Overnight Cybersecurity: Tillerson proposes new cyber bureau at State | Senate bill would clarify cross-border data rules | Uber exec says 'no justification' for covering up breach

Overnight Cybersecurity: Tillerson proposes new cyber bureau at State | Senate bill would clarify cross-border data rules | Uber exec says 'no justification' for covering up breach
© Getty Images

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...



-- TILLERSON PROPOSES NEW CYBER OFFICE AT STATE: Secretary of State Rex TillersonRex Wayne TillersonTrump administration rigging the game, and your retirement fund could be the loser Haley’s exit sends shockwaves through Washington Turkey-Russia Idlib agreement: A lesson for the US MORE is proposing the unification of two separate offices at the State Department to form a single bureau that will focus on a wide range of cyber issues. A State Department spokesperson told The Hill that the two offices, the Office of the Cybersecurity Coordinator and the Bureau of Economic Affairs' Office of International Communications and Information Policy, would be unified in order to form the proposed Bureau for Cyberspace and the Digital Economy. "The combination of these offices in a new Bureau for Cyberspace and the Digital Economy will align existing resources under a single Department of State official to formulate and coordinate a strategic approach necessary to address current and emerging cyber security and digital economic challenges," Tillerson said in a Tuesday letter to House Foreign Affairs Committee Chairman Ed RoyceEdward (Ed) Randall RoyceGOP leaders hesitant to challenge Trump on Saudi Arabia Election Countdown: O'Rourke goes on the attack | Takeaways from fiery second Texas Senate debate | Heitkamp apologizes for ad misidentifying abuse victims | Trump Jr. to rally for Manchin challenger | Rick Scott leaves trail to deal with hurricane damage Saudi mystery drives wedge between Trump, GOP MORE (R-Calif.). "The Department of State must be organized to lead diplomatic efforts related to all aspects of cyberspace," the secretary added. The decision comes after Tillerson faced scrutiny from both parties last year over his decision to fold the standalone Office of Cybersecurity Coordinator into an economic-focused bureau as part of his broad efforts to reorganize the agency.

To read the rest of our piece, click here.


-- SPEAKING OF THE STATE DEPARTMENT... GOP PROBES PUT NEW FOCUS ON STATE: Republicans have former President Obama's State Department in their crosshairs as they question whether FBI and Justice Department investigations into President TrumpDonald John TrumpTrump renews attacks against Tester over VA nominee on eve of Montana rally Trump submits 2017 federal income tax returns Corker: Trump administration 'clamped down' on Saudi intel, canceled briefing MORE were tainted by political bias and influence from key figures in Hillary ClintonHillary Diane Rodham ClintonMueller's team asking Manafort about Roger Stone: report O'Rourke targets Cruz with several attack ads a day after debate GOP pollster says polls didn't pick up on movement in week before 2016 election MORE's orbit. Congressional Republicans have signaled that they are looking at whether the State Department, then run by John KerryJohn Forbes KerryBiden: ‘Totally legitimate’ to question age if he runs in 2020 Kerry decries ‘broken’ Washington Christine Blasey Ford has a credibility problem MORE, passed along information from Clinton's allies that may have been used by the FBI to launch an investigation into whether the Trump campaign had improper contacts with Russia. A highly redacted criminal referral from Senate Judiciary Committee Chairman Chuck GrassleyCharles (Chuck) Ernest GrassleyTrump officials ratchet up drug pricing fight Dems angered by GOP plan to hold judicial hearings in October American Bar Association dropping Kavanaugh review MORE (R-Iowa) to FBI Director Christopher Wray and Deputy Attorney General Rod RosensteinRod Jay RosensteinRosenstein says Mueller probe is 'appropriate and independent' The Hill's 12:30 Report — Trump requests Turkey's evidence on missing journalist | Takeaways from Texas Senate debate | Key Mueller findings could be ready after midterms Mueller to present key findings related to Russia probe after midterms: report MORE offers new clues about the GOP probes. In the referral, Grassley writes that former British intelligence official Christopher Steele crafted a memo in addition to the infamous dossier of opposition research on Trump that was funded by the Democratic National Committee and Hillary Clinton's presidential campaign. The conservative website Washington Free Beacon used the same opposition research firm, Fusion GPS, for research on Trump before Clinton and the DNC got involved, but that work did not involve Steele.

To read the rest of our piece, click here.

-- HOUSE INTEL POSTPONES BANNON INTERVIEW IN DISPUTE OVER QUESTIONING: Former White House chief strategist Stephen Bannon's testimony before the House Intelligence Committee has been postponed for the third time amidst fierce wrangling over what lawmakers will be able to question him about. Bannon was scheduled to make a return trip to Capitol Hill at 10 a.m. on Tuesday, as lawmakers seek answers about Russian meddling in the 2016 presidential election and whether Trump campaign officials had improper contacts with Moscow. Bannon frustrated lawmakers in both parties at a previous interview in which he refused to answer questions about his time in the Trump transition or administration, prompting the committee to issue a subpoena that remains in force. Rep. Mike ConawayKenneth (Mike) Michael ConawayLawmakers fail to pass annual intel bill after key Dem objects House Intel votes to release Russia transcripts Russia probe accelerates political prospects for House Intel Dems MORE (R-Texas), who is leading the Intelligence Committee's Russia probe, said talks are ongoing and in a statement confirmed that committee negotiators had called off this week's appearance. A spokesman for Conaway said the interview has been postponed until next week.

To read the rest of our piece, click here.



HATCH INTRODUCES BILL TO CLARIFY CROSS-BORDER DATA POLICIES:  Sen. Orrin HatchOrrin Grant HatchGOP leaders hesitant to challenge Trump on Saudi Arabia Congress should work with Trump and not 'cowboy' on Saudi Arabia, says GOP senator US to open trade talks with Japan, EU, UK MORE (R-Utah) on Monday introduced a bill aimed at creating a clearer framework for law enforcement to access data stored in cloud computing systems.

Hatch's "Clarifying Lawful Overseas Use of Data" (CLOUD) Act would make it easier for U.S. officials to create bilateral data sharing agreements. That would allow them to access data stored overseas and allow foreign law enforcement access to data stored on U.S. firms' servers.

The legislation is cosponsored by Sens. Chris CoonsChristopher (Chris) Andrew CoonsDem senators urge Pompeo to reverse visa policy on diplomats' same-sex partners 15 Saudis identified in disappearance of Washington Post columnist The Senate needs to cool it MORE (D-Del.), Lindsey GrahamLindsey Olin GrahamGOP leaders hesitant to challenge Trump on Saudi Arabia Election Countdown: O'Rourke goes on the attack | Takeaways from fiery second Texas Senate debate | Heitkamp apologizes for ad misidentifying abuse victims | Trump Jr. to rally for Manchin challenger | Rick Scott leaves trail to deal with hurricane damage Five things to know about 'MBS,' Saudi Arabia's crown prince MORE (R-S.C.) and Sheldon WhitehouseSheldon WhitehouseSenate Dems ask Trump to disclose financial ties to Saudi Arabia Democrats won’t let Kavanaugh debate die Senate poised to confirm Kavanaugh after bitter fight MORE (D-R.I.)

The law currently doesn't specify whether or not the government can demand that U.S. companies give it data they have stored abroad. The CLOUD Act would amend this, likely impacting Microsoft's pending Supreme Court case over data it has stored in Ireland. A lower court previously ruled that Microsoft doesn't have to turn over data stored overseas, following a request for it to do so by the Department of Justice.

Microsoft CEO Brad Smith praised the legislation in a tweet, calling it an "important step toward enhancing & protecting privacy while reducing international legal conflicts."

Tech trade associations, which lobby on behalf of Microsoft and other companies, signed onto a letter supporting the legislation.

To read the rest of our piece, click here.



A biotech CEO broadcasts himself self-injecting a herpes treatment on Facebook Live. Why? To market experimental gene treatments. (Technology Review)



DHS NEEDS TO BETTER ASSESS CYBER WORKFORCE: A government watchdog says there is an "urgent" need for the Department of Homeland Security (DHS) to identify critical positions in its cybersecurity workforce.

The Government Accountability Office (GAO) is out with a new report asserting that Homeland Security will not be able to best assess its cyber workforce and find critical gaps without addressing current shortcomings in the way that it identifies and reports critical posts.

The GAO says that the department has taken steps to identify critical cyber posts but that these actions have not been "timely and complete." According to the report issued Tuesday, GAO found that Homeland Security had identified and assigned codes to 79 percent of its cybersecurity positions, even though officials told Congress in August of last year that it had accounted for and coded 95 percent of these positions.

"In addition, although DHS has taken steps to identify its workforce capability gaps, it has not identified or reported to the Congress on its department-wide cybersecurity critical needs that align with specialty areas," the report states. "The department also has not reported annually its cybersecurity critical needs to the Office of Personnel Management (OPM), as required, and has not developed plans with clearly defined time frames for doing so."

GAO is recommending Homeland Security take six actions to quantify these positions, "including ensuring that its cybersecurity workforce procedures identify position vacancies and responsibilities; reported workforce data are complete and accurate; and plans for reporting on critical needs are developed."

To read more from the report, click here.



UBER: An Uber executive told Congress on Tuesday that there was "no justification" for the company covering up a massive 2016 data breach that exposed the information of 57 million people.

"I think we made a misstep in not reporting to consumers and I think we made a misstep in not reporting to law enforcement," John Flynn, Uber's chief information security officer, told a Senate panel.

Flynn confirmed reports that the company paid one of the hackers $100,000 to destroy the stolen data and to not disclose the breach publicly.

Uber made the payment through a "bug bounty" program, which generally offers financial rewards for cybersecurity researchers who identify vulnerabilities for companies. Flynn on Tuesday said paying off malicious hackers was an improper use of such a program.

"We recognize that the bug bounty program is not an appropriate vehicle for dealing with intruders who seek to extort funds from the company," he said in his written testimony. "The approach that these intruders took was separate and distinct from those of the researchers in the security community for whom bug bounty programs are designed."

Lawmakers on the Senate Commerce consumer protection subcommittee blasted the company's handling of the breach.

To read the rest of our piece, click here.



Links from our blog, The Hill, and around the Web.

Judge rejects Assange's plea to drop UK arrest warrant. (The Hill)

Two House Dems accuse Uber of concealing 2016 data breach from FTC. (The Hill)

Dem senator presses FTC to ramp up Equifax hack probe. (The Hill)

National Weather Service investigating false tsunami warning. (The Hill)

Trump likely to approve release of Dem memo: report. (The Hill)

OP-ED: Bitcoin is the future, and it's time for regulators to act accordingly. (The Hill)

OP-ED: The case for hiring a federal cyber officer. (The Hill)

Drones emerge as 'hack and track' cyber warfare tools. (Cyberscoop)

Many cyber crimes remain unreported across U.S. (The New York Times)

British medical facilities are falling short on cybersecurity in the wake of 'Wanna Cry.' (Guardian)

This newsletter was updated at 7:47 p.m.