Overnight Cybersecurity

OVERNIGHT CYBERSECURITY: Intel cyber markup coming tomorrow

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry wrap their arms around cyberthreats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …

 

THE BIG STORIES:

–MOVING FORWARD: Democrats might not agree with its approach, but the House’s Data Security and Breach Notification Act took another step forward on Wednesday. The Energy and Commerce Subcommittee on Trade approved the bill by voice vote after a markup that saw five Democratic amendments rejected along party lines. Disagreements over the bill lie in its pre-emption of state data security and breach notification standards. The measure would require companies to maintain reasonable security practices and inform customers within 30 days if their data might have been stolen during a cyberattack. By creating national standards, the legislation would save companies the hassle of following a patchwork of state laws. But several Democrats argue that consumers will lose out if they’re currently benefiting from stronger protections within state law. To read more on the markup, click here

{mosads}–MARK IT UP: The House Intelligence Committee will mark up its recently unveiled cyber threat data-sharing bill first thing Thursday morning. The bill, called the Protecting Cyber Networks Act, grants companies legal liability protections when sharing cyber threat data with a civilian government agency. The measure is not expected to face significant opposition during the markup. It was introduced with bipartisan support and a similar measure from last year with less Democratic support passed out of the Intelligence Committee. Watch out for possible Democratic amendments, though. Although Committee Ranking Member Adam Schiff (D-Calif.) believes the committee has come a long way on strengthening the measure’s privacy provisions, some privacy advocates still say the bill lacks needed civil liberties protections. The bill could reach the House floor sometime in April.

–MAKE MOVES: The FBI is in danger of falling behind the rapidly growing and increasingly complex cyber threat, a congressional commission determined in a report published Wednesday. The FBI has traditionally structured itself geographically, with local field offices handling crimes in their territory. The setup is poorly suited to battle cyber crime, the commission concluded. “The cyber threat does not,” the report said, “respect geographic boundaries and “presents unique challenges” for the bureau. The FBI does recognize that geographical boundaries are outdated, according to the report, and has restructured its cyber units “according to cyber intrusion sets.” But the bureau has a ways to go, the commission concluded. It described the FBI’s “fragmented engagement” with private companies on cyber threats. “There is still wide room for improvement in the Bureau’s sharing practices with local law enforcement and the private sector,” it said. To read our full piece, click here.

 

UPDATE ON CYBER POLICY:

Industry and privacy groups have been weighing in on the House Intelligence cyber bill in relatively predictable fashion. Industry groups are in favor; privacy advocates are opposed.

Private firms have long lobbied in favor of such a measure as a necessary step in bolstering the nation’s cyber defenses. Privacy groups have mostly fought back against what they see as an expansion of government surveillance capability. 

Ann Beauchesne, senior vice president for National Security and Emergency Preparedness at the U.S. Chamber, said the measure “appears consistent with the Chamber’s push for legislation that gives businesses legal certainty that they have protection from liability when voluntarily sharing and receiving cyber threat indicators and defensive measures in real time, and taking actions to mitigate cyberattacks.”

Taking the opposite view, Robyn Greene, policy counsel at New America’s Open Technology Institute, said the bill “will significantly increase cyber-surveillance, and it may even undermine cybersecurity rather than enhance it,” she said. The measure will “open the digital floodgates,” she added. “It’s unbelievable that the congressional committees charged with overseeing our intelligence agencies are working to further empower the NSA with dangerously overbroad information sharing legislation.”

 

LIGHTER CLICK:

HACK YOUR CAR FOR $60: A former intern with Tesla Motors is releasing a hacking kit that will allow security researchers to probe cars for security vulnerabilities. Eric Evenchick, a Toronto-based systems developer, is announcing the code in a bid to make car manufacturers more aware of hacking risks. “Making diagnostics available for cheap means that we can not only audit the security of these systems, but also use them for their intended purpose: fixing cars,” he told Forbes. To read more, click here.

 

A REPORT IN FOCUS:

UNDER ATTACK: Parts of the U.S. power grid are attacked online or in person every four days, according to an analysis of federal energy records. The finding raises questions about the electrical system’s physical and cyber defenses at a time of rising threats. USA Today, which analyzed federal data and surveyed more than 50 electric utilities, described the power grid as vulnerable to a major outage that could affect millions. While a cyberattack has not yet caused a major loss of power, the mechanisms guarding the grid undergo small hacks multiple times a week, the paper reported. To read more, click here.

 

A LOOK AHEAD:

THURSDAY

–House Intelligence Committee will mark up its cyber threat data-sharing bill, the Protecting Cyber Networks Act. The markup is closed, but a transcript will be released after the meeting is concluded.
–Microsoft will host a discussion on privacy and the Internet of Things.
–The New America Foundation will hold a series of panels on the future of mobile health technology.
–A Bloomberg Government event on the digital economy and government at 8:30 a.m will feature House Homeland Security Chairman Michael McCaul (R-Texas) and former Minnesota Gov. Tim Pawlenty (R).

 

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

Washington’s insurance commissioner is launching a multi-state investigation into the Premera breach. (The Hill)

An Android vulnerability could allow hackers to substitute one application for another. (The Hill)

Cities around the United States are vying to be the Silicon Valley of cybersecurity. (Christian Science Monitor)

The world’s frailest people will become the guinea pigs for the Internet of Things. (Slate)

An Australian government minister gave a list of messaging services that people could be used to avoid data retention laws he is pushing. (The Guardian)

Introducing Zendo, the latest secure messaging application. (TechCrunch)

A Chinese government official said people in his country have no interest in blocked sites like Facebook and Twitter. (Reuters)

Mobile phone users who consider themselves privacy savvy still engage in risky behaviors like connecting to public Wi-Fi. (Dark Reading)

Cyber criminals are comparing notes in public forums about how to conduct tax return fraud. (Krebs on Security)

Facebook introduced new developer tools for creating apps that connect to the Internet of Things. (CNET)

 

We’ll be working to stay on top of these and other stories throughout the week, so check The Hill’s cybersecurity page early and often for the latest. And send any comments, complaints or cyber news tips our way, via cbennett@digital-staging.thehill.com or eviebeck@digital-staging.thehill.com. And follow us at @cory_bennett and @eliseviebeck.

If you’d like to receive our newsletter in your inbox, please sign up here: http://goo.gl/KZ0b4A