Overnight Cybersecurity: Senators eye path forward on election security bill | Facebook isn't winning over privacy advocates | New hacks target health care

Overnight Cybersecurity: Senators eye path forward on election security bill | Facebook isn't winning over privacy advocates | New hacks target health care
© Getty Images

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...

 

THE BIG STORIES:

--SENATORS CHART PATH FORWARD ON ELECTION SECURITY BILL: Senators are working to again revise legislation designed to help guard digital voting infrastructure from cyberattacks after meeting with state officials. Sen. James LankfordJames Paul LankfordHillicon Valley: Trump escalates feud with intel critics | Tesla shares fall after troubling Musk interview | House panel considers subpoena for Twitter's Jack Dorsey | Why Turkish citizens are breaking their iPhones Hillicon Valley: FBI fires Strzok after anti-Trump tweets | Trump signs defense bill with cyber war policy | Google under scrutiny over location data | Sinclair's troubles may just be beginning | Tech to ease health data access | Netflix CFO to step down House Intel lawmakers introduce bipartisan election security bill MORE (R-Okla.) told The Hill that he expects to work out the final details of the bill within "weeks," after state election officials expressed some remaining concerns with the current version. Lankford and a slate of bipartisan co-sponsors originally introduced the legislation, called the Secure Elections Act, last December, months after the Department of Homeland Security acknowledged that Russian hackers tried to break into voting systems in 21 states as part of a broader effort to interfere in the 2016 presidential election.

 

ADVERTISEMENT

--CONGRESS HAS ALREADY sent $380 million to states to upgrade voting equipment and address security concerns. The proposal -- spearheaded by Sens. Lankford, Amy KlobucharAmy Jean KlobucharHillicon Valley: Trump escalates feud with intel critics | Tesla shares fall after troubling Musk interview | House panel considers subpoena for Twitter's Jack Dorsey | Why Turkish citizens are breaking their iPhones The Hill's Morning Report — GOP seeks to hold Trump’s gains in Midwest states Tina Smith defeats former Bush ethics lawyer in Minnesota Dem primary MORE (D-Minn.) and others -- would go further. It would codify into law many of the actions already underway at the Department of Homeland Security, seeking to expedite security clearances to state officials and bolster information sharing between the federal government and the states on cybersecurity threats and breaches. It would also set up a grant program for states to take steps to secure their voting infrastructures. It would be guided by a federal advisory panel that would develop guidelines and recommendations for states to follow on election cybersecurity. "The biggest consideration is, 10 years from now, we don't want people to lose focus and to take their eye off the ball," Lankford told The Hill on Thursday.

 

The hold up: State officials have been wary of efforts to address election security at the federal level, given that states -- not the federal government -- have historically been responsible for administering elections. The senators brought the states to the table to hammer out the legislation. Last week, Klobuchar and Lankford met with secretaries of state from Indiana, Louisiana, Minnesota and Missouri to discuss the proposal.

 

--BY ALL ACCOUNTS, the meeting went smoothly. Lankford described it as "very productive," adding that the biggest concern was whether the advisory panel created by the bill would be redundant, given other groups already in place at the federal level to advise states. Minnesota Secretary of State Steve Simon (D) told The Hill he was encouraged that the lawmakers were open to changing the legislation based on states' input, describing himself as "supportive of the overall approach."

 

Not so fast... Still, the secretaries are not signing on to support the legislation -- at least not yet. "I'm not ready to support the legislation in its current form," said Missouri Secretary of State Jay Ashcroft (R). "I probably disagree a little bit with some of the senators on how important the bill is," he said, adding that he believes the extent of Russia's efforts have been "exaggerated" by federal officials.  Ashcroft said that the revised version should do more to increase the flow of information from the federal side to the states, which was a source of concern ahead of the 2016 vote.

 

The bottom line: Senators are going to have to make some changes to get state officials to back the bill. We expect to see a new draft in coming weeks.

To read more from our piece, click here.

 

-- FACEBOOK ISN'T CONVINCING PRIVACY ADVOCATES. Facebook's response to a massive data scandal is doing little to appease privacy advocates. It's been a month since the news broke that Cambridge Analytica, a political consulting firm that did work for the Trump campaign, had obtained data on millions of Facebook users without their knowledge.  The revelation spurred investigations from regulators in the U.S. and Europe and drove Facebook CEO Mark ZuckerbergMark Elliot ZuckerbergThe Hill's Morning Report — Dems split on key issues but united against Trump How tech reached a breaking point with Infowars Why we should not want Facebook, or any online platform, to ‘save’ us from Alex Jones MORE to testify before Congress for the first time. And in the face of scrutiny from governments and consumers around the world, Facebook has mounted an apology tour, pledging to re-evaluate its responsibility to its users. As part of that effort, and as the company readies itself for a sweeping European Union (EU) privacy law, Facebook has announced a series of changes to its platform that it says will better protect user data and provide more transparency.

 

--PRIVACY ADVOCATES, many of whom have been criticizing Silicon Valley's data collection practices for years, are skeptical that the changes will have any real effect. "It doesn't look to me like they're sincere about that at all," said John Simpson of Consumer Watchdog. "I'm not particularly impressed yet about their so-called commitment to privacy." Facebook said that it would restrict third-party apps' data collection and announced that it would be severing ties with data brokers, which have helped advertisers link Facebook data with consumer information from other sources. Some watchdogs see the moves as promising first steps, but insist they fall short of alleviating their concerns about the way Facebook operates. Some of the reforms appear to be in preparation for the EU's General Data Protection Regulation (GDPR), a law going into effect next month that will require websites to offer users greater control over their own data and be more upfront about how they collect and use personal information.

 

The critics' argument: Facebook has been using the changes for GDPR as a way to deflect concerns that bubbled up following the Cambridge Analytica scandal, they say. And many who support the European data law worry that Facebook is only doing the bare minimum required by the law.

 

The bottom line: A month after the Cambridge Analytica bombshell, Facebook isn't out of the dog house.

To read more from our piece, click here.

 

LEGISLATION: WHAT TO WATCH FOR THIS WEEK:

IN THE SENATE, the Judiciary Committee is slated to vote on a bill Thursday that aims to block President TrumpDonald John TrumpWhite House counsel called Trump 'King Kong' behind his back: report Trump stays out of Arizona's ugly and costly GOP fight Trump claims he instructed White House counsel to cooperate with Mueller MORE from firing special counsel Robert MuellerRobert Swan MuellerSasse: US should applaud choice of Mueller to lead Russia probe MORE amid his federal investigation into Russian interference.

Judiciary Chairman Sen. Chuck GrassleyCharles (Chuck) Ernest GrassleyFive things to know about Bruce Ohr, the DOJ official under fire from Trump Democrats question if Kavanaugh lied about work on terrorism policy The Hill's Morning Report: Dems have a majority in the Senate (this week) MORE (R-Iowa), who has raised some doubts about the legality of the legislation, said he will allow for a vote on the Special Counsel Independence and Integrity Act if lawmakers can reach a bipartisan agreement on the matter.

Sens. Cory BookerCory Anthony BookerSentencing reform deal heats up, pitting Trump against reliable allies Bernie Sanders socialism moves to Democratic mainstream Democrats embracing socialism is dangerous for America MORE (D-N.J.), Lindsey GrahamLindsey Olin GrahamSenate gets to work in August — but many don’t show up Graham: Flynn should lose security clearance Press needs to restore its credibility on the FBI and Justice Department MORE (R-S.C.), Christopher CoonsChristopher (Chris) Andrew CoonsWhite House weighs clawing back State, foreign aid funding Graham: Flynn should lose security clearance On The Money: Senators propose 'crushing' Russia sanctions | Trump calls for food stamp work requirements in farm bill | China tells US to 'chill' on trade | Apple hits trillion in value MORE (D-Del.) and Thom TillisThomas (Thom) Roland TillisSenate gets to work in August — but many don’t show up GOP leader criticizes Republican senators for not showing up to work Orrin Hatch: Partisanship over Kavanaugh nomination 'dumbass' MORE (R-N.C.) introduced the bipartisan bill that would let Mueller, or any other special counsel, receive an "expedited judicial review." The review would determine whether the firing was for a "good cause." If it was determined the firing was not for a good cause, then the special counsel would be reinstated.

The lawmakers introduced the legislation shortly after Trump became enraged over the FBI's recent raid on the offices, home and hotel room of his personal attorney, Michael Cohen. Mueller's team reportedly had given a referral to the New York bureau, prompting the raid.

Grassley's decision to plow forward with a vote on the matter comes after Senate Majority Leader Mitch McConnellAddison (Mitch) Mitchell McConnellTrump stays out of Arizona's ugly and costly GOP fight Sen. Warner to introduce amendment limiting Trump’s ability to revoke security clearances The Hill's 12:30 Report MORE (R-Ky.) said he will not bring the bill to the Senate floor for a vote. McConnell has repeatedly argued that he does not believe Trump will fire Mueller, therefore such legislation is unnecessary.

Grassley, however, said he'll allow a vote.

 

IN THE HOUSE, lawmakers are set to vote on a bill introduced last week that would reauthorize the Federal Aviation Administration through 2023. The bill contains a number of provisions related to cybersecurity.

The head of the agency, under the FAA Reauthorization Act of 2018, would need "to develop an integrated Cyber Testbed" that aims to develop, test and evaluate air traffic control modernization programs or technologies before they enter U.S. airspace.

Michael Huerta, who is presently serving as the acting FAA administrator, would have six months to establish a research and development program that focuses on improving the "cybersecurity of civil aircraft and the national airspace system." And after a year, the FAA would also need to present a program that "contains objectives, proposed tasks, milestones, and a 5-year budgetary profile."

The bill lists a series of areas for the Testbed to address in its search for cybersecurity vulnerabilities including the "cabin communications, entertainment, and information technology systems on civil passenger aircraft." The administrator would also need to determine how the agency can coordinate with the private sector as well as other organizations on the matter.

The bill would also require the FAA to consult the National Institute of Standards and Technology (NIST) about creating an internal cybersecurity threat-modeling program to identify and combat cybersecurity vulnerabilities, updating the model at least every 5 years.

 

Timeline: The Rules Committee is scheduled to mark up the legislation on Tuesday before the House votes on the bill on Wednesday.

 

A REPORT IN FOCUS: 

NEW HACKER GROUP HITS HEALTH CARE: A new hacking group has been spying on health-care organizations in the United States and across the globe likely for commercial purposes, according to cybersecurity firm Symantec.

The group, which Symantec has named "Orangeworm," has been installing backdoors in large international corporations based in the U.S., Europe and Asia from the health-care sector.

Among its victims are health-care providers and pharmaceutical companies, as well as IT companies and equipment manufacturers that work for health organizations.

Health-care organizations have in recent years emerged as a prime target for cyber criminals, including those looking to deploy ransomware in order to generate a profit.

Symantec suspects that the Orangeworm hackers are breaching these organizations likely to carry out corporate espionage, such as the theft of trade secrets. The cyber firm found no evidence that the group is operating on behalf of a nation-state.

"Based on the list of known victims, Orangeworm does not select its targets randomly or conduct opportunistic hacking," Symantec said in a report published Monday. "Rather, the group appears to choose its targets carefully and deliberately, conducting a good amount of planning before launching an attack."

The hackers, who have been active since early 2015, infiltrate networks of their victims and install malware that allows them remote access to the compromised machine.

To read more click here.

 

A LIGHTER, TOTALLY NON-CYBER CLICK:

The new royal baby is here! (BBC)

 

WHAT'S IN THE SPOTLIGHT: 

THE G7: Cybersecurity was a topic of discussion at the "Group of Seven" meeting in Toronto, Canada, in recent days, according to U.S. officials.

Acting Secretary of State John Sullivan, attending with other foreign ministers, told reporters Monday that the U.S. is calling on its allies to hold Iran accountable for sponsoring cyberattacks in addition to other "destabilizing activities."

"The United States calls on all of our partners to continue working alongside us as we counter Iran's destabilizing activities in the region and hold the Iranian Government accountable for their actions: supporting terrorist organizations, launching cyber attacks, threatening international shipping interests, and committing unconscionable human rights abuses," Sullivan said.

In response to a question, Sullivan also stressed that the Trump administration is committed to "confronting Russian malign behavior," pointing to the expulsion of Russian intelligence agents and sanctions on Russian companies and oligarchs recently imposed under a law designed to punish Moscow for meddling in the 2016 presidential election.

"We have undertaken significant actions in response" to Russia's behavior, Sullivan said. "We stand with our G7 allies in confronting Russian malign behavior where – wherever we see it."

He added, however, that the U.S. still wants to work with Russia on some issues, including the New START agreement and counterterrorism.

Meanwhile, Homeland Security Secretary Kirstjen NielsenKirstjen Michele NielsenCybersecurity: Cause for optimism, need for continued vigilance The Hill's Morning Report — Dems split on key issues but united against Trump Hillicon Valley: Trump revokes Brennan's security clearance | Twitter cracks down on InfoWars | AT&T hit with crypto lawsuit | DHS hosts election security exercise MORE met with her foreign counterparts at the G7 Security Ministerial, urging other nations to call out foreign nations for misbehavior "especially in cyberspace," according to a readout from her meeting provided by the department on Monday.

"The G7 participants also outlined their strong opposition to foreign efforts to undermine democracy and discussed Russian malign activity overseas, online, and within G7 nations. Secretary Nielsen pressed G7 nations to continue calling out foreign adversaries for misbehavior--especially in cyberspace--and to deliver consequences to deter it," the department said.

 

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

Privacy group sues FTC for records on Facebook's privacy program. (The Hill)

Paul backs Pompeo, clearing path for confirmation. (The Hill)

White House stresses Trump has 'no intention' of firing Mueller. (The Hill)

OP-ED: Can Silicon Valley expect European-style regulation here at home? (The Hill)

The Trump administration is considering sanctioning Russia-based Kaspersky Lab. (CyberScoop)

Google has more of your personal data than Facebook. (Wall Street Journal)

DARPA looks to combine humans, computers to defend networks. (NextGov)

The Cambridge Analytica whistleblower says he will testify before Congress. (Mashable)

Portugal is joining a NATO-sponsored cyber center. (NATO Cooperative Cyber Defence Centre of Excellence)

Half of British manufacturers have been successfully targeted by cyberattacks. (The Telegraph)