SPONSORED:

Hillicon Valley: Feds warn hackers targeting critical infrastructure | Twitter exploring subscription service | Bill would give DHS cyber agency subpoena power

Hillicon Valley: Feds warn hackers targeting critical infrastructure | Twitter exploring subscription service | Bill would give DHS cyber agency subpoena power
© iStock

Welcome to Hillicon Valley, The Hill's newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley. If you don’t already, be sure to sign up for our newsletter with this LINK.

Welcome! Follow our cyber reporter, Maggie Miller (@magmill95), and tech reporter, Chris Mills Rodrigo (@chrisismills), for more coverage.

THREATS AGAINST CRITICAL INFRASTRUCTURE: Federal authorities on Thursday warned that foreign hackers are attempting to target U.S. critical infrastructure. 

ADVERTISEMENT

The National Security Agency (NSA) and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) specifically warned that internet-connected operational technology (OT) assets – which are used throughout U.S. defense systems – were often the targets of malicious cyber actors attempting to hit critical infrastructure, such as systems providing water, gas and electricity.

As a result, the agencies recommended that critical infrastructure operators and owners take “immediate action” to secure their systems.

“Due to the increase in adversary capabilities and activity, the criticality to U.S. national security and way of life, and the vulnerability of OT systems, civilian infrastructure makes attractive targets for foreign powers attempting to do harm to US interests or retaliate for perceived US aggression,” the agencies wrote in a joint alert.

The security agencies noted that OT assets are used in Department of Defense systems and throughout the defense industrial base sector, including in national security systems.

The NSA and CISA wrote they had seen evidence of email spear phishing attacks to gain access to critical infrastructure networks to access OT assets, along with attempted ransomware attacks on these systems. This type of attack, which has become an increasing headache over the past year for state and local governments, involves an attacker encrypting a network and demanding payment before allowing the user to gain access again.

CISA previously issued an alert in February following a ransomware attack on an unnamed “natural gas compression facility” that temporarily shut down operations and disrupted other critical systems operators that interacted with the facility. 

ADVERTISEMENT

Read more about the alerts here.

 

TWITTER SUBSCRIPTION SERVICE: Twitter is considering building a subscription service as it explores other revenue sources amid a marked drop in advertising revenue spurred by the pandemic.

Twitter CEO Jack Dorsey said on an earnings call with investors on Thursday that the company was currently in the early stages of exploring a subscription option on the platform. The comments came as the company reported that its advertising revenue, a core part of its business, suffered a year-over-year decline of 23 percent, which it attributed in part to the rapid scaling-back of ad spending caused by coronavirus lockdowns.

"First and foremost, we have a really high bar for when we would ask consumers to pay for aspects of Twitter," Dorsey said. "And, you know, this is a start. And we’re in the very early phases of exploring."

Dorsey went on to note that Twitter has a small team exploring other potential revenue sources, including subscription and commerce. He said that the team is currently hiring and that he expected initial tests of a subscription product to be performed later this year. 

"Most importantly, we want to make sure any new lines of revenue is complementary to our advertising business," he said. "We do think there is a world where subscription is complementary." 

The possibility of a subscription service on Twitter gained attention earlier this month after the company posted a job listing associated with the product. The job notice said the company is looking for a senior full-stack software engineer to work with a team dedicated to building a subscription platform.

Like other social media platforms, Twitter offers its app for free and makes the majority of its revenue through ad sales. 

Read more about the proposed service here.

 

CYBERSECURITY GETS A BOOST: The Senate version of the annual National Defense Authorization Act (NDAA) approved Thursday included a raft of measures designed to shore up federal cybersecurity, including a clause giving the Department of Homeland Security’s cybersecurity agency subpoena power.

The provision, originally introduced by Senate Homeland Security and Governmental Affairs Committee Chairman Ron JohnsonRonald (Ron) Harold JohnsonGrassley returns to Capitol after having coronavirus McConnell halts in-person Republican lunches amid COVID-19 surge Loeffler isolating after possible COVID-19 infection MORE (R-Wis.) and Sen. Maggie HassanMargaret (Maggie) HassanCut tariffs and open US economy to fight COVID-19 pandemic Senate passes bill to secure internet-connected devices against cyber vulnerabilities Overnight Defense: Trump campaign's use of military helicopter raises ethics concerns | Air Force jets intercept aircraft over Trump rally | Senators introduce bill to expand visa screenings MORE (D-N.H.) in December, would allow the department's Cybersecurity and Infrastructure Security Agency (CISA) to issue subpoenas to internet service providers compelling them to release information on cyber vulnerabilities detected on the networks of critical infrastructure organizations.

“Every day our adversaries target our critical infrastructure, including our electric grids, dams, and airports, and every day, CISA is made aware of vulnerabilities to these systems — some easily fixable — but is powerless to warn the potential victims,” Johnson said in a statement following the NDAA’s passage. 

“This legislation gives CISA the authority necessary to reach out and warn owners of critical infrastructure that they are open and vulnerable to cyberattacks before they become a victim,” he added. “We ask Americans: if you see something, say something. With this legislation we are empowering CISA to do the same.”

Hassan described the subpoena power proposal as “common-sense,” adding in a separate statement that she would “keep working” with Johnson to get the provision signed into law as part of the final version of the fiscal year 2021 NDAA that will be conferenced between the House and Senate in coming weeks. 

The legislation was also included in the House version of the NDAA, approved earlier this week, making it likely the provision will stay in the final version eventually sent to President TrumpDonald John TrumpTrump alludes to possible 2024 run in White House remarks Trump threatens to veto defense bill over tech liability shield Tiger King's attorney believes they're close to getting pardon from Trump MORE for signature. 

Another key cybersecurity provision included in the Senate version of the annual defense spending bill was one establishing a federally funded cybersecurity coordinator in every state to prepare for and respond to cyberattacks. 

ADVERTISEMENT

The legislation was introduced in January by Hassan and Sens. John CornynJohn CornynMcCaskill: 'Hypocrisy' for GOP to target Biden nominee's tweets after Trump Former Senate hopeful auctioning off Harley-Davidson featured prominently in her campaign ads The Hill's Morning Report - Presented by Mastercard - GOP angst in Georgia; confirmation fight looms MORE (R-Texas), Gary PetersGary PetersRepublican John James concedes in Michigan Senate race Hillicon Valley: YouTube suspends OANN amid lawmaker pressure | Dems probe Facebook, Twitter over Georgia runoff | FCC reaffirms ZTE's national security risk Democrats urge YouTube to remove election misinformation, step up efforts ahead of Georgia runoff MORE (D-Mich.), and Rob PortmanRobert (Rob) Jones PortmanSenators call for passage of bill to cement alcohol excise tax relief The Hill's Morning Report - Presented by Mastercard - GOP angst in Georgia; confirmation fight looms Overnight Health Care: Moderna to apply for emergency use authorization for COVID-19 vaccine candidate | Hospitals brace for COVID-19 surge | US more than doubles highest number of monthly COVID-19 cases MORE (R-Ohio) after a year of increasing cyberattacks across the nation crippled city governments in New Orleans and Baltimore, among many others. 

Read more about cyber provisions in the NDAA here.

 

FITBIT ACQUISITION CONCERNS: A group of Democratic senators urged the Department of Justice Thursday to conduct a "thorough and comprehensive" review of Google's proposed acquisition of Fitbit.

Google's purchase of the fitness tracking company immediately came under antitrust scrutiny when announced in November. The Justice Department launched an investigation at the time and has issued a second request for information on the merger.

A letter, led by Sen. Amy KlobucharAmy KlobucharHillicon Valley: YouTube suspends OANN amid lawmaker pressure | Dems probe Facebook, Twitter over Georgia runoff | FCC reaffirms ZTE's national security risk Democrats urge YouTube to remove election misinformation, step up efforts ahead of Georgia runoff YouTube temporarily suspends OANN account after spreading coronavirus misinformation MORE (D-Minn.), urges the agency to continue its efforts, warning that allowing Google free range on acquisitions may give it enduring dominance across several markets.

ADVERTISEMENT

"Over the years, Google has completed more than 100 strategic acquisitions—including purchases of DoubleClick, AdMob, YouTube, Waze, and many other firms—virtually all without significant enforcement action by federal antitrust enforcers," the senators wrote to Attorney General William BarrBill BarrBarr breaks with Trump on claims of fraud Barr taps attorney investigating Russia probe origins as special counsel Barr says DOJ hasn't uncovered widespread voter fraud in 2020 election MORE.

Democratic Sens. Richard Blumenthal (Conn.), Cory BookerCory BookerBiden budget pick sparks battle with GOP Senate Policy center calls for new lawmakers to make diverse hires Dangerously fast slaughter speeds are putting animals, people at greater risk during COVID-19 crisis MORE (N.J.), Mazie HironoMazie Keiko HironoHillicon Valley: YouTube suspends OANN amid lawmaker pressure | Dems probe Facebook, Twitter over Georgia runoff | FCC reaffirms ZTE's national security risk Democrats urge YouTube to remove election misinformation, step up efforts ahead of Georgia runoff YouTube temporarily suspends OANN account after spreading coronavirus misinformation MORE (Hawaii), Sherrod BrownSherrod Campbell BrownRare Mnuchin-Powell spat takes center stage at COVID-19 hearing Biden introduces economic team, vows swift action on struggling economy Biden budget pick sparks battle with GOP Senate MORE (D-Ohio), Mark WarnerMark Robert WarnerBipartisan, bicameral group unveils 8 billion coronavirus proposal The Hill's Morning Report - Presented by Mastercard - GOP angst in Georgia; confirmation fight looms Congress ends its year under shadow of COVID-19 MORE (Va.) and Elizabeth WarrenElizabeth WarrenOn The Money: McConnell offering new coronavirus relief bill | Biden introduces economic team, vows swift action on relief | Rare Mnuchin-Powell spat takes center stage at COVID-19 hearing Biden introduces economic team, vows swift action on struggling economy Louisville mayor declares racism a public health crisis MORE (Mass.) also signed the letter.

Read more here.

 

THE ETHICS OF AI: The U.S. intelligence community (IC) on Thursday rolled out an “ethics guide” and framework for how intelligence agencies can responsibly develop and use artificial intelligence (AI) technologies.

Among the key ethical requirements were shoring up security, respecting human dignity through complying with existing civil rights and privacy laws, rooting out bias to ensure AI use is “objective and equitable,” and ensuring human judgement is incorporated into AI development and use. 

The IC wrote in the framework, which digs into the details of the ethics guide, that it was intended to ensure that use of AI technologies matches “the Intelligence Community’s unique mission purposes, authorities, and responsibilities for collecting and using data and AI outputs.”

Dean Souleles, the founder of the Office of the Director of National Intelligence’s Augmenting Intelligence through Machines Innovation Hub, said it was important that intelligence agencies use AI to help address an “increasingly complex digital world.”

Read more about the guidelines here.

 

MORE TWITTER HACK UPDATES: Twitter said that hackers who broke into its system last week were likely able to read the direct messages of 36 accounts, including those of one elected official in the Netherlands.

“We believe that for up to 36 of the 130 targeted accounts, the attackers accessed the DM inbox, including 1 elected official in the Netherlands. To date, we have no indication that any other former or current elected official had their DMs accessed,” the social media giant said in an updated press release

“We are actively working on communicating directly with the account-holders that were impacted.” 

Twitter had previously said that hackers last week had gained access to 130 accounts in total, including 45 verified accounts. Some of those, including CEOs Elon MuskElon Reeve MuskOn the Money: Dow breaks 30,000 for first time as Biden transition ramps up | Consumer confidence falls as COVID-19 rages | Grocery, retail workers urge reinstatement of hazard pay ahead of holiday rush Elon Musk passes Bill Gates to become world's second-richest person in Bloomberg rankings SpaceX capsule arrives at International Space Station MORE and Bill Gates, former Vice President Joe BidenJoe BidenTrump alludes to possible 2024 run in White House remarks Tiger King's attorney believes they're close to getting pardon from Trump Cruz urges Supreme Court to take up Pennsylvania election challenge MORE and more, had tweets sent by attackers.

Twitter did not clarify if any of the 36 accounts where messages could have been read were verified accounts. The tech company previously said hackers downloaded mass data from eight accounts, though none were verified accounts.

Read more here.

 

NEW YORK PAUSES FACIAL RECOGNITION: New York's state legislature voted to pause the use of facial recognition at schools for two years.

The moratorium, approved by both the state Assembly and Senate on Wednesday, follows an attempt by a school district in upstate New York to install the controversial technology at its schools.

The legislation comes after the New York Civil Liberties Union (NYCLU) filed a lawsuit forcing the state education department to block Lockport school district from adopting facial recognition systems to screen people entering campuses. The bill will now be sent to Gov. Andrew CuomoAndrew CuomoDreaming of space exploration? You're better off riding bikes Cuomo likens COVID-19 to the Grinch: 'The season of viral transmission' For Thanksgiving, the Supreme Court upholds religious liberty MORE's (D) desk.

“We’ve said for years that facial recognition and other biometric surveillance technologies have no place in schools, and this is a monumental leap forward to protect students from this kind of invasive surveillance," NYCLU Education Policy Center Deputy Director Stefanie Coyle said in a statement.

Read more.


Lighter click: This is why oceans are terrifying

An op-ed to chew on: The FCC must extend broadband opportunity for tribal communities

 

NOTABLE LINKS FROM AROUND THE WEB: 

Facebook’s employees reckon with the social network they’ve built (BuzzFeed News / Ryan Mac and Craig Silverman)

Facebook ignored racial bias research, employees say (NBC News / Olivia Solon)

'We’re Embarrassed’: This Is What Twitter Sent to Accounts That Were Hacked (Motherboard / Lorenzo Franceschi-Bicchierai)

The big winner in Slack’s Microsoft fight could be Google (Verge / Tom Warren)