Hillicon Valley: Administration to release attribution for Microsoft vulnerabilities in ‘coming weeks’ | Facebook rolling out new newsletter feature | Parler refused Trump demand to ban his critics: book
Welcome to Hillicon Valley, The Hill’s newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley. If you don’t already, be sure to sign up for our newsletter by clicking HERE.
Welcome and Happy Tuesday! Follow our cyber reporter, Maggie Miller (@magmill95), and tech team, Chris Mills Rodrigo (@chrisismills) and Rebecca Klar (@rebeccaklar), for more coverage.
A top Biden administration official on Tuesday teased the upcoming attribution of the exploitation of vulnerabilities in Microsoft’s Exchange Server, saying that there would be further details on who was behind the attack “in the coming weeks.” The administration previously called out Russia for being behind the SolarWinds hack, and Microsoft in March said a Chinese state-sponsored hacking group was likely exploiting the Microsoft vulnerabilities.
Meanwhile, Facebook announced a new newsletter, and new details of conversations between former President Trump and social media platform Parler came to light.
WATCH THIS SPACE: The Biden administration is working to formally attribute the exploitation of vulnerabilities in Microsoft’s Exchange Server application, which left thousands of organizations vulnerable to attack, “in the coming weeks,” a top official said Tuesday.
“I think you saw the national security adviser Jake Sullivan say that we will attribute that activity, and along with that of course determine what needs to do as a follow up from that and I think you’ll be seeing further on that in the coming weeks,” Anne Neuberger, the deputy national security advisor for cyber and emerging technology, said during a virtual event hosted by the Silverado Policy Accelerator.
Neuberger’s comments came months after Microsoft announced the discovery of new vulnerabilities in its Exchange Server program, and assessed with “high confidence” that a hacking group known as “HAFNIUM,” a Chinese state-sponsored group, was exploiting these vulnerabilities.
According to Neuberger, around 140,000 organizations were left vulnerable to attack by HAFNIUM or other hacking groups. Tuesday, the official praised Microsoft for quickly releasing a patch that reduced this number to less than 10 vulnerable groups in a week.
Other cyber initiatives move forward: The administration announced in April a 100-day plan to strengthen the cybersecurity of the electricity sector. Neuberger said Tuesday that the effort had been “really successful,” and that electric utility companies representing more than 56 million customers have deployed cybersecurity monitoring technology.
Read more about developments here.
NEW NEWSLETTER: Facebook rolled out a new newsletter feature called Bulletin.
Bulletin will allow creators the ability to author and distribute both free and subscriber-based content via Facebook.
The new feature is essentially Facebook’s version of the popular newsletter platform Substack and has recruited dozens of writers, across categories like sports, science, health, and finance.
Bulletin is accessed on a separate website from Facebook’s platform, but Bulletin articles and podcasts can be found on creator’s public pages or within the Facebook News Feed.
PARLER’S PUSHBACK: Parler and former President Trump were in talks to get Trump on the platform, but they stalled after Parler refused to ban those who criticized the former president, Michael Wolff’s book about Trump’s last days in office says.
Trump and Parler had been in discussions even before the Capitol riot about the former president joining the platform, with Parler offering Trump 40 percent of the company’s gross revenues to join, according to the book “Landslide: The Final Days of the Trump Presidency,” The Verge reported.
However, Trump reportedly also wanted Parler to be a place where he did not have to deal with his detractors.
“They had floated a proposition that Trump, after he left office, become an active member of Parler, moving much of his social-media activity there from Twitter. In return, Trump would receive 40 percent of Parler’s gross revenues and the service would ban anyone who spoke negatively about him,” said an excerpt from the book published in New York Magazine. “Parler was balking only at this last condition.”
CISA (MIGHT) GET A BOOST: The House Appropriations Committee on Tuesday included almost $400 million more than last year for the Cybersecurity and Infrastructure Security Agency (CISA) in its budget proposal for the upcoming year.
The committee proposed the increase in the wake of months of escalating cyberattacks, most notably the SolarWinds hack that compromised nine U.S. federal agencies and 100 private sector groups, and ransomware attacks on Colonial Pipeline and meat producer JBS USA.
The committee specifically proposed a budget of $2.42 billion for CISA in fiscal year 2022, just shy of $400 million over CISA’s budget in 2021, and more than $288 million above what the agency requested earlier this year.
These funds would go towards issues including critical infrastructure security, emergency communications, risk management, and other cybersecurity-related concerns.
Read more about the budget here.
NEW FACIAL RECOGNITION REPORT: Six federal agencies used facial recognition software to identify protesters who demonstrated in the wake of George Floyd’s death at the hands of Minneapolis Police last year, according to a government watchdog.
The Government Accountability Office (GAO) said in a report released Tuesday that the agencies used the technology from May through August 2020 to “support criminal investigations related to civil unrest, riots, or protests.”
“All six agencies reported that these searches were on images of individuals suspected of violating the law,” the GAO said.
The Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF), U.S. Capitol Police, the FBI, the U.S. Marshals Service, U.S. Park Police and U.S. Postal Inspection Service reported using the technology.
The use of facial recognition came under scrutiny last year over concerns about how state and local law enforcement was using the technology to identify protestors.
Facial recognition technology has long been criticized for misidentifying women and minorities at a higher rate. In April, a man sued the city of Detroit for being falsely arrested after his driver’s license photo was mistakenly matched to surveillance footage of a shoplifter.
On tap this week:
– The House Energy and Commerce Committee will hold a hearing Wednesday on securing wireless networks and supply chains, during which lawmakers will consider multiple pieces of legislation
– A House Oversight and Reform Committee panel will hold a hearing Wednesday on the impact of the COVID-19 pandemic on state and local information technology.
– The House Appropriation Committee’s Subcommittee on Homeland Security will mark up the proposed DHS budget for fiscal year 2022 on Wednesday, which includes the CISA funding.
An op-ed to chew on: Without broadband, rural economies may miss out on the post-pandemic recovery
Lighter click: They’re brothers
NOTABLE LINKS FROM AROUND THE WEB:
Pinterest diversity chief departs after one year (Protocol / Issie Lapowsky)
The battle to break up Big Tech has just begun (The Washington Post / Will Oremus)
Senators Send Letters to Uber and Lyft Over Face-Tracking Ad Tablets (Motherboard / Edward Ongweso Jr.)
Copyright 2023 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.