Overnight Cybersecurity: Trump-linked data firm Cambridge Analytica attracts scrutiny | House passes cyber response team bill | What to know about Russian cyberattacks on energy grid

Overnight Cybersecurity: Trump-linked data firm Cambridge Analytica attracts scrutiny | House passes cyber response team bill | What to know about Russian cyberattacks on energy grid
© Getty

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...

 

THE BIG STORIES:

--TRUMP-LINKED DATA FIRM INVITES SCRUTINY: Cambridge Analytica is attracting massive scrutiny following reports from the New York Times and The Observer of London that the data mining firm obtained private data on 50 million Facebook users to fuel its operation. The firm, which has links to President TrumpDonald John TrumpIran claims it rejected Trump meeting requests 8 times ESPY host jokes Putin was as happy after Trump summit as Ovechkin winning Stanley Cup Russian ambassador: Trump made ‘verbal agreements’ with Putin MORE's former chief strategist Steve BannonStephen (Steve) Kevin BannonThe Hill's 12:30 Report — Sponsored by Delta Air Lines — GOP spars with FBI agent at tense hearing Bookstore owner calls police after customer confronted Steve Bannon Trump’s plan to drown government must be stopped MORE and GOP megadonor Robert Mercer, was paid $5.9 million by the Trump campaign for data management services ahead of the 2016 presidential election. The firm is facing allegations that it obtained the data improperly, and the developments have prompted a new round of debate over data privacy. House intelligence Committee ranking member Adam SchiffAdam Bennett SchiffDem lawmaker: Putin will take Trump's attack on Mueller probe as 'green light' to interfere in 2018 The Hill's Morning Report — Trump, Putin meet under cloud of Mueller’s Russia indictments Russians' indictment casts shadow ahead of Trump-Putin summit MORE (D-Calif.) on Sunday said that Cambridge Analytica needs to testify before Congress on the developments, and the lawmaker has also sent a letter to the whistleblower who exposed the issue inviting him to testify. Cambridge Analytica vehemently pushed back on Monday. "This Facebook data was not used by Cambridge Analytica as part of the services it provided to the Donald Trump presidential campaign; personality targeted advertising was not carried out for this client either. The company has made this clear since 2016," it said in a statement. Facebook announced that it was suspending Cambridge Analytica from the platform late Friday, citing policy violations.

 

--NEW CRISIS FOR FACEBOOK: The developments have created a new headache for Facebook, with CEO Mark ZuckerbergMark Elliot ZuckerbergZuckerberg: ‘I absolutely didn't intend to defend’ Holocaust deniers Hillicon Valley: EU hits Google with record B fine | Trump tries to clarify Russia remarks | Sinclair changing deal to win over FCC | Election security bill gets traction | Robocall firm exposed voter data Zuckerberg says he won't ban Holocaust deniers from Facebook if they're not 'intentionally getting it wrong' MORE now facing calls to testify before Congress as renewed focus falls on the tech giant's privacy practices. Sens. Amy KlobucharAmy Jean KlobucharHillicon Valley: EU hits Google with record B fine | Trump tries to clarify Russia remarks | Sinclair changing deal to win over FCC | Election security bill gets traction | Robocall firm exposed voter data Election security bill picks up new support in Senate Senate must approve Justice Served Act to achieve full potential of DNA evidence MORE (D-Minn.) and John KennedyJohn Neely KennedyMORE (R-La.) on Monday requested that the Senate Judiciary Committee call major tech CEOs to testify about how internet platforms oversee the use of consumer data for political advertising. While the request included several tech firms, it was clearly triggered by the report about Facebook data being used by Cambridge Analytica. "The lack of oversight on how data is stored and how political advertisements are sold raises concerns about the integrity of American elections as well as privacy rights," the senators wrote in a letter to Judiciary Chairman Chuck GrassleyCharles (Chuck) Ernest GrassleyThe Hill's Morning Report — Trump’s walk-back fails to stem outrage on Putin meeting Senate GOP poised to break record on Trump's court picks This week: GOP mulls vote on ‘abolish ICE’ legislation MORE (R-Iowa). The data was reportedly given to Cambridge Analytica by a researcher who had developed an app that relied on Facebook's login feature. While only about 270,000 people handed over information through the app, Facebook at the time allowed developers to tap into the entire friend networks of users. That feature, according to the report, allowed the researcher to collect the data of more than 50 million people.

To read more from our coverage, click herehere and here.

Click here for five things to watch as the Cambridge Analytica story unfolds.

 

-- FACEBOOK SECURITY CHIEF LEAVING: Facebook's chief information security officer is stepping down after battling with other company officials on how to handle the spread of disinformation on the platform, The New York Times reported Monday.

Alex Stamos said that he would leave Facebook in December after his daily duties were assigned to other company staffers, but agreed to stay with the network until August to help with the transition.

He had advocated for Facebook to be transparent about the activity of Russians and other trolls on the platform, clashing with other executives, including chief operating officer Sheryl Sandberg, according to The Times.

Lawmakers have criticized Facebook and other tech giants for allegedly not doing enough to fight Russian influence on the 2016 election.

To read more, click here.

 

-- SESSIONS FIRES MCCABE FROM FBI: Attorney General Jeff SessionsJefferson (Jeff) Beauregard SessionsKey GOP lawmaker throws cold water on Rosenstein impeachment With new immigration policy, Trump administration gutting the right to asylum Homeland Security advisory council members resign over family separations: report MORE on Friday fired Andrew McCabeAndrew George McCabeBuck Wild: 'Is President Trump paranoid or is the Deep State out to get him?' Why does Congress keep playing political games on FBI oversight? FBI confidence in leaders sank after Comey was fired: report MORE, the No. 2 official at the FBI and a longtime target of President Trump. McCabe's ouster comes just days before he was scheduled to retire on Sunday, after more than 20 years at the bureau. McCabe had already stepped down under pressure in January and has been on a leave of absence since. In a statement Friday evening, Sessions said that the FBI's Office of Professional Responsibility and Office of Inspector General (OIG) had found McCabe made an unauthorized disclosure to the news media and "lacked candor -- including under oath -- on multiple occasions." "Pursuant to Department Order 1202, and based on the report of the Inspector General, the findings of the FBI Office of Professional Responsibility, and the recommendation of the Department's senior career official, I have terminated the employment of Andrew McCabe effective immediately," Sessions said. McCabe quickly declared that his termination and Trump's needling against him were an effort to undermine special counsel Robert MuellerRobert Swan MuellerSasse: US should applaud choice of Mueller to lead Russia probe MORE's investigation, in which he could be a potential witness. "The idea that I was dishonest is just wrong," McCabe told The New York Times. "This is part of an effort to discredit me as a witness." McCabe's dismissal came at the recommendation of an internal FBI office that handles disciplinary matters. According to the Times, the recommendation was based on a finding from the Justice Department inspector general that McCabe was not forthcoming during the review, which includes an investigation into a decision he made in 2016 to allow FBI officials to speak with reporters about an investigation into the Clinton Foundation.  It is unclear why the inspector general, Michael Horowitz, chose to act on his findings regarding McCabe before closing the overall investigation into decisions made during the 2016 election. Horowitz has said publicly that he expects to issue his final report this spring. While the exact details of the allegations against McCabe remain unclear, the high-profile dismissal ignited a political firestorm in Washington, with an outpouring response from Democratic lawmakers and former top intelligence community leaders like former FBI Director James ComeyJames Brien ComeyIntelligence officials showed Trump classified proof Putin ordered election interference: report FBI director says Russian influence efforts are ‘very active’ Ex-Clinton press secretary Fallon rejects Comey endorsement of Democrats in midterms MORE and former CIA chief James Brennan in the days that followed.

To read the rest of our coverage, click here and here.

 

-- SENATE INTEL TO HOLD ELECTION SECURITY BRIEFING: The Senate Intelligence Committee has scheduled an open hearing on threats to U.S. election security on Wednesday morning, which comes as the 2018 midterm elections draws near. The committee announced Monday that the hearing will feature three separate panels to address the issue of election security with representatives from a range of agencies like the Department of Homeland Security (DHS), Election Assistance Commission, and National Association of Secretaries of State. DHS Secretary Kirstjen NielsenKirstjen Michele NielsenHillicon Valley: EU hits Google with record B fine | Trump tries to clarify Russia remarks | Sinclair changing deal to win over FCC | Election security bill gets traction | Robocall firm exposed voter data Court rules against Trump administration on transgender military ban The Hill's Morning Report — Trump’s walk-back fails to stem outrage on Putin meeting MORE is scheduled to appear for the first panel alongside her Obama administration predecessor, former DHS Secretary Jeh Johnson. The hearing will explore how DHS is engaging states to prepare for the midterms, what the panel has learned about Russian interference in the 2016 presidential election, and how prepared states say they are to combat cyber threats, according to an advisory for the hearing. Election interference has increasingly gained attention as lawmakers and security experts raise concern over whether election systems across the country are properly secure to combat further meddling attempts. The Senate committee has been investigating Russian meddling in the presidential election for more than a year. One day before the hearing takes place, the committee is expected to release a public report on election security. The top Democrat on the committee, Sen. Mark WarnerMark Robert WarnerBipartisan bill would bring needed funds to deteriorating National Park Service infrastructure Senate Dems press for info on any deals from Trump-Putin meeting Overnight Defense: Trump tries to quell Russia furor | GOP looks to reassure NATO | Mattis open to meeting Russian counterpart MORE (D-Va.), has warned that Russians still seek to sow discord in U.S. affairs, pointing recently to their efforts to intensify divisions in the gun control debate following the Parkland school shooting in Florida. Chairman Richard BurrRichard Mauze BurrCongress should build upon the ABLE Act, giving more Americans with disabilities access to financial tools Christine Todd Whitman: Trump should step down over Putin press conference GOP lambasts Trump over performance in Helsinki MORE (R-N.C.) and Warner have worked together in nearly perfect lockstep as they sought to examine the core consequences of Russian activity.

 

-- TRUMP BANS TRADE IN VENEZUELAN GOVERNMENT CRYPTOCURRENCY: President Trump on Monday imposed new sanctions against the Venezuelan government, banning U.S. citizens from dealing in the South American country's new cryptocurrency. An executive order bans "all transactions related to, provision of financing for, and other dealings in" any digital currency issued by or for the Venezuelan government. The sanctions targeting the petro -- the digital currency announced by Venezuelan President Nicolás Maduro in December -- have been in the works for weeks. Trump has consistently ratcheted up sanctions against Venezuela since his inauguration, and is reportedly considering directly targeting the country's oil industry.  Most of his sanctions have drawn bipartisan praise -- a reflection of Maduro's dim public image internationally -- but critics have warned that full economic sanctions could further hurt the Venezuelan people. Maduro in December explicitly touted the petro as a way to "overcome the financial blockade," making clear that his administration views the cryptocurrency as a way around the sanctions on many of its top leaders.

To read the rest of our piece, click here.

 

A FEW LEGISLATIVE UPDATES:

--HOUSE APPROPRIATORS PRESSED TO FUND DHS CYBER PROGRAM: Three lawmakers are pressing House appropriators to fully fund a key cybersecurity program at the Department of Homeland Security in funding legislation for the next fiscal year.

The program, called the Continuous Diagnostics and Mitigation (CDM) program, is part of the department's broader effort to keep federal networks secure from cyberattacks.

Reps. John RatcliffeJohn Lee RatcliffeHouse GOP questions FBI lawyer for second day Former FBI lawyer Lisa Page gets closed-door grilling from House Republicans 5 takeaways from wild hearing with controversial FBI agent MORE (R-Texas), Will HurdWilliam Ballard HurdTrump's Russia remarks put intel chiefs in tough spot GOP rep: Putin delivered ‘classic disinformation’ in conference with Trump GOP lawmaker: Trump is 'getting played by' a former KGB agent MORE (R-Texas) and Jim LangevinJames (Jim) R. LangevinHillicon Valley: New fears over Chinese espionage | T-Mobile, Sprint execs to testify on B merger | Cyber firm denies hacking back on China | Salesforce workers criticize border patrol contract New fears over Chinese espionage grip Washington Spotlight falls on Russian threat to undersea cables MORE (D-R.I.) wrote to the leaders of the House Appropriations Committee on Thursday asking that $237 million be allotted for the CDM program in fiscal 2019 appropriations legislation.

The request is on par with the $237.6 million proposed by the Trump administration in its 2019 budget blueprint for Homeland Security.

"The CDM program is of paramount importance because of its ability to provide the federal enterprise with the ability to monitor and assess the vulnerabilities and threats to its networks and systems in an ever-changing cyber threat landscape," the lawmakers, who are on the House Homeland Security Committee, wrote.

The Homeland Security Department launched the CDM program back in 2012 in order to better guard federal .gov networks against cyber threats. The department broke down the program into four different phases, the first of which focused on managing what software is on federal networks and identifying vulnerabilities.

To read the rest of our piece, click here.

 

--HOUSE PASSES BILL AUTHORIZING CYBER RESPONSE TEAMS: House lawmakers on Monday passed legislation that would codify into law the Department of Homeland Security's cyber incident response teams that help protect federal networks and critical infrastructure from cyberattacks.

Lawmakers passed the bill, sponsored by House Homeland Security Committee Chairman Michael McCaulMichael Thomas McCaulHillicon Valley: EU hits Google with record B fine | Trump tries to clarify Russia remarks | Sinclair changing deal to win over FCC | Election security bill gets traction | Robocall firm exposed voter data Overnight Defense: Trump tries to quell Russia furor | GOP looks to reassure NATO | Mattis open to meeting Russian counterpart A change is coming to US-Mexico relations MORE (R-Texas), in a voice vote Monday afternoon.

The legislation would authorize the "cyber hunt and incident response teams" at Homeland Security to help owners and operators of critical infrastructure respond to cyberattacks as well as provide strategies for mitigating cybersecurity risks.

The bill would also allow Secretary of Homeland Security Kirstjen Nielsen to add cybersecurity specialists from the private sector to the response teams.

It would require that Homeland Security's National Cybersecurity and Communications Integration Center -- the office in which the response teams are housed -- continually evaluate the response teams and report to Congress on their efforts at the end of each fiscal year for four years after the bill becomes law.

The House Homeland Security Committee approved the bill earlier this month.

"My legislation before us today, codifies and enhances the cyber incident response teams at DHS," McCaul said in remarks on Monday.

"By fostering new collaboration between the government and private sector, we can harness our talent and maximize our efforts to stay one step ahead of our enemies," McCaul said. "This innovative approach serves as a force multiplier to enhance our cybersecurity workforce. Being able to utilize a greater number of experts will strengthen efforts to protect our cyber networks."

To read more from our piece, click here.

 

A REPORT IN FOCUS:

Chinese hackers have been targeting the U.S. maritime industry in spy operations since last summer, cybersecurity firm FireEye said Friday.

The hackers have stepped up their activity over the past two months, a development that's linked to a Chinese cyber espionage group dubbed "TEMP.Periscope" by FireEye that is also known as "Leviathan." While the group has been active since at least 2013, researchers said its activity dropped off for several years and only reemerged last summer.

The group has largely targeted maritime and engineering focused-entities in the United States, including research institutes, academic organizations and private companies. FireEye has also seen evidence of the group targeting organizations in Europe and Hong Kong.

The group's targets include those with links to the South China Sea, where tensions have run high as a result of territorial disputes. China has built artificial islands in the region in an attempt to extend its position in the area, despite multiple countries laying claim to territory in the South China Sea.

"We've really seen a big upswing in their activity in the last two months," said Ben Read, senior manager of cyber espionage analysis at FireEye. "They've been heavily targeting U.S. entities."

In 2015, the U.S. and China inked an agreement to deepen cooperation on confronting cyberattacks and stop supporting cyber-enabled intellectual property theft against firms within each others' borders.

While FireEye has not established a definitive connection to the Chinese government, Read observed that the hackers' targets suggest they may be working on behalf of the government in some capacity.

To read the rest of our coverage, click here.

 

A LIGHTER CLICK:

Email service calls White House staffer a 'password idiot' for leaving encrypted email account details at a D.C. bus stop. (The Hill)

 

WHAT'S IN THE SPOTLIGHT: 

RUSSIAN ENERGY GRID ATTACKS: Trump administration officials on Thursday accused the Russian government of staging a multi-year cyberattack campaign against the energy grid and other elements of critical infrastructure in the United States.

The alert from the Department of Homeland Security and the FBI coincided with the administration's decision to unveil new sanctions on Russia for 2016 election meddling and other cyber activities -- developments that are sure to ramp up tensions between the U.S. and Moscow.  

Here are five things to know about Russian cyberattacks against U.S. infrastructure.

 

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

GOP chairman threatens subpoena for FBI records on Clinton probe. (The Hill)

Woman dies after being hit by self-driving Uber. (The Hill)

White House: No discussions about firing Mueller. (The Hill)

Kelly names Kushner ally deputy chief of staff. (The Hill)

Republicans warn against firing Mueller, yet little show of appetite to pass law protecting him. (CNN)

New DHS-backed center created to address election security. (CyberScoop)

Trump once planned to tap Gary Cohn to head the CIA. (Politico)

Russian outlets say Moscow's election commission came under cyberattack. (RT)

Why the Cambridge Analytica issue is not a data breach. (Motherboard)