Overnight Cybersecurity: China’s Xi arrives for state visit

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you…

THE BIG STORIES:

–POPE OUT; XI IN: Chinese President Xi swapped U.S. business leaders for White House officials Thursday afternoon, making the trip from Washington state to Washington, D.C., for his first official state visit. The Chinese leader is slated to have an informal dinner Thursday night with President Obama, before a series of meetings and a joint press conference Friday, culminating in an official state dinner that night. Xi is hoping his Washington trip displays to the world that China is a global power on par with the U.S. But the Chinese president arrives in a charged political climate after two days of pleasantries — and some polite disagreements — with U.S. business leaders in Seattle. Democrats and Republicans alike have blanked the White House with letters ahead of the visit, urging Obama to take a stand on a number of issues, including discriminatory trade practices and domestic regulations, territorial disputes in the South China Sea, human rights abuses and, most notably, hacking. To read our full piece, click here.

{mosads}–I LOVE YOU, YOU’RE PERFECT, NOW CHANGE: Congress’s irritation with China was on full display at a Senate Intelligence Committee hearing Thursday. Sen. Marco Rubio (R-Fla.) hammered China for digitally pilfering the corporate secrets of U.S. companies at a Senate Intelligence Committee hearing on Thursday. “The Chinese government actively encourages, as part of their national policy, the stealing of American secrets,” the Florida lawmaker said during an exchange with National Security Agency (NSA) Director Adm. Michael Rogers, who was testifying. Rogers concurred. “They clearly don’t have the same lines in the sand, if you will,” he added. “I watch some of my counterparts there do things that under our system you could never do.” To read our full piece, click here.

–BUT WHAT ABOUT HILLARY?: Don’t worry, the Intelligence Committee didn’t forget to ask about Hillary Clinton’s private email server on Thursday. Rogers told lawmakers that Clinton’s former email setup would be an “opportunity” for the U.S. if it had been used by a top foreign diplomat. “From a foreign intelligence perspective, that would represent opportunity,” he said. The server would be a “top priority for foreign intelligence services,” Rogers agreed in response to a question from Sen. Tom Cotton (R-Ark.). To read our full piece, click here.

UPDATE ON CYBER POLICY:

–FORGET WE MENTIONED IT. The Obama administration looked into four possible approaches that would have allowed law enforcement guaranteed access to encrypted data, The Washington Post reported. But while the White House decided each option was “technically feasible,” officials have decided against offering them as official “administration proposals” or even releasing them publicly. However, because of a leaked memo, we now can see them. Check it out, here.

LIGHTER CLICK:

–POPE FAILS TO ADDRESS CYBERSECURITY IN HISTORIC ADDRESS. His Holiness Pope Francis declined to address a number of pressing cybersecurity issues in his remarks to Congress Thursday morning, causing several cyber beat reporters to weep brokenly and mutter darkly about the persistent threat of DDoS attacks.

WHO’S IN THE SPOTLIGHT:

–EDWARD SNOWDEN (AGAIN). The former National Security Agency employee appeared on video on Thursday to petition for an international treaty declaring information privacy a basic human right. In brief remarks delivered to a Manhattan forum, the ex-systems analyst called spying on ordinary citizens a “global problem that affects all of us.” The forum was hosted by a global advocacy group that’s pushing for the so-called “Snowden Treaty,” which would require signee countries to limit online and phone surveillance, as well as provide sanctuary for whistleblowers like Snowden. Organizers have said that unnamed United Nations diplomats have expressed interest, according to The Associated Press. Read on, here.

A REPORT IN FOCUS:

–GUYS. REALLY? The federal government stored the sensitive personal data of millions of ObamaCare plan-holders on a network with basic cybersecurity flaws, a federal audit revealed Thursday. HealthCare.gov, the much maligned portal for purchasing healthcare coverage through the federal exchange, suffered from a number of security issues, according to the inspector general at the Department of Health and Human Services. Among those flaws? HealthCare.gov did not encrypt user sessions, which is common practice for most financial Web transactions, and apparently failed to perform basic vulnerability scans that might have uncovered weaknesses in HealthCare.gov’s servers. In addition to poor security policies, the HHS audit found 135 database vulnerabilities — like software bugs — 22 of which were classified as “high risk.” Sixty-two of the flaws were classified as medium risk. The Centers for Medicare and Medicaid Services, which oversees HealthCare.gov, says it has already remedied all of the IG’s findings. To read our full piece, click here.

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

In a sweeping energy infrastructure policy statement released Wednesday, Hillary Clinton called for power grid upgrades to increase cybersecurity. (The Hill)

Forcing suspects to give up their cellphone passwords is a violation of the constitutional right against self-incrimination, a federal judge ruled Wednesday. (The Hill)

The head of the National Security Agency told lawmakers Thursday that curtailing bulk collection of surveillance data would make it harder for the agency to do its job. (The Hill)

Xi draws power into loyal inner circle. (The Wall Street Journal)

A one-sentence email from a DHS official was apparently behind the shutdown of a public library’s dark Web portal. (Motherboard)

China won’t back down from cyberattacks if the U.S. doesn’t make similar concessions, one analyst writes. (Lawfare)

The head of China’s office of Cyberspace Administration called for cooperation between the U.S. and Beijing. (USA Today)

At the U.S.-China tech forum Wednesday, President Xi defended the rights of countries to regulate domestic Internet development. (The Seattle Times)

The number of iOS apps infected by malware, previously estimated to be 39, has ballooned to over 4,000 apps. (DarkNet.org)

Keeping your data with tech giants like Google still isn’t 100 percent safe, experts say. (CSO)

If you’d like to receive our newsletter in your inbox, please sign up here: http://goo.gl/KZ0b4A