Overnight Cybersecurity: Tillerson proposes new cyber bureau at State | Senate bill would clarify cross-border data rules | Uber exec says 'no justification' for covering up breach

Overnight Cybersecurity: Tillerson proposes new cyber bureau at State | Senate bill would clarify cross-border data rules | Uber exec says 'no justification' for covering up breach
© Getty Images

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...



-- TILLERSON PROPOSES NEW CYBER OFFICE AT STATE: Secretary of State Rex TillersonRex Wayne TillersonFormer WH adviser: Trump will want to rejoin Paris climate pact by 2020 Why the US should lead on protecting Rohingya Muslims 'Bolivarian Diaspora' can no longer be ignored MORE is proposing the unification of two separate offices at the State Department to form a single bureau that will focus on a wide range of cyber issues. A State Department spokesperson told The Hill that the two offices, the Office of the Cybersecurity Coordinator and the Bureau of Economic Affairs' Office of International Communications and Information Policy, would be unified in order to form the proposed Bureau for Cyberspace and the Digital Economy. "The combination of these offices in a new Bureau for Cyberspace and the Digital Economy will align existing resources under a single Department of State official to formulate and coordinate a strategic approach necessary to address current and emerging cyber security and digital economic challenges," Tillerson said in a Tuesday letter to House Foreign Affairs Committee Chairman Ed RoyceEdward (Ed) Randall RoyceRetiring GOP rep: ‘I think we should look at maybe the length of our chairmanships’ Outgoing GOP rep: Republican Party 'heading into trouble' in election Sunday shows preview: Russian charges, Florida shooting dominate coverage MORE (R-Calif.). "The Department of State must be organized to lead diplomatic efforts related to all aspects of cyberspace," the secretary added. The decision comes after Tillerson faced scrutiny from both parties last year over his decision to fold the standalone Office of Cybersecurity Coordinator into an economic-focused bureau as part of his broad efforts to reorganize the agency.

To read the rest of our piece, click here.


-- SPEAKING OF THE STATE DEPARTMENT... GOP PROBES PUT NEW FOCUS ON STATE: Republicans have former President Obama's State Department in their crosshairs as they question whether FBI and Justice Department investigations into President TrumpDonald John TrumpAccuser says Trump should be afraid of the truth Woman behind pro-Trump Facebook page denies being influenced by Russians Shulkin says he has White House approval to root out 'subversion' at VA MORE were tainted by political bias and influence from key figures in Hillary ClintonHillary Diane Rodham ClintonWoman behind pro-Trump Facebook page denies being influenced by Russians Trump: CNN, MSNBC 'got scammed' into covering Russian-organized rally Pennsylvania Democrats set to win big with new district map MORE's orbit. Congressional Republicans have signaled that they are looking at whether the State Department, then run by John KerryJohn Forbes Kerry2020 Dem contenders travel to key primary states When it comes to Colombia, America is in a tough spot 36 people who could challenge Trump in 2020 MORE, passed along information from Clinton's allies that may have been used by the FBI to launch an investigation into whether the Trump campaign had improper contacts with Russia. A highly redacted criminal referral from Senate Judiciary Committee Chairman Chuck GrassleyCharles (Chuck) Ernest GrassleyPavlich: The claim Trump let the mentally ill get guns is a lie Congress fails miserably: For Asian-Americans, immigration proposals are personal attacks Grassley, Dems step up battle over judicial nominees MORE (R-Iowa) to FBI Director Christopher Wray and Deputy Attorney General Rod RosensteinRod Jay RosensteinOvernight Cybersecurity: Lawyer charged in Mueller probe pleads guilty to lying | Sessions launches cyber task force | White House tallies economic impact of cyber crime Sessions creates cyber task force to study election interference Dopey Russian ads didn't swing voters — federal coverups did MORE offers new clues about the GOP probes. In the referral, Grassley writes that former British intelligence official Christopher Steele crafted a memo in addition to the infamous dossier of opposition research on Trump that was funded by the Democratic National Committee and Hillary Clinton's presidential campaign. The conservative website Washington Free Beacon used the same opposition research firm, Fusion GPS, for research on Trump before Clinton and the DNC got involved, but that work did not involve Steele.

To read the rest of our piece, click here.

-- HOUSE INTEL POSTPONES BANNON INTERVIEW IN DISPUTE OVER QUESTIONING: Former White House chief strategist Stephen Bannon's testimony before the House Intelligence Committee has been postponed for the third time amidst fierce wrangling over what lawmakers will be able to question him about. Bannon was scheduled to make a return trip to Capitol Hill at 10 a.m. on Tuesday, as lawmakers seek answers about Russian meddling in the 2016 presidential election and whether Trump campaign officials had improper contacts with Moscow. Bannon frustrated lawmakers in both parties at a previous interview in which he refused to answer questions about his time in the Trump transition or administration, prompting the committee to issue a subpoena that remains in force. Rep. Mike ConawayKenneth (Mike) Michael ConawayOvernight Cybersecurity: US, UK blame Russia for 'notPetya' attack | Bannon refuses to answer questions not pre-approved by White House | 'Hack the Air Force' yields 100 vulnerabilities Bannon interviewed by Mueller in past week: report Bannon refuses to answer questions not pre-approved by the White House MORE (R-Texas), who is leading the Intelligence Committee's Russia probe, said talks are ongoing and in a statement confirmed that committee negotiators had called off this week's appearance. A spokesman for Conaway said the interview has been postponed until next week.

To read the rest of our piece, click here.



HATCH INTRODUCES BILL TO CLARIFY CROSS-BORDER DATA POLICIES:  Sen. Orrin HatchOrrin Grant HatchOvernight Finance: NAFTA defenders dig in | Tech pushes Treasury to fight EU on taxes | AT&T faces setback in merger trial | Dems make new case against Trump tax law | Trump fuels fight over gas tax What sort of senator will Mitt Romney be? Not a backbencher, even day one Lawmaker interest in NAFTA intensifies amid Trump moves MORE (R-Utah) on Monday introduced a bill aimed at creating a clearer framework for law enforcement to access data stored in cloud computing systems.

Hatch's "Clarifying Lawful Overseas Use of Data" (CLOUD) Act would make it easier for U.S. officials to create bilateral data sharing agreements. That would allow them to access data stored overseas and allow foreign law enforcement access to data stored on U.S. firms' servers.

The legislation is cosponsored by Sens. Chris CoonsChristopher (Chris) Andrew CoonsAfter Florida school shooting, vows for change but no clear path forward Democrats put Dreamers and their party in danger by playing hardball Sunday shows preview: Russian charges, Florida shooting dominate coverage MORE (D-Del.), Lindsey GrahamLindsey Olin GrahamCongress punts fight over Dreamers to March Pence tours Rio Grande between US and Mexico GOP looks for Plan B after failure of immigration measures MORE (R-S.C.) and Sheldon WhitehouseSheldon WhitehouseCommittee chairman aims for House vote on opioid bills by Memorial Day Regulators seek to remove barriers to electric grid storage Prison sentencing bill advances over Sessions objections MORE (D-R.I.)

The law currently doesn't specify whether or not the government can demand that U.S. companies give it data they have stored abroad. The CLOUD Act would amend this, likely impacting Microsoft's pending Supreme Court case over data it has stored in Ireland. A lower court previously ruled that Microsoft doesn't have to turn over data stored overseas, following a request for it to do so by the Department of Justice.

Microsoft CEO Brad Smith praised the legislation in a tweet, calling it an "important step toward enhancing & protecting privacy while reducing international legal conflicts."

Tech trade associations, which lobby on behalf of Microsoft and other companies, signed onto a letter supporting the legislation.

To read the rest of our piece, click here.



A biotech CEO broadcasts himself self-injecting a herpes treatment on Facebook Live. Why? To market experimental gene treatments. (Technology Review)



DHS NEEDS TO BETTER ASSESS CYBER WORKFORCE: A government watchdog says there is an "urgent" need for the Department of Homeland Security (DHS) to identify critical positions in its cybersecurity workforce.

The Government Accountability Office (GAO) is out with a new report asserting that Homeland Security will not be able to best assess its cyber workforce and find critical gaps without addressing current shortcomings in the way that it identifies and reports critical posts.

The GAO says that the department has taken steps to identify critical cyber posts but that these actions have not been "timely and complete." According to the report issued Tuesday, GAO found that Homeland Security had identified and assigned codes to 79 percent of its cybersecurity positions, even though officials told Congress in August of last year that it had accounted for and coded 95 percent of these positions.

"In addition, although DHS has taken steps to identify its workforce capability gaps, it has not identified or reported to the Congress on its department-wide cybersecurity critical needs that align with specialty areas," the report states. "The department also has not reported annually its cybersecurity critical needs to the Office of Personnel Management (OPM), as required, and has not developed plans with clearly defined time frames for doing so."

GAO is recommending Homeland Security take six actions to quantify these positions, "including ensuring that its cybersecurity workforce procedures identify position vacancies and responsibilities; reported workforce data are complete and accurate; and plans for reporting on critical needs are developed."

To read more from the report, click here.



UBER: An Uber executive told Congress on Tuesday that there was "no justification" for the company covering up a massive 2016 data breach that exposed the information of 57 million people.

"I think we made a misstep in not reporting to consumers and I think we made a misstep in not reporting to law enforcement," John Flynn, Uber's chief information security officer, told a Senate panel.

Flynn confirmed reports that the company paid one of the hackers $100,000 to destroy the stolen data and to not disclose the breach publicly.

Uber made the payment through a "bug bounty" program, which generally offers financial rewards for cybersecurity researchers who identify vulnerabilities for companies. Flynn on Tuesday said paying off malicious hackers was an improper use of such a program.

"We recognize that the bug bounty program is not an appropriate vehicle for dealing with intruders who seek to extort funds from the company," he said in his written testimony. "The approach that these intruders took was separate and distinct from those of the researchers in the security community for whom bug bounty programs are designed."

Lawmakers on the Senate Commerce consumer protection subcommittee blasted the company's handling of the breach.

To read the rest of our piece, click here.



Links from our blog, The Hill, and around the Web.

Judge rejects Assange's plea to drop UK arrest warrant. (The Hill)

Two House Dems accuse Uber of concealing 2016 data breach from FTC. (The Hill)

Dem senator presses FTC to ramp up Equifax hack probe. (The Hill)

National Weather Service investigating false tsunami warning. (The Hill)

Trump likely to approve release of Dem memo: report. (The Hill)

OP-ED: Bitcoin is the future, and it's time for regulators to act accordingly. (The Hill)

OP-ED: The case for hiring a federal cyber officer. (The Hill)

Drones emerge as 'hack and track' cyber warfare tools. (Cyberscoop)

Many cyber crimes remain unreported across U.S. (The New York Times)

British medical facilities are falling short on cybersecurity in the wake of 'Wanna Cry.' (Guardian)

If you'd like to receive our newsletter in your inbox, please sign up here.


This newsletter was updated at 7:47 p.m.