Overnight Cybersecurity: US power grid getting hammered

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry wrap their arms around cyberthreats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you...

THE BIG STORIES:

--CAN'T STOP, WON'T STOP: Critical infrastructure operators in the U.S. continue to face a hailstorm of hacks. Federal documents obtained by USA Today through a FOIA request revealed that hackers infiltrated the Department of Energy's computer system over 150 times between 2010 and 2014. As the department overseeing the country's power grid and nuclear weapons stockpile, the Energy Department is an attractive target for overseas cyber spies seeking to uncover vulnerabilities. Meanwhile, the Department of Homeland Security is warning critical infrastructure providers of a malicious spear-phishing campaign in which hackers use bogus emails to infiltrate users' networks. The campaign has targeted government facilities and chemical, critical manufacturing and energy companies.

ADVERTISEMENT
--SO SWOLE: Beijing is organizing a technology forum in Seattle to demonstrate its influence over the U.S. industry, according to a Wednesday report from The New York Times. The summit, scheduled for Sept. 23, coincides with Chinese President Jinping Xi's official state visit and follows a warning from the Chinese ambassador that rumored U.S. hacking sanctions of Chinese companies would be counterproductive if put in place in advance of Xi's visit. For China, the forum may be a way not only to push back on the possible sanctions, but also indicate that companies that want access to China's lucrative IT market will have to play by Beijing's strict cybersecurity rules. As for who made the guest list? Apple, Google, Uber and IBM, and other companies struggling to comply with China's oversight requirements. To read our full piece, click here.

--'WE WOULD GO CRAZY': The U.S. government should be able to request anyone's emails if that person's email provider is headquartered within the U.S., the Department of Justice argued Wednesday, according to multiple reports. Not so, Microsoft fired back during oral arguments in a federal appeals court. The tech giant is fighting the government over a warrant demanding Microsoft turn over a customer's emails, even though they were stored in Dublin, Ireland. "We would go crazy if China did this to us," Microsoft counsel Joshua Rosenkranz told the court, several outlets reported. Assistant U.S. Attorney Justin Anderson, countered that the request was more akin to seizing bank accounts. "It's not a question of ownership," he said, according to Reuters. "It's about custody and control." To read more on the oral arguments and overall case, check back tomorrow morning.

 

UPDATE ON CYBER POLICY:

--I'LL BE WATCHING YOU. The House Oversight Committee is only going to get tougher on lax cybersecurity, says Rep. Will Hurd (R-Texas).

"Oversight has taken on a new life in Congress," Hurd said Wednesday.

The freshman congressman, who happens to be the chair of the new House Oversight Subcommittee on Information Technology, pointed to the massive Office of Personnel Management (OPM) hack as the impetus behind the Oversight Committee's "new life," praising the congressional pressure that lead to the resignation of former agency Director Katherine Archuleta in July.

He also revealed a few key clues about what to expect in the next round of hearings addressing the hack. The $133-million contract that will provide identity theft protection services for those affected by the hack will be "a major topic," as well as what current agency leaders are doing to notify victims and prevent future breaches.

Read on, here.

 

WHO'S IN THE SPOTLIGHT:

--TURLA, the Russian-speaking cyber espionage group that has found a clever and novel scheme to mask the origins of their digital intrusion efforts: use satellites.

Turla, has been operating for nearly a decade. According to a Kaspersky Lab report last year, the team has infiltrated more than 500 government agencies and military targets in at least 45 countries, including the United States.

Now Kaspersky has noticed a unique strategy that is helping the squad remain undetected.

Essentially, Turla is routing their cyberattacks through satellites. This means that even if discovered, investigators will trace the attack back to a remote satellite location, not the computer from which it was launched.

Read more, here.

 

A REPORT IN FOCUS:

--OFF THE CHARTS. It's not news that cybersecurity stocks are booming (Check out our piece from July on the explosion). But Bank of America has released a long report with some mind-boggling stats and charts displaying just how well cyber stocks have fared in recent years.

It also has an interesting breakdown showing how the stock prices of hacked companies fared in the wake of announcing a data breach. Spoiler: it's not great.

The Wall Street Journal picks out the best of the bunch. Check it out here.

 

A LOOK AHEAD:

THURSDAY

--The Intelligence and National Security Alliance will hold the second day of its conference on U.S. intelligence. NSA Director Michael Rogers and CIA Director John Brennan will speak, as well as three leaders from congressional intelligence committees -- Senate Intelligence Committee Ranking Member Dianne FeinsteinDianne Emiel FeinsteinGrassley blasts Democrats over unwillingness to probe Clinton Avalanche of Democratic senators say Franken should resign Blumenthal: ‘Credible case' of obstruction of justice can be made against Trump MORE (D-Calif.), House Intelligence Committee Chairman Devin Nunes (R-Calif.) and House Intelligence Ranking Member Adam SchiffAdam Bennett SchiffHouse Democrat slams Donald Trump Jr. for ‘serious case of amnesia’ after testimony Top intel Dem: Trump Jr. refused to answer questions about Trump Tower discussions with father Erik Prince says meeting with Russian banker unrelated to Trump campaign MORE (D-Calif.).

--The House Intelligence Committee will hold an open hearing on "worldwide cyber threats" at 10 a.m.

--The oversight subcommittee for the House Science, Space and Technology Committee will hold a hearing on "vulnerabilities in America's power supply" at 10 a.m.

--The Software & Information Industry Association (SIIA) and the Computer & Communications Industry Association are hosting an event at 12 p.m. on the Judicial Redress Act. Sens. Orrin HatchOrrin Grant HatchMcConnell names Senate GOP tax conferees Ryan pledges 'entitlement reform' in 2018 Utah governor calls Bannon a 'bigot' after attacks on Romney MORE (R-Utah) and Chris MurphyChristopher (Chris) Scott MurphyAvalanche of Democratic senators say Franken should resign Senate passes tax overhaul, securing major GOP victory Dem senator compares GOP tax bill to unicorns, Tupac conspiracy theories MORE (D-Conn.) will speak.

--The House Judiciary Committee will hold a hearing on commercial drone use policy at 2 p.m.

FRIDAY

--The Atlantic Council will hold an event titled "Sanctioning Chinese Cyber Theft" at 9 a.m.

 

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

Cyberextortionists are blackmailing financial institutions, threatening to take down their Web sites unless they cough up bitcoin ransoms. (Bloomberg)

Well-known cybersecurity firms like FireEye are cozying up to government to boost their bottom lines. (The Wall Street Journal)

The stalled Cybersecurity Information Sharing Act won't do much to improve either the effectiveness or the timeliness of threat sharing, says cybersecurity policy expert Rob Knake. (Christian Science Monitor)

The Justice Department is considering clarifying the 1986 Computer Fraud and Abuse Act after critics suggested the legislation is outdated and overly-broad. (The Associated Press)

The U.S. government needs to hire hackers who think like, well, hackers. (Slate)

Companies are scrambling to invest in cyber, creating yet another $1 billion startup in Silicon Valley. (CNET)

National Security Agency cyber experts were called in only after the Office of Personnel Management discovered it had been hacked. (NextGov)

Hackable cars may shift the burden of legal and regulatory liability on to manufacturers and away from vehicle operators, experts say. (Reuters)

British banks are being hit by a surge in bitcoin extortion schemes. (ArsTechnica)

A WhatsApp vulnerability has allowed attackers to compromise millions of the app's users. (CheckPoint)

If you'd like to receive our newsletter in your inbox, please sign up here: http://goo.gl/KZ0b4A