Overnight Cybersecurity: Trump picks Kelly deputy to lead DHS | House Intel to release Russian Facebook ads | House plans multiple Kaspersky hearings | Senators slam WH for missing Russia sanctions deadline

Overnight Cybersecurity: Trump picks Kelly deputy to lead DHS | House Intel to release Russian Facebook ads | House plans multiple Kaspersky hearings | Senators slam WH for missing Russia sanctions deadline
© Getty

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...



--TRUMP NOMINATES KRISTJEN NIELSEN TO HEAD DHS: President Trump plans to nominate Kirstjen Nielsen, a top aide to White House chief of staff John KellyJohn Francis KellyMORE, to lead the Department of Homeland Security (DHS), the White House announced Wednesday. Nielsen served as Kelly's top aide during his stint as DHS secretary earlier this year and continued to work as his deputy chief of staff after he moved to the West Wing. She has extensive experience in homeland security policy, cybersecurity and emergency management, the White House noted in its announcement. Nielsen previously worked at DHS as senior legislative policy director for the Transportation and Security Administration under President George W. Bush and served on the White House Homeland Security Council under Bush.

To read the rest of our piece, click here.

--...A CYBERSECURITY READY PICK: Nielsen was formerly the president of Sunesis Consulting, which focused on critical infrastructure resiliency and security, including cybersecurity.




A top German federal cybersecurity agency is unaware of Kaspersky Lab software being used in espionage, Reuters reported Wednesday.  "There are no plans to warn against the use of Kaspersky products since [our agency] has no evidence for misconduct by the company or weaknesses in its software," the BSI, whose name translates to the Federal Office of Information Security, told Reuters via email. Recent news stories have described Russian intelligence agencies as using the Moscow-based Kaspersky Lab's antivirus software to search for classified information. Antivirus software works by examining files, including by uploading some files to a central server for analysis. A report Tuesday night claimed Israel had monitored Russian operatives using that inspection system to search for files related to intelligence programs. The BSI, which uses Kaspersky products, told Reuters that the United States had provided no evidence that the media reports were accurate and would welcome seeing any such evidence.

To read the rest of our piece, click here.


The House Science, Space and Technology Committee is now planning to hold a series of hearings on software produced by Moscow-based Kaspersky Lab, The Hill has learned. The House Science, Space and Technology Committee initially planned to hold a hearing on Kaspersky on Sept. 27, an announcement that was made after the Department of Homeland Security (DHS) moved to bar federal agencies and departments from using the company's products over potential national security concerns. Eugene Kaspersky, the company's CEO, was initially slated to testify.  The committee postponed the initial hearing due to a scheduling conflict, and last week rescheduled it for Oct. 25. The committee is now planning multiple hearings, an aide told The Hill on Wednesday, and has not invited Kaspersky to testify on Oct. 25. "The witness list for the hearing on October 25 will change," the committee spokesperson said. "The committee is now planning a series of hearings on this issue. The committee has not reached out to Mr. Kaspersky to testify on October 25."

To read the rest of our piece, click here.


When The Hill asked whether Eugene Kaspersky, Kaspersky Labs founder, would attend the October 25th hearing, he told The Hill: "I look forward to hearing from the committee and having the opportunity to address their concerns directly."


Sen. Jeanne ShaheenCynthia (Jeanne) Jeanne ShaheenThe Hill's Morning Report - Sponsored by CVS Health - A pivotal day for House Republicans on immigration Overnight Defense: Senate confirms Haspel as CIA chief | Trump offers Kim 'protections' if he gives up nukes | Dem amendments target Trump military parade GOP, Dem lawmakers come together for McCain documentary MORE (D-N.H.), who has been tough on the Russian firm, again called for the Trump administration to declassify files about Kaspersky. "[T]he Senate Armed Services Committee should immediately schedule a hearing to asses this vulnerability to our national security. It's imperative that the Trump administration declassify information on Kaspersky Lab to raise awareness," she said in a statement.




Sens. John McCainJohn Sidney McCainHow House Republicans scrambled the Russia probe The Hill's 12:30 Report The Hill's Morning Report - Sponsored by CVS Health - A pivotal day for House Republicans on immigration MORE (R-Ariz.) and Ben CardinBenjamin (Ben) Louis CardinKim Jong Un surprises with savvy power plays Overnight Energy: EPA moves to roll back chemical plant safety rule | NASA chief says humans contribute to climate change | Pruitt gets outside lawyer House lawmakers to unveil water resources bill on Friday MORE (D-Md.) slammed the Trump administration on Wednesday for missing a key deadline in implementing sanctions against Russia.

"The delay calls into question the Trump administration's commitment to the sanctions bill which was signed into law more than two months ago, following months of public debate and negotiations in Congress. They've had plenty of time to get their act together," the pair said in a joint statement on Wednesday.

By Oct. 1, the McCain and Cardin-penned sanctions bill required the administration clarify which targets would be identified and punished as part of Russia's defense and intelligence sectors. The administration has not yet done so.

The bill had been intended to force President Trump into punishing Russia for its tampering in the 2016 presidential election, with legislators fearing that the president would be overly lenient.

On September 29, Trump issued a memorandum delegating most of the responsibilities for making the decisions outlined in the bill to members of the Cabinet. Trump passed the authority to determine who counted as military or intelligence to Secretary of State Rex TillersonRex Wayne TillersonTrump nominates Pacific Command head as ambassador to South Korea Trump’s offer could be just what Pyongyang was seeking BUILD Act must build in US values for global development projects MORE.

To read the rest of our piece, click here.


A LIGHTER CLICK: YET MORE EVIDENCE THE NEXT HEIST MOVIE WILL BE A LET DOWN. $1.8 million in gold passes through Swiss sewers every year.



SMALL BUSINESSES: The House on Wednesday approved legislation that would require the federal government to produce and disseminate guidance to help small businesses with cybersecurity.

The bill, introduced by Rep. Daniel Webster (R-Fla.), a member of the House Science, Space and Technology Committee, passed by a voice vote.

The legislation would require the National Institute of Standards and Technology (NIST), a nonregulatory standards laboratory housed in the Commerce Department, to produce cybersecurity resources for small businesses.

The NIST Small Business Cybersecurity Act of 2017 would direct NIST in coordination with other federal entities to offer additional resources to small businesses that choose to use its cybersecurity framework. Those resources would include guidelines, tools and best practices to help smaller organizations identify and reduce cybersecurity risks.

The Senate passed similar legislation offered by Sens. Jim RischJames (Jim) Elroy RischHouse passes bill to help small businesses guard against hackers Menendez admonished by Ethics panel, which says he broke the law GOP anxiety grows over Trump’s Iran decision MORE (R-Idaho) and Brian SchatzBrian Emanuel SchatzDemocratic senator: Trump Jr. meeting with Gulf emissary 'absolutely crazy' Hillicon Valley: Senate votes to save net neutrality | Senate panel breaks with House, says Russia favored Trump in 2016 | Latest from Cambridge Analytica whistleblower | Lawmakers push back on helping Chinese tech giant Overnight Health Care — Sponsored by PCMA — Trump official won't OK lifetime limits on Medicaid MORE (D-Hawaii) last month.

To read the rest of our piece, click here.



--PUBLIC WILL GET TO SEE RUSSIAN FACEBOOK ADS (THIS TIME, WITHOUT BEING TRICKED INTO IT): The House Intelligence Committee plans to release the Facebook ads purchased by Russian groups during the 2016 campaign. The Wednesday announcement from the panel's leaders comes a week after Facebook revealed that Moscow purchased online ads that specifically targeted swing states such as Michigan and Wisconsin as well as particular demographic groups in an attempt to influence the presidential election. Roughly 10 million Facebook users saw the ads, the company says, which were purchased by the Kremlin-linked Internet Research Agency. "We will be releasing them from our committee," Intelligence Committee ranking member Adam SchiffAdam Bennett SchiffSunday shows preview: Lawmakers weigh in after Texas school shooting The Hill's 12:30 Report The Hill's Morning Report: Mueller probe hits one-year mark MORE (D-Calif.) told reporters. "We are going to ask for Facebook's help to help scrub any personally identifiable information but it is our hope that when they get conclude, they will be released publicly," he continued. Chairman Mike ConawayKenneth (Mike) Michael ConawayImmigration fight threatens GOP farm bill White House urges support for House farm bill Overnight Finance: Supreme Court strikes down law banning sports betting | Lawmakers stunned by Trump push to help Chinese company | Ryan, GOP scramble to win support for controversial farm bill MORE (R-Texas) said he hopes to release the ads "as quick as we can." The announcement came after they met with top Facebook executive Sheryl Sandberg.

To read the rest of our piece, click here.

--...AND HOUSE INTEL WILL GET TO SEE CAMBRIDGE ANALYTICA INFO: The House Intelligence Committee has requested information from Cambridge Analytica about its work for President Trump's presidential campaign as part of its investigation into Russian interference. A spokesman for the data mining firm confirmed to The Hill that Cambridge Analytica "has been asked by the House Intelligence Committee to provide it with information that might help its investigation." The Daily Beast first reported Wednesday that the House panel was investigating Cambridge Analytica's work for the Trump campaign. However, the company spokesman refuted the notion that the company itself is under investigation, describing the report as having "significant inaccuracies." "As one of the companies that played a prominent role in the election campaign, Cambridge Analytica has been asked by the House Intelligence Committee to provide it with information that might help its investigation," the spokesman said.

To read the rest of our piece, click here.

--...PINTEREST CAUGHT IN FACEBOOK AD ROW:  Pinterest, the social media website known for bookmarking recipes or fashion ideas, helped spread Russia-linked political posts during the 2016 election. Pinterest became a repository for political posts created by Russians actors after other users on the web "pinned" the content to the scrapbook-like site, the company acknowledged to The Washington Post on Wednesday. It does not appear that the Russian operatives posted directly on the site, but their presence on Pinterest grew as users unknowingly bookmarked the Russian propaganda to their online boards. "We believe the fake Facebook content was so sophisticated that it tricked real Americans into saving it to Pinterest," Pinterest head of public policy Charlie Hale told the newspaper. "We've removed the content brought to our attention and continue to investigate."

To read the rest of our piece, click here.




The Equifax breach that was revealed last month exposed driver's license data for around 10.9 million people, The Wall Street Journal reported Wednesday.

Equifax had said that driver's license information had been taken in some cases as part of the breach, which compromised personal information for 145.5 million people, but the exact number was not disclosed.

To read the rest of our piece, click here.



Links from our blog, The Hill, and around the Web.

The House ordered undercover tests of NIST's physical security. NIST failed 15 out of 15 times. (The Hill).

It might be easier than you'd think to steal files from the NSA. (Daily Beast)

That's not an excuse to do it. (Overnight Cyber)

The best phishing emails are disguised as breach notification emails. (InfoSecurity)

Hackers stole secret info on military equipment, including the F-35, from an Australian defense contractor. (ZDNet)

Russia is making a play to block the U.S. extradition of an alleged cybercriminal. (Reuters)

North Korea sent "preliminary" phishing emails to U.S. utilities, but the risk is "very minor." (NBC News)

If you'd like to receive our newsletter in your inbox, please sign up here.