Overnight Cybersecurity

Overnight Cybersecurity: Trump picks Kelly deputy to lead DHS | House Intel to release Russian Facebook ads | House plans multiple Kaspersky hearings | Senators slam WH for missing Russia sanctions deadline

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …

 

THE BIG STORY:

–TRUMP NOMINATES KRISTJEN NIELSEN TO HEAD DHS: President Trump plans to nominate Kirstjen Nielsen, a top aide to White House chief of staff John Kelly, to lead the Department of Homeland Security (DHS), the White House announced Wednesday. Nielsen served as Kelly’s top aide during his stint as DHS secretary earlier this year and continued to work as his deputy chief of staff after he moved to the West Wing. She has extensive experience in homeland security policy, cybersecurity and emergency management, the White House noted in its announcement. Nielsen previously worked at DHS as senior legislative policy director for the Transportation and Security Administration under President George W. Bush and served on the White House Homeland Security Council under Bush.

To read the rest of our piece, click here.

–…A CYBERSECURITY READY PICK: Nielsen was formerly the president of Sunesis Consulting, which focused on critical infrastructure resiliency and security, including cybersecurity.

 

ALL THE KASPERSKY THAT’S FIT TO KASPERSKY

–GERMAN CYBERSECURITY BUREAU IN THE DARK ON KASPERSKY BEING USED BY SPIES

A top German federal cybersecurity agency is unaware of Kaspersky Lab software being used in espionage, Reuters reported Wednesday.  “There are no plans to warn against the use of Kaspersky products since [our agency] has no evidence for misconduct by the company or weaknesses in its software,” the BSI, whose name translates to the Federal Office of Information Security, told Reuters via email. Recent news stories have described Russian intelligence agencies as using the Moscow-based Kaspersky Lab’s antivirus software to search for classified information. Antivirus software works by examining files, including by uploading some files to a central server for analysis. A report Tuesday night claimed Israel had monitored Russian operatives using that inspection system to search for files related to intelligence programs. The BSI, which uses Kaspersky products, told Reuters that the United States had provided no evidence that the media reports were accurate and would welcome seeing any such evidence.

To read the rest of our piece, click here.

–HOUSE PANEL WILL HAVE MULTIPLE HEARINGS ON KASPERSKY:

The House Science, Space and Technology Committee is now planning to hold a series of hearings on software produced by Moscow-based Kaspersky Lab, The Hill has learned. The House Science, Space and Technology Committee initially planned to hold a hearing on Kaspersky on Sept. 27, an announcement that was made after the Department of Homeland Security (DHS) moved to bar federal agencies and departments from using the company’s products over potential national security concerns. Eugene Kaspersky, the company’s CEO, was initially slated to testify.  The committee postponed the initial hearing due to a scheduling conflict, and last week rescheduled it for Oct. 25. The committee is now planning multiple hearings, an aide told The Hill on Wednesday, and has not invited Kaspersky to testify on Oct. 25. “The witness list for the hearing on October 25 will change,” the committee spokesperson said. “The committee is now planning a series of hearings on this issue. The committee has not reached out to Mr. Kaspersky to testify on October 25.”

To read the rest of our piece, click here.

FLASHBACK: KASPERSKY TOLD THE HILL HE WOULD ATTEND OCT. HEARING:

When The Hill asked whether Eugene Kaspersky, Kaspersky Labs founder, would attend the October 25th hearing, he told The Hill: “I look forward to hearing from the committee and having the opportunity to address their concerns directly.”

SHAHEEN AGAIN CALLS FOR DECLASSIFYING KASPERSKY FILES:

Sen. Jeanne Shaheen (D-N.H.), who has been tough on the Russian firm, again called for the Trump administration to declassify files about Kaspersky. “[T]he Senate Armed Services Committee should immediately schedule a hearing to asses this vulnerability to our national security. It’s imperative that the Trump administration declassify information on Kaspersky Lab to raise awareness,” she said in a statement.

 

A REGULATORY UPDATE:

MCCAIN, CARDIN SCOLD TRUMP ADMINISTRATION FOR MISSING RUSSIAN SANCTIONS DEADLINE:

Sens. John McCain (R-Ariz.) and Ben Cardin (D-Md.) slammed the Trump administration on Wednesday for missing a key deadline in implementing sanctions against Russia.

“The delay calls into question the Trump administration’s commitment to the sanctions bill which was signed into law more than two months ago, following months of public debate and negotiations in Congress. They’ve had plenty of time to get their act together,” the pair said in a joint statement on Wednesday.

By Oct. 1, the McCain and Cardin-penned sanctions bill required the administration clarify which targets would be identified and punished as part of Russia’s defense and intelligence sectors. The administration has not yet done so.

The bill had been intended to force President Trump into punishing Russia for its tampering in the 2016 presidential election, with legislators fearing that the president would be overly lenient.

On September 29, Trump issued a memorandum delegating most of the responsibilities for making the decisions outlined in the bill to members of the Cabinet. Trump passed the authority to determine who counted as military or intelligence to Secretary of State Rex Tillerson.

To read the rest of our piece, click here.

 

A LIGHTER CLICK: YET MORE EVIDENCE THE NEXT HEIST MOVIE WILL BE A LET DOWN. $1.8 million in gold passes through Swiss sewers every year.

 

WHAT’S IN THE SPOTLIGHT:

SMALL BUSINESSES: The House on Wednesday approved legislation that would require the federal government to produce and disseminate guidance to help small businesses with cybersecurity.

The bill, introduced by Rep. Daniel Webster (R-Fla.), a member of the House Science, Space and Technology Committee, passed by a voice vote.

The legislation would require the National Institute of Standards and Technology (NIST), a nonregulatory standards laboratory housed in the Commerce Department, to produce cybersecurity resources for small businesses.

The NIST Small Business Cybersecurity Act of 2017 would direct NIST in coordination with other federal entities to offer additional resources to small businesses that choose to use its cybersecurity framework. Those resources would include guidelines, tools and best practices to help smaller organizations identify and reduce cybersecurity risks.

The Senate passed similar legislation offered by Sens. Jim Risch (R-Idaho) and Brian Schatz (D-Hawaii) last month.

To read the rest of our piece, click here.

 

THE LATEST ON THE RUSSIA INVESTIGATION:

–PUBLIC WILL GET TO SEE RUSSIAN FACEBOOK ADS (THIS TIME, WITHOUT BEING TRICKED INTO IT): The House Intelligence Committee plans to release the Facebook ads purchased by Russian groups during the 2016 campaign. The Wednesday announcement from the panel’s leaders comes a week after Facebook revealed that Moscow purchased online ads that specifically targeted swing states such as Michigan and Wisconsin as well as particular demographic groups in an attempt to influence the presidential election. Roughly 10 million Facebook users saw the ads, the company says, which were purchased by the Kremlin-linked Internet Research Agency. “We will be releasing them from our committee,” Intelligence Committee ranking member Adam Schiff (D-Calif.) told reporters. “We are going to ask for Facebook’s help to help scrub any personally identifiable information but it is our hope that when they get conclude, they will be released publicly,” he continued. Chairman Mike Conaway (R-Texas) said he hopes to release the ads “as quick as we can.” The announcement came after they met with top Facebook executive Sheryl Sandberg.

To read the rest of our piece, click here.

–…AND HOUSE INTEL WILL GET TO SEE CAMBRIDGE ANALYTICA INFO: The House Intelligence Committee has requested information from Cambridge Analytica about its work for President Trump’s presidential campaign as part of its investigation into Russian interference. A spokesman for the data mining firm confirmed to The Hill that Cambridge Analytica “has been asked by the House Intelligence Committee to provide it with information that might help its investigation.” The Daily Beast first reported Wednesday that the House panel was investigating Cambridge Analytica’s work for the Trump campaign. However, the company spokesman refuted the notion that the company itself is under investigation, describing the report as having “significant inaccuracies.” “As one of the companies that played a prominent role in the election campaign, Cambridge Analytica has been asked by the House Intelligence Committee to provide it with information that might help its investigation,” the spokesman said.

To read the rest of our piece, click here.

–…PINTEREST CAUGHT IN FACEBOOK AD ROW:  Pinterest, the social media website known for bookmarking recipes or fashion ideas, helped spread Russia-linked political posts during the 2016 election. Pinterest became a repository for political posts created by Russians actors after other users on the web “pinned” the content to the scrapbook-like site, the company acknowledged to The Washington Post on Wednesday. It does not appear that the Russian operatives posted directly on the site, but their presence on Pinterest grew as users unknowingly bookmarked the Russian propaganda to their online boards. “We believe the fake Facebook content was so sophisticated that it tricked real Americans into saving it to Pinterest,” Pinterest head of public policy Charlie Hale told the newspaper. “We’ve removed the content brought to our attention and continue to investigate.”

To read the rest of our piece, click here.

 

SOME NEW EQUI-FACTS:

EQUIFAX SPILLED 11 MILLION DRIVERS LICENSE NUMBERS:

The Equifax breach that was revealed last month exposed driver’s license data for around 10.9 million people, The Wall Street Journal reported Wednesday.

Equifax had said that driver’s license information had been taken in some cases as part of the breach, which compromised personal information for 145.5 million people, but the exact number was not disclosed.

To read the rest of our piece, click here.

 

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

The House ordered undercover tests of NIST’s physical security. NIST failed 15 out of 15 times. (The Hill).

It might be easier than you’d think to steal files from the NSA. (Daily Beast)

That’s not an excuse to do it. (Overnight Cyber)

The best phishing emails are disguised as breach notification emails. (InfoSecurity)

Hackers stole secret info on military equipment, including the F-35, from an Australian defense contractor. (ZDNet)

Russia is making a play to block the U.S. extradition of an alleged cybercriminal. (Reuters)

North Korea sent “preliminary” phishing emails to U.S. utilities, but the risk is “very minor.” (NBC News)

If you’d like to receive our newsletter in your inbox, please sign up here.