OVERNIGHT CYBERSECURITY: Scope of fed hack still unknown

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry wrap their arms around cyberthreats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...


--AIN'T SAYIN' NOTHIN': House Intelligence Committee leaders were pretty tight-lipped Tuesday night following a briefing with Office of Personnel Management Chief Information Officer Donna Seymour and other administration officials. Questions have been swirling about exactly what data was taken by suspected Chinese hackers since the OPM said last week that 4 million employees' records had been breached. The Intel panel's top Democrat, Rep. Adam SchiffAdam Bennett SchiffGOP divided over impeachment trial strategy READ: Top NSC aide Tim Morrison's closed-door impeachment inquiry testimony Top NSC aide puts Sondland at front lines of Ukraine campaign, speaking for Trump MORE (D-Calif.), told reporters that the administration said it has "made a lot of progress on the attribution front." But he warned that "the scope of the exposure" and "the extent of the damage" were still being investigated. "I don't think we can say with any kind of certainty that anyone is beyond impact here," he said. To read our full piece, click here.

--HERE WE GO: Senate leaders are going to try and attach the stalled cybersecurity bill to the annual defense budget. "The national defense of the country is extremely important given the cyberattacks that occurred earlier this week," Senate Leader Mitch McConnellAddison (Mitch) Mitchell McConnellGOP divided over impeachment trial strategy On The Money: Trump asks Supreme Court to block Dem subpoena for financial records | Kudlow 'very optimistic' for new NAFTA deal | House passes Ex-Im Bank bill opposed by Trump, McConnell Top House Democrats ask for review of DHS appointments MORE (R-Ky.) told reporters on Tuesday. The Senate's sidelined cyber bill, the Cybersecurity Information Sharing Act (CISA), would boost the public-private exchange of hacking data. Privacy advocates, who maintain the bill would create a new surveillance authority, were predictably less than pleased at McConnell's tactic. Sen. Ron WydenRonald (Ron) Lee WydenDemocratic senators introduce bill to block funding for border wall live stream Booker, Sanders propose new federal agency to control drug prices Hillicon Valley: Amazon to challenge Pentagon cloud contract in court | State antitrust investigation into Google expands | Intel agencies no longer collecting location data without warrant MORE (D-Ore.), a CISA critic, spoke out quickly: "If Senator McConnell insists on attaching the flawed CISA bill to unrelated legislation, I will be fighting to ensure the Senate has a full debate and a chance to offer amendments to add vital protections for American privacy." To read our full piece, click here.



--SET THE STANDARD. Rep. Joe WilsonAddison (Joe) Graves WilsonOvernight Defense: Erdoğan gets earful from GOP senators | Amazon to challenge Pentagon cloud contract decision in court | Lawmakers under pressure to pass benefits fix for military families Lawmakers under pressure to pass benefits fix for military families The Hill Interview: Sanford says Trump GOP doing 'serious brand destruction' MORE (R-S.C.) on Tuesday introduced the Cyber Standards Act, which would direct the Director of National Intelligence to study how we measure cyberattacks. Currently, there's no commonly used metric for quantifying how damaging an attack is, either from an economic or a national security perspective.  

"The complicated nature of cyber defense means we need a clear standard of measurement for assessing the damage of attacks to our citizens and affected systems," Wilson said.

Wilson believes such a standard would help the government determine its response, an issue that has befuddled lawmakers and officials alike.

"This bill will be the first of many steps in building a comprehensive cyber defense system," Wilson said. Check out the bill here. Watch Wilson stump for it on the floor here.



--THE THUMPER RULE. The sage rabbit in Bambi once said, "If you can't say nothin' nice, don't say nothin' at all." Might want to keep that in mind next time you go to anonymously make a snarky, mean or vile threat online. The Department of Justice is apparently seeking the identities of people who made negative comments about the judge that recently sentenced dark market Silk Road founder Ross Ulbricht to life in prison.  

Per ArsTechnica: "The hunt for commenters was revealed yesterday, when the legal blog Popehat published a grand jury subpoena (PDF) that DOJ investigators gave to Reason.

"Why is the government using its vast power to identify these obnoxious asshats, and not the other tens of thousands who plague the internet?" wrote Popehat blogger Ken White. "Because these twerps mouthed off about a judge."

Check out the rest here.



--THAT'S A LOT OF BILLIONS. D.C.-based think tank the Information Technology and Innovation Foundation (ITIF) is out with a report that argues the fallout from government leaker Edward Snowden's disclosure of secret U.S. spying programs will "far exceed" an initial $35 billion estimate. The tech sector has argued that it has suffered overseas since the revelations. They argue foreign consumers lack trust in U.S. products, fearing that the government has compromised them.

"It has become clear that the U.S. tech industry as a whole, not just the cloud computing sector, has underperformed as a result of the Snowden revelations," the ITIF report said. Check out the full thing here.




--The House Subcommittee on Emergency Preparedness, Response, and Communications will hold a hearing at 10 a.m. on "Defense Support of Civil Authorities: A Vital Resource in the Nation's Homeland Security Missions."

--Politico will hold an event on the future of campaign technology at noon.

--Microsoft will hold a TechFair open house at 1 p.m.


--The D.C. Circuit Court of Appeals is expected to rule on lawsuits to block the FCC's net neutrality rules before they take effect Friday.



Links from our blog, The Hill, and around the Web.

The personal information of current and former Cabinet secretaries might have been stolen as part of the OPM breach. (The Hill)

Two major tech industry groups sent a letter to President Obama dissuading the White House from proposing any type of policy to guarantee law enforcement access to encrypted data. (The Hill)

Two senators are pressing the International Monetary Fund (IMF) to punish China's currency until the Asian power scales back its overseas hacking. (The Hill)

Intercepted WhatsApp messages led to Belgian terror arrests. (ArsTechnica)

ISIS supporters are circulating a small catalog of various spy tools and tutorials on hacking Wi-Fi networks in a package called the "Book of Terror." (Motherboard)

Amazon wants to be a root Certificate authority. (GeekWire)

Australian Internet provider iiNet Ltd warned its customers of a possible hack. (Reuters)

ICYMI: Chinese law-enforcement officers are using secure smartphone software developed by Alibaba as part of a government push to purge foreign technology from the most sensitive agencies. (Bloomberg)


If you'd like to receive our newsletter in your inbox, please sign up here: http://goo.gl/KZ0b4A