OVERNIGHT CYBERSECURITY: Congress to dig into fed hack Tuesday

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry wrap their arms around cyberthreats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …

THE BIG STORIES:

–SO IT BEGINS: Get ready for some fireworks. Lawmakers on Tuesday will get their first public shot at questioning Office of Personnel Management officials about the mega breach that has the Obama administration reeling, with details continuing to emerge about the severity of the attack. Two top OPM officials are expected to appear before the House Oversight and Government Reform Committee for the first of likely many congressional hearings on the incident. Tensions are running high between the Obama administration and Congress over how the federal government has managed fallout from the hack. Not only is the number of people affected by the breach expected to grow three-fold, officials acknowledged Friday that they had discovered another breach that exposed security-clearance information on millions of military and intelligence agency personnel. To read our full piece, click here.

{mosads}–THE EMPIRE STRIKES BACK?: As news about the OPM hack goes from bad to worse, pressure is building on President Obama to respond. Since suspected Chinese hackers infiltrated the OPM, lawmakers, experts and 2016 hopefuls have pushed for a range of responses, from economic sanctions to currency restrictions to aggressively hacking back at Beijing officials. The administration has said that it might consider economic sanctions as a form of retaliation, similar to its “proportional” response against North Korea following the bruising digital assault on Sony Pictures Entertainment. But experts and former White House advisers are wary the administration will even publicly blame China, let alone impose sanctions. To read our full piece, click here.

 

AN UPDATE ON CYBER POLICY:

–CYBER SUN TZU. The Defense Department over the weekend dropped its mammoth Law of War manual. Buried in the pages are a few hints at the evolving views of the Obama administration on cyber retaliation. The topic is especially pertinent given the growing pressure on the administration to respond to suspected state-backed intelligence gathering hacks on the government, including the recent OPM breach.

Some highlights from the full document:

— “Although cyber operations that do not constitute uses of force … would not permit injured states to use force in self-defense, those injured states may be justified in taking necessary and appropriate actions in response that do not constitute a use of force. Such actions might include, for example, a diplomatic protest, an economic embargo, or other acts of retorsion.”

— “A state’s right to take necessary and proportionate action in self-defense in response to an armed attack originating through cyberspace applies whether the attack is attributed to another State or to a non-State actor.”

 

A LIGHTER CLICK:

–SHRUGGIE. Everyone wants to kill the password. Now one company thinks that emojis could be the replacement. Read on at Motherboard here.

 

WHO’S IN THE SPOTLIGHT:

SEN. DIANNE FEINSTEIN (D-CALIF.), who gets the New Yorker treatment in this week’s issue. The piece is blow-by-blow account of the senator’s decision and fight to release the CIA torture report. In the process, the CIA spied on Senate computers to determine what documents investigators might have gotten their hands on. Upon discovering some files CIA leaders thought should be kept private, CIA Director John Brennan stormed into a meeting with Feinstein, alleging that Senate staffers had acquired them by hacking the intelligence agency’s computers.

From the magazine:

Senator Jay Rockefeller, Feinstein’s predecessor as chairman of the Intelligence Committee, said, “Brennan has such an explosive temper. His face turns really red. Dianne seems to bring that out in him — because she’s so West Coast, calm, cool, stately.” Brennan said that the Senate staffers had printed out copies of the documents, and demanded that Feinstein return every one to the C.I.A.

Feinstein, recalling the meeting, said, “That was terrible! It was something I never expected to see in my government.”

Read the full thing here.

 

A LOOK AHEAD:

TUESDAY

–The House Oversight Committee will hold a hearing at 10 a.m. to question top OPM officials about the recent hacks.

–The Center for Strategic and International Studies hosts a talk at 2:30 p.m. on the U.S. Coast Guard’s cyber strategy. Adm. Paul Zukunft, the Coast Guard’s commandant, will speak.

–The Phoenix Center hosts a discussion at 6:00 p.m. on tension between privacy regimes of the FTC and FCC.

WEDNESDAY

–The House Energy and Commerce Committee will vote at 10:00 a.m. on the DOTCOM Act.

–The House Appropriations Committee will vote at 10:00 a.m. on an appropriations bill that could block the FCC’s net neutrality rules.

 

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

The British government is under pressure to explain a controversial report over the weekend that claimed Russian and Chinese hackers had cracked a secret cache of intelligence files held by government leaker Edward Snowden. (The Hill)

European Union member states on Monday signed off on a broad restructuring of their data protection laws. (The Hill)

Security journalist Brian Krebs put together a solid timeline of all details about the OPM breach. (KrebsOnSecurity)

Data exposed in breaches can follow people forever. The protections offered in their wake don’t. (The Washington Post)

Some of the malware that infected the corporate network of antivirus provider Kaspersky Lab concealed itself using digital certificates belonging to Foxconn, the electronics manufacturing giant and maker of the iPhone, Xbox, and other well-known products. (ArsTechnica)

INYMI: Malware has been found on German Chancellor Angela Merkel’s computer. (Reuters)

If you’d like to receive our newsletter in your inbox, please sign up here: http://goo.gl/KZ0b4A