Overnight Technology

Hillicon Valley —TSA to strengthen rail sector cybersecurity

Today is Thursday. Welcome to Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Subscribe here: thehill.com/newsletter-signup.

Follow The Hill's cyber reporter, Maggie Miller (@magmill95), and tech team, Chris Mills Rodrigo (@millsrodrigo) and Rebecca Klar (@rebeccaklar_), for more coverage.

The Transportation Security Administration (TSA) took steps to shore up the cybersecurity of the rail sector on Thursday by issuing a pair of new directives.

Meanwhile, a federal watchdog agency warned of dire consequences for the cybersecurity of the nation's infrastructure if more wasn't done at the federal level, and a law in Texas around barring social media companies from banning certain users was blocked by a federal judge. 

Let's jump into the news.

TSA rolls out railroad security directives 

The Transportation Security Administration (TSA) on Thursday issued two security directives requiring rail and rail transit groups to implement steps to strengthen cybersecurity of the sector, including a requirement to report cyber incidents to the federal government.

Reporting requirement: The security directives require higher-risk freight rail, passenger rail, and rail transit groups to report cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency (CISA) within 24 hours of detection and to designate a cybersecurity coordinator.

The directives also require these groups to complete vulnerability assessments of their networks and then develop a cybersecurity incident response plan based on security issues discovered. One directive applies to freight rail groups, while the other to passenger rail and rail transit companies, but are identical and will be made public.

"These new cybersecurity requirements and recommendations will help keep the traveling public safe and protect our critical infrastructure from evolving threats. DHS will continue working with our partners across every level of government and in the private sector to increase the resilience of our critical infrastructure nationwide," Homeland Security Secretary Alejandro Mayorkas said.

Mayorkas first announced the upcoming directive for the rail sector in October, pointing to the need in particular to protect against ransomware attacks.  

Aviation sector too: Mayorkas also announced that a similar directive would be rolled out for the aviation sector, with senior DHS officials telling reporters Thursday that TSA had "recently updated aviation security programs to require airport operators to take similar steps" to what rail sector groups were being required to do.

Read more here. 


All is not quiet on the infrastructure front 

A federal watchdog agency on Thursday released findings highlighting serious concerns around cybersecurity vulnerabilities in U.S. critical infrastructure, warning that these systems are "in jeopardy" if the government fails to take action.

The Governmental Accountability Office (GAO) released the report, which highlights increasing threats to the nation's key systems over the past year to argue for the need for the federal government to take steps, including implementing a national cybersecurity strategy and enhancing federal protection of critical infrastructure. 

"If the federal government doesn't act with greater urgency, the security of our nation's critical infrastructure will be in jeopardy," GAO wrote in a summary of the report. 

The report was released in conjunction with a hearing on securing the nation's infrastructure held by the House Transportation and Infrastructure Committee on Thursday. Nick Marinos, the director of Information Technology and Cybersecurity at GAO, raised concerns in his testimony that the U.S. is "constantly operating behind the eight ball" on addressing cyber threats. 

Read more here.


A federal judge has blocked Texas from enforcing a law that aimed to block social media companies from banning users based on political views. 

Judge Robert Pitman issued the order Wednesday in favor of two industry associations that sued to block the Texas law. 

"Social media platforms have a First Amendment right to moderate content disseminated on their platforms," Pitman wrote. 

Renae Eze, a spokesperson for Texas Gov. Greg Abbott (R), said the state plans to appeal the ruling.  

"Allowing biased social media companies to cancel conservative speech is hostile to the free speech foundation America was built on. In Texas, we will always fight to defend Texans' freedom of speech," Eze said in a statement. 

The Texas law, signed by Abbott in September, would forbid social media companies with more than 50 million monthly users from banning users based on political views.

Read more here.



Facebook on Thursday rolled out a new set of measures designed to further protect accounts more often targeted by hackers, including those of human rights activists, journalists and government officials, among others.

As part of this effort, Facebook is expanding its "Facebook Protect" program, first tested in 2018 ahead of U.S. elections, to countries around the world in order to protect highly targeted accounts from being compromised.

"It is a community of people that sit at very critical points in public debate and are highly targeted, just that for their protection they probably should be enabling two-factor authentication, and it's widely investing so much in simplifying the process," Nathaniel Gleicher, Facebook's head of security, told reporters ahead of the announcement. 

More than 1.5 million accounts have enabled Facebook Protect since September, and 950,000 of these accounts were newly enrolled in using two-factor authentication as part of participating in the program. The program is currently in place in around a dozen countries, and Facebook plans to expand it to more than 50 countries by the end of 2021, including India, the United States, Myanmar and Ethiopia.

Read more here.


An op-ed to chew on: Why we need 'meta jurisdiction' for the metaverse

Lighter click: Me too David Lynch, me too

Notable links from around the web:

Crime Prediction Software Promised to Be Free of Biases. New Data Shows It Perpetuates Them (Gizmodo and The Markup / Aaron Sankin, Dhruv Mehrotra, Surya Mattu, Dell Cameron, Annie Gilbertson, Daniel Lempres, and Josh Lash)

'Magic dirt': How the internet fueled, and defeated, the pandemic's weirdest MLM (NBC News / Brandy Zadrozny)

As Tech Founders Resign, Congress Loses Its Favorite Targets (The Verge / Makena Kelly)

The US crackdown on Chinese economic espionage is a mess. We have the data to show it. (MIT Tech Review / Eileen Guo, Jess Aloe, Karen Hao)

The success of MrBeast's Squid Game is its own dystopia (Polygon / Hussein Kesvani)


One last thing: FTC blocks a major merger 

The Federal Trade Commission announced Thursday it was suing Nvidia over its $40 billion purchase of Arm, the largest acquisition of a semiconductor chip design company.

Arm, owned by Tokyo-based Softbank, produces designs and computing technology for semiconductor chips, which are used to power most tech devices, from Iphones and laptops to computer systems in most vehicles.

In a statement, the FTC argued that if the California-based Nvidia - which builds semiconductor chips - acquires Arm, it would gain an unfair advantage over its competitors.

"The FTC is suing to block the largest semiconductor chip merger in history to prevent a chip conglomerate from stifling the innovation pipeline for next-generation technologies," said Holly Vedova, the Bureau of Competition director for the FTC.

"Tomorrow's technologies depend on preserving today's competitive, cutting-edge chip markets. This proposed deal would distort Arm's incentives in chip markets and allow the combined firm to unfairly undermine Nvidia's rivals," Vedova wrote.

Read more here. 

That's it for today, thanks for reading. Check out The Hill's technology and cybersecurity pages for the latest news and coverage. We'll see you Friday.