Overnight Cybersecurity

Hillicon Valley: Senators introduce bill to require some cyber incident reporting | UK citizen arrested in connection to 2020 Twitter hack | Officials warn of cyber vulnerabilities in water systems

Welcome to Hillicon Valley, The Hill’s newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley. If you don’t already, be sure to sign up for our newsletter by clicking HERE. 

Welcome and Happy Wednesday! Follow our cyber reporter, Maggie Miller (@magmill95), and tech team, Chris Mills Rodrigo (@millsrodrigo) and Rebecca Klar (@rebeccaklar_), for more coverage. 

A much-anticipated bipartisan measure to respond to recent major cyberattacks on both the federal government and the private sector was rolled out by Senate Intelligence Committee leaders on Wednesday. The bill would increase the government’s visibility into cyberattacks by requiring some key companies to report breaches.

Meanwhile, the Justice Department announced that a British citizen has been arrested in Spain for allegedly having helped carry out the hack against Twitter last year that compromised accounts of verified individuals including President Biden and former President Obama, and back on Capitol Hill experts warned of glaring cyber vulnerabilities facing water systems. 

MAJOR CYBER BILL ROLLED OUT: Leaders of the Senate Intelligence Committee and other bipartisan lawmakers on Wednesday formally introduced legislation requiring federal contractors and critical infrastructure groups to report attempted breaches following months of escalating cyberattacks. 

The Cyber Incident Notification Act would require federal agencies, government contractors and groups considered critical to national security — such as hospitals, utilities, financial services and information technology groups — to report cyber incidents to the Cybersecurity and Infrastructure Security Agency (CISA) within 24 hours.

The bill would grant liability protections to groups that report breaches, along with anonymizing personal information of the companies involved in the incidents in order to encourage reporting. 

The bill is primarily sponsored by Senate Intelligence Committee Chairman Mark Warner (D-Va.), Vice Chairman Marco Rubio (R-Fla.) and committee member Susan Collins (R-Maine), with the measure circulating in the Senate and among stakeholders in draft format over the last month.

Read more about the new bill here.

 

YOU CAN ONLY RUN SO LONG: A citizen of the United Kingdom was arrested in Spain on Wednesday in connection with the July 2020 Twitter hack that compromised politicians’ and celebrities’ accounts, the Justice Department announced

Joseph O’Connor, 22, is facing several federal charges in connection with the July 15, 2020 hack that compromised over 130 Twitter accounts, including those of President Biden, former President Obama and Elon Musk

The Justice Department said the U.K.’s National Crime Agency and the Spanish National Police provided assistance in the investigation and the arrest.

Read more about the hack here. 

 

WATER INSECURITY: Lawmakers and experts on Wednesday warned of gaping cybersecurity vulnerabilities in the nation’s critical water sector amid escalating attacks against a number of U.S. organizations. 

“I believe that the next Pearl Harbor, the next 9/11, will be cyber, and we are facing a vulnerability in all of our systems, but water is one of the most critical and I think one of the most vulnerable,” Sen. Angus King (I-Maine), the co-chairman of the Cyberspace Solarium Commission (CSC), testified to the Senate Environment and Public Works Committee.

“There is an incipient nightmare here, and it involves all sectors of our critical infrastructure, but water I think is probably the most vulnerable because of the dispersed nature of water systems in the country,” he warned.

Cyber threats have soared in recent years, including recent ransomware attacks on critical infrastructure such as Colonial Pipeline, and the water sector has not been immune.

Read more about the hearing here.

 

EVERYONE’S A CRITIC: The Biden administration’s push to weed out COVID-19 misinformation online is spotlighting calls to reform Section 230, while further highlighting the deep partisan divide among lawmakers’ approaches to modify the law that provides tech companies a liability shield.

Critical comments against Facebook made by President Biden and action taken by Twitter against a controversial lawmaker this week raised the pressure on big tech companies already on defense over their content policies, but also showcased the opposing reasons both parties are concerned.

Biden in recent days joined congressional Democrats’ efforts to press social media companies to take action against misinformation about the coronavirus and vaccines. But amid the administration’s push, Republicans are piling on criticism of the Silicon Valley giants and the government-led effort to hold them accountable.

Read more here

 

SMALL BUSINESS WOES: The recent ransomware attack on software group Kaseya hit small businesses especially hard, targeting companies that often have few resources to defend themselves and highlighting long-standing vulnerabilities.

The attack has been made worse during the pandemic when cyber threats against small businesses have multiplied, and companies have scrambled to stay afloat. 

“When large businesses aren’t doing the basics it’s negligence,” Kiersten Todt, managing director of the Cyber Readiness Institute, told The Hill. 

“When small businesses aren’t doing the basics, it’s often because they don’t have the resources, or the knowledge, or the education,” Todt added. 

Read more about small business concerns here.

 

…AND SMALL BUSINESS WINS: Small businesses are leveraging popular trends on TikTok to build their brands and gain global followings.

Unlike its older social media peers, popular content on TikTok tends to be more stripped down which can give small businesses a leg up, said Eric Dahan, co-founder and CEO of influencer marketing agency Open Influence.

“People crave that raw, behind-the-scenes experience, they crave authenticity. So businesses are able to build a much more human connection,” Dahan said.

“That’s an advantage [small businesses] have, where they get rewarded for having a more human voice. For the big companies it’s much more of a challenge for them to do that,” he said.

Read more about what small business owners had to say

 

BILLS, BILLS, BILLS: The House Energy and Commerce Committee on Wednesday approved multiple pieces of legislation meant to strengthen telecommunications against cyberattacks.

The committee approved by voice vote eight bipartisan bills covering issues including increasing cybersecurity best practices, communications security, and strengthening cyber programs at the Federal Communications Commission (FCC) and the National Telecommunications and Information Administration (NTIA).

“Today I am proud that the Energy and Commerce Committee came together to pass urgently needed legislation that will promote more secure networks and supply chains, bringing us one step closer to a safer and more secure wireless future,” House Energy and Commerce Committee Chairman Frank Pallone (D-N.J.) said in a statement following the markup of the bills. 

Read more about the bills moving forward here. 

 

CLUBHOUSE OPENS: The live audio room app Clubhouse is no longer invite-only, the company announced Wednesday, ending the platform’s year-long beta stage.

Users on both iOS and Android will now be able to make accounts and join the app, which exploded in popularity during the coronavirus pandemic, without needing the referral of an existing member.

“It’s been a rollercoaster first half of the year, and we’ve emerged much bigger than we were in January,” co-founders Paul Davison and Rohan Seth wrote in a blog post.

Read more.

 

$5M FOR MISINFORMATION: The Knight Foundation will invest $5 million in research projects aimed at addressing online misinformation with a focus on the impact on communities of color, the nonprofit organization said Wednesday. 

The investment includes a $1.5 million open call for proposals for research that “can lead to effective interventions to mitigate the effects of racialized disinformation or targeted manipulation of communities of color,” according to the Knight Foundation announcement. 

Read more here

 

ICYMI: CYBER FRONT AND CENTER: A series of disruptive cyberattacks targeting sectors from food to energy to technology has forced President Biden to put cybersecurity at the center of his agenda in his first six months in office.

Biden has focused on Russia and China as two nations that present major threats to America’s national and economic security, with cyber issues being prime areas of engagement with those countries as ransomware attacks on critical infrastructure become a constant headache.

Read more about Biden’s cyber efforts here.

 

An op-ed to chew on: ‘Move fast and break things’ won’t work for autonomous vehicles

Lighter click: Treat yourself!

NOTABLE LINKS FROM AROUND THE WEB: 

Investigation: How TikTok’s Algorithm Figures Out Your Deepest Desires (The Wall Street Journal)

Female Twitch Streamers Spend Their Lives Online. Predators Are Watching. (HuffPost / Jesselyn Cook)

The New Brandeis Movement Has Its Moment (The American Prospect / David Dayen and Alexander Sammon)

The Biden administration should take the First Amendment as seriously as Facebook misinformation (The Verge / Adi Robertson)

Chat logs show how Egregor, an $80 million ransomware gang, handled negotiations with little mercy (CyberScoop / Tim Starks)