Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …
THE BIG STORIES:
–NOT HAPPENIN’: An amendment to the annual defense authorization bill that would elevate the Pentagon’s top cyber unit to a standalone warfighting entity will likely not get a vote, congressional sources say. The amendment, from a bipartisan group of eight senators, would bring the Senate version of the National Defense Authorization Act (NDAA) in line with the House-passed version, which already includes the provision. Supporters of the move will instead look to the conference process to hammer out the discrepancy between the two texts, sources say. The amendment appeared to have wide support from lawmakers, as well as Adm. Michael Rogers, the unit’s head. He said last month that elevating the unit to a full combatant command would make it more nimble and “generate better mission outcomes.” But the White House opposes the move and has threatened to veto the House version of the bill over a number of different policy points. The upper chamber is lumbering towards the finish line on its version, but many of the hundreds of amendments filed to the “must-pass” legislation will never see a vote. Majority Leader Mitch McConnell (R-Ky.) warned senators earlier this week that they would finish the policy bill, even if it meant staying in session Friday. To read our full piece, click here.
{mosads}–MEANWHILE, ABOUT THAT $81-MILLION CYBERHEIST: The ranking Democrat on the Senate Homeland Security Committee is expanding an investigation into the SWIFT banking network to include the Department of Homeland Security (DHS). Senator Tom Carper (D-Del.) this week sent letters to the DHS and officials at the Bank for International Settlements (BIS) asking how both organizations are reacting to a recent series of digital bank heists and working to prevent new ones. He sent letters to SWIFT — the Society for Worldwide Interbank Financial Telecommunication — and the Federal Reserve Bank of New York last month. The letters are in response to an $81 million burglary of the Bangladeshi central bank and other attacks using the SWIFT network. “Given the importance of SWIFT to the global financial system, these recent attacks raise important questions regarding the security practices of member banks and their ability to prevent future attacks,” Carper wrote in his letter to DHS Secretary Jeh Johnson. Earlier this week, the Federal Reserve and other banking regulators sent a letter to financial institutions to shore up their cybersecurity to prevent another heist on the scale of February’s $81 million attack on Bangladesh’s central bank. To read about Sen. Carper’s letter, click here. To read about the warning from regulators, click here.
UPDATE ON CYBER POLICY:
–THE BOTNETS ARE…NOT COMING. A closely watched email privacy bill is struggling in the Senate and could be at risk of stalling, despite unanimous passage in the House.
Negotiations over the Electronic Communications Privacy Act Amendments Act are at an “impasse,” Senate Judiciary Chairman Chuck Grassley (R-Iowa) said on Thursday, during a planned markup of the bill.
As a result, the bill’s authors — Sens. Patrick Leahy (D-Vt.) and Mike Lee (R-Utah) — asked for the measure to be pulled from the committee’s agenda, dealing a major blow to privacy advocates who hoped to move the bill forward this year. The move delays action on the email privacy bill for the foreseeable future.
The measure would update a 1986 law that allows government officials to obtain emails without a warrant as long as the messages are older than 180 days.
Similar legislation sailed through the House earlier this year, giving hope to privacy advocates who have for years been pushing Capitol Hill on the issue. Given the stalemate that tends to envelop Congress during major campaigns, the email privacy bill was considered to be among the best hopes for privacy advocates all year.
But a flurry of new amendments has derailed the push and could prove to be a death knell for the legislation.
One of those amendments, unlikely to be approved, is Sen. Lindsey Graham’s (R-S.C.) Botnet Prevention Act, which he introduced as stand-alone legislation earlier this month along with Sens. Sheldon Whitehouse (D-R.I.) and Richard Blumenthal (D-Conn.).
The bill would give the Department of Justice more power to go after hackers who infect a large network of computers and use them to launch denial-of-service and other cyber attacks.
To read our full piece, click here.
A LIGHTER CLICK:
–WE’RE ALL GOING TO LOSE OUR JOBS. Seriously, guys.
A LOOK AHEAD:
FRIDAY
–The House Oversight Committee will hold a hearing on the 18F team and oversight of U.S. digital service at 9:30 a.m.
WHO’S IN THE SPOTLIGHT:
–SEN. DAVID VITTER. A group of Democratic senators is pressing leadership to move forward with a confirmation vote on Acting Director Beth Cobert of the Office of Personnel Management (OPM), despite a hold placed on her nomination to the permanent position by the Louisiana Republican.
“It is unfortunate that one member of the Senate has continued to hold Ms. Cobert’s nomination for ideological reasons completely unrelated to her qualifications and performance,” four Senate Democrats wrote in a Thursday letter to Majority Leader Mitch McConnell (R-Ky.).
“Stable leadership is required” in the wake of the massive breach at the agency, discovered a year ago this week, wrote Sens. Mark Warner (Va.), Barbara Mikulski (Md.), Ben Cardin (Md.) and Tim Kaine (Va.).
Cobert has lead the OPM since the previous director, Katherine Archuleta, resigned over the devastating hack, which exposed data of more than 20 million federal employees, contractors and others.
But Vitter, who put a hold on her nomination in February, has said he will continue to block Cobert’s confirmation until he receives a response to a request for information sent that month.
The Louisiana Republican is frustrated with an agency rule that allows members of Congress and Capitol Hill employees to purchase health coverage as a small business through an Affordable Care Act exchange — the so-called ObamaCare exemption.
“Ms. Cobert’s nomination will not move forward in any capacity until the American people have received answers as to why Washington’s Obamacare exemption exists,” Vitter said in February.
To read our full piece, click here.
A (PROBABLY FAKE?) HACK IN FOCUS:
–A LITTLE BIRD TOLD ME. The hacked information database Leaked Source said Thursday that it had discovered tens of millions of Twitter passwords being traded on the dark web — but security researchers aren’t having it and neither is Twitter.
“I’ve seen nothing verifiable and it’s quite likely a fake,” security researcher Troy Hunt tweeted.
The group said it uncovered 32,888,300 Twitter records online, each of which “may contain an email address, a username, sometimes a second email and a visible password.”
But Twitter says its systems were not breached and the micro-blogging platform has yet to issue a forced password reset, suggesting that the passwords likely aren’t valid.
“We are confident that these usernames and credentials were not obtained by a Twitter data breach — our systems have not been breached,” a spokesman for Twitter told The Hill.
To read our full piece, click here.
IN CASE YOU MISSED IT:
Links from our blog, The Hill, and around the Web.
The House Appropriations Subcommittee on Homeland Security on Thursday approved a spending bill providing $1.8 billion to the DHS to guard against cyberattacks and protect critical infrastructure. (The Hill)
Privately held cybersecurity software maker Tenable Network Security Inc said its chief executive Ron Gula, who co-founded the company in 2002, has stepped down. (Reuters)
The FBI has no definitive answers as to who perpetrated the cyber heist of $81 million from Bangladesh Bank’s account at the New York Federal Reserve, a top official said on Thursday. (Reuters)
The artificial intelligence antivirus startup Cylance has raised $100 million. (The Financial Times)
Digital thieves’ most crucial adaptation in recent years has little to do with their technical tools and everything to do with their business model. (The Atlantic)
If you’d like to receive our newsletter in your inbox, please sign up here.