Overnight Cybersecurity: Senators want info on 'stingray' surveillance in DC | Bills to secure energy infrastructure advance | GOP lawmaker offers cyber deterrence bill

Overnight Cybersecurity: Senators want info on 'stingray' surveillance in DC | Bills to secure energy infrastructure advance | GOP lawmaker offers cyber deterrence bill
© Getty Images

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...



--SENATORS DEMAND INFO ON SURVEILLANCE ACTIVITY: A bipartisan group of senators is pushing the Department of Homeland Security (DHS) to make public more information about the use of rogue surveillance devices colloquially known as "Stingrays." Homeland Security recently acknowledged the devices are being used by hostile actors in Washington, D.C. The use of those devices by criminals and foreign spies to eavesdrop on cellphone calls and messages in the U.S. has long been suspected, but the department's disclosure was the first official confirmation of their presence. But it left many questions unanswered, like what kind of devices the DHS had uncovered, who might have been using them and how many it found. Sens. Cory GardnerCory Scott Gardner13 GOP senators ask administration to pause separation of immigrant families Sessions floats federal law that would protect states that decriminalize marijuana RNC mum on whether it will support Trump-backed Corey Stewart MORE (R-Colo.), Ron WydenRonald (Ron) Lee WydenHillicon Valley: Verizon, AT&T call off data partnerships after pressure | Tech speaks out against Trump family separation policy | T-Mobile, Sprint make case for B merger AT&T, Verizon say they'll stop sharing location data with third-party brokers The Memo: Child separation crisis risks ‘Katrina moment’ for Trump MORE (D-Ore.), Rand PaulRandal (Rand) Howard PaulSenate passes 6B defense bill This week: House GOP caught in immigration limbo Amendments fuel resentments within Senate GOP MORE (R-Ky.) and Ed MarkeyEdward (Ed) John MarkeyLawmakers prep for coming wave of self-driving cars Trump taps Hill veteran for White House environment job Dems unveil push to secure state voting systems MORE (D-Mass.) are calling on the DHS to release an unclassified PowerPoint presentation detailing the threat. The presentation was given by a DHS official at the Federal Mobile Technology Forum in Mclean, Va., in February, according to the four lawmakers. They described the presentation as "detailed," but gave no other details about what it reveals. "The American people have a legitimate interest in understanding the extent to which U.S. telephone networks are vulnerable to surveillance and are being actively exploited by hostile actors," they wrote in a letter to DHS official Christopher Krebs.


Some key background: So-called International Mobile Subscriber Identity-catchers, or IMSI-catchers -- known as Stingrays after a popular brand used by U.S. police departments -- work by tricking cellphones into locking onto the device instead of a legitimate cellphone tower. Once they are deployed, they can intercept data from a target phone.

To read more from our piece, click here.


--NEW CYBER DETERRENCE BILL: Rep. Ted YohoTheodore (Ted) Scott YohoVA needs to fire dangerous doctors and improve hiring practices, oversight Lawmakers seek to limit US involvement in Yemen's civil war House lawmaker introduces bill to halt F-35 sale to Turkey MORE (R-Fla.) on Wednesday rolled out a new bill that aims to establish a process for the federal government to identify, deter and respond to state-sponsored cyberattacks against the United States. The bipartisan legislation, the Cyber Deterrence and Response Act of 2018, lays out a three-step process that would require the sitting president to identify who the aggressors are and designate them as "critical cyber threats," and then impose sanctions in response to the malicious cyber activity. The president can decide to issue additional sanctions against foreign nations that he has determined have had any degree of involvement in the hostile cyberattack, or decide to waive the sanctions on a case-by-case basis for up to a year. The legislation also says the president may issue both travel- and non travel-related sanctions. The purpose of the bill would be to "name and shame" the entities carrying out such attacks against the U.S. "With a keystroke, countries can disrupt our networks, endanger our critical infrastructure, harm our economy, and undermine our elections," Yoho said in a statement. "State-sponsored cyberattacks are increasing exponentially from China, North Korea, Iran, and Russia and it is vital that we take the necessary steps to thwart these potentially devastating attacks," he added.

To read more from our piece, click here.



HOUSE PANEL ADVANCES PROPOSALS TO SECURE ENERGY SECTOR: A House panel has approved a string of bills aimed at securing U.S. energy infrastructure from cyber threats following revelations of Russian cyberattacks targeting grid operators.

The four bipartisan legislative proposals approved by lawmakers on a House Energy and Commerce subcommittee Wednesday aim to elevate the Department of Energy's efforts on cyber response and engagement and to create new programs to address grid and pipeline security.

"Potential for cyberattacks by foreign nations and other actors against our nation's business and energy systems highlights one of the significant and growing threats to the reliable supply of energy in the United States," Rep. Greg WaldenGregory (Greg) Paul WaldenThis week: House GOP caught in immigration limbo Congress tackles mounting opioid epidemic Facebook faces new data firestorm MORE (R-Ore.), who is chairman of the full committee, said Wednesday.

Lawmakers on the Energy subcommittee easily approved the four bills that aim to bolster the Energy Department's cybersecurity efforts, including one that would require Energy Secretary Rick PerryJames (Rick) Richard PerryOvernight Energy: DNC to reject fossil fuel donations | Regulators see no security risk in coal plant closures | Senate committee rejects Trump EPA, Interior budgets DNC to reject fossil fuel company donations Energy commission sees no national security risk from coal plant closures MORE to establish a program to boost physical security and cybersecurity of energy pipelines and liquefied natural gas facilities.

The other bills would elevate the leadership of the department's emergency response and cybersecurity efforts to the assistant secretary level; establish a voluntary program to help private utilities identify and use products that are built with strong cybersecurity; and enhance public-private partnerships to ensure that electric utilities are secure.

Walden said the bills "take practical steps to ensure that the Department of Energy can effectively carry out its emergency and security activities in the energy sector and ensure the continued safe and reliable flow of energy across the United States."

The bills now advance to the full House Energy and Commerce Committee for a vote.


Why it matters: U.S. officials disclosed last month that Russian hackers staged a multiyear hacking campaign against the energy grid and other critical sectors. The revelation has stirred fears about the prospect of future grid attacks.


To read more from our piece, click here.



HACKING TREASURY: A recent Government Accountability Office (GAO) audit found new and persisting weaknesses in the Treasury Department's Fiscal Service Bureau information systems that auditors say together represent a "significant deficiency" in the bureau's internal controls over its financial reporting.

According to the GAO report released Tuesday, most of the deficiencies identified resulted from the bureau not developing or implementing policies or procedures that would fix them. As a result, the information is at risk to hackers who could change or steal and disclose the sensitive data, auditors warned.

"These new and continuing information system control deficiencies, which collectively represent a significant deficiency, increase the risk of unauthorized access to, modification of, or disclosure of sensitive data and programs and disruption of critical operations," the GAO report says.

The Fiscal Service responded to the findings. It said it has established plans to address the new deficiencies and is currently working to fix the old ones. In total, the GAO has issued 25 recommendations related to the bureau's information system controls: 10 new recommendations and 15 recommendations still pending from previous audits.



Could satellite cameras cover every inch of the earth? Well...Bill Gates supports the idea. (Technology Review)



PRESIDENT TRUMP'S CIA CHIEF: CIA Director Mike PompeoMichael (Mike) Richard PompeoOvernight Defense: States pull National Guard troops over family separation policy | Senators question pick for Afghan commander | US leaves UN Human Rights Council US pulls out of UN Human Rights Council Negotiators must redouble efforts as clock ticks on NAFTA MORE is attracting massive attention after it was revealed late Tuesday that he secretly met with North Korean leader Kim Jong Un in Pyongyang over Easter weekend.

Senate Democrats are providing tepid praise to Pompeo's once-secret meeting Kim, saying they are happy the Trump administration is preparing for the upcoming historic summit between Kim and Trump.

But several also offered criticism at the same time, questioning the CIA's role instead of the State Department. Pompeo has been nominated as secretary of State, but has yet to be confirmed.

"I don't know why the CIA is doing the pre-work for a diplomatic meeting," said Sen. Chris MurphyChristopher (Chris) Scott MurphyOvernight Health Care — Presented by the Association of American Medical Colleges — Governors criticize Trump move on pre-existing conditions Bipartisan group of senators asks FDA to examine drug shortages Trump faces Father’s Day pleas to end separations of migrant families MORE (D-Conn.), a member of the Senate Foreign Relations Committee.

"I don't hate the idea that there's some preparation being done for a potential summit," he added. "I was really worried that there'd be no preparatory meetings, and both leaders would be operating from the seat of their pants, and that would be disastrous. So, yeah, it's a good thing, not a bad thing that both sides are talking."

News outlets began reporting on the meeting on Tuesday. On Wednesday, Trump confirmed the meeting took place, saying it went "very smoothly." Later on Wednesday, Trump offered praise for Pompeo's work in brief remarks from Florida, and predicted he would be a great secretary of State.


Why it's important: The meeting between Pompeo and Kim is the highest-level U.S.-North Korea talks that we know of since then-Secretary of State Madeleine Albright met with Kim's father, Kim Jong Il, in 2000.

The way Democrats are reacting is also important. Pompeo faces an uphill battle to be secretary of State, and will first face approval by the Senate Foreign Relations Committee. On Wednesday, Sen. Bob MenendezRobert (Bob) MenendezSchumer: Obama 'very amenable' to helping Senate Dems in midterms The Hill's Morning Report: Can Trump close the deal with North Korea? Senate must save itself by confirming Mike Pompeo MORE (D-N.J.), the committee's top Democrat, said that he would oppose Pompeo's nomination.


To read more, click here and here.



Links from our blog, The Hill, and around the Web.

Facebook announces new privacy settings ahead of EU data law. (The Hill)

Senate Dems push bill to make it easier for FCC to go after robocalls. (The Hill)

Trump claims he didn't fire Comey because of Russia investigation. (The Hill)

OP-ED: The promise and peril of active cyber defense. (The Hill)

Facebook is courting conservative groups. (Politico)

Sen. Marco Rubio accuses China of using tech to lay groundwork for future 'cyber battles.' (Washington Examiner)

TaskRabbit has gone offline amid breach investigation. (Associated Press)

NSA official says hackers tried to use Equifax vulnerability to breach Pentagon systems. (CyberScoop)

India and Sweden are bolstering their cyber ties. (Times of India)