Overnight Cybersecurity: Capitol Hill goes all in on cyber

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...


--ALL THE CYBER YOU CAN STAND: Capitol Hill was drowning in cybersecurity hearings on Wednesday, where both House and Senate committees discussed everything from a proposed Department of Homeland Security (DHS) reorganization to the ramifications of Chinese President Xi Jinping's first official state visit last month. Here's a quick recap of what you need to know:

  • House Homeland Security Committee members are demanding that the DHS be more transparent with proposed reorganization efforts of the National Protection and Programs Directorate (NPPD), which includes an important cyber hub, as well as an office that helps secure the government's networks. During a House Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies hearing, lawmakers from both sides of the aisle criticized the agency for pushing forward with a leaked reorganization proposal without involving lawmakers. "Several members of the committee and I were very disappointed to find out about this proposal through leaked reports in the media," Chairman John Ratcliffe (R-Texas) said. "Even more disappointing, the committee has heard that DHS leadership had planned to move forward unilaterally on several efforts without Congressional review or approval." DHS Under Secretary Suzanne Spaulding struck a conciliatory note throughout the hearing, agreeing with Ratcliffe that "DHS can't move forward on at least certain parts of this reorganization without Congressional authorization under the Homeland Security Act." To read our full piece, click here.
  • Meanwhile, the House Small Businesses Committee heard from financial institutions about how a switch to microchip-enabled, or EMV, cards is affecting retailers. Lawmakers are concerned that financial institutions are rushing the transition, hurting businesses and consumers in the process. The meeting came a week after an Oct. 1 deadline where merchants who had not upgraded their technology to accept these EMV cards became responsible for covering the cost of fraudulent transactions. Committee members said there are still credit card companies that have not issued new cards to customers, as well as small businesses that are worried about the cost of implementing the new technology. "This poses significant challenges to sorting out liability issues in the case of cyber theft," Committee Chairman Steve Chabot (R-Ohio) said. Financial institutions argue the move will dramatically reduce credit fraud and help thwart hackers, but retailers say they need more time to implement the new technology. The committee said Wednesday it would hold another hearing later this year to hear directly from retailers on how Congress can help with the transition. To read our full piece, click here.

--NOT YOU AGAIN: Suspected Chinese hackers made headlines twice on Wednesday for hacks on consumers and companies. In the U.S., The New York Times revealed that the Chinese hacking group known as the Codoso Group infiltrated a key Samsung subsidiary that provides the technology backbone of its new mobile payment service. The hackers appear to have been after LoopPay's proprietary magnetic secure transmission (MST) technology, which is a critical feature of Samsung Pay. Execs said that the attackers broke into LoopPay's corporate networks but that there is no indication that Samsung itself was breached or that consumer data was exposed. Also on Wednesday, new research from security firm FireEye revealed that suspected China-based hackers are luring government workers and employees at large corporations in more than 20 countries to download malicious Android apps that can hijack a smartphone. If a user accidentally downloads one of the malicious apps, it can take control of the phone and uninstall, launch or install other apps on the device, "possibly preparing for further attacks," FireEye said. To read about the LoopPay hack, click here. To read about the malicious Android apps, click here.



--I WANT THE TRUTH! Three Senate Democrats are seeking answers from credit agency Experian about the recent data breach that exposed up to 15 million T-Mobile customers. Sens. Richard Blumenthal (D-Conn.), Bill NelsonClarence (Bill) William NelsonDemings raises million after announcing Senate bid against Rubio Russia threatens to leave International Space Station program over US sanctions Nikki Fried, only statewide elected Democrat in Florida, launches challenge to DeSantis MORE (D-Fla.) and Brian Schatz (D-Hawaii) -- all leading Democrats on the Senate Commerce Committee -- wrote the two companies Wednesday, requesting information on how both firms were handling fallout from the hack. The trio also used the letter as a platform to call for their colleagues to take up a data breach bill that would set nationwide data security guidelines and require companies to notify their customers shortly after a hack.

To read our full piece, click here.



--'COME ... WITNESS THE RICHES OF THE EAST AND REJOICE.' So we're admittedly a few days behind on this, but from now on, this is the only thing you need to know about the Trans-Pacific Partnership (TPP), the tech-heavy trade deal struck earlier this week that would also set guidelines to protect intellectual property from cyber theft.

Leave it to The Onion to do it best:

"Exhausted, berimed with salt, and haggard from his long sea journey, but nevertheless triumphant as he guided his fleet to port following the completion of the Trans-Pacific Partnership, President Barack ObamaBarack Hussein ObamaObama on Supreme Court ruling: 'The Affordable Care Act is here to stay' Appeals court affirms North Carolina's 20-week abortion ban is unconstitutional GOP senator: I want to make Biden a 'one-half-term president' MORE is said to have made harbor in Washington, D.C.'s anchorage Monday, his five sturdy galleons choked to the very gunwales with the finest silks, casks of redolent cardamom, and great cakes of vivid dye-of-indigo retrieved from the far Orient."

Read on, here.



--SEMANTICS! Is the language we use to discuss "the cloud" shaping our perceptions of Internet privacy? A thoughtful analysis from The Guardian.



--SO THAT'S WHO THAT PERSON IS. Researchers say that Iranian hackers are creating fake LinkedIn profiles in an attempt to get targets to cough up sensitive data. The scheme is apparently going after people in the Middle East, but maybe think twice about that accepting that rando's request. NBC News has the full story, here.



--ARI SCHWARTZ. The former White House Senior Director of Cybersecurity will join the D.C. lobbying firm Venable as managing director of Cybersecurity Services, the company announced today. Schwartz had been at the White House since 2013 and stepped down earlier this month. It had always been his intention to leave after a couple of years on the job. Prior to serving in the government, Schwartz made a name for himself as a leading privacy advocate in Washington, D.C. and served as vice president and chief operating officer at the Center for Democracy and Technology, a digital rights group.




--The Senate Homeland Security and Governmental Affairs Committee will hold a hearing at 10 a.m. on "threats to the homeland." DHS Secretary Jeh Johnson and FBI Director James Comey will testify.

--The House Homeland Security Committee's subcommittee on maritime security will hold a hearing at 10 a.m. whether U.S. ports are vulnerable to a cyberattack.

--The National Academy of Public Administration will host an event at 9 a.m. on cybersecurity education. Sen. Tom CarperThomas (Tom) Richard CarperSenate confirms Radhika Fox to lead EPA's water office Rick Scott threatens to delay national security nominees until Biden visits border Senate panel unanimously advances key Biden cyber nominees MORE (D-Del.), the top Democrat on the Homeland Security Committee, will speak.

--CSM Passcode will host an event on cybersecurity research at 11 a.m.



Links from our blog, The Hill, and around the Web.

A major tech trade group and a libertarian-leaning coalition pressed President Obama to publicly support strong encryption on Wednesday. (The Hill)

Sen. Cory GardnerCory GardnerBiden administration reverses Trump changes it says 'undermined' conservation program Gardner to lead new GOP super PAC ahead of midterms OVERNIGHT ENERGY: Court rules against fast-track of Trump EPA's 'secret science' rule | Bureau of Land Management exodus: Agency lost 87 percent of staff in Trump HQ relocation | GM commits to electric light duty fleet by 2035 MORE (R-Colo.) is warning that North Korea's cyber program is getting a larger role in its military strategy. (The Hill)

Three Senate Democrats are seeking answers from credit agency Experian about the recent data breach that exposed up to 15 million T-Mobile customers. (The Hill)

Wikipedia founder Jimmy Wales says "there's really no excuse" for sites not to use encryption. (Motherboard)

Rep. Gerry ConnollyGerald (Gerry) Edward ConnollyDemocrats weigh next steps on Jan. 6 probe Tlaib, Democrats slam GOP calls for border oversight to fight opioid crisis Shakespeare gets a congressional hearing in this year's 'Will on the Hill' MORE (D-Va.) insists that his data is being used by the OPM hackers for identity theft schemes. (Next Gov)

The race is on in Washington and in industry to ditch the password in favor of two-factor authentication. (The Daily Dot)

Lawyers for journalist Matthew Keys, who is accused of aiding the Anonymous hacking group, told a jury Tuesday that the U.S. hasn't proven the charges against him. (Reuters)

Warren Buffett has entered the lucrative cybersecurity insurance industry. (Insurance Business America)

The Sony hack was a horror show that the feds could only watch, the assistant attorney general for national security said Tuesday. (New York Post)

Cyber vandalism is "the least of our worries," according to White House Cybersecurity Coordinator Michael Daniel. (Fierce Government IT)

Months after an email phishing attack breached U.S. Postal Service personnel data, a quarter of agency employees still fell for a simulated email scheme. (Next Gov)


If you'd like to receive our newsletter in your inbox, please sign up here: http://goo.gl/KZ0b4A