Homeland Security Cyber Bill Moves Forward

0
375
The Hill Cybersecurity
Facebook Twitter LinkedIn Email
Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …
THE BIG STORIES:
–MOVING FORWARD: The House Homeland Security Committee on Wednesday advanced a bill that would restructure how the Department of Homeland Security (DHS) protects critical infrastructure from digital threats. “This bill removes bureaucratic barriers at DHS so it can more effectively carry out the authorities passed by Congress in the last two years,” Rep. John Ratcliffe (R-Texas) said in statement. The bill, authored by committee Chairman Michael McCaul (R-Texas), would replace the so-called National Protection and Programs Directorate (NPPD) within the department with a new operational agency tasked with protecting the computer networks that run the nation’s power grid, water utilities and more. The proposed reorganization, in the works for over a year, has been a point of tension between the agency and Congress. The DHS has pushed for a restructuring of the NPPD. But an administration proposal leaked to the media over the summer drew ire from members who criticized the agency for pushing forward with the reorganization without involving lawmakers. Ratcliffe on Wednesday hinted at the prevailing committee stance that the agency needs congressional authorization to go forward with the realignment. “[The bill] provides a strong structure for the organization, improves collaboration between its divisions and elevates the cybersecurity mission, while also ensuring that mechanisms are in place for robust Congressional oversight,” Ratcliffe said. To read our full piece, click here.
–FIRST OF ITS KIND: The California county of Santa Clara, which is home to much of Silicon Valley, will now require law enforcement to seek county board and district attorney approval before purchasing new surveillance technologies. It is believed to be the first county to impose such a rule, although Seattle passed a similar ordinance on the city level. In a unanimous vote, the county board of supervisors approved the new budget framework. The new ordinance will cover a host of equipment that has become more common among police in recent years, including license plate scanners, products that spoof cellphone towers and even closed-circuit cameras. For years, civil liberties groups have complained about law enforcement use of these technologies, saying they are unnecessarily invasive and are often bulk surveillance techniques with too little judicial or governmental oversight. Law enforcement in Santa Clara will also now be required to publish annual surveillance reports detailing usage, how successful different technologies have been, complaints and internal audits not subject to privilege. “Simply put,” said County Supervisor Joe Simitian in a press release, “we’ll be asking these important civil liberties questions before, rather than after, we acquire some new technology. We’ll have policies in place before we acquire some new technology. And we’ll be holding ourselves accountable on a regular basis.” To read our full piece, click here.
UPDATE ON CYBER POLICY:
–NOT YET, NOT YET. Still no vote in the Senate on an amendment to the National Defense Authorization Act that would elevate the Pentagon’s U.S. Cyber Command to a full combatant unit.It’s looking less and less likely that the provision, from a bipartisan group of lawmakers, will see the floor.
A LIGHTER CLICK:
–RULES OR NO RULES… we’re still rooting for “Willenium.”
A LOOK AHEAD
THURSDAY:

–The Senate Judiciary Committee is scheduled to mark up the Electronic Communications Privacy Act Amendments Act of 2015 at 10 a.m.

FRIDAY:

–The House Oversight Committee will hold a hearing on the 18F team and oversight of U.S. digital service at 9:30 a.m.

WHO’S IN THE SPOTLIGHT:
–MORGAN STANLEY. The Securities and Exchange Commission (SEC) on Wednesday announced that Morgan Stanley will pay $1 million to resolve charges that it allowed customer information to be hacked and posted online.According to the SEC, security failures at the bank allowed a then-employee to inappropriately access and transfer customer data from 730,000 accounts to a personal server, which was then hacked by a third party.

The breach was discovered when Morgan Stanley client information began popping up online in late December 2014. It was first discovered on the text-sharing site Pastebin.

Federal securities laws require registered broker-dealers and investment advisers to adopt written policies and procedures reasonably designed to protect customer data.

But the SEC found that Morgan Stanley had two internal web portals that lacked effective authorization mechanisms. If those mechanisms were in place they would have restricted employee access to customer data to legitimate business needs.

To read our full piece, click here.

IN CASE YOU MISSED IT:
Links from our blog, The Hill, and around the Web.
An important piece of infrastructure for two major strains of malware appears to be inactive. (The Hill)

The University of Calgary paid malicious hackers 20,000 Canadian dollars, or about $15,700, to recover access to its IT systems after it was hit with a ransomware attack. (The Hill)

The FBI is treating everything on the private server used to run former Secretary of State Hillary Clinton’s personal email account as evidence or possible evidence as part of the federal investigation connected to the machine. (The Hill)

Wired cutely explains the political ideologies of Silicon Valley luminaries.  (Wired)

Attackers could have rewritten logs of their Facebook Messenger chats with you to introduce falsehoods and malicious links. (CSO Online)

Singapore is banning government employees from using the internet for security. (Ars Technica)

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.