Overnight Cybersecurity: Former Equifax exec charged with insider trading | Dems blast GOP over House Russia probe | Lawmakers weigh security of energy infrastructure

Overnight Cybersecurity: Former Equifax exec charged with insider trading | Dems blast GOP over House Russia probe | Lawmakers weigh security of energy infrastructure
© Getty Images

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...



--FORMER EQUIFAX EXEC CHARGED WITH INSIDER TRADING: The Securities and Exchange Commission (SEC) charged a former Equifax executive with insider trading on Wednesday, alleging he sold close to $1 million in company stock after learning of a massive hack of the credit agency. The SEC alleges that Jun Ying, Equifax's former chief information officer, saved more than $100,000 when he sold his stock in the company after learning of the incident but before the credit bureau announced it had been hacked. "As alleged in our complaint, Ying used confidential information to conclude that his company had suffered a massive data breach, and he dumped his stock before the news went public," said Richard R. Best, director of the SEC's Atlanta office. "Corporate insiders who learn inside information, including information about material cyber intrusions, cannot betray shareholders for their own financial benefit." Equifax announced on Sept. 7 that hackers had accessed the personal information of 143 million people in May 2017, a figure it later updated to 148 million. The information stolen included Social Security numbers, credit card information and other sensitive data. Ying had known as early as Aug. 25 that Equifax had been hacked and that the incident required a major response, according to the SEC complaint. The SEC alleges that Ying, who had been working on Equifax's response to the hack, sold his shares in the company on Aug. 28, before the credit agency revealed the breach. Ying allegedly sold more than $950,000 in Equifax stock after looking up how a 2015 hack of Experian, a rival credit bureau, affected that company's shares. Ying was allegedly informed about the full extent of the hack on Aug. 29, the day after he sold his Equifax stock. Equifax lawyers told him not to trade his shares in the company soon after, unaware that Ying had already sold them. Equifax said that it "separated him from the company and reported our findings to government" after learning about Ying's stock sale. "We are fully cooperating with the [Justice Department] and the SEC, and will continue to do so," Equifax said in a statement. "We take corporate governance and compliance very seriously, and will not tolerate violations of our policies."

To read more from our piece, click here.


--DEMS BLAST GOP OVER HOUSE RUSSIA PROBE: Democrats on the House Intelligence Committee say Republicans prematurely closed the panel's investigation into Russian interference despite what they say is "significant evidence" of collusion between the Kremlin and the Trump campaign. "There is significant evidence and much of it in the public domain on the issue of collusion," Rep. Adam SchiffAdam Bennett SchiffSchiff: US 'not ready' to battle foreign election interference in 2020 This week: Mueller dominates chaotic week on Capitol Hill Election security to take back seat at Mueller hearing MORE (Calif.), the top Democrat on the committee, said during a press conference on Tuesday flanked by other Democrats on the panel.  Schiff blamed House Intelligence Chairman Devin NunesDevin Gerald NunesWill Democrats be up to the task of publicly interviewing Mueller? Election security to take back seat at Mueller hearing House passes annual intelligence bill MORE (R-Calif.) and the majority party for shutting the doors on the investigation that he says has yet to interview key witnesses or obtain relevant documents. "Sadly, from a very early point in the investigation, the chairman made the decision that his mission was not to find out what Russia did, not to determine the role of U.S. persons, but rather to endeavor to distract the public, to put the government on trial," Schiff said. Schiff accused Republicans of setting a dangerous precedent that could kneecap future committees' efforts to get witnesses from the executive branch. Other Democrats also voiced concerns over how those inquiries may go given the decision to end the current probe. The backlash from Democrats comes after Rep. Mike ConawayKenneth (Mike) Michael ConawayLobbying world On The Money: House chairman issues subpoenas for Trump's tax returns | Trump touts trade talks as China, US fail to reach deal | Five things to know about Trump's trade war with China | GOP offers support for Trump on tariffs GOP offers support for Trump on China tariffs MORE (Texas), the senior Republican leading the Russia probe, announced on Monday that the committee had concluded the interview portion of their investigation and would be moving on to writing a report of their findings. A draft copy of the GOP report denied any evidence of collusion. While they did agree largely with the intelligence community's assessment that Russians sought to sow discord in the U.S., Republicans on the panel disagreed with the view that Russia explicitly sought to help President TrumpDonald John TrumpChelsea Clinton announces birth of third child Ukrainian officials and Giuliani are sharing back-channel campaign information: report Trump attacks 'the Squad' as 'racist group of troublemakers' MORE's campaign. "Sadly it is little more than another Nunes memo in long form," Schiff said, referring to Nunes's controversial decision to release a declassified memo authored by his staff that outlined allegations of surveillance abuse.  

To read more from our piece, click here.


--Rand PaulRandal (Rand) Howard PaulThe Hill's Morning Report — Mueller Time: Dems, GOP ready questions for high-stakes testimony This week: Mueller dominates chaotic week on Capitol Hill US-Saudi Arabia policy needs a dose of 'realpolitik' MORE TO OPPOSE POMPEO, HASPEL FOR STATE AND CIA POSTS: Sen. Rand Paul (R-Ky.) said on Wednesday he would oppose President Trump's nominations of CIA Director Mike PompeoMichael (Mike) Richard PompeoTrump calls Iran claim that it arrested CIA spies 'totally false' The Hill's Morning Report — Mueller Time: Dems, GOP ready questions for high-stakes testimony Pompeo: There's 'no indication' Iran will change direction MORE to be secretary of State and CIA Deputy Director Gina Haspel to lead the spy agency. Paul said that he will oppose the nominations and "do everything I can to block" them. "My announcement today is that I will oppose both Pompeo's nomination and Haspel's nomination," Paul said. Paul is the first Republican to come out against the two nominations, which were announced by Trump on Tuesday. Last year, he was the only Republican to vote against Pompeo for CIA director. The senator pointed to his previous statement that Pompeo doesn't believe "enhanced interrogation techniques" to be torture, as well as his support for the Iraq War, in explaining his opposition. "I'm perplexed by the nomination of people who love the Iraq War so much that they would advocate for a war with Iran next. I think it goes against most of the things President Trump campaigned on," he said. Paul said he is opposing Haspel due to her involvement in the enhanced interrogation program during the George W. Bush administration. He said she showed "joyful glee at someone who is being tortured." "I find it just amazing that anyone would consider having this woman at the head of the CIA," Paul said. 

To read more from our piece, click here.



Lawmakers on the House Energy and Commerce Committee on Wednesday held a hearing on legislative proposals addressing the security of U.S. energy infrastructure, including digital threats to energy assets.

Several bipartisan bills introduced earlier this month by lawmakers on the committee aim to bolster the Department of Energy's preparedness to address cyber incidents, enhance its ability to coordinate cybersecurity efforts across U.S. energy infrastructure, and bolster public-private partnerships to strengthen the security of electric utilities.

"This is really important stuff for our country," said Chairman Greg WaldenGregory (Greg) Paul WaldenOvernight Energy: EPA expands use of pesticide it considers 'highly toxic' to bees | House passes defense bill with measure targeting 'forever chemicals' | Five things to watch as Barry barrels through the Gulf House passes bill to crack down on toxic 'forever chemicals' Overnight Defense: Woman accusing general of sexual assault willing to testify | Joint Chiefs pick warns against early Afghan withdrawal | Tensions rise after Iran tries to block British tanker MORE (R-Ore.) at the outset of the hearing, which also addressed emergency response broadly. "Because our energy sector drives the entire nation's economy, I have made it a top priority of the committee to focus on emerging threats and propose solutions to make our infrastructure more resilient."

"In today's highly interconnected world, the threat of cyberattacks is ever present so we have to be vigilant. We also must be prepared for physical threats," Walden said.

Undersecretary of Energy Mark Menezes emphasized that energy security is a "top priority" of Secretary Rick PerryJames (Rick) Richard PerryAmazon taps Trump ally to lobby amid Pentagon cloud-computing contract fight How to reduce Europe's dependence on Russian energy Senior Trump administration official to leave post next week MORE, pointing to the department's recent decision to set up an Office of Cybersecurity, Energy Security and Emergency Response (CESER).

He commended lawmakers for their efforts to address energy cybersecurity using legislation, though repeatedly emphasized that they should authorize resources so that DOE can carry out any new responsibilities granted via legislation.

"Clear direction and the authorization to have the resources would be very helpful," Menezes said.

When questioned by Rep. Jerry McNerneyGerlad (Jerry) Mark McNerneyHere are the 95 Democrats who voted to support impeachment Lawmakers grow impatient for FDA cannabis rules Trump’s clean power plan replacement is exactly what the coal industry needs MORE (D-Calif.) as to why the department's fiscal 2019 budget proposal significantly cut funds to the Office of Electricity Delivery and Reliability, Menezes noted that the proposal includes $96 million in funding for CESER, the new cyber office.

Menezes warned that the department and the U.S. energy grid face a barrage of cyberattacks in the evolving digital realm.

"Our systems our constantly being attacked, constantly," Menezes told Rep. Joe BartonJoe Linus BartonGOP trading fancy offices, nice views for life in minority Privacy legislation could provide common ground for the newly divided Congress Texas New Members 2019 MORE (R-Texas).  "Not only the DOE system, but also the energy system."

Menezes referenced sensitive intelligence that the department has viewed as part of the National Security Council. "When you look at it, those that want to penetrate our system try all segments--all segments," he said. "So, in that respect, we're all vulnerable."

Menezes also pointed to some "reported breaches" of U.S. energy infrastructure but said the nation has been lucky not to suffer a "major consequence" from a cyberattack. He agreed to speak with lawmakers at a bipartisan classified briefing to go into more detail on threats.



Lt. Gen. Paul Nakasone, President Trump's nominee serve as the next NSA director and commander of U.S. Cyber Command, will appear before the Senate Intelligence Committee Thursday morning for his second confirmation hearing.

Nakasone, who currently commands U.S. Army Cyber Command, has already been approved by lawmakers on the Senate Armed Services Committee.

If confirmed, he will replace outgoing NSA Director Adm. Mike RogersMichael (Mike) Dennis RogersHillicon Valley: Trump rails against 'terrible bias' at White House social media summit | Twitter hit by hour-long outage | Google admits workers listen to smart device recordings Trump officials defend use of facial recognition amid backlash Republicans say they're satisfied with 2020 election security after classified briefings MORE, who took over at NSA following the 2013 Edward Snowden disclosures.

Nakasone's confirmation hearing is scheduled for 10 a.m. Thursday morning.



Machines can now help your office with their March Madness brackets. (Technology Review)



Top government officials appeared before members on the House Oversight Committee to address the status of federal information technology in the present year as well as federal plans for information technology (IT) modernization.

Information Technology Subcommittee Chairman Will HurdWilliam Ballard HurdJuan Williams: Trump fans the flames of white grievance Al Green says impeachment is 'only solution' to Trump's rhetoric Trump primary challenger Bill Weld responds to rally chants: 'We are in a fight for the soul of the GOP' MORE (R-Texas) laid out a series of concerns he wanted the officials to address in the hearing, as well as highlighting what he views as federal progress to the credit of the Trump administration.

But he also expressed concern about "lost momentum" in some areas.

Hurd pointed to the lagging pace it took to appoint a federal CIO, incentives to recruit and retain talented cyber professionals, and recommendations from the Government Accountability Office (GAO) that go unheeded.

"We need to rethink how we restructure the federal workforce so the federal government has access to smart, well-trained IT and cybersecurity professionals and be working in a bipartisan fashion," Hurd said at the start of the hearing.

"I also continue to have concerns about long-standing GAO recommendations that remain unaddressed often times year after year after year. These opening lingering vulnerabilities put us at incredible risk as we saw with the devastating data breaches with the [Office of Personnel Management]," he continued.

Representatives from the GAO, Department of Homeland Security, Office of Management and Budget, and General Services Administration (GSA).

Witnesses like GAO's top IT management official David Powner and OMB's Margaret Weichert stressed the need for the CIO of an agency to have flexibility on issues like spending and structure.

"We are absolutely in alignment in terms of the idea that the CIO for the broad agency needs to have all the capabilities and tools to make these very profound investments," Weichert said.

Hurd also questioned the witnesses about their cyber-hygiene efforts.

Jeanette Manfra, a top DHS's official in the Office of Cybersecurity and Communications, emphasized spotlighting vulnerabilities, which has led them to be able to independently validate whether patch management programs work.

The ability to independently validate instead of self report allowed them to cut the time it took to patch vulnerabilities from months to just around 30 days. 



Links from our blog, The Hill, and around the Web.

Facebook bans far-right British group retweeted by Trump. (The Hill)

OP-ED: For national security, the 'Internet of Things' is the 'Internet of Trouble'. (The Hill)

Google to ban cryptocurrency ads. (The Hill)

Haley blames Russia for poisoning ex-spy in UK. (The Hill)

Japanese crypto firm pays back customers after hack. (Wall Street Journal)

Fitness app Strava is taking steps to restrict access to its online map after revealing sensitive information (Reuters)

YouTube is using Wikipedia to push back on videos about conspiracy theories. (The Verge)