Overnight Cybersecurity: Lawmakers want cyber retaliation
Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …
THE BIG STORIES:
–TRUST BUT VERIFY?: Director of National Intelligence James Clapper doesn’t have high expectations for the recently inked agreement between the U.S. and China to not hack private companies. And neither do lawmakers, who laid into Clapper and other top intelligence and defense officials on Tuesday for not retaliating against hackers. “I see two consistent themes here,” said Sen. Kelly Ayotte (R-N.H.) during a Senate Armed Services Committee hearing. “A lot of talk; no action, unfortunately. And people take their cues from that and that worries me.” Lawmakers expressed frustration that the Obama administration’s deal with Beijing doesn’t appear to come with an enforcement mechanism, a concern Clapper echoed. “Hope springs eternal,” he said. “I think we will have to watch their behavior and it will be incumbent on the intelligence community to depict to policymakers what behavior changes, if any, result from this agreement.” When asked if he was optimistic that the agreement would result in a reduction of hacks on U.S. companies, Clapper replied with one word: “No.” To read about Clapper’s comments, click here. To read about lawmakers’ call for cyber retaliation, click here.
{mosads}–CITADEL HAS FALLEN: A Russian national on Tuesday was sentenced to four-and-a-half years in prison for his role in distributing and managing banking malware that infected over 11 million computers worldwide, authorities said. Dimitry Belorossov, who was extradited to the United States from Spain in 2014, pleaded guilty to conspiracy to commit computer fraud. Belorossov used spam emails and commercial Internet ads linking to malware to distribute and install a bot known as Citadel onto victims’ computers. At one point he controlled over 7,000 bots, authorities say. Citadel, a kind of malware known as a “banking Trojan,” would steal online banking credentials, credit card information and personally identifiable information in order to carry out unauthorized transfers of funds. The crime ring operating Citadel and other bots like it is thought to be responsible for over $500 million in losses. To read our full piece, click here.
–600,000 TWEEPS AND COUNTING: Former National Security Agency (NSA) contractor Edward Snowden joined Twitter Tuesday with a bang. His first and only follow? The NSA, the same agency that Snowden dragged into the spotlight by leaking documents about several widespread, secret surveillance programs. “Can you hear me now?” Snowden tweeted. An hour later, Snowden launched into his first Twitter exchange with famed astrophysicist Neil deGrasse Tyson. Snowden joked: “Thanks for the welcome. And now we’ve got water on Mars! Do you think they check passports at the border? Asking for a friend.” To read our full piece, click here.
UPDATE ON CYBER POLICY:
–AND SO IT BEGINS. The Commerce Department on Tuesday held its first multistakeholder meeting to discuss rules surrounding the disclosure of security vulnerabilities discovered during research. The National Telecommunicatoins and Information Administration (NTIA) is leading the discussions.
Check out the agency’s opening statement from the meeting.
LIGHTER CLICK:
–FOR LAZY LEARNERS. This upcoming video game would force players to learn PGP (Pretty Good Privacy) encryption. Per Motherboard: “Players take on the role of an NSA agent tasked with tracking down the source of top secret leaks: Edward Snowden.” Read on, here.
REPORT IN FOCUS:
–GUYS. GET IT TOGETHER. Most federal agencies continue to struggle to prevent network breaches despite recommendations from various inspectors general, according to a report from the Government Accountability Office released Tuesday.
The GAO found “persistent weaknesses” at 24 federal agencies, which it said “place critical information and information systems used to support the operations, assets, and personnel of federal agencies at risk.”
The federal watchdog took the opportunity to chide agencies for failing to implement “hundreds” of past recommendations, one of the key accusations leveled against the Office of Personnel Management (OPM) in the wake of the massive breach revealed this spring.
To read our full piece, click here.
WHO’S IN THE SPOTLIGHT:
–RAYTHEON, who just scored a five-year contract to secure the government’s networks that could be worth $1 billion. The Department of Homeland Security (DHS) contract puts the major defense company in charge of the agency’s Network Security Deployment (NSD) division. The NSD oversees the National Cybersecurity Protection System, which provides the infrastructure to protect federal agency networks. The government is scrambling to bolster its cybersecurity at more than 100 federal civilian agencies. Government audits have shown many government networks contain glaring security flaws that make it easy for hackers and foreign spies to crack computer systems. Read on, here.
A LOOK AHEAD:
WEDNESDAY
–The House Foreign Affairs Committee will hold a hearing at 10 a.m. on cyber warfare.
–The House Armed Services Committee will hold its second hearing at 10 a.m. on the Defense Department’s cyber strategy. Deputy Defense Secretary Robert Work and NSA Director Adm. Mike Rogers will testify.
THURSDAY
–CSM Passcode will hold an event at 9 a.m. titled, “The Future of America’s Cyber Strategy.” Cybersecurity officials from the Defense and State Departments will speak.
IN CASE YOU MISSED IT:
Links from our blog, The Hill, and around the Web.
Apple debuted a new website on Tuesday aimed at informing customers on how the company uses their data. (The Hill)
Rutgers University was hit with another cyberattack. (The Associated Press)
Tanium, the world’s hottest cybersecurity startup, has raised $300 million. (Fortune)
If you’d like to receive our newsletter in your inbox, please sign up here: http://goo.gl/KZ0b4A
Copyright 2023 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.