Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …
THE BIG STORIES:
–GO TO THE MATTRESSES: The Senate is on the cusp of passing its biggest cybersecurity bill to-date, after over half a decade and countless revisions. The Cybersecurity Information Sharing Act, or CISA, would encourage companies to share their data on hackers with the government. With the House already passing its companion legislation and the White House on board, the Senate is the final rubber stamp needed for Congress to enact its first major cybersecurity bill in years. A vocal alliance of digital rights groups, tech companies and privacy-minded senators have led a late-surging campaign to block the bill, which they believe will simply shuttle more of Americans’ private data to the government. But after months of forcing false starts and delays on the bill, it appears that the anti-CISA cohort has finally run out of options to further stall the upper chamber.
{mosads}–YOU ARE A LONE REED: CISA’s opponents will not go quietly into the night, however. The Senate’s privacy-minded wing will get its final chance to air their grievances and alter the bill during a series of Tuesday votes on their amendments. Sen. Ron Wyden (D-Ore.), a staunch privacy advocate beloved by many in the tech sector, will likely be the loudest voice in the room as he thumps for his amendment that would heighten the requirements for companies to remove personal details before sharing cyber threat data with the government. Elsewhere, Sens. Chris Coons (D-Del.), Al Franken (D-Minn.), Patrick Leahy (D-Vt.) and Dean Heller (R-Nev.), will all stump for their own changes that they argue would collectively roll back anti-transparency measures in CISA and limit the amount of personal information the government would take in. All of their proposals are likely to die on the floor, however. On the other side of the CISA fight, Sen. Tom Cotton (R-Ark.) will push for an add-on that would facilitate a direct transfer of cyber threat data between businesses and the FBI and Secret Service. CISA as written encourages companies to go through the Department of Homeland Security (DHS), with some limited exceptions. Cotton’s amendment has quickly become the most divisive offering that will get a vote Tuesday, with privacy advocates and the White House warning the provision would merely let companies skirt important DHS privacy protections. To read our full rundown of what to look for tomorrow, click here. To read our full piece about how CISA got to this point and what to expect after its final vote, check back tomorrow morning.
–IT’S NOT PERSONAL, IT’S BUSINESS: Privacy experts are concerned that the way presidential campaigns collect, store and sometimes sell personal data is putting people at risk in ways they might not anticipate when they fork over their email address or make a donation. Campaigns increasingly seek to build sophisticated data sets that can help them gain an edge, much the way President Obama’s campaign did in 2012. But unlike in the commercial sector, campaign data remains a kind of Wild West, with the candidates under no obligation to safeguard the information. A recent report by the Online Trust Alliance (OTA) found that only six of 23 presidential campaign sites for 2016 met sufficient standards on privacy, security and consumer protections. “It’s not just your credit card information [campaigns are collecting],” Craig Spiezle, executive director of OTA, told The Hill. “Many of the sites will ask you profile questions when you donate. What is your view on gun control? On women’s rights? There’s a good reason a candidate would want to know that, but what happens when that’s let out?” To read our full piece, click here.
UPDATE ON CYBER POLICY:
–WHERE ARE MY TIC-TACS? UGH! The U.S. government is pushing back on Apple’s assertion that unlocking a suspect’s iPhone would constitute an undue burden on the tech company and “tarnish the Apple brand.” In a closely watched case involving a phone belonging to a suspect indicted for methamphetamine possession, the Justice Department argued that because Apple’s operating system is “licensed, not sold,” a federal court should require the company to unlock encrypted data. The Department of Justice (DOJ) has a warrant to examine the contents of the defendant’s iPhone, but because it is protected by a passcode, investigators have been unable to access the device. “The government respectfully requests that this Court grant the government’s Application and order Apple to assist with execution of the search warrant,” the DOJ argued in a reply brief filed Friday. “Apple wrote and owns the software that runs the phone, and this software is thwarting the execution of the warrant.” To read our full piece, click here.
LIGHTER CLICK:
–DON’T CRY SHOPGIRL: This entrepreneurial 11-year-old from New York is selling cryptographically secure passwords for just $2 a pop. Read on at NextGov, here.
A REPORT IN FOCUS:
–I WANTED IT TO BE YOU SO BADLY. Thirty-five percent of respondents to a new poll from data security firm CounterTack and Ponemon Institute said that their organization has faced a cyberattack from a nation state.
Such hacks have been prominent in the news since North Korea conducted a devastating intrusion into Sony Pictures’ systems last year — and the United States recently inked a deal with Beijing prohibiting hacks on private companies.
Yet C-Suite execs don’t seem to be that concerned: 65 percent said there is a high likelihood they won’t be affected by a nation-state attack in the next 12 months.
Get the full results, here.
WHO’S IN THE SPOTLIGHT:
–KEITH ALEXANDER. The former U.S. National Security Agency director’s cybersecurity startup, IronNet Cybersecurity, said Monday that it has raised $32.5 million in Series A funding. The company, which uses analytics to detect digital intruders, piqued controversy last year when it hired a senior U.S. intelligence official part-time. Alexander ended the deal after NSA officials said it risk a conflict of interest. Read on at Reuters, here.
A LOOK AHEAD:
TUESDAY
–AEI will host an event at 8:30 a.m. cyberspace policy. Former CIA and NSA Director Michael Hayden will speak.
–CSM Passcode will host an event at 9 a.m. on the “cybersecurity skills gap” in both the privacy and public sector.
–The Senate is scheduled to vote on five CISA amendments at 11 a.m. At 4 p.m., the upper chamber is scheduled to vote on three more amendments and final passage of the bill.
IN CASE YOU MISSED IT:
Links from our blog, The Hill, and around the Web.
Here are some of the more high-profile (and controversial) ways that prosecutors have used the Computer Fraud and Abuse Act. (Wired)
Junaid Hussain was considered the Islamic State’s most capable hacker — but, according to this op-ed, he wasn’t that good. (The Christian Science Monitor)
The aviation industry is stepping up efforts to enlist coordinated international support in the battle against hackers. (Reuters)
U.S. officials are worried that the Russians could be planning to attack vital undersea Internet cables in “the ultimate hack.” (The New York Times)
If you’d like to receive our newsletter in your inbox, please sign up here: http://goo.gl/KZ0b4A