Overnight Cybersecurity: Lawmakers grapple with cyber war rules | Experts say WH leak crackdown could backfire | House panel approves cyber framework bill
Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …
THE BIG STORIES:
LAWMAKERS GRAPPLE WITH CYBER WARFARE RULES: Members of Congress are grappling with the new era of cyber warfare as the government works to define what acts in cyberspace should warrant a military response. The Trump administration is required by law to spell out, within a year, what behaviors in cyberspace may constitute acts of war against the United States. That requirement was created by legislation signed last year by President Obama and mimics legislation introduced by Sens. Mike Rounds (R-S.D.) and Angus King (I-Maine) in May. “Cyberspace is a new and evolving battlefield in the 21st century, and our provision, which is now law, is an attempt to gain some clarity in this largely unchartered field,” King told The Hill in a statement. “I am hopeful that the resulting reports, along with continued congressional hearings, will help shape strategies and policies for cyberspace that better enable our government to determine how to respond to cyberattacks and deter malicious actors from launching them in the first place,” King said.
To read the rest of our piece, click here.
HOUSE JUDICIARY EYES REAUTHORIZING NSA SURVEILLANCE WITH PRIVACY TWEAKS: The House Judiciary Committee on Wednesday generally agreed that a controversial surveillance measure was both necessary for renewal and in need of some reform. Foreign Intelligence Surveillance Act Section 702 allows the NSA to monitor the communications of foreign citizens outside of the United States. While the intelligence community touts it as a vital component of its surveillance apparatus, critics note that United States citizens communicating with foreigners can also have data captured. “I believe when it comes to terrorists, we hunt them down and kill them. I don’t believe anyone on this committee has any problem with Section 702 in how it goes after foreign bad dudes in foreign nations,” said Rep. Ted Lieu (D-Calif.). “I think many of us have concerns when it comes to American citizens and how they incidentally get caught up in the surveillance.” That information captured by Section 702 can be passed, stored, searched and used in prosecutions by the FBI, which concerned the Committee members as a potential violation of Fourth Amendment rights.
To read the rest of our piece about the debate, click here.
INSIDER ATTACK EXPERT SAYS WHITE HOUSE EFFORTS AGAINST LEAKERS COULD BACKFIRE: An expert on insider threats says White House efforts to punish staffers could backfire and exacerbate the administration’s leaking problem. Matthew Bunn, co-editor of the new book “Insider Threats,” warns that White House press secretary Sean Spicer’s reported efforts to perform spot checks on staffer phones risks making disgruntled employees even more unhappy — and more likely to leak. “An aggressive approach to insiders will increase disgruntlement,” he said. Bunn, a Harvard professor, edited the book with Stanford professor Scott D. Sagan. It includes submissions from academics and experts around the world who trace inside threats ranging from Indira Gandhi’s assassination at the hands of her guards to the Fort Hood massacre to famous leakers like Chelsea Manning and Edward Snowden.
To read the rest of our piece, click here.
A POLICY UPDATE:
HOUSE PANEL APPROVES CYBER FRAMEWORK BILL: A House panel on Wednesday approved a bill designed to encourage federal agencies to adopt a cybersecurity framework developed by the National Institute of Standards and Technology (NIST).
The House Committee on Science, Space and Technology approved the bill largely along party lines, despite opposition from Democrats to provisions in the bill requiring NIST to evaluate and audit federal agencies’ adoption of the cybersecurity and technology guidelines.
Rep. Ralph Abraham (R-La.) introduced the NIST Cybersecurity Framework, Assessment, and Auditing Act of 2017 earlier this week, couching it as a response to recent high-profile cyber breaches like those at the Office of Personnel Management and IRS.
“Much as the nature of cyber-attacks continue to evolve to reflect the sophistication of the cyber criminals, we in the government must also be willing to evolve to protect Americans and our government,” Abraham, who is vice chair of the subcommittee on research and technology, said in opening remarks Wednesday.
“That evolution starts with thinking outside the box instead of maintaining a business as usual approach,” he said.
Rep. Eddie Bernice Johnson (D-Texas), the committee’s ranking member, argued that NIST should not be responsible for assessing or auditing the adoption of the framework by federal agencies, citing recent testimony from the Government Accountability Office and outside experts.
To read the rest of our piece, click here.
A LIGHTER CLICK:
ROBOTS VULNERABLE TO HACKS: Robots from a variety of manufacturers are the latest network-connected product that researchers say are vulnerable to a bevy of attacks.
The security firm IOActive tested humanoid robots from several major manufacturers, including SoftBank and Ubtech, as well as industrial robots from Universal Robotics. For the purposes of their study, robots were defined as devices with programmable appendages.
IOActive found more than 50 common vulnerabilities throughout the ecosystem, including poor authentication practices, unshielded communications and the use of a nonsecure operating system known as the Robot Operating System.
IOActive is currently working with the manufacturers to fix the problems and has not publicly shared which problems each robot has.
To read the rest of our piece, click here.
A REPORT IN FOCUS:
COMPANIES FACE CYBERSECURITY HURDLES: A new survey commissioned by the Center for Strategic and International Studies and produced by Intel Security examines how “misaligned incentives” at companies across country borders and industries are working against their cybersecurity efforts.
The study, released Wednesday, surveyed cybersecurity representatives from companies in several different countries and across major industry sectors. Among its findings, the survey showed that companies are increasingly labeling cybersecurity as a threat to their operations.
“Hard lessons have been learned since then as companies and governments around the world have experienced cyberattacks exceeding $400 billion in total annual cost,” the report states. “A majority of respondents to our survey now rate cybersecurity risk as one of the top three risks facing their organization, confirming that cybersecurity now ranks among the top concerns for companies. Our survey shows a marked change in board attitudes toward cybersecurity.”
Still, the survey found a disconnect between strategies to confront cybersecurity and companies’ efforts to implement them.
To read the full report, click here.
WHAT’S IN THE SPOTLIGHT:
EXPERTS TELL CONGRESS TO BRACE FOR ‘ROBOTIC SOLDIERS’: House lawmakers were warned Wednesday that artificial intelligence could soon be used by potential adversaries in military operations.
Jason Healey, a senior fellow on the Atlantic Council’s Cyber Statecraft Initiative, told members of a House panel with oversight of the Pentagon that he expects the capabilities to be developed in the next decade.
“There has been lot of speculation … about how soon it will be before robotic soldiers take the place of the fight in the kinetic world,” Rep. Mike Conaway (R-Texas) asked the panel of cyber experts. “How soon will A.I. supplant the need …for all these human beings to be able to defend these networks and do what we do?”
Healey answered that he expects the capability to be developed more quickly than anticipated.
Peter Singer, a strategist at the New America Foundation, said that artificial intelligence is among the potential “disruptions” being developed in the realm of cyber conflict.
“It’s not just when is it going to happen. But we don’t yet know is it going to privilege the offense or defense, what are going to be the affects of it,” Singer said, recommending that Congress hold a classified hearing on where the U.S. stands in comparison to likely adversaries on this capability.
To read the rest of our piece, click here.
IN CASE YOU MISSED IT:
Links from our blog, The Hill, and around the Web.
President Trump makes no direct mention of Russia during first address to Congress (The Hill)
Former intelligence chief James Clapper joins Harvard center as non-resident senior fellow (The Hill)
Former DHS cybersecurity official says it’s time for a cybersecurity grant program for states (The Hill)
Researchers find vulnerability in WordPress plugin (Ars Technica)
There has been an uptick in intelligence officials leaving for the private sector since Trump took office (Reuters)
New York cyber regulations go into effect (Fortune)
If you’d like to receive our newsletter in your inbox, please sign up here.
This story was updated at 8:32 p.m.
Copyright 2024 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed..