Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …
THE BIG STORIES:
–NO SAFE HARBOR: Over 4,000 U.S. and European companies that relied on so-called Safe Harbor rules to legally transfer data across the Atlantic are now scrambling for alternatives after the EU high court tossed out the agreement on Tuesday. The European Court of Justice’s ruling declared that U.S. companies can’t be assumed to meet EU standards for keeping private data private, thanks to revelations about U.S. surveillance practices by former defense contractor Edward Snowden. Critics say invalidating Safe Harbor without a grace period creates uncertainty and puts unnecessarily onerous requirements on companies that do business internationally, despite reassurances from European regulators that firms can rely on side agreements to protect themselves. The decision impacts companies in industries from tech to financial services to hospitality, although experts say it’s likely to have the biggest impact on smaller firms that lack the legal resources to build multiple layers of privacy protection into their transactions. The ruling also puts pressure on U.S. and EU regulators to wrap up negotiations on an updated version of Safe Harbor, which began in 2013. Commerce Secretary Penny Pritzker called the ruling “disappointing,” but said the discussions will go forward regardless. Lawmakers were less diplomatic in their calls for swift action on a new agreement by the two governments: “By striking down the Safe Harbor Agreement, the European Union Court of Justice today called for open season against American businesses,” Sen. Ron Wyden (D-Ore.) said. “This misguided decision amounts to nothing less than protectionism against America’s global data processing services and digital goods.” To read about the decision, click here. To read about lawmaker and regulator reactions to the decision, click here.
{mosads}–IT’S THE SAME OLD SONG: Backers of the Senate’s long-stalled cybersecurity bill have high hopes the upper chamber will turn to the bill after next week’s brief recess. The Senate this week is expected to wrap up a defense authorization bill and some other legislative business before a week-long recess. Then it’s on to the Cybersecurity Information Sharing Act (CISA) — meant to boost the exchange of cyber threat data between private companies and the government — said Senate Intelligence Committee Chairman Richard Burr (N.C.) and Intelligence Committee ranking member Sen. Dianne Feinstein (D-Calif.), the bill’s co-sponsors. “It looks like it’s going to be on the floor when we come back,” Feinstein said during a U.S. Chamber of Commerce event on Tuesday. If this is a tune you’ve heard before, you’re not alone. Cyber always seems on the cusp of coming up. But the Senate is finally running out of distractions, and all signs point to slowly advancing negotiations behind closed doors on adopting amendments to the bill. Sen. Ron Wyden (D-Ore.), who has been leading the opposition to CISA over privacy concerns, cautioned that any attempt to limit floor debate on privacy-focused fixes would not be tolerated. “I insisted that there be no time limits,” Wyden told reporters Tuesday. “And I am not going to just casually give that up. That’s number one.” To read about Burr and Feinstein’s comments, click here. To read about Wyden’s remarks, click here.
–DON’T FORGET PYONGYANG: Remember the Sony hack? A trio of Republican senators do, and want to make sure the White House doesn’t take its eye off of the North Korean hacking threat. On Tuesday, the three — Sens. Cory Gardner (R-Colo.), Jim Risch (R-Idaho) and Marco Rubio (R-Fla.) — introduced legislation that would force President Obama to create a strategy to thwart and sanction North Korean hackers. The bill comes on the heels of the destructive hack of Sony Pictures Entertainment, which the Obama administration blamed on Pyongyang. Allegedly, the cyber assault was retaliation for the movie studio’s comedy “The Interview,” which depicted the assassination of North Korean leader Kim Jong Un. The new bill, known as the North Korean Sanctions and Policy Enhancement Act, would also broadly sanction the reclusive Asian country’s nuclear program and crack down on party officials for covering up human rights abuses. To read our full piece, click here.
UPDATE ON CYBER POLICY:
–WHAT DO YOU DO HERE AGAIN? The House late Tuesday passed a bill requiring the Department of Homeland Security (DHS) to develop a formal cybersecurity strategy.
“This legislation is proof that there is bipartisan support for finding effective solutions to this issue, and that we are not content to leave security to improvisation,” bill sponsor Rep. Cedric Richmond (D-La.) said in a statement.
The bill is part of a broader push among lawmakers to codify DHS’s cybersecurity responsibilities. It joins other legislation with that intent.
Richmond’s legislation lays out mandated responsibilities for the DHS strategy, including acting as a cross-sector hub for federal and civilian cyberthreat information sharing.
It would also require the agency to provide technical assistance — such as help attributing hacks and mitigating damage — to organizations that suffer a breach.
To read our full piece, click here.
LIGHTER CLICK:
–BECAUSE: LAUGHTER.
From Motherboard: Every GIF from the Internet of the 1990s. See the collection, here.
From ArsTechnica: “I’m no expert, but holy crap the hacking on Homeland was bad.” Check it out, here.
A REPORT IN FOCUS:
–TELL ME MORE, TELL ME MORE. The Center for Public Integrity (CPI) is suing the Federal Election Commission (FEC) for the second time in three months to gain access to a report detailing weaknesses in the FEC system that allowed Chinese hackers to crack its network in 2013.
CPI, which broke news of the hack, filed a Freedom of Information Act (FOIA) request in July, seeking a second 44-page study commissioned in response to the intrusion.
The FEC rebuffed the request and CPI turned to the courts.
Whether the report will be released in part or in full now rests with the U.S. District Court in D.C.
The first lawsuit, filed in July, takes issue with another rejected FOIA request regarding commissioners’ work schedules.
Read on, here.
WHO’S IN THE SPOTLIGHT:
–ALEJANDRO MAYORKAS, deputy secretary of the Department of Homeland Security. Mayorkas talked cyber at a U.S. Chamber of Commerce event on Tuesday. He weighed in on the controversial Wassenaar Arrangement, a little-known pact 41 countries have signed to control the export of weapons and so-called “dual-use” technologies that can be corrupted.
His words are likely music to the ears of the cybersecurity industry, which has worried the pact could stymie the export of security research data.
“I think in trying to thwart a public harm, we created an architecture that imposes upon a public good, the dissemination of research and knowledge and technology for good purposes,” Mayorkas said. “I think we have to take a look at the Wassenaar Arrangement — and we are — and [revisit] its scope and impact.”
Get some more information on the Wassenaar Arrangement with our piece from a few months back, here.
A LOOK AHEAD:
WEDNESDAY
–The House Homeland Security Committee’s cybersecurity subcommittee will hold a hearing at 10 a.m. on the DHS’s proposed reorganization of the National Protection and Programs Directorate.
–The House Small Business Committee will hold a hearing at 11 a.m. on the transition to chip payment systems.
–The House Foreign Affairs Committee’s subcommittee on Asia and the Pacific will hold a hearing at 2 p.m. on Chinese President Xi Jinping’s state visit.
–The Senate Foreign Relations Committee’s subcommittee on East Asia, the Pacific and cybersecurity policy will hold a hearing at 2:30 on North Korean threats.
THURSDAY
–The Senate Homeland Security and Governmental Affairs Committee will hold a hearing at 10 a.m. on “threats to the homeland.” DHS Secretary Jeh Johnson and FBI Director James Comey will testify.
–The House Homeland Security Committee’s subcommittee on maritime security will hold a hearing at 10 a.m. whether U.S. ports are vulnerable to a cyberattack.
–The National Academy of Public Administration will host an event at 9 a.m. on cybersecurity education. Sen. Tom Carper (D-Del.), the top Democrat on the Homeland Security Committee, will speak.
–CSM Passcode will host an event on cybersecurity research at 11 a.m.
IN CASE YOU MISSED IT:
Links from our blog, The Hill, and around the Web.
American and British spy agencies have been aggressively developing tools to hack smartphones, government whistleblower Edward Snowden said Monday. (The Hill)
Silicon Valley has been preparing for Tuesday’s controversial Safe Harbor ruling, in part by developing data centers on EU soil. (The Wall Street Journal)
The New Jersey legislature on Tuesday moved forward with legislation to boost its cybersecurity posture. (New Jersey Law Journal)
Meet the man behind the lawsuit that sparked the EU high court to strike down Safe Harbor. (Reuters)
Cisco said Tuesday that it has disrupted one of the most prolific distributors of ransomware. (Reuters)
Combating cybercrime is costing U.S. firms almost 20 percent more than it did a year ago, a new study says. (Associated Press)
Porsche went with Apple over Google for its in-car infotainment system because Google wanted too much data. (MotorTrend)
Sony Entertainment CEO: Sony Pictures head Amy Pascal did not leave because of the Sony hack. (Re/code)
If you’d like to receive our newsletter in your inbox, please sign up here: http://goo.gl/KZ0b4A