Overnight Cybersecurity: Cyber fight intensifies as bill nears Senate floor

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …

THE BIG STORIES:

–IT’S ALL HAPPENING: According to multiple people with knowledge of the negotiations, Senate Republican leaders may bring up the long-stalled Cybersecurity Information Sharing Act (CISA) as early as Tuesday, after wrapping discussion on a bill to crackdown on so-called sanctuary cities. That expectation has brought new CISA critics out of the woodworks and caused long-time advocates and opponents to redouble their campaigns to either stymie CISA or push it across the finish line. In the last week, D.C. has been smothered by a series of messages and advertising from supporters, like the Financial Services Roundtable, and opponents, like the Electronic Frontier Foundation (EFF) and Fight for the Future. The tech industry, which until recently had mostly stayed out of the CISA debate, has started jumping in, revealing broader industry fissures and giving privacy advocates and staunch CISA detractors more ammunition for what was once seen as a losing cause. There’s still some skepticism about whether the bill’s sponsors will get CISA to the floor for real this time, though: “I’ll believe it when I see it,” EFF legislative analyst Mark Jaycox told The Hill. To read our full piece, check back tomorrow.

{mosads}–SERIOUSLY, GUYS?: Hackers linked to the Chinese government have continued to infiltrate American companies in the three weeks since the U.S. and China inked an anti-hacking deal, according to new research from the security firm CrowdStrike. “The very first intrusion conducted by China-affiliated actors after the joint Xi-Obama announcement at the White House took place the very next day — Saturday, Sept. 26,” CEO Dmitri Alperovitch wrote in a Monday blog post. The agreement, ICYMI, promised that neither country would hack private companies to get an edge in the market — yet seven of the recently hacked companies were technology or pharmaceutical firms, “where the primary benefit of the intrusions seems clearly aligned to facilitate theft of intellectual property and trade secrets, rather than to conduct traditional national-security related intelligence collection,” Alperovitch wrote. Still, the report doesn’t necessarily indicate that the agreement has been a failure: “The fact that there is some time delay between agreement and execution is not entirely unexpected,” Alperovitch said. “But, we need to know the parameters for success, and whether the parties to the agreement discussed a timeframe for implementation or, instead, expected it to be immediate.” To read our full piece, click here.

–YOU, TOO?: Authorities are investigating a possible hack of CIA Director John Brennan’s private email account, according to multiple reports. The New York Post late Sunday published an interview with a high schooler who claims to have infiltrated Brennan’s personal AOL account, stealing sensitive files, such as Brennan’s application for top-secret security clearance. The hacker said he also discovered the Social Security numbers and other personal details on over a dozen top American intelligence officials after breaking in on Oct. 12. Some of the documents in the email account may stretch back to Brennan’s time as the head of the National Counterterrorism Center. The hacker claims to have taken a letter from Brennan about the use of “harsh interrogation techniques” on terrorism suspects. Reportedly, the high schooler also cracked Homeland Security Secretary Jeh Johnson’s online Comcast account, posting a redacted screenshot of a billing page. Law enforcement officials told news outlets they are investigating the matter, but that there is no evidence that classified information was accessed. To read our full piece, click here.

UPDATE ON CYBER POLICY:

–DON’T GET COCKY, KID. Rep. Sheila Jackson Lee (D-Texas) on Friday called for action on a bill bolstering power-grid cybersecurity after a Department of Homeland Security (DHS) official said the Islamic State in Iraq and Syria (ISIS) is trying to hack American electrical power companies.

“No solace should be taken in the fact that ISIS has been unsuccessful,” Jackson Lee said. “ISIS need only be successful once to have catastrophic impact on regional electricity supply.”

Caitlin Durkovich, assistant secretary for infrastructure protection at DHS, told energy firm executives at an industry conference in Philadelphia last week that ISIS “is beginning to perpetrate cyberattacks” — although law enforcement officials speaking at the same event indicated that the group’s efforts have so far been unsuccessful.

Jackson Lee in January introduced the Terrorism Prevention and Critical Infrastructure Protection Act.

The bill directs DHS to work with critical infrastructure companies to boost their cyber defenses against terrorist attacks, part of a swath of legislation that has attempted to codify the agency’s responsibilities in that area.

To read our full piece, click here.

LIGHTER CLICK:

–NOT IN FRONT OF THE BOOKS. Apparently some TV show called “Gilmore Girls” is coming back, or something, so nothing else happened on the Internet today. For rampant enthusiasm, click here.

–BREAK THE SYSTEM. John McAfee, the first ever candidate for president from McAfee’s Cyber Party, took the time to give his trademark rambling answers to a series of user-submitted questions. “I am convinced that I will be the first independently elected U.S. President,” he said. “I do know that the two party system must come to an end.” Check it out, here.

WHO’S IN THE SPOTLIGHT:

–HILLARY CLINTON (AGAIN). The State Department’s cybersecurity practices were bad when Clinton took command — but they got even worse as her tenure went on, a series of watchdog audits compiled into the White House’s latest cybersecurity report card reveals.

The State Department’s inspector general rated the agency’s cybersecurity as a “significant deficiency” that put sensitive information at risk every year from 2011 to 2014 (Clinton was in office from 2009 to 2013).

And the situation only got worse when John Kerry took office, according to independent audits and interviews.

Emails show that while Clinton was aware of the agency’s cyber shortcomings, she put her focus on diplomacy instead — although she did approve significant increases to the agency’s IT budget.

Read on, here.

A LOOK AHEAD:

TUESDAY

–Kaspersky Government Security Solutions will host an all-day cybersecurity forum. House Homeland Security Committee Chairman Michael McCaul (R-Texas) will speak.

WEDNESDAY

–The Cato Institute will host an all-day conference on surveillance. Sen. Patrick Leahy (D-Vt.) will speak, alongside intelligence officials.

–CSM Passcode will host an event at 9 a.m. on how government policy can help secure the Internet of Things. Sen. Brian Schatz (D-Hawaii) and FTC Commissioner Julie Brill will speak.

–The House Homeland Security Committee will hold a hearing at 10 a.m. on worldwide threats. DHS Secretary Jeh Johnson, FBI Director James Comey, and NCC Director Nicholas Rasmussen will testify.

–Two subcommittees of the House Science and Technology Committee will hold a joint hearing at 10 a.m. on cybersecurity for power systems.

–The House Small Business Committee will hold its second hearing at 11 a.m. on how the transition to chip cards is affecting small businesses.

–The House Oversight Committee will hold a hearing at 2 p.m. on the government’s use of cell phone tracking tools.

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

A federal judge on Monday dismissed a proposed class action lawsuit brought by an Uber driver whose data was exposed in a recent breach at the driving service. (The Hill)

European Union privacy regulators on Friday gave the European Commission and the U.S. three months to come up with an alternative to the invalidated Safe Harbor. (The Hill)

Facebook will now alert users when it suspects their accounts are being targeted by an “attacker suspected of working on behalf of a nation-state.” (ABC News)

Researchers said they’ve found more than 250 iOS apps that violate Apple’s App Store privacy policy forbidding the gathering of personal information. (ArsTechnica)

Here’s how the OPM is notifying victims of the recent hacks. (NextGov)

If you’d like to receive our newsletter in your inbox, please sign up here: http://goo.gl/KZ0b4A