Overnight Cybersecurity: OPM close to unveiling final breach tally

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry wrap their arms around cyberthreats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...


--WITH BAITED BREATH: Get ready, the number we've been waiting for is apparently close. The Office of Personnel Management (OPM) is expected this week to finally reveal the number of people it believes have been affected by a breach of its database containing security clearance background investigation information. Initial estimates put the number at 18 million, but OPM Director Katherine Archuleta told Congress that was simply the number of Social Security numbers on the server. Non-government workers named in background check files also had other types of personal data exposed, possibly pushing the total much higher. So place your bets now. A separate breach at the OPM has already laid bare the personnel files of 4.2 million current and former government workers.

--OH, THE IRONY: A controversial Italian company that reportedly sells hacking tools to U.S. authorities has been hacked, revealing long-standing ties to the American government and potentially incriminating deals with repressive regimes. The firm, Hacking Team, has always denied selling directly to governments in countries such as Sudan, which is currently under a United Nations arms embargo. The company's connection to U.S. agencies has also never been confirmed. But emails and documents dumped Monday by a hacker are challenging those denials and expose a multi-year relationship with the FBI and Drug Enforcement Agency (DEA). They also show efforts to market surveillance products to the CIA, the Pentagon and numerous local law enforcement agencies around the U.S. To read our full piece, click here.

--GET OUT IN FRONT: FBI Director James Comey isn't waiting for his back-to-back Senate hearings on encryption this Wednesday. Before facing a grilling from lawmakers, the agency head tried to clear the air Monday in the ongoing clash between the government and technologists, privacy advocates and lawmakers over encryption standards. Comey penned a short op-ed on the popular national security blog Lawfare that defended his agency's much-maligned position that there are downsides to widespread encryption. "My job is to try to keep people safe," he said. "In universal strong encryption, I see something that is with us already and growing every day that will inexorably affect my ability to do that job." Comey has been pressing for Congress to give investigators a legal framework that would guarantee access, with a warrant, to encrypted data. Many have pushed back, arguing any such guarantee ruins encryption, creating vulnerabilities for nefarious actors to exploit. To read our full piece, click here.



--NEARING THE FINISH LINE. The White House is close to the end of a 30-day "cyber sprint" aimed at plugging the most gaping holes in the government's network security. The administration is scrambling to fortify its online defenses after hackers repeatedly infiltrated federal agencies, making off with everything from U.S. weather data to the president's private schedule to, most recently, private data on virtually every government employee. Some observers have been impressed by the White House's unusual tempo and aggressiveness during the 30-day effort. Others are worried that the directive is merely a smokescreen for deeper problems. To read our full piece, click here.



--TAKE HIS FACE ... OFF. We're a few days behind on this, but this video of the 1997 screen test for Nic Cage to play a psychologically damaged Superman is pretty great. Because who doesn't want to watch Cage as Superman doing calisthenics? Check it out here.



--CHINA, which is getting a lot of negative press in the U.S. right now. Last week, the Asian power passed a vague national security law that tightened the country's control over the Internet. The move irked the international business community, which argued the law is simply a cover to help China lock out foreign technology companies.

Then, over the weekend, Democratic presidential frontrunner Hillary ClintonHillary Diane Rodham ClintonMueller's team asking Manafort about Roger Stone: report O'Rourke targets Cruz with several attack ads a day after debate GOP pollster says polls didn't pick up on movement in week before 2016 election MORE accused China of "trying to hack into everything that doesn't move in America ... stealing huge amounts of government information all looking for an advantage." On Monday, Beijing defended itself, arguing it had shown a willingness to work with the U.S. on hacking. "China and the U.S. have taken a constructive spirit and approach to strengthening dialogue and cooperation to jointly face various challenges," said Chinese Foreign Ministry spokeswoman Hua Chunying during a press conference.

China will undoubtedly return to the headlines in the coming days when the OPM reveals the full extent of the breaches at the agency. U.S. officials have called China the "leading suspect" in the incident.




--The Senate Judiciary Committee will hold a hearing on encrypted communications at 10 a.m. FBI Director James Comey will testify.

--The Communications and Technology Subcommittee of the House Commerce Committee will hold a hearing on internet governance at 10 a.m. ICANN CEO Fadi Chehadé will testify.

--CSIS will hold an event on cybersecurity at 1 p.m. DHS Secretary Jeh Johnson will speak.

--The technology subcommittee of the House Science, Space, and Technology Committee will hold a hearing on the OPM data breach at 2 p.m.

--The Senate Judiciary Committee will hold a hearing on cyber crime at 2:15 p.m.

--The Select Intelligence Committee will hold a hearing on encryption at 2:30 p.m. Comey will also testify.


--The Brookings Institute will hold an event at 10 a.m. on the role the U.S. and Brazil should play in global Internet governance.



Links from our blog, The Hill, and around the Web.

Government leaker Edward Snowden may some day be able to strike a deal to return to the U.S. without jail time, according to former Attorney General Eric HolderEric Himpton HolderTwo Minnesota Republicans report attacks Now is not the time to reject civility Former Clinton aide Reines: ‘Party of snowflakes’ suddenly remodeled as 'angry mob of terrorists’ MORE. (The Hill)

A feature on Lt. Gen. Edward Cardon, head of Army Cyber Command, who is trying to build a cyber workforce. (FCW)

Far from the nuclear negotiations, a new tech-savvy Iranian generation takes shape. (Politico)

More evidence of the ongoing battle between Washington and Silicon Valley over encryption. (Christian Science Monitor)

INYMI: In a Sunday editorial, The Washington Post argued that President Obama "ought to be far more steamed about the break-ins than he appears" about the recent OPM hacks.

If you'd like to receive our newsletter in your inbox, please sign up here: http://goo.gl/KZ0b4A