Overnight Cybersecurity

Hillicon Valley: Judge’s ruling creates fresh hurdle for TikTok | House passes bills to secure energy sector against cyberattacks | Biden campaign urges Facebook to remove Trump posts spreading ‘falsehoods’

Welcome to Hillicon Valley, The Hill’s newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley. If you don’t already, be sure to sign up for our newsletter with this LINK.

Welcome! Follow our cyber reporter, Maggie Miller (@magmill95), and tech reporter, Chris Mills Rodrigo (@chrisismills), for more coverage.

RSVP FOR OUR CENTURY OF THE WOMAN SUMMIT ON 9/30: On Wednesday, September 30, The Hill Virtually Live hosts a three-part program bringing together remarkable women leaders and decision-makers to discuss progress and the barriers that remain. Transportation Secretary Elaine Chao, Rhode Island Gov. Gina Raimondo, Rep. Terri Sewell, Lilly Ledbetter, Ellevest’s Sallie Krawcheck, Hilda Solis, Tina Tchen and many more. RSVP today for event reminders.

 

TIKTOK SAGA CONTINUES: The decision by a federal judge Sunday to temporarily block a federal ban on TikTok marks another setback for President Trump’s efforts to quickly overhaul how the Chinese-owned platform does business in the U.S.

The ruling also creates more confusion around the wildly popular video app’s continued U.S. operations. Beijing-based ByteDance has yet to receive final approval from the federal government on its new business arrangement with Oracle and Walmart, and the pending deal does not appear to require the Chinese company to fully divest itself of TikTok.

All of the concerns around TikTok also feed into broader efforts by the Trump administration to clamp down on Chinese tech companies across various sectors as tensions between the two countries increase.

U.S. District Judge Carl Nichols, a Trump appointee, cited larger concerns around China in a ruling unsealed Monday, writing that while the Trump administration “has provided ample evidence that China presents a significant national security threat,” the “specific evidence of the threat” posed by TikTok “remains less substantial.”

Brief reprieve: The order allows TikTok to operate normally in the U.S. at least until a full court hearing can be held. The hearing has not yet been scheduled.

The order by Nichols blocks a Commerce Department deadline that would have removed TikTok from app stores on Sept. 27, though Trump’s executive order from August does not prevent the app’s use on U.S. devices that have already downloaded TikTok. The judge’s order leaves in place a Nov. 12 deadline that would completely ban the use of TikTok in the U.S. if a deal is not reached between the Trump administration and the company.

The Nov. 12 date coincides with efforts by the Treasury Department’s Committee on Foreign Investment in the United States (CFIUS) to come to a conclusion on TikTok and on Chinese communications app WeChat. Should a deal be reached, the court case will likely be dropped.

The court case is in response to a pair of executive orders issued by Trump in August that are aimed at forcing ByteDance to divest itself of TikTok due to national security concerns.

Brian Fleming, former counsel to the assistant attorney general for national security at the Justice Department during the Obama and Trump administrations, told The Hill that he believed a deal will ultimately be reached allowing the app to continue operating.

“There is too much at stake for a deal not to be reached, and that goes from all sides of it,” said Fleming, who is a member of law firm Miller and Chevalier Chartered.

Read more here. 

PROTECT THE GRID: The House on Tuesday unanimously passed four bills aimed at securing the power grid and other energy infrastructure against cyberattacks.

All four of the bipartisan bills were approved by voice vote, and supported by the leaders of the House Energy and Commerce and House Science, Space, and Technology panels. 

The Cyber Sense Act, primarily sponsored by Reps. Bob Latta (R-Ohio) and Jerry McNerney (D-Calif.), would require the secretary of Energy to establish a program to test the cybersecurity of products intended to be used in the bulk power system. 

Latta and McNerney are the primary sponsors of a second piece of legislation passed Tuesday, the Enhancing Grid Security Through Public-Private Partnerships Act, which would require the Department of Energy to establish a program to enhance the cyber and physical security of electric utilities, along with issuing a report on ways to enhance security to address threats. 

A third bill approved, the Energy Emergency Leadership Act, would enhance leadership at the Department of Energy on cybersecurity missions to protect the nation’s energy infrastructure. Reps. Bobby Rush (D-Ill.) and Tim Walberg (R-Mich.) are the main sponsors. 

“This legislation and the two bills that will follow it are bipartisan bills that will help protect our grid from cyberattacks,” House Energy and Commerce Committee Chairman Frank Pallone (D-N.J.) said on the House floor Tuesday while speaking in favor of the Energy Emergency Leadership Act. 

Committee ranking member Greg Walden (R-Ore.), along with energy subcommittee ranking member Fred Upton (R-Mich.), both applauded the passage of the bills. 

A fourth bill, the Grid Security Research and Development Act sponsored by Reps. Ami Bera (D-Calif.) and Randy Weber (R-Texas), was also unanimously passed by the House on Tuesday. 

Read more here. 

BIDEN CAMPAIGN HAS CONCERNS: Democratic presidential nominee Joe Biden’s campaign is calling for Facebook to remove posts from President Trump and his eldest son that the Biden campaign says violates the social network’s policies by spreading falsehoods about voting. 

Biden’s campaign manager, Jen O’Malley Dillon, wrote a letter to Facebook on Monday urging for the removal of the posts and slamming the platform as being “the nation’s foremost propagator of disinformation about the voting process.”

“No company that considers itself a force for good in democracy, and that purports to take voter suppression seriously, would allow this dangerous claptrap to spread to millions of people,” Dillon wrote, according to a copy of the letter reported by Axios Tuesday.

“Removing this video should have been the easiest of easy calls under your policies, yet it remains up today,” she added, referring to a video posted by Donald Trump Jr. last week. 

In the video, Trump Jr. claims those who oppose his father have a “plan to add millions of fraudulent ballots that can cancel your vote and can overturn the election.” 

Facebook has placed a label on the video that states “voting by mail has a long history of trustworthiness in the US and the same is predicted this year,” with a link for users to “get voting information.” 

The Biden campaign also told Facebook the president himself has “repeatedly taken to your platform” to encourage his followers who have voted by mail to show up to polling places and ask to vote again unless it’s demonstrated that their vote has been counted. The campaign said these posts “clearly violated” Facebook’s policies that prohibit “misrepresentations about voting logistics, methods, or requirements.”

Read more here. 

FOREIGN HACKERS EYE NEW TARGETS: Microsoft said Tuesday it had seen a major spike in foreign efforts to target U.S. public policy groups and organizations involved in COVID-19 research, marking a shift from previous cyber attempts to disrupt critical infrastructure.

Tom Burt, corporate vice president of consumer security and trust at Microsoft, warned in a blog post detailing Microsoft’s Digital Defense Report that “threat actors have rapidly increased in sophistication over the past year, using techniques that make them harder to spot and that threaten even the savviest targets.”

The report found that countries like Russia were now focusing on nongovernmental organizations, human rights groups, think tanks, colleges and universities and other groups involved in public policy. Coronavirus researchers have also been a top target.

“Microsoft observed sixteen different nation-state actors either targeting customers involved in the global COVID-19 response efforts or using the crisis in themed lures to expand their credential theft and malware delivery tactics,” Burt wrote. “These COVID-themed attacks targeted prominent governmental healthcare organizations in efforts to perform reconnaissance on their networks or people. Academic and commercial organizations involved in vaccine research were also targeted.”

Microsoft said 52 percent of all nation-state targeting over the past year originated from Russia, with the other half coming from China, North Korea and Iran.

The U.S. was the target of almost 70 percent of attacks, followed by the United Kingdom at 19 percent, and Canada, South Korea and Saudi Arabia rounding out the top five.

Burt noted that COVID-19 fears were being exploited by malicious actors, with coronavirus-themed phishing emails and malware viruses spiking in March as part of attempts to trick individuals into disclosing personal account credentials.

Read more here. 

 

CYBER BLACKMAIL: A hacker released documents from a Las Vegas-area school district, including student and employee information, late last week after officials refused to pay the requested ransom to regain access to district computer servers.

Sensitive information from the Clark County School District (CCSD), including Social Security numbers and student grades, was published on the hacker’s website last week, The Wall Street Journal reported Monday. The country’s fifth-largest school district, which teaches 320,000 students, is the largest to be hit with ransomware since the coronavirus pandemic began.

Brett Callow, a threat analyst for cybersecurity company Emsisoft, told the Journal the hacker had sent the county a warning by releasing a file from the district that appeared to be nonsensitive. 

But more sensitive files were released last week that included employee Social Security numbers, addresses and retirement papers and student names, grades, birth dates, addresses and the school they attended. 

The school district released a statement on Monday saying it will individually notify those affected by the hack, adding it is “working diligently to determine the full nature and scope of the incident.”

“CCSD values openness and transparency and will keep parents, employees and the public informed as new, verified information becomes available,” the statement reads. 

Read more here. 

DUTERTE VS. FACEBOOK: Philippines President Rodrigo Duterte on Tuesday slammed Facebook after the social media platform said last week that it took down two networks promoting government propaganda that primarily targeted the Philippines and Southeast Asian countries. 

“Facebook, listen to me. We allow you to operate here hoping that you could help us,” President Rodrigo Duterte said in a late-night televised address, according to Reuters. “Now, if government cannot espouse or advocate something which is for the good of the people, then what is your purpose here in my country?”

Duterte has used social media platforms like Facebook to help harness power and assist his rise to his election win in 2016. 

Presidential spokesman Harry Roque said Duterte would not shut down the platform in the country, but said the president wants to understand how it regulates the content and questioned Facebook’s partnership with two local fact-checkers that he said were critical of Duterte’s government, according to the newswire

“We need new policies to level the playing field on Facebook,” Roque told Reuters. 

Read more here. 

GOOD DAY FOR GOOGLE: Google is set to win European Union antitrust approval for its $2.1 billion acquisition of FitBit, a Google spokesperson confirmed Tuesday. 

Google said it has been working with the European Commission on an “updated approach to safeguard consumers’ expectations” that Fitbit devices won’t be used for advertising. 

“This deal is about devices, not data. The wearables space is highly crowded, and we believe the combination of Google and Fitbit’s hardware efforts will increase competition in the sector, benefiting consumers and making the next generation of devices better and more affordable,” the spokesperson said in a statement. 

“We’re also formalizing our longstanding commitment to supporting other wearable manufacturers on Android and to continue to allow Fitbit users to connect to third party services via APIs if they want to,” the spokesperson added. 

Reuters first reported the expected EU antitrust approval on Tuesday, citing unnamed sources. 

The newswire had reported Google offered to make it easier for rival makers of wearable devices to connect to the Android platform by offering them access to the Android application programmatic interface, Reuters reported.

Read more here. 

FLY (NO ONE) TO THE MOON: The United Arab Emirates is planning to launch its first-ever mission to the moon by 2024, with an unmanned spacecraft, UAE Vice President and Dubai ruler Mohammad bin Rashid Al Maktoum said Tuesday.

The lunar rover the country is planning to launch will send back images and data from new sites on the moon that have yet to be explored by previous missions. The information will be shared with global research centers and institutions, he tweeted.

The rover will be 100 percent manufactured and developed in the UAE by Emirati Engineers, according to Mohammed.

If the mission is successful, the UAE will be the fourth country to land a spacecraft on the moon, following the U.S., the Soviet Union and China.

Read more here. 

Lighter click: Your moment of zen

An op-ed to chew on: The right debate question for Trump, Biden: How do we fight our next war? 

NOTABLE LINKS FROM AROUND THE WEB:

Delivery apps say they’re trying to boost Black-owned businesses. Is it working? (Protocol / Emily Birnbaum) 

Cleveland-area hospital goes offline after apparent cyberattack (NBC News / Kevin Collier) 

Palantir admits to helping ICE deport immigrants while trying to prove it doesn’t (Vice Motherboard / Edward Ongweso Jr.) 

Weeks before Election Day, Putin trolls the U.S. with an offer of a cyber truce (CyberScoop / Joe Warminsky)

The mail-in voting tech industry can’t keep up (Protocol / Issie Lapowsky) 

The crypto millionaire that acquired BitTorrent–and waded into the trade war (The Verge / Chris Harland-Dunaway)