Hillicon Valley: House approves almost $2 billion in cyber, tech funds as part of relief package | Officials warn of ‘widespread’ exploit of Microsoft vulnerabilities | Facebook files to dismiss antitrust lawsuits
Welcome to Hillicon Valley, The Hill’s newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley. If you don’t already get it in your mailbox, be sure to sign up for our newsletter by clicking HERE.
Welcome! Follow our cyber reporter, Maggie Miller (@magmill95), and tech team, Chris Mills Rodrigo (@chrisismills) and Rebecca Klar (@rebeccaklar_), for more coverage.
Federal cybersecurity and information technology got a shot in the arm Wednesday with the inclusion of almost $2 billion in cyber funding in the COVID-19 relief bill that passed the House, but some officials say it’s not enough. Meanwhile, the nation’s top cybersecurity official warned of ‘widespread’ exploitation by hackers of Microsoft Exchange Server vulnerabilities, and lawmakers introduced a range of measures on data privacy, election cybersecurity, and helping save the news industry.
CYBER, TECH FUNDS INCOMING: The House on Wednesday allocated almost $2 billion toward cybersecurity and technology modernization as part of passing the American Rescue Plan, which officials described as a “down payment” on the funds needed to fully confront recent massive foreign cyberattacks.
The COVID-19 relief bill, which was approved Wednesday by the House along party lines and now goes to President Biden for his signature, included $650 million in funding for the Cybersecurity and Infrastructure Security Agency (CISA). The funds are meant to boost federal cybersecurity and protect the vaccine supply chain, which has come under attack by hackers.
The legislation also included $1 billion for the General Service Administration’s Technology Modernization Fund to update outdated IT systems and $200 million for the U.S. Digital Service.
But the funds are a fraction of the almost $10 billion originally proposed by Biden in his COVID-19 relief package, and CISA officials urged Congress on Wednesday to set aside more cybersecurity funds in the face of recent major cyber espionage incidents.
EVERYTHING IS FINE: The nation’s top cybersecurity official told lawmakers Wednesday that the federal government is seeing “widespread” hacking using recently uncovered vulnerabilities in a Microsoft email application, with researchers saying almost a dozen hacking groups have used the flaw to target a variety of organizations.
Brandon Wales, the acting director of the Cybersecurity and Infrastructure Security Agency (CISA), testified to a House committee that the previously unknown vulnerabilities on Microsoft Exchange Server have been exploited globally and could have long-lasting consequences.
“CISA is already aware of widespread exploitation of the vulnerabilities, and trusted partners have observed malicious actors using these vulnerabilities to gain access to targeted organizations in the United States and globally,” Wales testified to the House Appropriations Homeland Security Subcommittee.
Wales’s comments came the same day cybersecurity group ESET released new research finding that at least 10 hacking groups had been exploiting the Microsoft vulnerabilities.
Read more about the ongoing incident here.
In addition to Wales’s warnings, the FBI and CISA put out a joint alert on Wednesday outlining the sectors targeted by the hackers, and warning that both federal agencies and private sector groups were at “serious risk” from the Microsoft vulnerabilities.
Read more about the alert here.
FACEBOOK RESPONDS: Facebook on Wednesday filed motions to dismiss the antitrust cases leveled against it by the Federal Trade Commission (FTC) and a coalition of state attorneys general.
The FTC’s case, filed in December, alleges that the social media giant maintains an illegal monopoly and calls for its purchases of Instagram and WhatsApp to be rolled back.
In Facebook’s response to the lawsuit, the company argues that the regulatory agency failed to establish a relevant market for its antitrust claims and reiterates its argument that the FTC approved deals to buy Instagram and WhatsApp at the time.
Facebook also claims that the FTC lacks the statutory authority to challenge past conduct.
The lawsuit from 46 states as well as Washington, D.C., and Guam alleges that in addition to acquiring potential rivals, Facebook has stifled innovation by blocking competitors from using its platform services.
Facebook argues that the state attorneys general lack authority to bring this case and claim they waited too long to challenge the Instagram and WhatsApp acquisitions.
The social media platform also argues in its motion to dismiss that the states failed to develop a plausible claim that the two services it acquired would necessarily have become rivals.
TRAIN ‘EM UP: Senate Rules Committee Chairwoman Amy Klobuchar (D-Minn.) and Sen. Susan Collins (R-Maine) on Wednesday reintroduced legislation to designate funding to provide cybersecurity training to election officials.
The Invest in Our Democracy Act would establish a $1 million grant program to cover up to 75 percent of the costs of tuition for cybersecurity or election administration training for state and local election officials, along with their employees.
The Election Assistance Commission (EAC) would oversee the grant program, with EAC employees also eligible to receive funding for training.
Read more about the legislation here.
BILL TO ‘SAVE NEWS’: A bill that would allow news outlets to bargain with tech platforms over the distribution of their content was reintroduced in both chambers by a bipartisan group of lawmakers Wednesday.
The Journalism Competition and Preservation Act is being touted as a way to “save local news” and comes as lawmakers push forward with broader efforts to rein in the market power of the top tech companies.
It follows the passage of an Australian law late last month that forces tech giants to pay publishers for content and subjects the tech companies to mandatory price arbitration if a deal cannot be reached.
The Journalism Competition and Preservation Act would not go quite as far as the Australian approach, but it would establish a temporary four-year safe harbor from antitrust laws for news outlets that allows publishers to negotiate collectively with the digital content distributors, such as Google and Facebook.
The reintroduction of the bill comes ahead of two antitrust hearings this week, one in the Senate on Thursday and one in the House the following day.
Read more about the legislation.
FIRST PRIVACY BILL: Rep. Suzan DelBene (D-Wash.) on Wednesday reintroduced legislation Wednesday aimed at creating a national standard for data privacy.
The Information Transparency and Personal Data Control Act is the first consumer privacy bill introduced this Congress and comes shortly after Virginia passed its own state-level standard.
“Data privacy is a 21 st Century issue of civil rights, civil liberties, and human rights and the U.S. has no policy to protect our most sensitive personal information from abuse,” DelBene said in a statement.
The legislation would require businesses to get affirmative consent from users before sharing their sensitive information, like financial account numbers, health information or SSNs.
It would also let users opt-out of the collection of other nonsensitive data.
Businesses would be obligated to tell users if and why their info is being used and maintain privacy policies written in “plain language.”
The legislation would also expand the Federal Trade Commission’s authority to enforce the new law and increase the agency’s funding and staffing.
PORTAL PROBLEMS: Local governments and technology companies are scrambling to fix the glitch-filled registration portals that have slowed down the distribution of the coronavirus vaccine.
Washington, D.C.’s sign-up system has attracted significant attention over its failures. For several weeks in a row, residents have been greeted with glitches, failed captcha codes and system errors when trying to schedule appointments to get a potentially life-saving dose.
“The failures in D.C.’s vaccine distribution system have been painful for our residents,” D.C. Councilmember Janeese Lewis George (D) told The Hill.
D.C.’s vaccine portal is not unique in its technical failures. But across the country, there are signs of improvement as new systems launch and volunteers step up. Government officials see signs of hope just in time for more vaccines to become available and states to lower eligibility requirements.
CLEARVIEW’S LATEST CHALLENGE: Progressive activist groups are suing the facial recognition company Clearview AI in California over allegations that it obtained photos for its database in violation of the state’s laws.
Mijente, NorCal Resist and local activists filed the lawsuit against Clearview on Tuesday in Alameda County Superior Court. The suit seeks to stop the company from collecting data in the state and delete any facial scans or personal data of Californians already obtained in Clearview’s databases.
The lawsuit states Clearview has “the most dangerous facial recognition database in the nation,” and accuses it of “illicitly collecting” the billions of photographs “of unsuspecting individuals.”
Floyd Abrams, an attorney for Clearview, said in a statement the company “complies with all applicable law and its conduct is fully protected by the First Amendment.”
The attorneys representing the activists, though, said Clearview’s data collection is in violation of California’s constitution.
“Privacy is enshrined in the California constitution, ensuring all Californians can lead their lives without the fear of surveillance and monitoring,” Sejal Zota, a lead attorney in the case, said in a statement.
THE KIDS ARE (DEFINITELY NOT) ALRIGHT: A new report released Wednesday found that K-12 schools in the United States experienced a “record-breaking” number of cyber incidents during 2020 as classes moved online and hackers moved in on vulnerable targets in the midst of the COVID-19 pandemic.
The report, put together by the K-12 Cybersecurity Resource Center, tracked 408 cybersecurity incidents that hit K-12 institutions over the past year, an 18 percent increase from 2019 and an average of two cyberattacks per school day aimed at the nation’s education system.
These attacks included ransomware attacks, in which a hacker holds a network for ransom, data breaches of student and teacher private data, and class intrusions such as “Zoombombing,” which plagued online classes during the pandemic.
The report was rolled out as part of a virtual conference on Wednesday, at which Rep. Jim Langevin (D-R.I.) announced he would reintroduce legislation previously rolled out last year with Rep. Doris Matsui (D-Calif.) that would provide resources to help protect K-12 institutions from cyberattacks.
Read more about the report here.
SLOWING DOWN: Russia announced Wednesday that it is slowing down Twitter’s upload speeds over what it says is a refusal by the social media platform to remove banned content.
Russia’s Federal Communications, Information Technology, and Mass Communications Oversight Service, also known as Roskomnadzor, also threatened to block Twitter completely if it did not concede to the Kremlin’s demands for the content to be taken down.
Roskomnadzor alleged that Twitter has not taken down more than 3,000 posts containing the banned content, including information regarding drugs, child pornography and encouraging suicide among minors. The slowdown will impact all mobile devices and 50 percent of desktop computers in Russia.
Lighter click: The truth comes out
An op-ed to chew on: Congress’s latest hacking investigation should model its most recent
NOTABLE LINKS FROM AROUND THE WEB:
For Creators, Everything is for Sale (New York Times / Taylor Lorenz)
FBI warns malicious actors are plotting to use deepfakes in cyber, influence operations (CyberScoop / Shannon Vavra)
Gab’s CEO Courted Prominent Anti-Semites for His Site (MotherJones / Ali Breland)
The Next Frontier of the NFT Gold Rush: Your Tweets (Wired / Kate Knibbs)
Copyright 2023 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed. Regular the hill posts
Testing Video
ASR RAW Boys Lacrosse: Coronado 8, Poway 6
