By Tim Starks | 10/10/2017 10:00 AM EDT
With help from Martin Matishak
CAMPAIGN FOR 702 BILL UNDERWAY - The House Judiciary Committee late last week formally introduced its long-awaited bill to extend and overhaul warrantless surveillance tools. Now the rubber meets the road, with the panel's senior leaders looking to get their colleagues, particularly members of the House Intelligence Committee, onboard with the Uniting and Strengthening American, or USA, Liberty Act (H.R. 3989). Judiciary Chairman Bob Goodlatte and others have stumped hard for their measure and are keen to avoid a split that would lead Intelligence to draft a second bill to renew the spying programs - which are slated to expire at the end of year - and potentially muddy the waters.
And there is work to do on potential reauthorization of so-called Section 702 authority under the Foreign Intelligence Surveillance Act. "The difference between Judiciary and Intelligence committee needs to be rectified because I think it's too far apart," Rep. Tom Rooney, who chairs the House Intelligence Committee's NSA and Cybersecurity subpanel, told Martin late last week. The Florida Republican said he planned to consult with his committee's staff about the Judiciary bill. "We can't have two bills," according to Rooney, who added that he wants the leader of both panels to spearhead an eventual bill but isn't sure that will happen. "If not, 702's in deep trouble," he said.
The Intelligence Committee's top Democrat isn't ready to sound the alarm. "I think there are additional changes that we want to be made and those will be the subject of discussion and negotiation," Rep. Adam Schiff said. "I think that part of the reform issue will go to the circumstances in which you can query the database through using U.S. person identifiers. All of the other issues I think are relatively easy to resolve," he added, before emphasizing that the search issue "has the greatest impact on the capabilities of the program, so that's where we're going to have to really work together to come up with a solution that makes sense."
Meanwhile, President Donald Trump hasn't done any favors for his national security team - which is lobbying Congress to renew the spying tools well before the Dec. 31 deadline - with his blanket statements about surveillance and wiretaps. The rhetoric from the White House has also made life more difficult for the statute's Capitol Hill supporters. "It's made it harder for us, there's no doubt about it," said Rep. Chris Stewart, who chairs the House Intelligence Committee's defense subpanel. "If I'm a little conflicted on this, you can imagine what some of the folks are who kind of lean in that direction already. It's going to make it harder for us."
HAPPY TUESDAY and welcome to Morning Cybersecurity! Hope you all had a restful holiday. Your MC host spent a fair amount of it rooting for the knight Keegan at RenFest, but (spoiler alert) he mainly got thrashed. Send your thoughts, feedback and especially tips to email@example.com and be sure to follow @timstarks, @POLITICOPro and @MorningCybersec. Full team info below.
RUSSIA, SOCIAL MEDIA SCRUTINY DEEPENS - There's a push in Congress for additional disclosures from tech companies about who's buying advertisements on their outlets. Reuters reported Monday that Google discovered Russians had spent tens of thousands of dollars on ads across Google properties including YouTube as part of its effort to influence the 2016 elections. Sen. Amy Klobuchar said in response to the ad buys: "We must update our laws to ensure that when political ads are sold online Americans know who paid for them." She's one of several lawmakers who has advocated for legislation for greater disclosure. Some Russia-bought ads appeared on Instagram, too, Facebook revealed. And Russia targeted veterans on social media, according to a new Oxford University study.
SINO-AMERICAN CYBER HANDSHAKE - The United States and China late last week agreed to continue the cyber cooperation that began in 2015 under presidents Barack Obama and Xi Jinping. That includes an ongoing ban on cyber theft of intellectual property, answering each others' requests for information on malicious cyber activities, law enforcement coordination on cybercrime and working together to develop norms for operating in cyberspace. A Justice Department statement also said a meeting on Oct. 4 of high-level officials from both countries led to support for getting better in certain areas, too.
"Both sides intend to improve cooperation with each other on cybercrime, including sharing cybercrime-related leads and information, and responding to Mutual Legal Assistance requests, in a timely manner, including with regard to cyber fraud (including business email compromises), hacking crimes, abuse of internet for terrorist purposes, and internet dissemination of child pornography," according to the statement.
OIL THAT IS, BLACK GOLD, TEXAS TEA - The founder of an oil and gas networking website who pleaded guilty to hacking a rival site he created was sentenced on Friday to a year and a day in prison. David Kent, 41, was charged last year with stealing the data of over 700,000 customers from Rigzone.com - which he sold for $51 million in 2010 - in a bid to increase the membership of his new website, Oilpro.com, between 2013 and 2016. Kent pleaded guilty to one count of fraud and related activity in connection with computers last December. He was sentenced to his prison term, and three years of supervised release, by a U.S. district judge in Manhattan.
PRICE TAG ON PORT SECURITY - Legislation the House Homeland Security Committee approved last month to strengthen port cybersecurity would cost the federal government $38 million over the next four years, according to a Congressional Budget Office estimate . The bill (HR 3101) would require the Homeland Security Department to develop a model for assessing maritime cyber risks and seek to improve information sharing on threats to ports. "According to DHS, many of the activities required under the bill are consistent with current administrative policy, but implementing some efforts - particularly those aimed at increasing the capacity for information sharing among maritime stakeholders - would require additional spending," the CBO estimate, released last week, states.
WHAT'S THE FREQUENCY, KENNETH? - DHS awarded $194,000 to a company that uses the equivalent of radio frequency-hopping to confuse hackers, according to an announcement from the department's science and technology wing late last week. Woodland Park, Colo.-based NexiTech's technology focuses on financial institutions' storage devices and networks. "The NexiTech security architecture broadens active defense technologies within the finance sector, which will be an exciting development for this industry," said Eric Harder, program manager for S&T Cyber Security Division's Next Generation Cyber Infrastructure Apex program.
RECENTLY ON PRO CYBERSECURITY - Foreign-made hardware and software in U.S. voting machines makes them vulnerable to hackers, according to a report due out from DEFCON today. ... Trump Chief of Staff John Kelly might have had his phone hacked at Trump transition headquarters, White House officials believe. ... The House Science Committee has rescheduled a hearing on the potential threat posed by Russia-based antivirus firm Kaspersky Lab, although it's unclear if CEO Eugene Kaspersky will appear. ... "The Federal Deposit Insurance Corp. failed to follow its own internal procedures for quickly notifying individuals that their personal information might have been compromised in data breaches between Jan. 1, 2015, and Dec. 1, 2016, the agency's watchdog found."
TWEET OF THE DAY - Zimbabwe just created a cyber ministry after a top official said social media would be treated as a security threat, and already someone's proving the threat is real.
PEOPLE ON THE MOVE
- The Retail Cyber Intelligence Sharing Center shook up its leadership structure during its annual summit in Chicago last week. The center added two new companies to its board,The Estée Lauder Companies and Scotts Miracle-Gro Company. Lauren Dana Rosenblatt, Estée Lauder's executive director for cyber threat management, and Grant Sewell, who manages global information security for Scotts, will serve as the board's directors. The center also elected David Spooner, the senior vice president and chief information security officer at The TJX Companies, Inc. to be the board's new secretary.
- The Pentagon plans to keep buying software from companies that have allowed Russia to review their source code. Defense One.
- "Russians' lawyer says new documents show Trump Tower meeting not about dirt on Clinton." CNN.
- Russians who moved to Silicon Valley have hacking fears hanging over them. New York Times.
- What U.S. agencies are doing to help states guard against Russian election hackers, via NBC News.
- CyberScoop reports that feds are rushing to get security clearances to two states holding gubernatorial elections to share hacking info with them.
- "UK tech firm Micro Focus to curb code reviews by 'high risk' governments." Reuters.
- Former secretary of state and presidential candidate Hillary Clinton discussed cyber war. Stanford News.
- When it comes to companies like Equifax, it makes sense to blame the victim of the data breach, Rob Knake writes for the Council on Foreign Relations.
- "China denies links to alleged cyber attacks in United States targeting exiled tycoon Guo." Reuters.
- Phone cracker Cellebrite says it's getting harder to get into iPhones. CyberScoop.
- Hackers broke into Amazon cloud accounts to mine bitcoin. Business Insider.
- A Nationwide survey found that a lot of companies didn't know they were cyberattack victims because they didn't consider some attack forms to be attacks.
That's all for today. KEEGAN KEEGAN KEE-oh dang it, c'mon, Keegan.
Stay in touch with the whole team: Cory Bennett (firstname.lastname@example.org, @Cory_Bennett); Bryan Bender (email@example.com, @BryanDBender); Eric Geller (firstname.lastname@example.org, @ericgeller); Martin Matishak ( email@example.com , @martinmatishak) and Tim Starks (firstname.lastname@example.org, @timstarks).
To view online:
Please click here and follow the steps to unsubscribe.