Overnight Cybersecurity: Tillerson proposes new cyber bureau at State | Senate bill would clarify cross-border data rules | Uber exec says 'no justification' for covering up breach

Overnight Cybersecurity: Tillerson proposes new cyber bureau at State | Senate bill would clarify cross-border data rules | Uber exec says 'no justification' for covering up breach
© Getty Images

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...



-- TILLERSON PROPOSES NEW CYBER OFFICE AT STATE: Secretary of State Rex TillersonRex Wayne TillersonUS steps up its game in Africa, a continent open for business Matt Drudge shares mock ‘Survivor’ cover suggesting more White House officials will leave this summer 'Daily Show' trolls Trump over Pruitt's resignation MORE is proposing the unification of two separate offices at the State Department to form a single bureau that will focus on a wide range of cyber issues. A State Department spokesperson told The Hill that the two offices, the Office of the Cybersecurity Coordinator and the Bureau of Economic Affairs' Office of International Communications and Information Policy, would be unified in order to form the proposed Bureau for Cyberspace and the Digital Economy. "The combination of these offices in a new Bureau for Cyberspace and the Digital Economy will align existing resources under a single Department of State official to formulate and coordinate a strategic approach necessary to address current and emerging cyber security and digital economic challenges," Tillerson said in a Tuesday letter to House Foreign Affairs Committee Chairman Ed RoyceEdward (Ed) Randall RoyceTop Dem lawmaker pushing committee for closed-door debrief with Trump’s interpreter Lawmakers target link between wildlife poaching, terror groups GOP lambasts Trump over performance in Helsinki MORE (R-Calif.). "The Department of State must be organized to lead diplomatic efforts related to all aspects of cyberspace," the secretary added. The decision comes after Tillerson faced scrutiny from both parties last year over his decision to fold the standalone Office of Cybersecurity Coordinator into an economic-focused bureau as part of his broad efforts to reorganize the agency.

To read the rest of our piece, click here.


-- SPEAKING OF THE STATE DEPARTMENT... GOP PROBES PUT NEW FOCUS ON STATE: Republicans have former President Obama's State Department in their crosshairs as they question whether FBI and Justice Department investigations into President TrumpDonald John TrumpNFL freezes policy barring players from protesting during anthem McConnell spokesman on Putin visit: 'There is no invitation from Congress' Petition urges University of Virginia not to hire Marc Short MORE were tainted by political bias and influence from key figures in Hillary ClintonHillary Diane Rodham ClintonProminent Putin critic: If Trump turns me over, I'm dead Dems unveil slate of measures to ratchet up pressure on Russia Trump tweets old video of Clinton talking up 'a strong Russia' MORE's orbit. Congressional Republicans have signaled that they are looking at whether the State Department, then run by John KerryJohn Forbes KerryKerry on Trump's Russia response: 'I don't buy his walk-back for one second' John Kerry: Trump 'surrendered lock, stock and barrel' to Putin's deceptions Get ready for summit with no agenda and calculated risks MORE, passed along information from Clinton's allies that may have been used by the FBI to launch an investigation into whether the Trump campaign had improper contacts with Russia. A highly redacted criminal referral from Senate Judiciary Committee Chairman Chuck GrassleyCharles (Chuck) Ernest GrassleySenators push to clear backlog in testing rape kits Controversial Trump judicial nominee withdraws The Hill's Morning Report — Trump’s walk-back fails to stem outrage on Putin meeting MORE (R-Iowa) to FBI Director Christopher Wray and Deputy Attorney General Rod RosensteinRod Jay RosensteinRosenstein warns of growing cyber threat from Russia, other foreign actors Opinion: One FBI text message in Russia probe that should alarm every American Rand Paul blocks Sanders's Russia resolution, calls it 'crazy hatred' against Trump MORE offers new clues about the GOP probes. In the referral, Grassley writes that former British intelligence official Christopher Steele crafted a memo in addition to the infamous dossier of opposition research on Trump that was funded by the Democratic National Committee and Hillary Clinton's presidential campaign. The conservative website Washington Free Beacon used the same opposition research firm, Fusion GPS, for research on Trump before Clinton and the DNC got involved, but that work did not involve Steele.

To read the rest of our piece, click here.

-- HOUSE INTEL POSTPONES BANNON INTERVIEW IN DISPUTE OVER QUESTIONING: Former White House chief strategist Stephen Bannon's testimony before the House Intelligence Committee has been postponed for the third time amidst fierce wrangling over what lawmakers will be able to question him about. Bannon was scheduled to make a return trip to Capitol Hill at 10 a.m. on Tuesday, as lawmakers seek answers about Russian meddling in the 2016 presidential election and whether Trump campaign officials had improper contacts with Moscow. Bannon frustrated lawmakers in both parties at a previous interview in which he refused to answer questions about his time in the Trump transition or administration, prompting the committee to issue a subpoena that remains in force. Rep. Mike ConawayKenneth (Mike) Michael ConawayHuawei: FCC proposal would hurt poor, rural communities Senate panel upholds finding that Russia backed Trump, contradicting House Trump era ramps up tech worker revolt MORE (R-Texas), who is leading the Intelligence Committee's Russia probe, said talks are ongoing and in a statement confirmed that committee negotiators had called off this week's appearance. A spokesman for Conaway said the interview has been postponed until next week.

To read the rest of our piece, click here.



HATCH INTRODUCES BILL TO CLARIFY CROSS-BORDER DATA POLICIES:  Sen. Orrin HatchOrrin Grant HatchSenators introduce bipartisan bill to improve IRS Senate panel advances Trump IRS nominee Don't place all your hopes — or fears — on a new Supreme Court justice MORE (R-Utah) on Monday introduced a bill aimed at creating a clearer framework for law enforcement to access data stored in cloud computing systems.

Hatch's "Clarifying Lawful Overseas Use of Data" (CLOUD) Act would make it easier for U.S. officials to create bilateral data sharing agreements. That would allow them to access data stored overseas and allow foreign law enforcement access to data stored on U.S. firms' servers.

The legislation is cosponsored by Sens. Chris CoonsChristopher (Chris) Andrew CoonsAnti-Trump protesters hold candlelight vigil by White House Hillicon Valley: EU hits Google with record B fine | Trump tries to clarify Russia remarks | Sinclair changing deal to win over FCC | Election security bill gets traction | Robocall firm exposed voter data Overnight Defense: More Trump drama over Russia | Appeals court rules against Trump on transgender ban | Boeing wins Air Force One contract | Military parade to reportedly cost M MORE (D-Del.), Lindsey GrahamLindsey Olin GrahamOvernight Defense: Trump inviting Putin to DC | Senate to vote Monday on VA pick | Graham open to US-Russia military coordination in Syria Polling analyst: Changes to legal immigration ‘the real sticking point among Democrats’ Graham would consider US-Russia military coordination in Syria MORE (R-S.C.) and Sheldon WhitehouseSheldon WhitehouseSenate panel advances Trump IRS nominee Senate Dems protest vote on controversial court pick Who is Andrew Wheeler, EPA's new acting chief? MORE (D-R.I.)

The law currently doesn't specify whether or not the government can demand that U.S. companies give it data they have stored abroad. The CLOUD Act would amend this, likely impacting Microsoft's pending Supreme Court case over data it has stored in Ireland. A lower court previously ruled that Microsoft doesn't have to turn over data stored overseas, following a request for it to do so by the Department of Justice.

Microsoft CEO Brad Smith praised the legislation in a tweet, calling it an "important step toward enhancing & protecting privacy while reducing international legal conflicts."

Tech trade associations, which lobby on behalf of Microsoft and other companies, signed onto a letter supporting the legislation.

To read the rest of our piece, click here.



A biotech CEO broadcasts himself self-injecting a herpes treatment on Facebook Live. Why? To market experimental gene treatments. (Technology Review)



DHS NEEDS TO BETTER ASSESS CYBER WORKFORCE: A government watchdog says there is an "urgent" need for the Department of Homeland Security (DHS) to identify critical positions in its cybersecurity workforce.

The Government Accountability Office (GAO) is out with a new report asserting that Homeland Security will not be able to best assess its cyber workforce and find critical gaps without addressing current shortcomings in the way that it identifies and reports critical posts.

The GAO says that the department has taken steps to identify critical cyber posts but that these actions have not been "timely and complete." According to the report issued Tuesday, GAO found that Homeland Security had identified and assigned codes to 79 percent of its cybersecurity positions, even though officials told Congress in August of last year that it had accounted for and coded 95 percent of these positions.

"In addition, although DHS has taken steps to identify its workforce capability gaps, it has not identified or reported to the Congress on its department-wide cybersecurity critical needs that align with specialty areas," the report states. "The department also has not reported annually its cybersecurity critical needs to the Office of Personnel Management (OPM), as required, and has not developed plans with clearly defined time frames for doing so."

GAO is recommending Homeland Security take six actions to quantify these positions, "including ensuring that its cybersecurity workforce procedures identify position vacancies and responsibilities; reported workforce data are complete and accurate; and plans for reporting on critical needs are developed."

To read more from the report, click here.



UBER: An Uber executive told Congress on Tuesday that there was "no justification" for the company covering up a massive 2016 data breach that exposed the information of 57 million people.

"I think we made a misstep in not reporting to consumers and I think we made a misstep in not reporting to law enforcement," John Flynn, Uber's chief information security officer, told a Senate panel.

Flynn confirmed reports that the company paid one of the hackers $100,000 to destroy the stolen data and to not disclose the breach publicly.

Uber made the payment through a "bug bounty" program, which generally offers financial rewards for cybersecurity researchers who identify vulnerabilities for companies. Flynn on Tuesday said paying off malicious hackers was an improper use of such a program.

"We recognize that the bug bounty program is not an appropriate vehicle for dealing with intruders who seek to extort funds from the company," he said in his written testimony. "The approach that these intruders took was separate and distinct from those of the researchers in the security community for whom bug bounty programs are designed."

Lawmakers on the Senate Commerce consumer protection subcommittee blasted the company's handling of the breach.

To read the rest of our piece, click here.



Links from our blog, The Hill, and around the Web.

Judge rejects Assange's plea to drop UK arrest warrant. (The Hill)

Two House Dems accuse Uber of concealing 2016 data breach from FTC. (The Hill)

Dem senator presses FTC to ramp up Equifax hack probe. (The Hill)

National Weather Service investigating false tsunami warning. (The Hill)

Trump likely to approve release of Dem memo: report. (The Hill)

OP-ED: Bitcoin is the future, and it's time for regulators to act accordingly. (The Hill)

OP-ED: The case for hiring a federal cyber officer. (The Hill)

Drones emerge as 'hack and track' cyber warfare tools. (Cyberscoop)

Many cyber crimes remain unreported across U.S. (The New York Times)

British medical facilities are falling short on cybersecurity in the wake of 'Wanna Cry.' (Guardian)

This newsletter was updated at 7:47 p.m.