Overnight Cybersecurity: EU poised to finalize Privacy Shield

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...


--SO CLOSE NOW: The EU Commission on Tuesday is expected to finalize a long-awaited data transfer pact with the United States. The deal cleared its last major hurdle on Friday, when EU lawmakers gave the so-called Privacy Shield the green light. The vote "paves the way for the formal adoption of the legal texts and for getting the EU-US Privacy Shield up and running," the Commission said in a statement. Officials said the Article 31 group of EU member states' decision to approve the pact demonstrated "strong confidence" in the new arrangement, which for months had been stymied by concerns over U.S. surveillance practices. While the Commission -- which negotiated the deal with the U.S. Commerce Department -- has stumped tirelessly for the new deal, privacy advocates and some European lawmakers argued that the pact doesn't go far enough to protect Europeans' fundamental right to privacy. But onlookers suspected that the roiling uncertainty after the United Kingdom's recent vote to exit the EU would push jumpy lawmakers to ease uncertainty wherever they could by approving the deal. The Privacy Shield is intended to replace a 15-year-old framework used by U.S. companies to make legal transfers of personal data across the Atlantic. The old Safe Harbor arrangement was used by over 4,000 companies, from the hospitality industry to social media, to meet Europe's more stringent privacy requirements for handling citizens' data. The EU high court struck down the agreement in October, arguing that the U.S. could not be trusted to adequately protect privacy because of its surveillance practices -- leaving many businesses in a deeply uncertain regulatory environment. The Article 31 group vote was met by immediate praise from business and tech groups, including the U.S. Chamber of Commerce. But while the Commission is expected to put the final rubber stamp on the Privacy Shield on Tuesday, the future of the deal is far from certain. It is widely expected to face legal challenges from privacy advocates, including the activist who brought the original case that led to the termination of the old Safe Harbor deal. To read our full piece, click here.

--JOIN THE TEAM: The SWIFT banking transaction network has hired third-party experts help shore up its security following the high-profile Bangladesh Bank heist -- including the same group of security experts that originally identified the network's role in the $81-million theft. SWIFT announced Monday it is bringing in consultants from the firms BAE Systems and Fox-IT to "complement its in-house cyber security expertise and provide additional support as it rolls out an information sharing and threat intelligence program for banking members." British defense contractor BAE Systems in April announced it believed the attackers used the malware to target a SWIFT client software known as Alliance Access. At the time, neither SWIFT nor the Bangladesh Bank commented on the BAE report -- and SWIFT has been adamant that the theft was made possible through stolen credentials, not a flaw in SWIFT's security. "At the end of the day, we weren't breached. It was, from our perspective, a customer fraud," SWIFT CEO Gottfried Leibbrandt said in May. To read our full piece, click here.



--A CASE OF MISTAKEN IDENTITY. TFW you're sued for $5 million because you DENIED you painted a thing.



--WHAT ARE YOU DOING ABOUT THIS? Rep. Mike Pompeo (R-Kan.) wants to know what the State Department has done to address FBI Director James B. Comey's assessment that it suffers from a lax security culture.

According to Comey, the FBI "developed evidence that the security culture of the State Department in general, and with respect to use of unclassified email systems in particular, was generally lacking in the kind of care for classified information found elsewhere in the government."

In a letter sent to Secretary of State John KerryJohn Forbes KerryDemocrats fear Ohio slipping further away in 2020 He who must not be named: How Hunter Biden became a conversation-stopper Rep. Joe Kennedy has history on his side in Senate bid MORE late last week, Pompeo demanded to know what steps the department has taken to "address this lax security culture."

State has already pushed back on Comey's remarks. A spokesman told reporters in Washington last week that "[w]e don't share that assessment of our institution."

But Pompeo may have gotten support from an unexpected corner over the weekend.

President Obama on Sunday declined to directly address the results of the FBI's investigation into Clinton, but cited "legitimate concerns around how information travels in the State Department."

"It has to do with the volumes of information that are now being transmitted, who has access to them; concerns about cyberattacks and cybersecurity; concerns about making sure that we're transmitting information in real time so that we can make good decisions, but that it's not being mishandled in the process or making us more vulnerable," the president said, arguing that such concerns were applicable "across the spectrum" of government.

To read about President Obama's remarks, click here. To read Rep. Pompeo's letter, click here.




--Admiral Michael S. Rogers, who heads the CIA and Cyber Command gives closed testimony to the Senate Armed Services committee on encryption and cybersecurity challenges in national security at 9:30 a.m.

--The House Judiciary hosts a Department of Justice oversight hearing at 10 a.m., with questions likely to touch on the Clinton email investigation.

--The Senate Commerce Committee hears from industry, academia and lawyers about the consumer and competition impact of proposed FCC privacy rule changes at 10 a.m.

--The House Homeland Security Committee weighs the value of Homeland Security threat assessments at 10 a.m.

--The House Energy and Commerce Subcommittee on Communications and Technology holds oversight hearings on the FCC at 10:15 a.m.

--The Senate Committee on Energy and Natural Resources holds hearings on Sen. Angus KingAngus Stanley KingOvernight Defense: Dems grill Trump Army, Air Force picks | House chair subpoenas Trump Afghanistan negotiator | Trump officials release military aid to Ukraine Democrats grill Army, Air Force nominees on military funding for border wall Bipartisan panel to issue recommendations for defending US against cyberattacks early next year MORE's (I-Maine) proposal to boost cybersecurity by using fewer computerized components in the energy grid at 2:30 p.m.

--Senate Intelligence receives a closed door briefing at 2:30 p.m.


--Richard Stengel, undersecretary for public diplomacy and public affairs at the State Department, testifies about the "virtual caliphate" at 10 a.m.


--The Homeland Security Committee will receive testimony on worldwide threats from FBI Director James Comey and Homeland Security Secretary Jeh Johnson, at 10 a.m.

--The House Science Committee will hold a hearing evaluating the Federal Deposit Insurance Corporation's response to data breaches, at 10 a.m.

--The Senate Intelligence Committee receives a closed door briefing at 2 p.m..

--The House Oversight Subcommittees on Information Technology and National Security host joint hearings on "Digital Acts of War: Evolving the Cybersecurity Conversation" at 1 p.m.



--BETH ANNE KILLORAN. The 11-year veteran of the Department of Homeland Security on Monday took on the role of chief information officer at the Department of Health and Human Services, where she is expected to focus on bolstering the agency's cybersecurity.

Killoran, who joined HHS in 2014, will tackle two information programs on "healthy" cybersecurity: training employees to recognize bogus emails through simulated phishing attacks and a pilot program to outline IT workforce requirements for the department.

To read our full piece, click here.



$1 billion lawsuit filed this weekend alleges that Facebook is liable for Hamas attacks in Israel and the West Bank that were allegedly facilitated in part by the group's use of the social network. (The Hill)

Twitter CEO Jack Dorsey on Saturday became the latest high-profile victim to have a social media account taken over by the hacker group OurMine. (The Hill)

A pair of Democratic senators want a federal agency to take a look at fraudulent traffic to digital ads served up by platforms like Google and Facebook. (The Hill)

Researchers have developed a network architecture they claim is a dramatically more efficient way for users to interact anonymously. (The Hill)

Officials aren't sure whether a cyberattack was behind outages at NATO websites and whether hackers were attempting to counter a Warsaw summit that is addressing both cyberspace dangers and Russian aggression. (The Wall Street Journal)

The Chinese internet censorship system blocks searches for a newly discovered beetle. (Global Voices)


If you'd like to receive our newsletter in your inbox, please sign up here: http://goo.gl/KZ0b4A