Overnight Cybersecurity

Overnight Cybersecurity: Former Equifax exec charged with insider trading | Dems blast GOP over House Russia probe | Lawmakers weigh security of energy infrastructure

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …

 

THE BIG STORIES:

–FORMER EQUIFAX EXEC CHARGED WITH INSIDER TRADING: The Securities and Exchange Commission (SEC) charged a former Equifax executive with insider trading on Wednesday, alleging he sold close to $1 million in company stock after learning of a massive hack of the credit agency. The SEC alleges that Jun Ying, Equifax’s former chief information officer, saved more than $100,000 when he sold his stock in the company after learning of the incident but before the credit bureau announced it had been hacked. “As alleged in our complaint, Ying used confidential information to conclude that his company had suffered a massive data breach, and he dumped his stock before the news went public,” said Richard R. Best, director of the SEC’s Atlanta office. “Corporate insiders who learn inside information, including information about material cyber intrusions, cannot betray shareholders for their own financial benefit.” Equifax announced on Sept. 7 that hackers had accessed the personal information of 143 million people in May 2017, a figure it later updated to 148 million. The information stolen included Social Security numbers, credit card information and other sensitive data. Ying had known as early as Aug. 25 that Equifax had been hacked and that the incident required a major response, according to the SEC complaint. The SEC alleges that Ying, who had been working on Equifax’s response to the hack, sold his shares in the company on Aug. 28, before the credit agency revealed the breach. Ying allegedly sold more than $950,000 in Equifax stock after looking up how a 2015 hack of Experian, a rival credit bureau, affected that company’s shares. Ying was allegedly informed about the full extent of the hack on Aug. 29, the day after he sold his Equifax stock. Equifax lawyers told him not to trade his shares in the company soon after, unaware that Ying had already sold them. Equifax said that it “separated him from the company and reported our findings to government” after learning about Ying’s stock sale. “We are fully cooperating with the [Justice Department] and the SEC, and will continue to do so,” Equifax said in a statement. “We take corporate governance and compliance very seriously, and will not tolerate violations of our policies.”

To read more from our piece, click here.

 

–DEMS BLAST GOP OVER HOUSE RUSSIA PROBE: Democrats on the House Intelligence Committee say Republicans prematurely closed the panel’s investigation into Russian interference despite what they say is “significant evidence” of collusion between the Kremlin and the Trump campaign. “There is significant evidence and much of it in the public domain on the issue of collusion,” Rep. Adam Schiff (Calif.), the top Democrat on the committee, said during a press conference on Tuesday flanked by other Democrats on the panel.  Schiff blamed House Intelligence Chairman Devin Nunes (R-Calif.) and the majority party for shutting the doors on the investigation that he says has yet to interview key witnesses or obtain relevant documents. “Sadly, from a very early point in the investigation, the chairman made the decision that his mission was not to find out what Russia did, not to determine the role of U.S. persons, but rather to endeavor to distract the public, to put the government on trial,” Schiff said. Schiff accused Republicans of setting a dangerous precedent that could kneecap future committees’ efforts to get witnesses from the executive branch. Other Democrats also voiced concerns over how those inquiries may go given the decision to end the current probe. The backlash from Democrats comes after Rep. Mike Conaway (Texas), the senior Republican leading the Russia probe, announced on Monday that the committee had concluded the interview portion of their investigation and would be moving on to writing a report of their findings. A draft copy of the GOP report denied any evidence of collusion. While they did agree largely with the intelligence community’s assessment that Russians sought to sow discord in the U.S., Republicans on the panel disagreed with the view that Russia explicitly sought to help President Trump’s campaign. “Sadly it is little more than another Nunes memo in long form,” Schiff said, referring to Nunes’s controversial decision to release a declassified memo authored by his staff that outlined allegations of surveillance abuse.  

To read more from our piece, click here.

 

–RAND PAUL TO OPPOSE POMPEO, HASPEL FOR STATE AND CIA POSTS: Sen. Rand Paul (R-Ky.) said on Wednesday he would oppose President Trump’s nominations of CIA Director Mike Pompeo to be secretary of State and CIA Deputy Director Gina Haspel to lead the spy agency. Paul said that he will oppose the nominations and “do everything I can to block” them. “My announcement today is that I will oppose both Pompeo’s nomination and Haspel’s nomination,” Paul said. Paul is the first Republican to come out against the two nominations, which were announced by Trump on Tuesday. Last year, he was the only Republican to vote against Pompeo for CIA director. The senator pointed to his previous statement that Pompeo doesn’t believe “enhanced interrogation techniques” to be torture, as well as his support for the Iraq War, in explaining his opposition. “I’m perplexed by the nomination of people who love the Iraq War so much that they would advocate for a war with Iran next. I think it goes against most of the things President Trump campaigned on,” he said. Paul said he is opposing Haspel due to her involvement in the enhanced interrogation program during the George W. Bush administration. He said she showed “joyful glee at someone who is being tortured.” “I find it just amazing that anyone would consider having this woman at the head of the CIA,” Paul said. 

To read more from our piece, click here.

 

A LEGISLATIVE UPDATE:

Lawmakers on the House Energy and Commerce Committee on Wednesday held a hearing on legislative proposals addressing the security of U.S. energy infrastructure, including digital threats to energy assets.

Several bipartisan bills introduced earlier this month by lawmakers on the committee aim to bolster the Department of Energy’s preparedness to address cyber incidents, enhance its ability to coordinate cybersecurity efforts across U.S. energy infrastructure, and bolster public-private partnerships to strengthen the security of electric utilities.

“This is really important stuff for our country,” said Chairman Greg Walden (R-Ore.) at the outset of the hearing, which also addressed emergency response broadly. “Because our energy sector drives the entire nation’s economy, I have made it a top priority of the committee to focus on emerging threats and propose solutions to make our infrastructure more resilient.”

“In today’s highly interconnected world, the threat of cyberattacks is ever present so we have to be vigilant. We also must be prepared for physical threats,” Walden said.

Undersecretary of Energy Mark Menezes emphasized that energy security is a “top priority” of Secretary Rick Perry, pointing to the department’s recent decision to set up an Office of Cybersecurity, Energy Security and Emergency Response (CESER).

He commended lawmakers for their efforts to address energy cybersecurity using legislation, though repeatedly emphasized that they should authorize resources so that DOE can carry out any new responsibilities granted via legislation.

“Clear direction and the authorization to have the resources would be very helpful,” Menezes said.

When questioned by Rep. Jerry McNerney (D-Calif.) as to why the department’s fiscal 2019 budget proposal significantly cut funds to the Office of Electricity Delivery and Reliability, Menezes noted that the proposal includes $96 million in funding for CESER, the new cyber office.

Menezes warned that the department and the U.S. energy grid face a barrage of cyberattacks in the evolving digital realm.

“Our systems our constantly being attacked, constantly,” Menezes told Rep. Joe Barton (R-Texas).  “Not only the DOE system, but also the energy system.”

Menezes referenced sensitive intelligence that the department has viewed as part of the National Security Council. “When you look at it, those that want to penetrate our system try all segments–all segments,” he said. “So, in that respect, we’re all vulnerable.”

Menezes also pointed to some “reported breaches” of U.S. energy infrastructure but said the nation has been lucky not to suffer a “major consequence” from a cyberattack. He agreed to speak with lawmakers at a bipartisan classified briefing to go into more detail on threats.

 

A NOMINATION IN FOCUS: 

Lt. Gen. Paul Nakasone, President Trump’s nominee serve as the next NSA director and commander of U.S. Cyber Command, will appear before the Senate Intelligence Committee Thursday morning for his second confirmation hearing.

Nakasone, who currently commands U.S. Army Cyber Command, has already been approved by lawmakers on the Senate Armed Services Committee.

If confirmed, he will replace outgoing NSA Director Adm. Mike Rogers, who took over at NSA following the 2013 Edward Snowden disclosures.

Nakasone’s confirmation hearing is scheduled for 10 a.m. Thursday morning.

 

A LIGHTER CLICK:

Machines can now help your office with their March Madness brackets. (Technology Review)

 

WHAT’S IN THE SPOTLIGHT:

Top government officials appeared before members on the House Oversight Committee to address the status of federal information technology in the present year as well as federal plans for information technology (IT) modernization.

Information Technology Subcommittee Chairman Will Hurd (R-Texas) laid out a series of concerns he wanted the officials to address in the hearing, as well as highlighting what he views as federal progress to the credit of the Trump administration.

But he also expressed concern about “lost momentum” in some areas.

Hurd pointed to the lagging pace it took to appoint a federal CIO, incentives to recruit and retain talented cyber professionals, and recommendations from the Government Accountability Office (GAO) that go unheeded.

“We need to rethink how we restructure the federal workforce so the federal government has access to smart, well-trained IT and cybersecurity professionals and be working in a bipartisan fashion,” Hurd said at the start of the hearing.

“I also continue to have concerns about long-standing GAO recommendations that remain unaddressed often times year after year after year. These opening lingering vulnerabilities put us at incredible risk as we saw with the devastating data breaches with the [Office of Personnel Management],” he continued.

Representatives from the GAO, Department of Homeland Security, Office of Management and Budget, and General Services Administration (GSA).

Witnesses like GAO’s top IT management official David Powner and OMB’s Margaret Weichert stressed the need for the CIO of an agency to have flexibility on issues like spending and structure.

“We are absolutely in alignment in terms of the idea that the CIO for the broad agency needs to have all the capabilities and tools to make these very profound investments,” Weichert said.

Hurd also questioned the witnesses about their cyber-hygiene efforts.

Jeanette Manfra, a top DHS’s official in the Office of Cybersecurity and Communications, emphasized spotlighting vulnerabilities, which has led them to be able to independently validate whether patch management programs work.

The ability to independently validate instead of self report allowed them to cut the time it took to patch vulnerabilities from months to just around 30 days. 

 

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

Facebook bans far-right British group retweeted by Trump. (The Hill)

OP-ED: For national security, the ‘Internet of Things’ is the ‘Internet of Trouble‘. (The Hill)

Google to ban cryptocurrency ads. (The Hill)

Haley blames Russia for poisoning ex-spy in UK. (The Hill)

Japanese crypto firm pays back customers after hack. (Wall Street Journal)

Fitness app Strava is taking steps to restrict access to its online map after revealing sensitive information (Reuters)

YouTube is using Wikipedia to push back on videos about conspiracy theories. (The Verge)