Overnight Cybersecurity: Cyber bill faces more hurdles

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...

THE BIG STORIES:

--LIKE EDWIN MOSES: Sweeping cybersecurity legislation recently passed in Congress still has serious hurdles to clear before becoming law. On Tuesday night, the upper chamber approved the Cybersecurity Information Sharing Act (CISA) -- a bill meant to encourage companies to share data on cyberattacks with the government -- by a bipartisan 74-21 vote. Coming roughly six months after the House approved its companion legislation, the Senate's vote puts an overall cybersecurity information-sharing measure on path to becoming law. But despite the bills clearing both chambers by wide margins, the legislation is about to enter a difficult and uncertain conference negotiation to produce the final bill. First and foremost is are changes in House leadership, which could shift the players involved in the upcoming negotiations. To read our full piece, click here.

ADVERTISEMENT
--CHOP CHOP: The White House on Wednesday gave a thumbs-up to the Senate for passing its long-stalled cyber bill. "The Senate's passage with strong bipartisan support is notable and worth mentioning," spokesman Eric Schultz told reporters aboard Air Force One. Schultz encouraged the Senate to work swiftly with the House, which passed its companion legislation in April, to produce a final bill. "We are hopeful the Senate and the House can work together expeditiously to send the best possible bill to the president's desk as soon as possible," he added. The White House last week gave its public support to CISA, which was once seen as a long shot. To read our full piece, click here.

--ICH BIN IN UNTERSUCHUNG: German privacy regulators have announced an investigation into data transfers from the European Union to the U.S. from companies such as Google and Facebook. The decision follows a bombshell court ruling that invalidated a key data-flow agreement between the United States and EU. "Anyone who wants to remain untouched by the legal and political implications of the judgment, should in the future consider storing personal data only on servers within the European Union," Hamburg's Data Protection Officer Johannes Caspar told the German magazine Der Spiegel. The surprise move comes just as the EU said it had struck a deal in principle with the United States on a new agreement to allow companies to legally transfer information between borders. To read our full piece, click here.

 

UPDATE ON CYBER POLICY:

--IF YOU SQUINT JUST RIGHT. Language from two hefty bills that would bolster the Department of Homeland Security's cybersecurity role were quietly tacked onto a major cyber bill that passed the Senate late Tuesday.

The first, from Sens. Susan CollinsSusan Margaret CollinsThe Hill's Morning Report - In exclusive interview, Trump talks Biden, Iran, SCOTUS and reparations Hillicon Valley: Senate bill would force companies to disclose value of user data | Waters to hold hearing on Facebook cryptocurrency | GOP divided on election security bills | US tracking Russian, Iranian social media campaigns Stephen King: 'It's time for Susan Collins to go' MORE (R-Maine) and Mark WarnerMark Robert WarnerHillicon Valley: Senate bill would force companies to disclose value of user data | Waters to hold hearing on Facebook cryptocurrency | GOP divided on election security bills | US tracking Russian, Iranian social media campaigns Ex-Obama counterterrorism official: Huawei could pose security threat to international intelligence community Bipartisan senators to introduce bill forcing online platforms to disclose value of user data MORE (D-Va.), would give the DHS more powers to repel cyberattacks on federal agency networks. The language would update the 12-year-old Federal Information Security Management Act (FISMA) and formalize the DHS role in protecting government networks and websites.

The Collins-Warner language would also lower some of the barriers preventing the DHS from inspecting other agencies' networks and kicking out hackers. Currently, it needs permission to investigate or monitor networks.

The second measure, from Sens. Ron JohnsonRonald (Ron) Harold JohnsonGOP senators divided over approach to election security Democrats make U-turn on calling border a 'manufactured crisis' GOP frets about Trump's poll numbers MORE (R-Wis.) and Tom CarperThomas (Tom) Richard CarperSenate investigation finds multiple federal agencies left sensitive data vulnerable to cyberattacks for past decade Senate set to bypass Iran fight amid growing tensions The '90-10 rule' in higher education is a target on veterans' backs MORE (D-Del.), would require all agencies to adopt several cybersecurity best practices. It would also accelerate the rollout of the government's anti-hacking shield, dubbed "Einstein," that detects and repels known cyber threats.

If the two sections make it through a conference report with the House and into the final bill, they will serve as the next step in Congress's ongoing bid to bolster the DHS's cybersecurity role in protecting the federal government.

Check out our full piece, here.

 

LIGHTER CLICK:

--IS IT FARCE? Satire from The Onion: "China Unable to Recruit Hackers Fast Enough to Keep up with Vulnerabilities in U.S. Security Systems." Read on, here.

 

WHO'S IN THE SPOTLIGHT:

--DARPA. The emerging technologies research arm of the Pentagon accidentally published the details of a contract that appears to be intended to track security researchers to try to figure out what vulnerabilities they're looking for.

The $500,000 contract, called  "Internet Cyber Early Warning of Adversary Research and Development," has been awarded to a contractor to create the technology.

"Proposers hypothesize that vulnerability researchers make use of public information and resources (such as search engines and websites) that are relevant to their missions, targets, and techniques in such a way that it is possible to glean part of their intent if only we could observe such use and differentiate it from noise," read the contract, which has since been taken down.

Read on, here.

 

A LOOK AHEAD:

N/A, everyone's just lying on the floor with their eyes closed after CISA.

 

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

Experts weigh in on how to cut into the massive cybersecurity workforce shortage. (Christian Science Monitor)

The five most destructive computer viruses of all time. (Yahoo)

Does the news that China arrested hackers accused of stealing trade secrets from American firms prove Beijing is serious about curtailing hacking? (Christian Science Monitor)

13 million plaintext passwords belonging to 000Webhost users have been leaked online. (Ars Technica)  

Security researcher Brian Krebs breaks down the CISA debate. (Krebs on Security)

New research shows that Iranian hackers are showing strong interest in malware that can secretly pull data from Android devices, which are popular in the Middle East. (CIO.com)

If you'd like to receive our newsletter in your inbox, please sign up here: http://goo.gl/KZ0b4A