Hillicon Valley: Surgeon general issues health misinformation advisory | Biden administration stepping up efforts to respond to ransomware attacks | Cyber bills gain new urgency after rash of attacks

Welcome to Hillicon Valley, The Hill’s newsletter detailing all you need to know about the tech and cyber news world from Capitol Hill to Silicon Valley. If you don’t already, be sure to sign up for our newsletter by clicking HERE.

Welcome and Happy Thursday! Follow our cyber reporter, Maggie Miller (@magmill95), and tech team, Chris Mills Rodrigo (@millsrodrigo) and Rebecca Klar (@rebeccaklar), for more coverage. 

The Biden administration put pressure Thursday on tech companies to do more to combat the spread of the misinformation on their platforms. Surgeon General Vivek Murthy issued an advisory calling the spread of misinformation an “urgent threat to public health” — especially as the federal government pushes for more Americans to get coronavirus vaccines. 

The administration also took steps Thursday to boost its response to the ongoing and increasing ransomware attacks on U.S. companies and critical infrastructure. Cybersecurity concerns are a top bipartisan priority on Capitol Hill as well in the wake of recent attacks, and several bipartisan bills are gaining sponsors and likely to be rolled out this month. 

MAKING MOVES ON MISINFORMATION: Surgeon General Vivek Murthy on Thursday issued an advisory calling health misinformation an “urgent threat” amid the COVID-19 vaccination push. 

“Health misinformation is an urgent threat to public health,” Murthy said in a statement. “It can cause confusion, sow distrust, and undermine public health efforts, including our ongoing work to end the COVID-19 pandemic.”

The advisory, the first issued by the surgeon general during the Biden administration, calls for a range of sectors to take action.

It calls on technology and social media companies to do more to fight misinformation on their platforms, including redesigning algorithms to avoid amplifying misinformation and strengthening the monitoring of it. 

Read more here. 

MAKING MOVES ON RANSOMWARE: The Biden administration on Thursday announced new cross-agency measures to address the recent major ransomware attacks on companies including Colonial Pipeline and software group Kaseya.

A senior administration official told The Hill that an interagency task force, created as part of President Biden’s directive in April for federal agencies to address ransomware attacks, has made progress in identifying and coordinating action on a range of fronts regarding ransomware concerns.

These include working to disrupt cyber criminal groups and the infrastructure responsible for ransomware attacks, building an international coalition to confront cyber threats abroad, addressing the use of cryptocurrency to pay ransoms, improving cyber hygiene and promoting the reporting of ransomware incidents. 

In addition, administration officials told reporters on a call Wednesday that the State Department will launch a financial rewards program for information on foreign state-sponsored hacking efforts targeting U.S. critical infrastructure.

The Treasury Department is also involved, with the agency’s Financial Crimes Enforcement Network set to announce Thursday that it will convene a virtual conference on ransomware later this year with groups including financial institutions and technology firms. 

Read more about the administration’s efforts on ransomware here.

A TRUE BIPARTISAN EFFORT: Bipartisan bills aimed at strengthening U.S. cybersecurity after a string of major attacks are making headway in both the House and Senate.

The rare cooperation between Democrats and Republicans is a sharp contrast to the partisan divisions over other measures like voting rights legislation and major infrastructure components.

“Unlike some of the other things I’m working on, huge, huge progress,” Senate Intelligence Committee Chairman Mark Warner (D-Va.) said of a cybersecurity proposal he is spearheading.

“We are very close to having almost every member of the committee on it,” Warner told The Hill on Tuesday. “It has been purely waiting for the members to get back [to Washington]. I’ve got to have a couple of member-to-member discussions, but the notion that we need some level of mandatory incident reporting. The fact that many business groups have coalesced behind this, I think it’s all great news.”

The draft bill, backed by Sens. Marco Rubio (R-Fla.) and Susan Collins (R-Maine) on the Intelligence Committee, would require federal agencies, federal contractors and owners and operators of critical infrastructure to report cybersecurity incidents within 24 hours to the Cybersecurity and Infrastructure Security Agency.

Read more about Capitol Hill cyber legislation efforts here.

MICROSOFT TAKES ACTION: Microsoft on Thursday announced that it had disrupted the use of what it described as “cyberweapons” manufactured and sold by an Israeli-based company to target victims worldwide including journalists and human rights activists.

The group, known as “Sourgum,” is what Microsoft described as a “private sector offensive actor,” and was known to sell weapons to government agencies around the world that were then used to hack into the personal devices of targeted individuals, including phones, computers and other internet-connected devices. 

“These agencies then choose who to target and run the actual operations themselves,” Cristin Goodwin, general manager of Microsoft’s Digital Security Unit, wrote in a blog post published Thursday.

Read more about the effort here. 

FACEBOOK TAKES ACTION: Facebook on Thursday announced that it had taken steps to disrupt a group of Iranian-based hackers that had leveraged the platform as part of a wider effort to target U.S. military personnel and the defense industry in other countries. 

According to Facebook, a cyber criminal group known as “Tortoiseshell” took steps including creating fake accounts posing as employees of defense and aerospace companies, pushing out malware tools, and using fake websites to steal login credentials of the work and personal accounts of victims. 

Military personnel and organizations in the United Kingdom and Europe were also targeted in the campaign. Facebook officials stressed Thursday that the platform was “one of the elements of a much broader cross-platform cyber espionage operation.”

Read more about Facebook’s actions here. 

CRACKING DOWN ON AMAZON: A U.S. safety regulator is suing Amazon in an effort to force the company to recall hazardous products sold on the tech giant’s website.

The Consumer Product Safety Commission (CPSC) filed an administrative complaint Wednesday seeking the recall of hazardous children’s sleepwear, carbon monoxide detectors and hair dryers. 

An Amazon spokesperson said in a statement it was “unclear” why the complaint was filed by the commission because it seeks action “almost entirely duplicative of those we’ve already taken.”

The CPSC’s complaint, however, argues that Amazon’s “unilateral actions” taken in response to the hazardous products “are insufficient.” 

Read more about the complaint. 

CLOSE THE GAP: Lawmakers on both sides of the aisle are calling for steps to narrow the so-called homework gap as schools incorporate more technology into their classrooms.

The pandemic exposed the number of U.S. students who do not have access to high speed internet, and lawmakers say it’s an issue that isn’t likely to go away even after the pandemic subsides.

Speaking at The Hill’s “Future of Human Connectivity” event Wednesday, Rep. Bob Latta (R-Ohio) said that while larger cities often have high quality broadband access, many smaller communities do not.

“What good is a laptop to a student if they can’t connect and do their homework?” Latta asked.

Read more here. 

What we’re watching next week:

-The Senate Armed Services Committee’s Subcommittee on Cybersecurity will meet in closed session on July 19 to mark up the cybersecurity provisions of next year’s National Defense Authorization Act. 

-The House Energy and Commerce Committee’s Subcommittee on Oversight and Investigations will hold a hearing July 20 on the threat of ransomware attacks.

-The House Small Business Committee will hold a hearing July 20 on strengthening the cybersecurity of small businesses.

-The Senate Environment and Public Works Committee will hold a hearing on July 21 to examine cybersecurity vulnerabilities impacting critical infrastructure. 

An op-ed to chew on: Biden executive order reflects flawed views on internet competition 

Lighter click: Cheese orchestra

NOTABLE LINKS FROM AROUND THE WEB: 

A People’s History of Black Twitter, Part 1 (Wired / Jason Parham)

Are “Buy Now, Pay Later” Retail Loans a Rip-off? (The Markup / Maddy Varner)

Welcome to the Church of Bitcoin (RollingStone / Zoe Bernard)