•   
  •   
  •   

Politics Hillicon Valley: Feds warn hackers targeting critical infrastructure | Twitter exploring subscription service | Bill would give DHS cyber agency subpoena power

02:56  24 july  2020
02:56  24 july  2020 Source:   thehill.com

Twitter hack is another wake-up call about security ahead of the election

  Twitter hack is another wake-up call about security ahead of the election The Twitter accounts of high-profile politicians were caught up in a massive hack.On Wednesday, a tweet from the account of Joe Biden, the presumptive Democratic presidential nominee, offered to double the amount of Bitcoin sent to a particular address. Biden was "giving back to the community" through the cryptocurrency , the tweet said. Similar tweets were sent from the accounts of former President Barack Obama and ex-New York City mayor and onetime presidential candidate Mike Bloomberg. The account of rapper Kanye West, who has flirted with the idea of running for president, also made the offer.

Welcome to Hillicon Valley, The Hill's newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley. If you don't already, be sure to sign up for our newsletter with this LINK.

a screenshot of a computer: Hillicon Valley: Feds warn hackers targeting critical infrastructure | Twitter exploring subscription service | Bill would give DHS cyber agency subpoena power © iStock Hillicon Valley: Feds warn hackers targeting critical infrastructure | Twitter exploring subscription service | Bill would give DHS cyber agency subpoena power

Welcome! Follow our cyber reporter, Maggie Miller (@magmill95), and tech reporter, Chris Mills Rodrigo (@chrisismills), for more coverage.

DHS leaders, filling jobs on temporary basis, carry out Trump agenda

  DHS leaders, filling jobs on temporary basis, carry out Trump agenda The Department of Homeland Security, at the center of some of the administration's most controversial and political actions from immigration restrictions to an aggressive response to protests in Portland, Oregon, is mostly run by temporary officials, skirting the scrutiny that comes from putting leadership through confirmation. © Nathan Howard/Reuters Federal law enforcement officers, deployed under the Trump administration's new executive order to protect federal monuments and buildings, face off with protesters against racial inequality in Portland, Oregon, U.S. July 17, 2020.

THREATS AGAINST CRITICAL INFRASTRUCTURE: Federal authorities on Thursday warned that foreign hackers are attempting to target U.S. critical infrastructure.

The National Security Agency (NSA) and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) specifically warned that internet-connected operational technology (OT) assets - which are used throughout U.S. defense systems - were often the targets of malicious cyber actors attempting to hit critical infrastructure, such as systems providing water, gas and electricity.

As a result, the agencies recommended that critical infrastructure operators and owners take "immediate action" to secure their systems.

House-passed defense spending bill includes provision establishing White House cyber czar

  House-passed defense spending bill includes provision establishing White House cyber czar The House version of the annual National Defense Authorization Act (NDAA) passed Tuesday included a provision establishing a national cyber director at the White House, a role that would help coordinate federal cybersecurity efforts.Bipartisan legislation establishing this position was originally introduced last month, and was added to the NDAA as part of a larger cybersecurity package on Monday. The national cyber director would serve as the president's principal advisor on cybersecurity and emerging technology issues, and serve as a coordinating force for federal cyber action.

"Due to the increase in adversary capabilities and activity, the criticality to U.S. national security and way of life, and the vulnerability of OT systems, civilian infrastructure makes attractive targets for foreign powers attempting to do harm to US interests or retaliate for perceived US aggression," the agencies wrote in a joint alert.

The security agencies noted that OT assets are used in Department of Defense systems and throughout the defense industrial base sector, including in national security systems.

The NSA and CISA wrote they had seen evidence of email spear phishing attacks to gain access to critical infrastructure networks to access OT assets, along with attempted ransomware attacks on these systems. This type of attack, which has become an increasing headache over the past year for state and local governments, involves an attacker encrypting a network and demanding payment before allowing the user to gain access again.

Federal agencies warn foreign hackers are targeting critical infrastructure

  Federal agencies warn foreign hackers are targeting critical infrastructure The National Security Agency (NSA) and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned that foreign hackers are attempting to target U.S. critical infrastructure. The agencies specifically warned that internet-connected operational technology (OT) assets, used throughout U.S. defense systems, were often the targets of malicious cyber actors attempting to hit critical infrastructure, such as systems providing water, gas and electricity. require(["medianetNativeAdOnArticle"], function (medianetNativeAdOnArticle) { medianetNativeAdOnArticle.

CISA previously issued an alert in February following a ransomware attack on an unnamed "natural gas compression facility" that temporarily shut down operations and disrupted other critical systems operators that interacted with the facility.

Read more about the alerts here.

TWITTER SUBSCRIPTION SERVICE: Twitter is considering building a subscription service as it explores other revenue sources amid a marked drop in advertising revenue spurred by the pandemic.

Twitter CEO Jack Dorsey said on an earnings call with investors on Thursday that the company was currently in the early stages of exploring a subscription option on the platform. The comments came as the company reported that its advertising revenue, a core part of its business, suffered a year-over-year decline of 23 percent, which it attributed in part to the rapid scaling-back of ad spending caused by coronavirus lockdowns.

"First and foremost, we have a really high bar for when we would ask consumers to pay for aspects of Twitter," Dorsey said. "And, you know, this is a start. And we're in the very early phases of exploring."

Prince Andrew vs. the feds: Can he be forced to talk about Jeffrey Epstein, Ghislaine Maxwell?

  Prince Andrew vs. the feds: Can he be forced to talk about Jeffrey Epstein, Ghislaine Maxwell? Efforts by prosecutors to press Prince Andrew into cooperating in the Jeffrey Epstein/Ghislaine Maxwell sex-crimes case appear to be at a stalemate.This must be more obvious now to American federal prosecutors pressuring Prince Andrew, the shamed Duke of York, to help them with their investigation of two of his friends: the late Jeffrey Epstein, a convicted sex offender, and Ghislaine Maxwell, the woman who's accused of helping Epstein recruit, groom and abuse girls.

Dorsey went on to note that Twitter has a small team exploring other potential revenue sources, including subscription and commerce. He said that the team is currently hiring and that he expected initial tests of a subscription product to be performed later this year.

"Most importantly, we want to make sure any new lines of revenue is complementary to our advertising business," he said. "We do think there is a world where subscription is complementary."

The possibility of a subscription service on Twitter gained attention earlier this month after the company posted a job listing associated with the product. The job notice said the company is looking for a senior full-stack software engineer to work with a team dedicated to building a subscription platform.

Like other social media platforms, Twitter offers its app for free and makes the majority of its revenue through ad sales.

Read more about the proposed service here.

CYBERSECURITY GETS A BOOST: The Senate version of the annual National Defense Authorization Act (NDAA) approved Thursday included a raft of measures designed to shore up federal cybersecurity, including a clause giving the Department of Homeland Security's cybersecurity agency subpoena power.

The provision, originally introduced by Senate Homeland Security and Governmental Affairs Committee Chairman Ron Johnson (R-Wis.) and Sen. Maggie Hassan (D-N.H.) in December, would allow the department's Cybersecurity and Infrastructure Security Agency (CISA) to issue subpoenas to internet service providers compelling them to release information on cyber vulnerabilities detected on the networks of critical infrastructure organizations.

Trump's lawyers say Manhattan subpoena for tax records issued in 'bad faith'

  Trump's lawyers say Manhattan subpoena for tax records issued in 'bad faith' President Trump's lawyers in a Monday court filing called a subpoena for his tax records issued by Manhattan District Attorney Cy Vance "wildly overbroad" and done in "bad faith" as the battle over the president's documents drags on in the wake of two Supreme Court rulings that likely put them out of reach for the public until after the election. © Provided by FOX News © Provided by FOX News The Supreme Court rules Trump is not immune from state grand jury subpoena over financial records; Shannon Bream weighs in on the latest.

"Every day our adversaries target our critical infrastructure, including our electric grids, dams, and airports, and every day, CISA is made aware of vulnerabilities to these systems - some easily fixable - but is powerless to warn the potential victims," Johnson said in a statement following the NDAA's passage.

"This legislation gives CISA the authority necessary to reach out and warn owners of critical infrastructure that they are open and vulnerable to cyberattacks before they become a victim," he added. "We ask Americans: if you see something, say something. With this legislation we are empowering CISA to do the same."

Hassan described the subpoena power proposal as "common-sense," adding in a separate statement that she would "keep working" with Johnson to get the provision signed into law as part of the final version of the fiscal year 2021 NDAA that will be conferenced between the House and Senate in coming weeks.

The legislation was also included in the House version of the NDAA, approved earlier this week, making it likely the provision will stay in the final version eventually sent to President Trump for signature.

Another key cybersecurity provision included in the Senate version of the annual defense spending bill was one establishing a federally funded cybersecurity coordinator in every state to prepare for and respond to cyberattacks.

The legislation was introduced in January by Hassan and Sens. John Cornyn (R-Texas), Gary Peters (D-Mich.), and Rob Portman (R-Ohio) after a year of increasing cyberattacks across the nation crippled city governments in New Orleans and Baltimore, among many others.

Hillicon Valley: House panel grills tech CEOs during much anticipated antitrust hearing | TikTok to make code public as it pushes back against 'misinformation' | House Intel panel expands access to foreign disinformation evidence

  Hillicon Valley: House panel grills tech CEOs during much anticipated antitrust hearing | TikTok to make code public as it pushes back against 'misinformation' | House Intel panel expands access to foreign disinformation evidence Welcome to Hillicon Valley, The Hill's newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley. If you don't already, be sure to sign up for our newsletter with this LINK.Welcome! Follow our cyber reporter, Maggie Miller (@magmill95), and tech reporter, Chris Mills Rodrigo (@chrisismills), for more coverage.FIVE TAKEAWAYS FROM BIG TECH'S BIG DAY: The long anticipated confrontation between the chief executives of America's largest tech firms and Congress produced several memorable moments Wednesday and gave important insight into the House Judiciary subcommittee on antitrust's investigation into competition in digit

Read more about cyber provisions in the NDAA here.

FITBIT ACQUISITION CONCERNS: A group of Democratic senators urged the Department of Justice Thursday to conduct a "thorough and comprehensive" review of Google's proposed acquisition of Fitbit.

Google's purchase of the fitness tracking company immediately came under antitrust scrutiny when announced in November. The Justice Department launched an investigation at the time and has issued a second request for information on the merger.

A letter, led by Sen. Amy Klobuchar (D-Minn.), urges the agency to continue its efforts, warning that allowing Google free range on acquisitions may give it enduring dominance across several markets.

"Over the years, Google has completed more than 100 strategic acquisitions-including purchases of DoubleClick, AdMob, YouTube, Waze, and many other firms-virtually all without significant enforcement action by federal antitrust enforcers," the senators wrote to Attorney General William Barr.

Democratic Sens. Richard Blumenthal (Conn.), Cory Booker (N.J.), Mazie Hirono (Hawaii), Sherrod Brown (D-Ohio), Mark Warner (Va.) and Elizabeth Warren (Mass.) also signed the letter.

Read more here.

THE ETHICS OF AI: The U.S. intelligence community (IC) on Thursday rolled out an "ethics guide" and framework for how intelligence agencies can responsibly develop and use artificial intelligence (AI) technologies.

Among the key ethical requirements were shoring up security, respecting human dignity through complying with existing civil rights and privacy laws, rooting out bias to ensure AI use is "objective and equitable," and ensuring human judgement is incorporated into AI development and use.

The IC wrote in the framework, which digs into the details of the ethics guide, that it was intended to ensure that use of AI technologies matches "the Intelligence Community's unique mission purposes, authorities, and responsibilities for collecting and using data and AI outputs."

DHS 'discontinues' practice of collecting information on members of the press

  DHS 'discontinues' practice of collecting information on members of the press But three top former intelligence officials say the practice is concerning. The Washington Post reported Thursday night that the Department’s Office of Intelligence and Analysis put out three reports to its vast law enforcement network containing two journalist's tweets about documents that were leaked from the department.

Dean Souleles, the founder of the Office of the Director of National Intelligence's Augmenting Intelligence through Machines Innovation Hub, said it was important that intelligence agencies use AI to help address an "increasingly complex digital world."

Read more about the guidelines here.

MORE TWITTER HACK UPDATES: Twitter said that hackers who broke into its system last week were likely able to read the direct messages of 36 accounts, including those of one elected official in the Netherlands.

"We believe that for up to 36 of the 130 targeted accounts, the attackers accessed the DM inbox, including 1 elected official in the Netherlands. To date, we have no indication that any other former or current elected official had their DMs accessed," the social media giant said in an updated press release.

"We are actively working on communicating directly with the account-holders that were impacted."

Twitter had previously said that hackers last week had gained access to 130 accounts in total, including 45 verified accounts. Some of those, including CEOs Elon Musk and Bill Gates, former Vice President Joe Biden and more, had tweets sent by attackers.

Twitter did not clarify if any of the 36 accounts where messages could have been read were verified accounts. The tech company previously said hackers downloaded mass data from eight accounts, though none were verified accounts.

Read more here.

NEW YORK PAUSES FACIAL RECOGNITION: New York's state legislature voted to pause the use of facial recognition at schools for two years.

The moratorium, approved by both the state Assembly and Senate on Wednesday, follows an attempt by a school district in upstate New York to install the controversial technology at its schools.

The legislation comes after the New York Civil Liberties Union (NYCLU) filed a lawsuit forcing the state education department to block Lockport school district from adopting facial recognition systems to screen people entering campuses. The bill will now be sent to Gov. Andrew Cuomo's (D) desk.

"We've said for years that facial recognition and other biometric surveillance technologies have no place in schools, and this is a monumental leap forward to protect students from this kind of invasive surveillance," NYCLU Education Policy Center Deputy Director Stefanie Coyle said in a statement.

Read more.

Lighter click: This is why oceans are terrifying

An op-ed to chew on: The FCC must extend broadband opportunity for tribal communities

NOTABLE LINKS FROM AROUND THE WEB:

Facebook's employees reckon with the social network they've built (BuzzFeed News / Ryan Mac and Craig Silverman)

Facebook ignored racial bias research, employees say (NBC News / Olivia Solon)

'We're Embarrassed': This Is What Twitter Sent to Accounts That Were Hacked (Motherboard / Lorenzo Franceschi-Bicchierai)

The big winner in Slack's Microsoft fight could be Google (Verge / Tom Warren)


Video: Congress demands answers about massive Twitter hacking attack (FOX News)

DHS 'discontinues' practice of collecting information on members of the press .
But three top former intelligence officials say the practice is concerning. The Washington Post reported Thursday night that the Department’s Office of Intelligence and Analysis put out three reports to its vast law enforcement network containing two journalist's tweets about documents that were leaked from the department.

usr: 1
This is interesting!