OVERNIGHT CYBERSECURITY: Threat-sharing bill heads to markup

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry wrap their arms around cyberthreats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...

THE BIG STORIES:

--LAST STEPS: The House Homeland Security Committee will mark up its cybersecurity bill Tuesday morning. The National Cybersecurity Protection Advancement Act has been floating around for weeks  but officially dropped on Monday. It's the final bill to get a markup among Congress's trio of measures to give companies liability protections when sharing cybersecurity information with the government. The House and Senate Intelligence committees have already passed related bills out of committee. It's expected the two House bills will be combined before hitting the floor sometime between April 21 and 23. The Senate bill could get to the floor around the same time.

     --ODDS MAKER: The bills have broad support from industry groups, lawmakers and government officials. The U.S. Chamber of Commerce on Monday spoke out in favor of the House Homeland bill, with Senior Vice President Ann Beauchesne saying it showed a "commitment to strengthening America's security and resilience against cyber threats." But privacy groups, some key Senate Democrats and the White House could pose a threat to passage. House Homeland Security did get points from the privacy community on Monday for being the best of the three bills out there. "However, there are still some remaining concerns," said Robyn Greene, policy counsel with the New America Foundation's Open Technology Institute. "The bill would still allow companies to share unnecessary personal information." You can check out the bill here, and get info on Tuesday's markup here

ADVERTISEMENT
--BACK AND FORTH: China may be moving forward after all with a set of controversial bank-technology rules, just two weeks after U.S. officials said Beijing had decided to delay the regulations. U.S., European and Japanese trade groups revealed the details in a letter -- obtained by several media outlets -- sent to top Chinese officials on Monday. The new guidelines would require technology firms working with Chinese banks to turn over all source code and encryption to Beijing officials for inspection. To read our full piece, click here.

--LET THE GAMES BEGIN: Hillary ClintonHillary Diane Rodham ClintonClinton trolls Trump with mock letter from JFK to Khrushchev Trump-Graham relationship tested by week of public sparring Sunday shows — Mulvaney seeks to tamp down firestorm over quid pro quo comments, Doral decision MORE and Sen. Marco RubioMarco Antonio RubioTurkey says soldier killed despite cease-fire in Syria White House staggers after tumultuous 48 hours Erdoğan got the best of Trump, experts warn MORE are leading the likely 2016 presidential field -- at least when it comes to website security, according to one analysis. Clinton and Rubio (R-Fla.), who each announced presidential bids in the last 24 hours, won high marks from Web developer Paul Schreiber for automatically encrypting Web traffic to their campaign sites. Sens. Rand PaulRandal (Rand) Howard PaulTurkey sanctions face possible wall in GOP Senate Trump-Graham relationship tested by week of public sparring Overnight Defense — Presented by Boeing — Pence says Turkey agrees to ceasefire | Senators vow to move forward with Turkey sanctions | Mulvaney walks back comments tying Ukraine aid to 2016 probe MORE (R-Ky.) and Ted CruzRafael (Ted) Edward CruzHillicon Valley: GOP lawmakers offer election security measure | FTC Dem worries government is 'captured' by Big Tech | Lawmakers condemn Apple over Hong Kong censorship Lawmakers condemn Apple, Activision Blizzard over censorship of Hong Kong protesters The Hill's Morning Report — Trump's impeachment jeopardy deepens MORE (R-Texas), on the other hand, do not direct users to a HTTPS-version campaign website by default. Encryption adds an additional layer of security to Web browsing by ensuring that snoopers cannot monitor traffic. Taking this step is seen as a crucial measure of an organization's seriousness online. To read our full piece, click here.

UPDATES ON CYBER POLICY:

--A coalition of business groups is urging House lawmakers not to drop an amendment to their data security bill that would require third-party vendors to inform affected consumers when they experience a breach. Deleting this requirement from the legislation would unfairly push the responsibility for notification onto businesses that work with breached vendors, even if their own systems were not compromised, the groups wrote in a letter to lawmakers on Monday. The letter, obtained by The Hill, stated that lawmakers plan to bring up an altered version of the legislation that does not contain the amendment during a full committee markup on Tuesday and Wednesday. To read more, click here.

--Aides to President Obama are preparing a report they hope will spur progress in the debate over government access to encrypted user data. The report, which staff hope to complete this month, will weigh various approaches to ensuring that law enforcement can bypass encryption during a criminal or national security investigation. White House aides are studying the topic with input from the FBI, four federal departments and several intelligence agencies, according to the Washington Post. The idea is to sum up actions Obama could take to break the stalemate on encryption between government and industry, which is concerned that guaranteeing access to users' devices will entice hackers. To read more, click here.

LIGHTER CLICK:

--It's been months since the Sony hack laid bare the personal emails of Hollywood's top stars. But neither Channing Tatum nor fellow hacking victim Chris Pratt has done anything to change their address, The Hollywood Reporter writes.

You may recall Magic Mike's gloriously eager email that he sent to his 22 Jump Street colleagues after the movie scored the second-highest opening weekend for an R-rated comedy.

"F YOU TED !!!! SECOND OF ALLLL TIMMMMME BEEEOTCH!!!!"

So feel free to send them your spec scripts for "23 Jump Street" or "Guardians of the Galaxy 2." Or to read more, click here.

A REPORT IN FOCUS:

--China's cyber spying efforts go much further in Asia than previously thought, security researchers said Monday. Hackers who appear to be sponsored by the Chinese government have conducted a decade-long campaign to monitor Southeast Asian governments and businesses online, Internet security company FireEye said in a new report. The ongoing activity is focused on targets that hold "key political, economic and military information about the region," and includes companies in India, the firm said. To read our full piece, click here.

A LOOK AHEAD:

TUESDAY:

--The House Homeland Security Committee will mark up its threat-sharing legislation.

--The House Energy and Commerce Committee will hear opening statements in the markup of a data breach notification standard bill.

WEDNESDAY:

--The House Energy and Commerce Committee will complete its markup of a data breach notification standard bill.

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

Your Windows computer has a flaw. (The Hill)

Experts say thousands of people are capable of a Sony-style attack. (The Hill)

Edward Snowden's 'Sexy Margaret Thatcher' password is not so secure after all. (Wired)

Game of Thrones producers were right to be worried -- the first four episodes of the new season have leaked online. (Torrent Freak)

Yahoo's chief information security officer discussed end-to-end email encryption and threat-sharing legislation in a new podcast episode from Passcode. (Christian Science Monitor)

Where does the Chief Information Security Officer fit in the corporate hierarchy? (IT Security)

"Drive-by login" attacks allow hackers to shop for specific victims. (Ars Technica)

Hackers are shaking down local police departments with ransomware. (ABC News)

 

We’ll be working to stay on top of these and other stories throughout the week, so check The Hill’s cybersecurity page early and often for the latest. And send any comments, complaints or cyber news tips our way, via cbennett@thehill.com or eviebeck@thehill.com. And follow us at @cory_bennett and @eliseviebeck.

If you'd like to receive our newsletter in your inbox, please sign up here: http://goo.gl/KZ0b4A