Hillicon Valley — Presented by Ericsson — Bill would give some groups 24 hours to report ransomware payments

Hillicon Valley — Presented by Ericsson — Bill would give some groups 24 hours to report ransomware payments
© iStock

Today is Tuesday. Welcome to Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Subscribe here: thehill.com/newsletter-signup.

Efforts to create a federal cybersecurity incident reporting law heated up Tuesday, with the leaders of one Senate committee introducing a bill giving organizations 72 hours to report incidents and 24 hours to report paying hackers behind ransomware attacks. 

Meanwhile, Facebook is looking for guidance on how to handle a content moderation system following a report that some users are breaking the rules, while a new report found that the social media platform continues to face misinformation problems involving COVID-19 treatments. 

ADVERTISEMENT

Follow The Hill’s cyber reporter, Maggie Miller (@magmill95), and tech team, Chris Mills Rodrigo (@millsrodrigo) and Rebecca Klar (@rebeccaklar_), for more coverage.

Let’s jump in.

Cyber Incident Reporting’s big day 

The leaders of the Senate Homeland Security and Governmental Affairs Committee on Tuesday introduced legislation that would give set timelines for cyber incident reporting, including mandating that certain organizations report within 24 hours if they paid the sum demanded in a ransomware attack.

The Cyber Incident Reporting Act, sponsored by panel Chairman Gary Peters (D-Mich.) and ranking member Rob Portman (R-Ohio), would also require owners and operators of critical infrastructure to report cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours.

Nuts and bolts: Organizations required to report ransomware payments within a day of handing over the funds include critical infrastructure groups along with nonprofits, businesses with over 50 employees, and state and local governments. 

The payment and incident information would go to a council at CISA, with the agency empowered to subpoena groups that fail to report. Organizations that fail to comply with the information would then be referred to the Justice Department, and potentially banned from doing business with the federal government. 

“This important, bipartisan bill will create the first national requirement for critical infrastructure entities to report to the federal government when their systems have been breached, as well as require most organizations to report when they have paid a ransom after an attack,” Peters said in a statement Tuesday. “This will help our nation deter future attacks, fight back against cybercriminals, and hold them accountable for infiltrating American networks.”

Wider concerns: The bill was introduced as part of an effort by Congress to respond to a wave of major cyberattacks over the past year. 

Read more about the bill here.

A MESSAGE FROM ERICSSON



Checking on cross-check 

 

Facebook is asking the quasi-independent Oversight Board for guidance regarding the platform’s “cross-check” content moderation system for high-profile users after a recent report claimed the system lets some of those users break the platform’s rules. 

Facebook’s request: Facebook requested the Oversight Board’s guidance on Tuesday in the form of a Policy Advisory Opinion — about a week after the board requested Facebook provide it with “further clarity” about information relating to the cross-check system that was previously shared with board members. 

Facebook says its cross-check system was created to prevent “potential over-enforcement mistakes.” But a recent Wall Street Journal report cited documents showing Facebook’s cross-check program included at least 5.8 million users in 2020, and at times has allegedly protected public figures whose posts contained harassment or incitement of violence. 

Facebook is asking the board for guidance on the criteria it uses to determine what content is prioritized for a secondary review, as well as how the company should manage the program.

“We know the system isn’t perfect. We have new teams and resources in place, and we are continuing to make improvements. But more are needed. The Oversight Board’s recommendations will be a big part of this continued work,” Facebook Vice President of Global Affairs Nick Clegg said in a blog post

And the board’s: The Oversight Board last week requested further information from Facebook about the program in light of the recent Journal report. The board underscored its request by noting that Facebook in the past has withheld some information the board has asked for on the topic, particularly when reviewing the case regarding whether to uphold a ban on former President Trump’s account. 

Read more here.

MORE MISINFORMATION WOES

ADVERTISEMENT

At least 60 public and private Facebook groups were focused on discussing ivermectin to treat COVID-19, according to left-leaning watchdog Media Matters for America.

Of the groups, 25 were shut down after Media Matters flagged them to Facebook, the group said in a Tuesday email accompanying the release of their report. The remaining groups, however, had nearly 70,000 members.

The analysis was first reported by The New York Times on Tuesday.

Asked about the ivermectin pages, Facebook spokesperson Aaron Simpson said the platform removes content that “attempts to buy, sell, or donate for Ivermectin."

“We also enforce against any account or group that violates our COVID-19 and vaccine policies, including claims that Ivermectin is a guaranteed cure or guaranteed prevention, and we don’t allow ads promoting Ivermectin as a treatment for COVID-19,” Simpson said. “When people search for Ivermectin on Facebook, the results point them to our COVID Information Center, which includes reliable information on vaccines and how to get vaccinated.”

Read more here.

DAS VADANYA, ALEXEI

ADVERTISEMENT

Russian hacker Alexei Burkov was reportedly detained at a Moscow airport on Tuesday after he was deported by the United States.

Russia's Interior Ministry reportedly informed TASS news agency of the news, detailing that Russian police detained Burkov at Moscow's Sheremetyevo airport, Reuters reported.

Burkov was sentenced to nine years in jail in the U.S. after he was accused of facilitating card fraud, hacking and other crimes.

According to the news outlet, the U.S. Embassy in Moscow did not provide a comment on Burkov being deported.

The Hill has reached out to the embassy for comment.

Read more here.

A MESSAGE FROM ERICSSON

ADVERTISEMENT

 

 

 

BITS AND PIECES

An op-ed to chew on: America needs a 'Million Talents Program' now

Lighter click: Hall of famer

Notable links from around the web:

The Economy Is Back. Welcome to the Casino (Motherboard / Edward Ongweso Jr.)

Facebook’s Effort to Attract Preteens Goes Beyond Instagram Kids, Documents Show (The Wall Street Journal / Georgia Wells and Jeff Horwitz)

Snapchat, TikTok, Instagram face pressure to stop illegal drug sales as overdose deaths soar (Washington Post / Rachel Lerman and Gerrit De Vynck)

One last thing: Teens take on tech

Members of the generation shaped by the rise of social media are now pushing for Congress to combat the dangers faced online by young users.

Anger at social media giants is reaching a boiling point on Capitol Hill as lawmakers demand action from Facebook-owned Instagram after a bombshell report detailed internal research on how the platform harms the mental health of teens.

With the growing congressional scrutiny, Emma Lembke, the 19-year-old behind two youth-led advocacy organizations, says lawmakers need to look to Generation Z for input on regulation.

“We want to alter this narrative that has been put in place by older members of other generations that teens are passive victims who are just hurt and constantly affected by social media and have no agency whatsoever to remedy the situation. That is absolutely not the situation,” Lembke said in an interview with The Hill.

“While we can’t hold seats in the Senate, we can influence these decisions. We have the power and teens have the ability to use their own stories and their voice to push forth change,” she added.

Read more here.

That’s it for today, thanks for reading. Check out The Hill’s technology and cybersecurity pages for the latest news and coverage. We’ll see you Wednesday.