Hillicon Valley — Presented by Connected Commerce Council — Incident reporting language left out of package

Today is Tuesday. Welcome to Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Subscribe here: digital-release.thehill.com/newsletter-signup.

Follow The Hill’s cyber reporter, Maggie Miller (@magmill95), and tech team, Chris Mills Rodrigo (@millsrodrigo) and Rebecca Klar (@rebeccaklar_), for more coverage.

Cyber incident reporting — or lack thereof — was in the spotlight Tuesday when a conference version of the annual National Defense Authorization Act left the issue out despite broad bipartisan support for its inclusion. 

Meanwhile, Instagram announced a suite of features to protect young users ahead of CEO Adam Mosseri’s testimony and the Senate confirmed Federal Communications Commission Chair Jessica Rosenworcel to another term in office. 

Let’s jump into the news.

Cyber incident reporting doesn’t make the cut 

Legislation mandating cyber incident reporting for certain critical organizations was left out of the compromise version of the annual National Defense Authorization Act (NDAA) that the House is set to vote on Tuesday. 

No cigar: A cyber incident reporting provision, which established a new Cyber Incident Review Office at the Cybersecurity and Infrastructure Security Agency (CISA) was included in the version of the NDAA passed by the House in September. But the language on cyber incident reporting was absent from the text of the bipartisan compromise 2021 NDAA released by the House and Senate Armed Services panels Tuesday.

The House-passed provision also would have required CISA to set requirements around cyber incident reporting, with CISA banned from requiring organizations to report incidents sooner than 72 hours after discovery. There was a similar effort in the Senate to include a cyber incident reporting clause in the NDAA. 

An amendment put forward in November by Senate Homeland Security and Governmental Affairs Committee Chairman Gary Peters (D-Mich.), ranking member Rob Portman (R-Ohio), Senate Intelligence Committee Chairman Mark Warner (D-Va.) and Sen. Susan Collins (R-Maine) would have given certain critical groups 72 hours to report attacks, and 24 hours to report paying hackers as the result of a ransomware attack. 

McConnell intervenes: A Senate aide told The Hill Tuesday that Senate Minority Leader Mitch McConnell (R-Ky.) blocked the provision from inclusion in the NDAA compromise package during negotiations. The Hill has reached out to a spokesperson for McConnell for comment. 

So did Scott: CyberScoop reported that Sen. Rick Scott (R-Fla.), a member of the Senate Homeland Security Committee, had asked McConnell to oppose the provision due to Scott’s effort to narrow the amount of organizations would be required to report cyber incidents.

“Senator Scott fought to ensure the scope of this new cybersecurity incident reporting law would be limited to critical infrastructure and not burden America’s small businesses,” McKinley Lewis, the communications director for Scott, told The Hill Tuesday. “After hearing last night that a deal had been reached to change the amendment and make Senator Scott’s proposed change, which was supported by CISA, we were surprised and disappointed to see it left out of the NDAA language released by the House today.”

Read more here. 

A MESSAGE FROM CONNECTED COMMERCE COUNCIL

Congress is considering sweeping antitrust legislation that could hurt the digital economy – and put small businesses at risk. Learn more at connectedcouncil.org

Instagram chief readies testimony

Instagram announced on Tuesday that it will begin restricting the kinds of content it recommends to teens who use the app. The change was announced one day before platform head Adam Mosseri is set to testify before a Senate panel about the platform’s impact on kids and teens. 

The changes: Adam Mosseri, head of Instagram, said in a blog post that the company will take a stricter approach to what teens have access to on the app with the rollout of new features as part of an effort to protect younger users.  

“[W]e’ll stop people from tagging or mentioning teens that don’t follow them, we’ll be nudging teens towards different topics if they’ve been dwelling on one topic for a long time and we’re launching the Take a Break feature in the US, UK, Ireland, Canada, Australia and New Zealand, which we previously announced,” Mosseri said in the post.

The criticism: Instagram has been under increased scrutiny about its effects on children since  a Wall Street Journal report revealed that internal Facebook research found that Instagram made one-third of teen girls feel worse about their bodies, leading to Instagram delaying its planned rollout of a version of the app for kids.

Read more here. 

ROSENWORCEL BECOMES PERMANENT

The Senate voted 68-31 Tuesday to confirm Federal Communications Commission (FCC) chair Jessica Rosenworcel to another term.

The confirmation came weeks before Rosenworcel’s term was set to expire, which would have given Republicans a majority on the commission.

Even with Rosenworcel getting the nod from the Senate, the commission remains deadlocked.

President Biden has nominated Gigi Sohn to the last seat on the five-person panel. The former FCC official has faced tough opposition from Republican lawmakers.

Rosenworcel had served as acting chair since the start of Biden’s term.

Read more here. 

TURNING UP THE HEAT

Sen. Elizabeth Warren (D-Mass.) spearheaded attacks at e-commerce giant Amazon during a hearing on data privacy and competition Tuesday, while other senators on the panel voiced concerns over data brokers harvesting user information.  

Although Warren, chair of the Subcommittee on Fiscal Responsibility and Economic Growth, centered her time on accusations that market power of tech giants is driving up prices and creating inhumane conditions for workers, Ranking Member Bill Cassidy (R-La.) and other Democrats focused largely on data privacy concerns.  

The broad scope of the hearing and lawmakers’ questions indicated that although senators are fairly united about general criticism of Amazon and other tech giants, there is still a deep divide on how to approach regulation. 

“The United States is at an inflection point. Wealth and income disparities are at levels we have not seen in our lifetimes. The government’s lax enforcement of antitrust laws during the past few decades is a huge part of this problem; regulators and judges have allowed merger after merger and the result is too little competition in U.S. markets,” Warren said. 

Read more about the hearing. 

AWS went down (yes, again)

Amazon Web Services (AWS) went down Tuesday morning, leaving large parts of the internet reliant on the tech giant’s services offline.

The outage was still impacting sites throughout Tuesday afternoon, but Amazon said it was starting to see signs of some recovery.

On its health service dashboard, AWS posted a message at 11:22 a.m. that the company is “investigating increased error rates for the AWS Management Console.”

“We are experiencing API and console issues in the US-EAST-1 Region. We have identified root cause and we are actively working towards recovery,” AWS said in the message. 

In an update around 3:30 p.m. the company said the cause was an impairment of several network devices and it was working toward mitigating the issue. 

Read more here. 

A MESSAGE FROM CONNECTED COMMERCE COUNCIL

Congress is considering sweeping antitrust legislation that could hurt the digital economy – and put small businesses at risk. Learn more at connectedcouncil.org

MUSK TAKES A STAND

Declining birth rates and an underpopulated world are civilization’s greatest threats, said Tesla and SpaceX CEO Elon Musk.

“I can’t emphasize this enough: There are not enough people,” Musk said during The Wall Street Journal’s CEO Council Summit on Monday. “One of the biggest risks to civilization is the low birth rate and the rapidly declining birth rate.”

During the conference, Musk appeared on a video call from a new Tesla factory. He was answering a question from a journalist about his proposed Tesla Bot, a humanoid robot that could be a substitute for human labor.

This is the second time this year that Musk has referenced declining birth rates across the world. In July, the entrepreneur tweeted a Wall Street Journal article about population decline and raised his concerns about the news.

Read more here.

BITS AND PIECES

An op-ed to chew on: Fixing Facebook is not enough

Lighter click: Hard to comprehend

Notable links from around the web:

Satoshi, is that you? A legal brawl fails to identify bitcoin’s creator. (Protocol / Benjamin Pimentel)

Seeking Space for Solar Farms, Cities Find Room at Their Airports (The New York Times / Amy Zipkin)

Twitter’s New CEO Agrawal Got Early Nod From Dorsey a Year Ago (Bloomberg / Kurt Wagner)

One last thing: Google takes hackers to court 

Google on Tuesday announced it is pursuing litigation to disrupt a botnet run by operators based out of Russia, among other steps meant to crack down on the group.

As part of the effort, Google filed a lawsuit in the Southern District of New York on Tuesday against two Russian nationals, Dmitry Starovikov and Alexander Filippov, and more than a dozen other unnamed individuals for allegedly creating and running the “Glupteba” botnet. Google also worked with industry partners to disrupt infrastructure used by the group which means the individuals behind the botnet currently do not have control over it. 

“Due to Glupteba’s sophisticated architecture and the recent actions that its organizers have taken to maintain the botnet, scale its operations, and conduct widespread criminal activity, we have also decided to take legal action against its operators, which we believe will make it harder for them to take advantage of unsuspecting users,” Royal Hansen, the vice president of Security at Google, and Google General Counsel Halimah DeLaine Prado wrote in a blog post announcing the disruption efforts. 

The botnet, which is a network of different devices that are being controlled by a group or individual, has been used to infect around one millions Windows devices worldwide, with thousands of new devices compromised every day. 

Read more here. 

That’s it for today, thanks for reading. Check out The Hill’s technology and cybersecurity pages for the latest news and coverage. We’ll see you Wednesday.
{mosads}