|
|
|
|
|
|
|
Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you … |
|
|
|
|
THE BIG STORIES: |
|
–JUST WONDERIN’…: A hacking group affiliated with the Russian government has infiltrated the Democratic National Committee (DNC), stealing two files of opposition research on presumptive Republican nominee Donald Trump. The hackers were highly skilled and able to bypass normal security protections. They lurked on the DNC’s network for over a year in some cases, according to the security firm CrowdStrike, which is investigating the breach. “Their tradecraft is superb, operational security second to none,” said the firm’s co-founder and chief technology officer, Dmitri Alperovitch. For security experts — and some lawmakers — the breach is merely one example of the kind of digital espionage Russian spies carry out every day. “It should come as no surprise to anyone that political parties are high-profile targets for foreign intelligence gathering,” Rep. Jim Langevin (D-R.I.) said in a statement. But the theft of information on a presidential nominee — and in Trump, one who has directed praise at Russian President Vladimir Putin — is raising eyebrows. To read our full piece, click here. |
|
–SWATTED: Hackers called upon to help the Pentagon have found 100 vulnerabilities in Department of Defense systems. In what is known as a bug bounty, Defense officials invited vetted security researchers to “Hack the Pentagon” and report back any soft spots they found in exchange for cash prizes. The program has paid out $15,000, split among 1,400 participating hackers, since its March launch — a bargain compared to other methods of security research. “They are helping us to be more secure at a fraction of the cost,” Defense Secretary Ash Carter said Friday at the Defense One conference in Washington, D.C. To read our full piece, click here. |
|
–FINALLY CAUCUS-WORTHY?: Sens. Mark Warner (D-Va.) and Cory Gardner (R-Colo.) on Tuesday announced the creation of a Cybersecurity Caucus to keep lawmakers and staffers up-to-date on cyber policy. The caucus will focus on the issue’s impact on national security, the economy and digital security. “Rifle shots targeting a massive, growing problem have fallen well-short of sufficient. We need a grand strategy to combat positively identified bad actors, and that requires a broad policy response that is adaptable to technological developments and the ever-changing cyber field,” Gardner said. To read our full piece, click here. |
|
|
|
|
A POLICY UPDATE: |
|
–WHEN AT FIRST YOU DON’T SUCCEED… Two senators are pushing leaders from both the Senate and House Armed Services committees to include a provision in the final version of the national defense policy bill elevating the military’s cyber unit to a full-fledged combatant command.”Cyber is truly one of the fastest growing threats facing our nation; we cannot stand by as the Department of Defense fails to act on this urgent national security priority,” Sen. Steve Daines (R-Mont.) and Mark Warner (D-Va.) wrote in a Tuesday letter to the chairmen and ranking members of both committees.
Citing “large bipartisan support in the Senate,” they urged committee leaders to include language elevating the unit — present in the House-passed version of the bill — in the conferenced version.
The Senate on Tuesday passed its version of the $602 billion National Defense Authorization Act (NDAA) on an 85-13 vote.
Daines and Warner tried to get the provision into the Senate version in an amendment, offered with six other senators from both sides of the aisle but were unable to get a vote in a packed and contentious schedule.
To read our full piece, click here. |
|
|
|
|
A LIGHTER CLICK |
|
“THE HILL” CAUSES NO PROBLEMS. Did The New York Times shrink the letter ‘S’ to fit Eisenhower into headlines? (Yes!) (The Atlantic). |
|
|
|
|
A LOOK AHEAD |
|
WEDNESDAY:
–The House Homeland Security Committee will hear industry perspectives on the implementation of the Cybersecurity Act of 2015, at 10 a.m. |
|
THURSDAY:
–The House Homeland Security Subcommittee on Emergency Preparedness will mark up the Cyber Preparedness Act of 2016, at 10 a.m. |
|
|
|
|
WHO’S IN THE SPOTLIGHT: |
|
–ECONOMIC ESPIONAGE. The Justice Department is bringing economic espionage charges against a Chinese national accused of stealing source code from an American company.Xu Jiaqiang allegedly stole and sold the source code from his former employer to two undercover law enforcement agents. He’s also accused of planning to transfer the code to the National Health and Planning Commission of the People’s Republic of China.
He was already facing three charges of theft of trade secrets.
“Economic espionage not only harms victim companies that have years or even decades of work stolen, but it also crushes the spirit of innovation and fair play in the global economy,” said Preet Bharara, the U.S. Attorney for the Southern District of New York in a statement Tuesday. Bharara’s office is handling the case.
To read our full piece, click here. |
|
–ELSEWHERE, IN ECONOMIC ESPIONAGE NEWS. The U.S. and China are making progress in improving their relationship on cybersecurity, a key administration official said during a high-level meeting between the two nations this week.Department of Homeland Security Undersecretary Suzanne Spaulding said Tuesday that the focus of the second U.S.-China High-Level Joint Dialogue on Cybercrime and Related Issues was to ensure that the two nations fulfilled agreements made during Chinese President Xi Jinping’s state visit in September.
The two nations agreed to exchange more information on cyber crime, and struck a pledge that neither government will hack the other for financial gain.
Since then, Spaulding said, the two sides have set up email addresses to share information.
“A key element of the agreement is information-sharing and establishing mechanisms,” she told reporters. “We are very pleased to have temporary email addresses and very much appreciate” working to set up permanent addresses, she continued.
Chinese officials also gave a positive account of the talks.
“We want to bring the discussions from policies on paper to actual implementation,” Chinese Minister of Public Security Guo Shengkun said.
To read our full piece, click here. |
|
|
|
|
A SECURITY RISK IN FOCUS: |
|
–OBSOLETE TECH. Federal Chief Information Officer Tony Scott is pleading for industry and government officials to support a $3.1 billion modernization plan for the government’s out-of-date technology systems.”This is not one of those situations where it’s going to get better if we wait. It’s not a partisan issue. This is the single biggest opportunity I know of to do something different in this space,” Scott told a crowd at the Brocade Federal Forum in Washington.
Much of the government runs on technology that predates modern cybersecurity, and is so old that the skills needed to program and upkeep the equipment is largely untaught in schools.
Around 80 percent of the IT budget is spent maintaining legacy systems, a problem the House Oversight Committee called a “ticking time bomb” in a recent hearing on the subject.
To read our full piece, click here. |
|
|
|
|
IN CASE YOU MISSED IT: |
Links from our blog, The Hill, and around the Web. |
|
Apple is upping Mac encryption. (The Hill)
The State Department’s unclassified computer networks are cluttered with over 2,000 inactive accounts that hackers could exploit to gain access to State’s networks. (NextGov)
Verizon fixed a critical flaw in its Verizon.net messaging system that permitted attackers to hack the email settings of other customers and forward email to any email account. (Threat Post)
You might want to disable Adobe Flash. (Ars Technica)
Australian state’s election commission has acknowledged a bug in its voting software. (The Register) |
|
|