Overnight Technology

Hillicon Valley — Blinken unveils new cyber bureau at State

Today is Wednesday. Welcome to Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Subscribe here: digital-staging.thehill.com/newsletter-signup.

Follow The Hill’s cyber reporter, Maggie Miller (@magmill95), and tech team, Chris Mills Rodrigo (@millsrodrigo) and Rebecca Klar (@rebeccaklar_), for more coverage.

Secretary of State Antony Blinken on Wednesday outlined a swath of measures designed to bring the State Department into the 21st century, including establishing a new cybersecurity bureau organized in a way that prioritizes cyber diplomacy at the agency.

Meanwhile, lawmakers this week debated how to further secure key transportation sectors against cyber threats, and a federal judge in Florida ruled that former President Trump’s case against Twitter must be heard in California. 

Let’s jump in.

 

State Dept. beefs up cybersecurity efforts 

Secretary of State Antony Blinken on Wednesday formally announced the establishment of a new cyber bureau at the State Department to help tackle cyber and emerging technology diplomatic issues.

Big picture: The new Bureau of Cyberspace and Digital Policy was announced by Blinken in a speech focused on the reorganization and modernization of the State Department to meet 21st century needs, with Blinken noting he consulted with Congress and outside experts prior to establishing the office. 

“We have a major stake in shaping the digital revolution that is happening around us, and making sure that it serves our people, protects our interests, boosts our competitiveness and upholds our values,” Blinken said during remarks at the State Department’s Foreign Service Institute. 

“I intend, with the support of Congress, to establish a new Bureau for Cyberspace and Digital Policy, headed by an ambassador-at-large, and to name a new special envoy for critical and emerging technology,” he announced.

Long buildup: The new bureau is being established over four years after former Secretary of State Rex Tillerson merged the former Office of the Coordinator for Cyber Issues with another State Department office, drawing widespread criticism that the move could undermine the department’s cyber diplomacy efforts. 

Read more here.

 

Securing transportation against hackers

 
Lawmakers are split on the next steps that should be taken to secure key transportation avenues like air and rail against cyber threats.

Alarms about the risks to transportation have grown louder since the Colonial Pipeline hack, but lawmakers disagree over whether directives from the Transportation Security Administration (TSA) go too far or not far enough.

Lawmakers are focused on threats to pipelines, rail transit and aviation.

Background: After the Colonial hike caused crippling gas shortages in multiple states in May, the TSA issued two directives to secure pipelines. 

Homeland Security Secretary Alejandro Mayorkas announced earlier this month that the TSA would soon issue security directives for rail and aviation, which will require higher-risk transit entities to report cybersecurity incidents to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, among other measures.

Multiple transportation-related organizations have been the victims of cyberattacks in recent years. The New York Times reported that computer systems for New York’s Metropolitan Transportation Authority were hacked by Chinese-linked hackers in April, while the Port of Houston was hit by a cyberattack this past summer. 

Process concerns: But while most officials agree on the need to prioritize cybersecurity after a year that has seen a concerning rise in ransomware and other cyberattacks against critical infrastructure, the speed and process around the directives being put out is worrying to some. 

Read more about the concerns here.

HEADING WEST

A federal judge in Florida on Tuesday said former President Trump’s legal effort to have his Twitter account restored must be heard in California.

Miami-based U.S. District Judge Robert Scola Jr. ruled that Trump agreed to be bound by Twitter’s terms of service in 2009 when he created his @realdonaldtrump handle while he was a private citizen. Those terms include a so-called forum selection clause requiring that suits against the San Francisco-based company be brought to federal court in Northern California. 

Scola, an Obama appointee, rejected Trump’s claim that his position as a sitting president should exempt him from that requirement. 

“Trump’s former status as the President of the United States does not preclude the application of the forum selection clause,” Scola wrote in a 13-page ruling.

Read more here.

HACKERS EYE NRA

The National Rifle Association (NRA) has been hit by a ransomware attack, becoming the latest victim of a massive spike in these attacks this year, according to multiple reports Wednesday.

NBC News reported that a Russian cybercriminal group known as Grief posted files on its website on the dark web on Wednesday that it claimed to have stolen from the NRA.

Experts told NBC News that Grief was likely a rebrand of the cyber criminal group Evil Corp, which was linked last week to the ransomware attack on Sinclair Broadcast Group.

Allan Liska, a senior intelligence analyst at cybersecurity group Recorded Future, told The Hill that there was “significant code overlap” between ransomware used by Grief and the variant used by Evil Corp.

Read more about the attack here.

 

Feds review Facebook docs 

The Federal Trade Commission (FTC) is looking into disclosed Facebook documents that indicate the company may have violated its 2019 settlement with the regulatory agency over privacy concerns, The Wall Street Journal reported. 

Staff at the agency have reportedly started looking at internal Facebook research that identified ill effects of the company’s products, and whether it violated the settlement agreements, according to the Journal. 

The FTC declined to comment.

A Facebook spokesperson said the company is “always ready to answer regulators’ questions and will continue to cooperate with government inquiries.”

Read more here.

BITS AND PIECES

An op-ed to chew on: Employees are not showing up to work–employers are replacing them with robots

Lighter click: Freddie has a point

Notable links from around the web:

In Poland’s politics, a ‘social civil war’ brewed as Facebook rewarded online anger (The Washington Post / Loveday Morris)

‘Cyber event’ knocks dairy giant Schreiber Foods offline amid industry ransomware outbreak (CyberScoop / Tim Starks)

Facebook’s hiring crisis: Engineers are turning down offers, internal docs show (Protocol / Anna Kramer)

One last thing: Chopra jumps in as CFPB head 

Consumer Financial Protection Bureau (CFPB) Director Rohit Chopra found rare common ground with Republicans on Wednesday over efforts to address market-shifting actions by tech giants.

Chopra told the House Financial Services Committee during a hearing that the CFPB would “focus most of its resources on the largest firms that are engaged in nationwide harm,” instead of smaller companies less capable of fighting back.

“One of the things that drives me a little crazy is when federal agencies don’t focus their efforts on nationwide or systemic or severe harm,” said Chopra, a progressive Democrat, referring to the Federal Trade Commission (FTC).

Chopra served as an FTC commissioner from 2018 until his confirmation as CFPB director earlier this month. His criticism of fellow FTC commissioners for what he considered insufficient penalties for major tech companies drew high praise from Silicon Valley critics in both parties while alienating several of his colleagues.

During his first congressional appearance as CFPB director, Chopra again rebuked the FTC, saying it let Facebook and Google “off the hook” while “strong-arming” smaller firms into settlements. He said that under his watch, the CFPB would focus on cases “really totally beyond the pale” where large companies “clearly knew what the rules were” yet did not comply.

Read more here

That’s it for today, thanks for reading. Check out The Hill’s technology and cybersecurity pages for the latest news and coverage. We’ll see you Thursday.