b4A