Overnight Cybersecurity: Anticipation builds for Trump cyber order | House panel refers Clinton IT contractor for prosecution | Pentagon warned Flynn about foreign payments

Overnight Cybersecurity: Anticipation builds for Trump cyber order | House panel refers Clinton IT contractor for prosecution | Pentagon warned Flynn about foreign payments

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...

 

THE BIG STORY:

IS THE LONG WAIT OVER?:

The cybersecurity community is once again cautiously optimistic President Trump will soon sign an executive order outlining new initiatives on cyber. As of Thursday, there were rumors the signing could come as soon as Friday. For cyber watchers it's been a long wait. The first draft of a potential cybersecurity executive order was leaked exactly one week into Trump administration. The first rumored signing date then came and passed without an executive order on January 31, Since then, many other dates have been rumored and other drafts circulated. There was even an official signing ceremony canceled at the last minute, hours after press were briefed about what the new executive order would have included. All in all, followers have expected the order to be signed in January, twice in February and once in March.

...WAITING IS TOUGH, BUT EXPERTS WHO HAVE SEEN DRAFTS ARE ENCOURAGED: Different drafts have had different initiatives, but a vast majority of those who've seen drafts are impressed - and those who have seen more than one draft seem to think there has been consistent improvement. Trump has taken an uncharacteristically deliberative approach to the cybersecurity executive order, according to one source, even using Rudy Giuliani to solicit opinions from industry.

ADVERTISEMENT

...SO WHAT IS IN IT, IN THE END?

Past drafts of the executive order have ordered broad agency by agency reviews of security practices, placed responsibility for cybersecurity on agency heads, required agencies to comply with the National Institute for Standards and Technology cybersecurity framework, made it U.S. policy to modernize information technology and encouraged cyber workforce expansion. The signed order could contain any of those initiatives and more.

...AND WHY WILL IT MATTER, NO MATTER WHAT IS IN IT?

At a conference hosted by the wireless advocacy group CTIA, House Homeland Security Chair Michael McCaul (R-Texas) said the exec order might lead to congressional action on updating antiquated technology and the reintroduction of Rep. Will Hurd's (R-Texas) bill to fund that initiative. "I think what you're going to see - and I don't want to get ahead of the White House - my sense is you're going to see an IT modernization act," he said. Yesterday, in an interview with The Hill, Rep. John Ratcliffe (R-Texas) made similar comments about waiting on the order before moving forward on certain legislation. Though both agreed that getting it right was more important than getting it signed fast, whatever is in the executive order will be a building block for many ambitious legislative moves.

 

A POLICY UPDATE:

At the same CTIA conference, McCaul also announced that the White House had provided "positive" comments on a major restructuring initiative for the Department of Homeland Security.

"One of my biggest priorities in this Congress will be to elevate their mission by creating a cybersecurity agency within the Department of Homeland Security," he said, noting that the current hierachy places the National Cybersecurity and Communication Integration Center under the National Protection and Programs Directorate. Making cybersecurity its own shop, he said, would streamline decision-making.

 

A LIGHTER CLICK: 

CAUTIOUSLY OPTIMISTIC SCIENCE: "Drinking four cups of coffee is probably safe"

 

A REPORT IN FOCUS: 

ONE IN SIX ATTACKS IS A SPY?

Verizon on Thursday released its annual investigative report on data breaches, which found that cyber espionage is the most common attack used to targeted manufacturing businesses, the public sector, and education organizations. 

The latest iteration of the Data Breach Investigative Report, in its 10th year, spotlights a number of trends in the company's analysis of nearly 2,000 breaches across the globe--more than 300 of which were espionage related. 

The Verizon report is broad ranging, also including an industry-by-industry breakdown of hacking and other statistics mined from customers and partners. 

To read the rest of our story, click here.

 

WHAT'S IN THE SPOTLIGHT:

INVESTIGATIONS. ALL OF THEM.

--CLINTON: The House Science Committee has referred the CEO of an IT firm behind Hillary ClintonHillary Diane Rodham ClintonFrustration boils over with Senate's 'legislative graveyard' Poll: Nearly half of Clinton's former supporters back Biden Harris readies a Phase 2 as she seeks to rejuvenate campaign MORE's private email server to the Department of Justice for prosecution, the committee announced Thursday. The committee believes Treve Suazo, the chief executive officer of Platte River Networks, may be guilty of failing to produce subpoenaed documents, making false statements to Congress and obstructing its investigation. Of the three companies involved in the Clinton home email server, committee aides said, Platte River was the only one not to comply with subpoenas.

--FLYNN: Former National Security Adviser Michael Flynn was warned by the Pentagon against accepting foreign payments following his retirement in 2014, according to new documents released Thursday by the House Oversight Committee. The Defense Intelligence Agency's (DIA) inspector general launched an investigation into Flynn's actions this month, according to another document released by committee Democrats. In a 2014 letter to Flynn from the DIA -- released in redacted form by the committee -- the agency advised him that it is illegal for former military officers to accept payment from a foreign government without prior approval. In December of 2015, Flynn was paid $45,000 to speak at an event hosted in Moscow by the Kremlin-backed network RT, during which he was seated with Russian President Vladimir Putin. He also received payments for additional speeches to Russian firms Kaspersky and Volga Dnepr. As a retired military officer, Flynn is prohibited under the Emoluments Clause of the Constitution from accepting payment from a foreign government without advance permission from both the secretary of State and the secretary of the Army.

The top Democrat on the Oversight Committee also questioned the White House's handling of the matter. "I honestly do not understand why the White House is covering up for Michael Flynn," Rep. Elijah Cummings (D-Md.) said at a joint appearance with other Democrats criticizing President Trump's first 100 days in office.

Also, the top ethics lawyer under former President George W. Bush on Thursday said that President Trump should strip Flynn of his military title.

But Homeland Security Secretary John Kelly on Thursday defended Michael Flynn, saying he's not concerned by reports that the former national security adviser accepted payments from foreign governments. "It's beyond any ability to imagine that Mike would be anything other than a loyal patriotic American," Kelly told Fox News of Flynn.

And the White House pointed the finger at former President Barack ObamaBarack Hussein ObamaAssange hit with 17 new charges, including Espionage Act violations Progressive commentator says Obama was delusional thinking he could work with Republicans Obama makes surprise visit to Washington Nationals youth baseball program MORE. White House press secretary Sean Spicer said the former national security adviser had received his security clearance from the Obama administration.

--RUSSIA:FBI Director James Comey will testify next month before a Senate committee on FBI oversight. The Senate Judiciary Committee announced on Wednesday that Comey will take part in a hearing on May 3 on "Oversight of the Federal Bureau of Investigation." The meeting is part of an annual oversight hearing held by the Judiciary Committee at which Comey has previously testified. But the hearing will mark the first time Comey has publicly appeared before a Senate committee since the start of the Trump administration.

Also, Sen. Jeanne ShaheenCynthia (Jeanne) Jeanne ShaheenOvernight Defense: Details on Senate's 0B defense bill | Bill rejects Trump plan to skirt budget caps | Backfills money for border wall | Defense chief says more troops could head to Mideast Senate defense bill would pull Turkey from F-35 partnership if it buys Russian missile system Trump, Europe increasingly at odds on Iran MORE (D-N.H.) said Thursday that Russian meddling in U.S. elections could become "normalized" if the government does not further respond to Moscow's interference in the 2016 presidential contest. "If Russia gets a pass on 2016, it could interfere in future U.S. elections not only at the presidential level but at the House and Senate level," Shaheen said. The New Hampshire Democrat is part of a bipartisan group of senators who introduced legislation in January that would impose further sanctions on Russia.

 

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

"Ultimately, we will continue to struggle with [fake news] information operation campaigns until we address the policy and strategy deficiencies that undermine our overall cyber posture," said Sen. Mike Rounds (R-S.D.), chair of the Senate subcommittee overseeing Pentagon cybersecurity efforts. (The Hill)

Russian and Chinese hackers are now employing hacking tools from the ShadowBrokers NSA leaks. (Infosecurity Magazine)

A FitBit may convict someone of murder. (Naked Security)

Kaspersky Lab recaps recent trends in advanced persistent threats (APTs), nation-level hackers. (Kaspersky)

Your ominous headline of the day: "'World's Most Secure' Email Service Is Easily Hackable." (Motherboard)

 

If you'd like to receive our newsletter in your inbox, please sign up here.