Today is Wednesday. Welcome to Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Subscribe here: digital-stage.thehill.com/newsletter-signup.
Meanwhile, a top Justice Department official also announced new cybersecurity initiatives, including a program to go after federal contractors that don’t report breaches, and a bipartisan Senate bill to require mandatory cyber reporting for many groups moved forward amid debate over details.
Follow The Hill’s cyber reporter, Maggie Miller (@magmill95), and tech team, Chris Mills Rodrigo (@millsrodrigo) and Rebecca Klar (@rebeccaklar_), for more coverage.
Let’s jump in.
More cyber regulations on the way
The Transportation Security Administration (TSA) will soon issue regulations to further secure rail transit and airline companies against cyber threats, Homeland Security Secretary Alejandro Mayorkas announced Wednesday.
“To strengthen the cybersecurity of our railroads and rail transit, TSA will issue a new security directive this year that will cover higher-risk railroad and rail transit entities,” Mayorkas, whose agency includes TSA, said during a virtual address at the Billington Cybersecurity Summit.
According to Mayorkas, the directive will require these groups to “identify a cybersecurity point person” charged with reporting cybersecurity incidents to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), along with establishing “contingency and recovery plans” in the case of cyberattacks.
Aviation involved too: In addition, Mayorkas announced that TSA will also issue regulations to shore up cybersecurity in the aviation sector.
“TSA will require critical U.S. airport operators, passenger aircraft operators, and all cargo aircraft operators to designate a cybersecurity coordinator and report cyber incidents to CISA,” Mayorkas said. “TSA will expand the covered entities gradually to other relevant entities and consider additional measures over time.”
Rules already in place: The new rules come after TSA earlier this year issued two security directives to secure pipelines against cyberattacks following the devastating ransomware attack on Colonial Pipeline in May, which led to temporary fuel shortages in multiple states.
Read more about the pending security directives here.
A MESSAGE FROM AEP
Nine-in-Ten Voters in Key Frontline Districts Support Candidates Who Ensure U.S. Tech Remains Globally Competitive
A new survey released by Ipsos in partnership with the American Edge Project (AEP) shows that voters in frontline districts want their elected officials to focus on issues of national security, jobs, and health care as opposed to breaking up tech companies.
DOJ also moving in on cybersecurity threats
The Department of Justice (DOJ) said Wednesday it will go after federal contractors that fail to report cybersecurity incidents to the U.S. government.
“Today, we are launching a Civil Cyber Fraud Initiative,” Deputy Attorney General Lisa Monaco said at the virtual Aspen Institute Cyber Summit. “For too long, companies have chosen silence under the mistaken belief that it’s less risky to hide a breach than to bring it forward and to report it. Well, that changes today.”
Money on the line: Monaco said the initiative will allow the Justice Department to use its authorities under the False Claims Act to fine government contractors that “fail to follow required cybersecurity standards.”
“We are going to go after that behavior and extract very hefty fines, so this is a tool that we have to ensure that taxpayer dollars are used appropriately and to guard the public trust, and that is what we are going to do with respect to this civil fraud initiative,” Monaco said.
She added that protections will be provided to whistleblowers who report violations of federal cybersecurity standards by government contractors.
New effort on crypto: In addition, Monaco on Wednesday announced that the Justice Department will establish a National Cryptocurrency Enforcement Team in an effort to “dismantle” cryptocurrency exchanges that are often used by hackers to facilitate ransomware payments by victims.
INCIDENT REPORTING BILL MOVES FORWARD
The Senate Homeland Security and Governmental Affairs Committee on Wednesday approved legislation to require many companies to both report major cybersecurity breaches and to report making payments related to ransomware attacks.
The committee approved the Cyber Incident Reporting Act, formally introduced last week by committee Chairman Gary Peters (D-Mich.) and ranking member Rob Portman (R-Ohio), by voice vote, with Sens. Rick Scott (R-Fla.), Ron Johnson (R-Wis.) and Rand Paul (R-Ky.) objecting.
The bill would require owners and operators of critical infrastructure groups to report cyber incidents to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours. It would also require critical infrastructure groups, nonprofits, and most medium to large businesses to report making ransomware attack payments within 24 hours.
FACEBOOK SLOWS ITS ROLL
Facebook has slowed down the rollout of new products amid recent blowback garnered by public comments made by a company whistleblower, according to a Wall Street Journal report.
The Journal, citing people familiar with the matter, also reported company executives have paused working on some existing products while the company conducts “reputational reviews” to ensure that the products don’t impact children.
Facebook has come under scrutiny over the past few weeks after the Journal published a five-part series examining how Facebook handled issues like rhetoric around the coronavirus vaccine, and the effects of Instagram on younger users.
A MESSAGE FROM AEP
Ipsos + AEP frontline district poll across 32 districts found that:
There is virtually no constituency for breaking up U.S. tech companies. Despite recent efforts to break up U.S. tech companies, just 14% support such a move, including just 15% of Democrats, 12% of independents, and 12% of Republicans.
Voters believe breaking up tech companies will harm the economy, national security, and small businesses.
The poll results make it clear that policymakers who are pushing misguided tech regulation are out of touch with voters.
TWITCH HACK FALLOUT
Online video game streaming service Twitch suffered a hack on Wednesday that leaked sources codes, user payouts and earnings for streamers, The Wall Street Journal reported.
The hacker who posted the Twitch data onto 4Chan said they did it to hurt the platform’s business, citing the “toxic” gaming community.
“Their community is also a disgusting toxic cesspool, so to foster more disruption and competition in the online video streaming space, we have completely pwned them,” the hacker said in an online chat post.
EXTREMELY NOT OKAY BEHAVIOR
Dubai ruler Sheikh Mohammad bin Rashid Al Maktoum hacked the phone of his ex-wife, Jordan’s Princess Haya, and those of her legal team after she fled to London amid a divorce and custody dispute, a U.K. high court judge has found.
Judge Andrew McFarlane said that the findings “represent a total abuse of trust, and indeed an abuse of power, to a significant extent.”
The phone numbers for Princess Haya — half-sister of Jordan’s King Abdullah — and members of her legal and security teams, were among those found on a list of 50,000 numbers targeted by Pegasus spyware.
The military-grade spyware, licensed by the Israeli firm NSO Group, were used in attempts to hack into smartphones belonging to thousands of world leaders, activists and journalists, according to an investigation released in July by The Washington Post and 16 media partners.
ZUCKERBERG IN THE HOT SEAT…AGAIN
The NAACP is reportedly calling for a meeting with Facebook CEO Mark Zuckerberg, citing concerns of hate speech on the social media platform.
The move by the civil rights organization comes after former Facebook employee and whistleblower Frances Haugen told a Senate subcommittee Tuesday that a study showed the company had only taken action on 3 to 5 percent of hate speech on the platform.
“Vaccine hesitation, political violence and white supremacy are rampant,” NAACP President and CEO Derrick Johnson said in a statement, according to Bloomberg News, referring to the statistic. “Profiting on hate and disinformation is sickening and evil.”
BIG INVESTMENT
Google announced plans on Wednesday to invest $1 billion in Africa over the next five years in an effort to bolster internet access and to fund startups focused on the continent’s digital transformation.
The search engine giant, a unit of Alphabet Inc., launched the Africa Investment Fund, which will invest $50 million in startups and provide those companies with access to Google employees, its network and other technologies.
THE TREND STOPS HERE
Teachers are being warned about a viral TikTok challenge that is encouraging students to slap teachers on camera.
The California Teachers Association (CTA) issued a warning on Tuesday titled “When Social Media Trends Become Assault.”
The notice said that the challenge doesn’t “appear to have caught on widely” yet, but noted that there was already one instance in South Carolina. The association referenced a Newsweek report about an elementary student who struck a teacher in the back of the head.
BITS AND PIECES
An op-ed to chew on: Is the government up the task of regulating Facebook?
Lighter click: It’s gonna be a classic
Notable links from around the web:
What’s the Point of 15-Minute Grocery Delivery? (Motherboard / Aaron Gordon)
How AT&T helped build far-right One America News (Reuters / John Shiffman)
The Verge’s 2021 Tech Survey (The Verge / Elizabeth Lopatto)
One last thing: Lawmakers want cyber committees
Lawmakers on both sides of the aisle Wednesday argued for the need to establish standalone cybersecurity committees in the House and Senate to address mounting threats and streamline an increasingly bogged down process to approve legislation.
“No committee wants to give up an ounce of its jurisdiction, and cyber is scattered all over the Congress,” Sen. Angus King (I-Maine) said during a panel at the Aspen Institute’s Cyber Summit on Wednesday.
King, a key supporter of cybersecurity legislation in the Senate and a co-chair of the Cyberspace Solarium Commission, noted that in order to get 25 cyber-related amendments into last year’s National Defense Authorization Act (NDAA), clearances from 180 committees, subcommittees and members had to first be obtained.
“It’s just a long slog, if you want to get a bill in somewhere, you’ve got to get clearance from the Republican side, the Democratic side on four or five different committees, that’s just in the nature of the legislative process,” King said.
That’s it for today, thanks for reading. Check out The Hill’s technology and cybersecurity pages for the latest news and coverage. We’ll see you Thursday.
{mosads}