Hillicon Valley: Cyber agency says SolarWinds hack could have been deterred | Civil rights groups urge lawmakers to crack down on Amazon’s ‘dangerous’ worker surveillance | Manchin-led committee puts forth sprawling energy infrastructure proposal
Welcome to Hillicon Valley, The Hill’s newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley. If you haven’t already, be sure to sign up for our newsletter by clicking HERE.
Welcome and Happy Thursday! Follow our cyber reporter, Maggie Miller (@magmill95), and tech team, Chris Mills Rodrigo (@chrisismills) and Rebecca Klar (@rebeccaklar_), for more coverage.
The key federal cybersecurity agency acknowledged the massive SolarWinds hack, which led to the compromise of nine federal agencies by Russian hackers, might have been deterred if a basic security measure had been put in place. The breach is considered one of the largest in U.S. history, and chilled relations between the U.S. and Russia even further.
Meanwhile, as Amazon rolls out its two-day Prime Day sale, civil rights groups called on lawmakers to crack down on Amazon’s workplace policies and the Senate Energy and Natural Resources Committee rolled out a major energy legislative proposal that includes language on securing critical infrastructure increasingly at risk of attack.
SOLARWINDS UPDATE: The SolarWinds hack, one of the largest cybersecurity incidents in U.S. history, may have been deterred or minimized if basic security measures had been put in place, a top government official acknowledged earlier this month.
In a June 3 letter to Sen. Ron Wyden (D-Ore.) provided to The Hill on Monday, Cybersecurity and Infrastructure Security Agency (CISA) acting Director Brandon Wales agreed with Wyden’s question over whether firewalls placed in victim agency systems could have helped block the malware virus used in the SolarWinds attack.
“CISA agrees that a firewall blocking all outgoing connections to the internet would have neutralized the malware,” Wales wrote.
He stressed, however, that while the agency “did observe victim networks with this configuration that successfully blocked connection attempts and had no follow-on exploitation, the effectiveness of this preventative measure is not applicable to all types of intrusions and may not be feasible given operational requirements for some agencies.”
The response comes six months after the SolarWinds hack was discovered in December after it was ongoing for most of last year. The hack, which U.S. intelligence agencies assessed earlier this year was likely backed by the Russian government, led to the compromise of nine federal agencies and around 100 private sector organizations.
PRIME DAY PROTESTS: Civil rights groups are calling on lawmakers and regulators to crack down on Amazon over its system of monitoring workers’ pace.
More than 35 civil rights organizations signed a letter Monday urging action. The letter was released the same day of Amazon’s two-day Prime Day sale, which activists have criticized, arguing it increases pressure on workers.
“It is time for lawmakers and regulators to step-in and end the punitive system of constant surveillance that drives the dangerous pace of work at Amazon,” the groups wrote, according to a copy of the letter shared with The Hill.
The letter specifically calls for state and federal officials to enact laws that ban surveillance-driven discipline and control to ensure workers are protected from “abusive conditions.”
ENERGY PROPOSAL IN THE PIPELINE: A Senate committee that’s led by key swing vote Sen. Joe Manchin (D-W.Va.) has released a 400-page energy infrastructure proposal that it will weigh later this week.
The proposal, which is labeled a discussion draft, did not receive much fanfare on Friday as it was quietly included as part of an advisory announcing a hearing on infrastructure needs by the Senate Energy and Natural Resources Committee.
Included in the proposal are two bipartisan bills approved earlier this month by the House Energy and Commerce Committee intended to enhance the cybersecurity of critical energy resources.
The Cyber Sense Act would require the Department of Energy, in coordination with other agencies, to establish a program to test the cybersecurity of products used in the bulk power system.
The Enhancing Grid Security Through Public-Private Partnerships Act would direct the Department of Energy to create a program encouraging partnership with the private sector to shore up both physical and cybersecurity of the grid.
Read more about the proposal here.
LIVE AUDIO LAUNCH: Facebook is launching podcasts and live audio stream features in the U.S. as it expands to add more social audio experiences, the company said Monday.
Facebook’s Live Audio Rooms will be available for public figures and select Facebook Groups in the U.S., with plans to expand the ability for more public figures and groups to host rooms in coming weeks, according to Facebook’s blog post.
The launch comes a couple of months after Facebook said it would test the Live Audio Rooms feature, following the rising popularity of the social media platform Clubhouse. Other tech companies, including Twitter and Spotify, have also announced features to rival Clubhouse.
ICYMI: ANTITRUST BILLS DIVIDE GOP: House Republicans are publicly sparring over several high-profile antitrust bills that have bipartisan support, signaling a bumpy road ahead for the legislation.
The House Judiciary Committee on Wednesday is slated to vote on five bipartisan measures targeting Big Tech, but the panel’s top Republican, Rep. Jim Jordan (Ohio) and Minority Leader Kevin McCarthy (Calif.) are bashing the bills as a Democratic-led partisan power grab.
“Democrat impeachment managers don’t care about conservative censorship. Their next big mission? Empower Big Tech and Big Government to make it worse,” Jordan tweeted Wednesday, after lawmakers in both parties touted the legislative package.
That drew a swift rebuke on Twitter from Rep. Ken Buck (R-Colo.), the ranking member on the antitrust subcommittee who is cosponsoring the bills.
“Using antitrust laws to stop Big Tech’s bad behavior isn’t Big Government, it’s law enforcement,” Buck said.
While the Republican infighting is unlikely to prevent the bills from advancing in the House, the GOP division could have bigger ramifications in the 50-50 Senate, where at least 60 votes are needed to advance most legislation.
On tap this week:
-A Senate Commerce Committee subcommittee will hold a hearing Tuesday on building resilient and secure telecommunications networks.
-The House Judiciary Committee will markup bipartisan antitrust legislation during a meeting Wednesday.
-Senior officials from the Department of Defense will testify about the recent string of ransomware attacks during a Senate Armed Services Committee hearing on Wednesday.
-FBI Director Christopher Wray will testify Wednesday to the Senate Appropriations Committee on the FBI’s proposed fiscal year 2022 budget, which could involve discussion of cyber and tech priorities.
Lighter click: See you in Tokyo
An op-ed to chew on: Securing military command, control, and communications requires focus, follow through
NOTABLE LINKS FROM AROUND THE WEB:
Google executives see cracks in their company’s success (The New York Times / Daisuke Wakabayashi)
Smart thermostats are turning down air conditioners during heatwave (Vice Motherboard / Audrey Carleton)
U.S. SEC probing SolarWinds clients over cyber breach disclosures–sources (Reuters / Katanga Johnson)
Copyright 2023 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.