Overnight Cybersecurity: Cyber bill stuck in Senate
Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry wrap their arms around cyberthreats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …
THE BIG STORIES:
–STILL STUCK: Senate Republican leaders late Wednesday shot down rumblings that a stalled cyber bill may be back on the table. One day after it seemed the bill — intended to boost the public-private exchange of data on hackers — wouldn’t move until after the August recess, rumors began swirling that the measure could get a vote as soon as Monday. “On cyber security, we could pass a bill in the Senate next week if Ds don’t filibuster again,” Senate Majority Whip John Cornyn (R-Texas) tweeted Wednesday afternoon. But Cornyn’s office told The Hill that it stood by the senator’s comments from Tuesday. “I’m sad to say I don’t think that’s going to happen,” Cornyn said off the Senate floor. “The timing of this is unfortunate.” Several people with knowledge of the deliberations also said they were hearing Senate Majority Leader Mitch McConnell (R-Ky.) was planning to file cloture Thursday on CISA and move to a vote on Monday. McConnell’s office maintained that while they want to act on CISA, the reports of an impending vote are “not accurate” and that the leader has no plans to file cloture Thursday. Senate leaders had been vowing to get to the bill before their break, but a drawn-out brawl over a highway funding bill and Planned Parenthood has chewed up floor time. To read our full piece, click here.
{mosads}–‘A NEW LOW’: Hackers blocked access to the Planned Parenthood website for a short period on Wednesday. “This is a new low for anti-abortion extremists,” said Dawn Laguens, executive vice president of the reproductive health services organization. The website was inaccessible for roughly 30 minutes due to what Planned Parenthood said was a distributed denial-of-service attack, the calling card of “hacktivists.” The tactic floods a website with falsely created traffic, rendering it unavailable. The cyberattack came just days after Planned Parenthood confirmed it was under siege from a digital assault on the organization’s networks. To read our full piece, click here.
–THE NOT SO FRIENDLY SKIES: The same Chinese hackers that are accused of pilfering tens of millions of people’s data from health insurers and the federal government may have also hit United Airlines, Bloomberg reported Wednesday. If true, the data breach of the world’s second-largest airline would give Beijing officials detailed travel records on millions of Americans. The data would also help fill out the comprehensive database it’s believed China is amassing on U.S. government workers. United discovered a network intrusion sometime in May or June, several people briefed on the investigation told Bloomberg. Examiners traced the compromise to China-backed hackers that are believed to be behind several other notable data breaches in recent months, including those at health insurers Anthem and Premera and at the Office of Personnel Management (OPM). To read our full piece, click here.
–BACK TO ONE: It appears the Commerce Department will go back to the drawing board on rules that would attempt to control the export of hacking tools. The decision was spurred by a flurry of opposition from the security community, tech companies and even a few lawmakers during a comment period that ended July 20. Opponents argued the broad language would simply stunt the booming security industry and weaken cybersecurity worldwide. “In light of the high volume of comments received, it is likely we will publish a second proposed rule,” a Commerce spokesperson said in an emailed statement. “We have no timetable for that action.” The remarks come as lawmakers are stepping up opposition to the proposal. On Wednesday, Sen. Chuck Schumer (D-N.Y.), the third-ranking Democrat, came out against the rules. “A new federal rule is forcing companies and power utilities to fight the scourge of cyberattacks with one hand tied behind their backs,” Schumer said. To read our full piece, click here.
UPDATE ON CYBER POLICY:
–COMBO PACK. A Senate committee on Wednesday approved a cybersecurity bill that would give the Department of Homeland Security (DHS) considerable powers to defend government networks from hackers.
Since the catastrophic data breach at the Office of Personnel Management (OPM), policymakers have been scrambling to shore up network defenses.
Senate Homeland Security and Governmental Affairs Committee Chairman Ron Johnson (R-Wis.) vowed that the measure approved Wednesday, the Federal Cybersecurity Enhancement Act, would help.
The bill — introduced Monday with the panel’s top Democrat, Sen. Tom Carper (Del.) — would require all agencies to adopt several cybersecurity best practices. It would also accelerate the rollout of the government’s anti-hacking shield, dubbed “Einstein,” that detects and repels known cyber threats.
During Wednesday’s markup, Johnson’s committee adopted two amendments that essentially combined his bill with another major DHS-focused cyber bill that a bipartisan group of six senators introduced last week.
We’ve got the full story here.
LIGHTER CLICK:
–LET ME COUNT THE WAYS. The New York Times is out with this interactive quiz that will tell you what information you’ve had hacked, and how many times. The totals may shock you. Check it out here.
A REPORT IN FOCUS:
–USING TWITTER FOR EVIL. Hackers supported by the Russian government are allegedly using Twitter to control malware that is stealing data from U.S. companies and potentially even the U.S. government.
Security firm FireEye on Wednesday released a report showing that one of the most active Russian hacking groups covers up and coordinates its digital assaults through a complex method involving fake Twitter accounts and encrypted data buried in seemingly innocuous photos.
The tactic, known as “Hammertoss,” allows the group to clandestinely communicate with malware that has infected a computer system, allowing it to remain undetected. It reveals a “discipline and consistency” that is nearly unmatched by any other prominent hacking groups, according to the report.
The group “tries to undermine the detection of the malware by adding layers of obfuscation and mimicking the behavior of legitimate users,” the report says.
We’ve got the full story, here.
A LOOK AHEAD:
THURSDAY
–The House Intelligence Committee has cancelled its hearing at 9 a.m. on global cyber threats.
FRIDAY
–The Brookings Institute will hold an event at 10 a.m. on the future of defense technology.
IN CASE YOU MISSED IT:
Links from our blog, The Hill, and around the Web.
Sen. Chuck Schumer (D-N.Y.) blasted Republicans on Wednesday for “wasting valuable time” on a bill to defund Planned Parenthood instead of moving on a stalled cybersecurity bill. (The Hill)
A veil of secrecy aids a surge in cyberattacks in Asia. (Bloomberg)
What federal employees really need to worry about after the OPM hack. (The Washington Post)
A team of researchers in Athens say they’ve designed the world’s first encrypted e-voting system where voters can verify that votes cast actually go to the intended candidate. (The Wall Street Journal)
Survey: Nearly all Americans support and want retaliation for cyberattacks. (SC Magazine)
The Canadian government is saying little about an apparent breach involving classified information — one that could snowball into a serious compromise of closely guarded secrets. (The Canadian Press)
Senate Armed Services Committee Chairman John McCain (R-Ariz.) is considering a cyber select committee. (DefenseNews)
OPM hackers are unlikely to face criminal charges, the Congressional Research Services says. (The Washington Post)
If you’d like to receive our newsletter in your inbox, please sign up here: http://goo.gl/KZ0b4A
Copyright 2024 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed..