Hillicon Valley — TSA cyber mandates draw pushback
Today is Thursday. Welcome to Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Subscribe here: digital-stage.thehill.com/newsletter-signup.
Follow The Hill’s cyber reporter, Maggie Miller (@magmill95), and tech team, Chris Mills Rodrigo (@millsrodrigo) and Rebecca Klar (@rebeccaklar_), for more coverage.
Representatives from the aviation, rail and other sectors used a House hearing Thursday to rally against specific portions of proposed security directives from the Transportation Security Administration (TSA), which the agency is working on as part of efforts to shore up cybersecurity of critical infrastructure groups.
Elsewhere, Facebook is increasingly coming under pressure to address the spread of climate misinformation on its platform, and the State Department announced a massive bounty for information on the hackers behind the ransomware attack on Colonial Pipeline.
Let’s jump in.
Industry wades into cyber mandate debate
Officials representing key transportation sectors including rail and aviation on Thursday made clear that proposed cybersecurity reporting mandates and other federal cyber efforts aimed at beefing up security are not what is needed to defend against increasing attacks.
In the pipeline: Their concerns were voiced as the Transportation Security Administration (TSA) works to develop and roll out security directives for the rail and aviation sectors that would lay down timelines for required reporting of cyber incidents, among other security steps.
“There is not a problem with reporting and mandates for reporting, the problem becomes what are we reporting,” Michael Stephens, general counsel and executive vice president of Tampa International Airport, testified to the House Transportation and Infrastructure Committee on Thursday.
“Part of the TSA proposed guidance that we have been providing comments to is very, very broad-based in terms of what is being required to be reported, and information just for the sake of information is not necessarily a good thing, because it leads to information overload and white noise, and a lot of times it’s ignored,” Stephens said.
Aviation not alone: The Association of American Railroads (AAR), which represents companies including the National Railroad Passenger Corporation, or Amtrak, has been vocal about its concerns around the proposed TSA security directives since Homeland Security Secretary Alejandro Mayorkas announced they were in the works last month.
Thomas Farmer, assistant vice president of security at AAR, testified Thursday that he is worried that without a clear definition of what a security incident was, “noise” would be created by too much reporting.
Climate misinformation in the spotlight
Facebook is facing mounting pressure from advocacy groups to weed out climate misinformation on its platform and be more transparent about the extent of the false or misleading claims.
What environmental groups say: A pair of reports released this week amid the United Nations climate summit in Glasgow found scores of accounts spreading climate misinformation and raised questions about the tech giant’s efforts to combat such content.
“Facebook is not solely responsible for climate misinformation existing, but it’s definitely amplifying the problem and a possible bigger problem down the line and doing nothing about it,” said Sean Buchanan, author of a Stop Funding Heat report published Thursday.
That report, along with another on the topic from the Center for Countering Digital Hate (CCDH) published earlier in the week, were unveiled as global leaders gathered at the U.N. summit to discuss new efforts to address climate change.
The Stop Funding Heat report, released in partnership with the group Real Facebook Oversight Board, estimated an average range of between 818,000 and 1.36 million daily views of climate misinformation, citing data from monitoring platform CrowdTangle.
Authors found just 3.6 percent of climate misinformation identified on the platform had a fact-checking label applied.
Researchers studied 195 pages and groups identified as spreading climate misinformation, including 41 “single issue” groups and 154 that posted on a wider range of topics. The study focused on posts between January and August.
Facebook’s response: Facebook pushed back on the report’s findings and questioned the methodology used. A company spokesperson said the report seems to take a broader view of misinformation, and the platform’s fact checkers review content that contains a verifiable claim.
BAD NEWS FOR BEZOS
A federal judge ruled against Blue Origin, the space expedition company owned by Amazon founder Jeff Bezos, in a case seeking to overturn NASA’s lunar lander contract with rival company SpaceX.
Thursday’s decision, which was sealed, means that NASA will be allowed to move forward in their work with Elon Musk’s SpaceX to send astronauts to the moon for the first time since 1972, according to The Washington Post.
The space agency said it planned to resume work with SpaceX “as soon as possible,” according to a statement issued Thursday.
“NASA continues working with multiple American companies to bolster competition and commercial readiness for crewed transportation to the lunar surface,” the statement added.
A Blue Origin spokesperson said its lawsuit “highlighted the important safety issues” that “must still be addressed” noting that the company looked forward “to hearing from NASA on next steps.”
NOT SO FAST
AT&T and Verizon have agreed to postpone their planned 5G spectrum launch as the Federal Aviation Administration (FAA) looks into potential interference with key cockpit safety systems, The Wall Street Journal reported.
AT&T confirmed in a statement that it has agreed to halt its planned 5G rollout until Jan. 5 at the request of the Department of Transportation (DOT).
Sources told the Journal that Verizon agreed to postpone the launch of its new 5G wireless spectrum as well.
“It is critical that these discussions be informed by the science and the data,” AT&T said in a statement. “That is the only path to enabling experts and engineers to assess whether any legitimate coexistence issues exist.”
Both AT&T and Verizon have spent billions to purchase licenses for airwaves suitable to 5G, which is far faster than existing 4G technology.
Big money on the line
The State Department on Thursday announced a $10 million reward for anyone who can provide information on leaders of the cyber criminal group that launched a ransomware attack on Colonial Pipeline in May, which temporarily crippled gas supply for several states.
The reward is being issued for information on the identity and location of leads of the DarkSide ransomware variant cyber criminal group, which is believed to be based in Russia, and an additional $5 million reward for information on individuals looking to participate in a DarkSide ransomware attack.
“In offering this reward, the United States demonstrates its commitment to protecting ransomware victims around the world from exploitation by cyber criminals,” State Department spokesperson Ned Price said in a statement.
DarkSide was forced offline shortly after the Colonial Pipeline attack due to a reported law enforcement operation.
MORE ARRESTS COMING SOON
Deputy Attorney General Lisa Monaco said the U.S. should expect to see a crackdown on ransomware attacks and cyber crime as the Department of Justice (DOJ) ramps up its efforts in the area.
Monaco told The Associated Press during an interview this week that the U.S. is going to see an increase in arrests of individuals and seizures of ransom payments linked to cyber crimes that have affected the country.
“In the days and the weeks to come, you’re going to see more arrests, more seizures, and you’re going to see more operations like we did last week,” Monaco said, referring to the extradition of an alleged Russian cyber criminal actor who was hiding in South Korea to face charges in the U.S.
She said the message the Justice Department is trying to spread is that “if you come for us, we’re gonna come for you.”
BITCOIN IN THE BIG APPLE
New York City Mayor-elect Eric Adams (D) announced on Twitter Thursday he will be taking his first three payments as mayor in Bitcoin.
“In New York we always go big, so I’m going to take my first THREE paychecks in Bitcoin when I become mayor,” Adams tweeted.
“NYC is going to be the center of the cryptocurrency industry and other fast-growing, innovative industries! Just wait!” he added.
Adams won the city’s mayoral election on Tuesday, beating his Republican opponent Curtis Sliwa. He will replace Mayor Bill de Blasio (D), who was not able to run for office again because of term limits.
BITS AND PIECES
An op-ed to chew on: Remote control: Who’s in charge of your media life?
Notable link:
What Red Flags? Elizabeth Holmes Trial Exposes Investors’ Carelessness (The New York Times / Erin Griffith)
One last thing: US blacklisting makes waves
The Commerce Department’s decision to blacklist Israeli company NSO Group made waves on Wednesday across the spyware industry, placing a spotlight on firms profiting off foreign governments surveilling dissidents.
NSO Group is a key provider of the spyware foreign governments have used for years to go after journalists, academics and others raising concerns about regimes, and marks a turning point in the nation’s approach to human rights in cyberspace.
“This sends a really powerful signal,” James Lewis, senior vice president and director of the Center for Strategic and International Studies’ Strategic Technology Program, told The Hill. “This is not going to go away, because there is too much demand for it…but it sends a powerful message.”
NSO Group was added to the Commerce Department’s “entity list” Wednesday along with Israeli group Candiru, Russian group Positive Technologies and Singapore’s Computer Security Initiative Consultancy, over concerns around their involvement in malicious cyber activity.
The NSO Group has become a poster child in recent years for increasing concerns around cyber surveillance. The company’s Pegasus spyware is able to hack phones to steal information, turn on cameras, record calls, and other activities, often without the user knowing.
That’s it for today, thanks for reading. Check out The Hill’s technology and cybersecurity pages for the latest news and coverage. We’ll see you Friday.
{mosads}
Copyright 2023 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed. Regular the hill posts
Video/Hill.TV
The Hill Podcasts
