Overnight Cybersecurity: China signals cyber shift with alleged OPM arrest

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …

THE BIG STORIES:

–TRUST BUT VERIFY?: China has signaled a surprising cybersecurity shift in recent months, culminating Wednesday with the possible arrest of the hackers behind the catastrophic Office of Personnel Management (OPM) data breach this summer. After refusing to come to the negotiating table for over a year, China has suddenly, in the course of a few months, struck a series of unexpected deals and scrambled to schedule meetings with U.S. officials in an attempt to quell concerns over the Asian power’s alleged massive cyber campaigns to pilfer both American corporate secrets and data on U.S. government officials. But reactions to the arrests — which include no details regarding the hackers’ identities — have been mixed. Some believe China’s actions represent a profound change in Beijing’s attitude toward hacking, and could indicate a changing tide in the Obama administration’s broader attempt to combat overseas hacking. Others caution the arrested hackers may not be the true perpetrators, and that China’s recent change in approach could be nothing more than an attempt to sidestep more serious penalties for persistent hacking. “It is representative of a desire to signal a shift [in China’s approach to cybersecurity], but whether such a shift is actually occurring is a different issue altogether,” said Christopher Swift, a former official with the Treasury Department Office of Foreign Assets Control and a current national security professor at Georgetown University. To read more, check back tomorrow. To read about the arrests, click here.

{mosads}–MONEY, IT’S A GAS: Target Corp. on Wednesday reached a proposed $39 million settlement to resolve claims by banks seeking to recoup money spent reimbursing fraudulent charges resulting from the retailer’s 2013 data breach. The settlement “sets an important precedent that financial institutions should not always have to bear the burden of extensive costs related to merchant data breaches over which they have no control,” co-lead plaintiffs’ counsel Charles Zimmerman said. The highly publicized breach during the busy 2013 holiday season exposed up to 40 million credit cards and compromised other personal information of as many as 70 million people. Although the exact extent of fraud committed as a result of the breach isn’t known, the attack has cost Target $162 million in net expenses as of Jan. 31. Wednesday’s agreement includes $20 million that will go directly to settlement class members and a $19 million payment to fund MasterCard’s Account Data Compromise program activities related to the breach. To read our full piece, click here.

–CEASE AND DESIST: An influential privacy activist is pressing European Union officials to halt Facebook’s data flows from Europe to the U.S. Austrian Max Schrems on Tuesday sent a letter to the data protection agency in Ireland — where Facebook has its European headquarters — arguing that the authority should “suspend all data flows from ‘Facebook Ireland Ltd’ to ‘Facebook Inc.'” Schrems is the same activist that got the European courts to cancel a major U.S.-EU data transfer agreement months ago. The European Court of Justice invalidated the long-standing “Safe Harbor” agreement — which allowed thousands of companies to legally transfer Europeans’ data to the U.S. — over concerns about U.S. surveillance programs. Schrems argued that Facebook is subject to those same surveillance programs and thus should not be allowed to move European data across the Atlantic Ocean. “There is clear evidence that leads me to believe that my personal data, controlled by ‘Facebook Ireland Ltd,’ and processed by ‘Facebook Inc,’ is at the very least ‘made available’ to U.S. government authorities under various known and unknown legal provisions and spy programs,” he wrote. To read our full piece, click here.

UPDATE ON CYBER POLICY:

–STAY FOCUSED. A Senate bill intended to curb trade secret theft wouldn’t directly address the rampant overseas digital espionage that is hurting American businesses, lawmakers and witnesses said at a Judiciary Committee hearing Wednesday. But it’s not meant to, insisted supporters of the Defend Trade Secrets Act (DTSA). The measure is targeted at solving a pressing domestic issue: the rise of trade secret theft by rogue employees. “That is the main situation that we need some help on,” said Tom Beall, chief intellectual property counsel at Corning, a glass and ceramics manufacturer, in response to a question from Sen. Orrin Hatch (R-Utah), a DTSA co-sponsor. “Certainly cyber espionage is an issue, but that is not the thrust and the main point, not only of this bill, but our main concern at this point,” he added. To read our full piece, click here.

A REPORT IN FOCUS/LIGHTER CLICK:

–INSTACATS. This is important, guys. The top-10 most-liked images on Instagram in 2015 were all women and cats. Specifically, Taylor Swift and her cat Meredith, who captured three of the top five spots. New formula for instant Internet fame: Be a cat. Be Taylor Swift’s cat.

Read on, here.

WHO’S IN THE SPOTLIGHT:

–I AM SERIOUS, AND DON’T CALL ME SHIRLEY. Sen. Ed Markey wants to know more about how airlines and airplane makers are defending themselves from hackers that have increasingly targeted the aviation industry, which holds a bevy of valuable data.

The Massachusetts Democrat, who has also helped lead the Senate’s charge to press the auto industry about its cybersecurity plans, sent letters on Wednesday to 12 airlines and two airplane manufacturers pressing for details on their digital defenses.

“As technology rapidly continues to advance, we must all work to ensure that the airline industry remains vigilant in protecting its aircraft and systems from cybersecurity breaches and attacks,” Markey wrote.

In the past year, the aviation industry has come under siege from both cyber criminals and overseas cyber spies.

Markey’s queries could result in a report on the overall state of aviation cybersecurity, similar to the paper he issued last year after sending similar letters to automakers.

To read our full piece, click here.

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

A bipartisan pair of lawmakers is pressing digital toymaker VTech for answers on how it collects and locks down children’s information after the company acknowledged that a hack had exposed over 6.3 million kids’ data. (The Hill)

The House Judiciary Committee on Wednesday approved a bill aimed at cracking down on the cyber thieves who profit from stolen credit card information. (The Hill)

Republican Sen. Tom Cotton (Ark.) on Wednesday introduced new legislation to stall or preempt reforms to U.S. intelligence agencies, days after the National Security Agency (NSA) ended a controversial program. (The Hill)

The House Intelligence Authorization Act, which passed Tuesday, includes provisions requiring the Obama administration to detail how the OPM hack could hurt U.S. spies. (The Daily Dot)

A major cyberattack against Australia’s Bureau of Meteorology that may have compromised potentially sensitive national security information is being blamed on China, the Australian media reported on Wednesday. (Reuters)

Canada is creating a team of cyber crime investigators to fight cyberattacks on the federal government and other major targets. (Reuters)

The DHS’s Silicon Valley Office will hold an industry day on Dec. 10 to kick off a recruiting drive for startups interested in latching onto government funding. (ArsTechnica)

Sen. Cory Gardner (R-Colo.) penned an op-ed on “North Korea’s forgotten maniac.” (The Wall Street Journal)

Facebook is considering whether to establish its first Asia-Pacific database. (Reuters)

If you’d like to receive our newsletter in your inbox, please sign up here: http://goo.gl/KZ0b4A