Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …
THE BIG STORY:
–RULE 41 DRAMA: Sen. Chris Coons (D-Del.) intends to call for a voice vote by unanimous consent Wednesday on a bill delaying changes to the government’s warrant rules, a member of his staff said.
{mosads}
At issue are controversial changes to Rule 41 of the Federal Criminal Procedure, which describe how evidence must be collected. The changes would allow investigators to get permission to hack five or more computers with a single warrant application. The changes would also allow investigators to apply for a warrant in any court, regardless of jurisdiction, to hack a computer that uses technology to hide its location. The update to the rule is slated to take effect on Thursday, unless lawmakers can delay them.
Coons introduced legislation earlier this month to delay the start date of the new rules until July 1 to give lawmakers more time to consider the implications of the changes. The bipartisan “Review the Rule Act” is also sponsored by Sens. Steve Daines (R-Mont.), Al Franken (D-Minn.), Mike Lee (R-Utah) and Ron Wyden (D-Ore.), as well as Reps. John Conyers (D-Mich.) and Ted Poe (R-Texas). Calling for a vote by unanimous consent from the Senate floor would circumvent the need for Majority Leader Mitch McConnell (R-Kent.) to schedule a formal vote. But the plan would fail if any senator stood against it. To read our full piece, click here.
–LIKE TURNING 18: House and Senate conferees have agreed to a final defense bill that will elevate the U.S.’s military cyber unit to a full combatant command, senior House and Senate Armed Services Committee staffers told reporters Tuesday. Currently, Cyber Command is under the authority of U.S. Strategic Command, although it shares an address — and resources — with the National Security Agency (NSA). The legislation will spin it out into its own fully-fledged warfighting unit. But the bill will keep a more controversial element of Cyber Command’s structure, at least for now: Adm. Mike Rogers will maintain his dual hat role as the director of both the NSA and Cyber Command. It is a controversial arrangement that most onlookers — including Rogers — expect will eventually end, but not immediately. The bill requires the Pentagon to establish conditions for what would need to happen if the positions are split. To read our full piece, click here.
–MUNI DOESN’T NEGOTIATE WITH TERRORISTS: The San Francisco Municipal Transportation Agency, better known as the Muni, says it will not pay hackers to restore its systems after a ransomware attack. “We have never considered paying the ransom,” Muni spokesman Paul Rose told the trade publication Bank Info Security. “We have an IT team that can fully recover our systems, and they are doing that. Ransomware has affected the light rail system since the weekend, forcing it to give customers free rides as the system deals with the attack.
A POLICY UPDATE:
–WHAT’S GOOD FOR ME AND YOU. The House on Tuesday passed two bills aimed at bolstering U.S.-Israel cooperation on cybersecurity, both from Reps. Jim Langevin (D-R.I.) and John Ratcliffe (R-Texas).
One establishes a grant program at the Department of Homeland Security for collaborative R&D between the United States and Israel on cybersecurity.
A separate bill would include cybersecurity in an existent Department of Homeland Security R&D program.
Both bills passed by voice vote.
–CYBER IN THE INTEL AUTHORIZATION. House Intel Chairman Devin Nunes (R-Calif.) introduced the 2017 intelligence authorization, containing a light smattering of cybersecurity related initiatives. Among other things, the legislation would require the establishment of an interagency committee to “counter active measures by the Russian Federations to exert covert influence over peoples and governments” — including media manipulation, establishment of a front group and offensive counterintelligence.
The bill also directs the Director of National Intelligence to increase STEM training, including cybersecurity, for agents, and permits special pay to increase retention.
Similarly, the FBI is told to audit training efforts for cybersecurity, successful integration of trained agents into the workforce and cooperation with the private sector in the field.
It also includes provisions to establish a Cyber Center for Education and Innovation at the National Cryptologic Museum and compel the Under Secretary of Homeland Security for Intelligence and Analysis to update Congress on cybersecurity at seaports.
A LIGHTER CLICK:
–2016 IN ONE VIDEO. This is how it feels.
A REPORT IN FOCUS:
–THE AUDACITY OF HOPE. Throughout 2016, experts predicted the steady rise of ransomware and internet of things security problems – with many particularly frightening predictions about the intersection between the two (“Deposit $500, or your internet connected pacemaker stops working”). In a report cataloging its predictions for 2017, McAfee Security predicts that ransomware attacks will subside mid-year. It is a particularly bold prediction for a report that includes a chart of ransomware’s steady quarterly growth since 2014 Q4. McAfee speculates that improvements to security software as well as improved real-world policing will fuel the change.
–HOW THE FEDS COULD HELP CYBER INSURANCE. Insurance against cyberattacks is an incredibly useful product for businesses, but still has some fundamental problems for insurers. Unlike life insurance, cyber insurance doesn’t have centuries of data to build actuarial tables to determine fair and profitable pricing. The uncertainty of a rapidly changing, hard to gauge threat prevents a wider marketplace of cyberinsurance. But Robert Knake at the Council for Foreign Relations thinks there might be a way around that problem.
In a report released today, Knake suggested the government create a backstop for cyber insurance – a mechanism to subsidize payouts beyond a minimum. That strategy has been successful for another, similarly hard to insure problem in the modern era – terrorism. When insurance companies backed away from the unsure world of terrorism insurance after 9/11, the government created the successful Terrorism Risk Insurance Program, a backstop to encourage entry into the market.
WHO’S IN THE SPOTLIGHT:
–QUEEN ELIZABETH. (ALWAYS.) (BUT MORE IN THE SPOTLIGHT TODAY THAN USUAL.) The Queen accepted a controversial surveillance bill into law today — the Investigatory Powers Act, also known by its derisive nickname, the Snoopers’ Charter. The law forces internet service providers to maintain archives of customers’ internet activities for a full year, requires internet companies to aid in surveillance and creates a new framework for granting warrants for digital eavesdropping.
To read the rest of our piece, click here.
THE WEEK AHEAD:
WEDNESDAY
–The FireEye Cyber Defense Summit concludes on Wednesday.
THURSDAY
–The Senate Foreign Relations Committee will hold a hearing on the future of counter-terrorism strategy, at 10:30 a.m.
IN CASE YOU MISSED IT:
Links from our blog, The Hill, and around the Web.
The U.S. based Internet Archive is opening a Canadian outpost, fearing censorship from the new administration. (Motherboard)
Facebook puts Pac-Man on messenger. (Reuters)
A bill protecting the right to complain on Yelp cleared the Legislative branch. (Morning Consult)
Journalist convicted of being a hacker (or hacker claiming to be a journalist) Barrett Brown was released from prison. (Courage foundation)
If you’d like to receive our newsletter in your inbox, please sign up here.