Hillicon Valley — The race to report cyber breaches
Today is Friday. Welcome to Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Subscribe here: digital-stage.thehill.com/newsletter-signup.
Follow The Hill’s cyber reporter, Maggie Miller (@magmill95), and tech team, Chris Mills Rodrigo (@millsrodrigo) and Rebecca Klar (@rebeccaklar_), for more coverage.
A group of key bipartisan senators announced they were putting forward an amendment to the upcoming annual defense bill that would give critical infrastructure groups 72 hours to report major cyber incidents, following negotiations and pushback from industry over the specific timeline.
In other Senate news, a bill aimed at limiting tech giants from making acquisitions that harm competition was introduced by Sens. Amy Klobuchar (D-Minn.) and Tom Cotton (R-Ark.). The bill is a companion to a proposal that advanced in the House Judiciary Committee in June.
Let’s jump in.
Three days to save the world
A bipartisan group of senators are moving to insert a provision into the upcoming annual National Defense Authorization Act (NDAA) that would give certain critical infrastructure groups 72 hours to report major cyber incidents to the government.
Ransomware element: The amendment, announced Thursday night, would also give critical infrastructure groups, non-profit organizations, state and local governments, and certain businesses 24 hours to report payments made to hackers due to a ransomware attack.
The reports on the incidents and payments would both go to the Cybersecurity and Infrastructure Security Agency (CISA) as part of an effort to give the government greater transparency into the state of the nation’s cybersecurity following a year of escalating attacks.
The amendment is sponsored by Senate Homeland Security and Governmental Affairs Committee Chairman Gary Peters (D-Mich.), ranking member Rob Portman (R-Ohio), Senate Intelligence Committee Chairman Mark Warner (D-Va.) and Sen. Susan Collins (R-Maine).
Negotiation: The amendment is the result of negotiations between the senators: Peters and Portman introduced legislation in September proposing the 72-hour timeline, while Warner, Collins and all but three other members of the Senate Intelligence Committee introduced a separate bill in July laying out a 24-hour timeline.
Industry groups have pushed back against the 24 hour reporting requirement, arguing that this did not give them enough time to assess incidents and limit reporting less major incidents.
Taking on tech mergers
A bipartisan bill that aims to limit tech giants from making acquisitions that harm competition or reduce consumer choice was introduced in the Senate Friday.
The backers: Sens. Amy Klobuchar (D-Minn.) and Tom Cotton’s (R-Ark.) proposal is a companion bill to one that advanced out of the House Judiciary Committee with bipartisan support in June, and is the latest that Klobuchar, the chair of the Senate Judiciary antitrust subcommittee, has introduced with GOP support that targets the market power of tech giants.
The bill, known as the Platform Competition and Opportunities Act, would give antitrust enforcers stronger authority to stop acquisitions by dominant platforms that primarily serve to kill competitive threats.
The proposals: It would also shift the burden onto dominant platforms to demonstrate that a merger is not anticompetitive.
The proposal comes as regulatory agencies are taking on the market power of tech giants. But critics argue antitrust enforcers are ill equipped with outdated laws.
DOCTORS ASK FACEBOOK FOR TRANSPARENCY
Hundreds of health care professionals are urging Facebook to disclose data on the breadth of COVID-19 disinformation on the platform, piling onto the criticism the social media giant has faced in recent weeks after a whistleblower leaked internal company documents.
The health care workers underscored the importance of combating false claims after the vaccine became available to younger children.
“We simply cannot afford another deadly round of covid and vaccine misinformation,” they wrote in a letter Thursday to the company, now under the parent name Meta.
“All of us — including technology platforms like Facebook — have a moral and civic duty to limit the spread of health disinformation,” the letter continues.
The Doctors For America letter was signed by more than 500 health care professionals, including medical professors at New York University, Columbia University and Johns Hopkins Medicine.
BITS AND PIECES
An op-ed to chew on: To avoid virtual anarchy, we must move cautiously and fix things
Lighter click: Friendly reminder
Notable links from around the web:
Inside Facebook’s decision to eliminate facial recognition–for now (The Washington Post / Elizabeth Dwoskin)
Hackers apologize to Arab royal families for leaking their data (Vice Motherboard / Lorenzo Franceschi-Bicchierai)
Why do so many ex-Facebookers stay silent? (Protocol / Michelle Ma)
One last thing: Good first step
A group of House Democrats on Friday applauded the Biden administration for blacklisting key companies involved in cyber espionage efforts, including Israeli company NSO Group, but called on the White House to go further and consider imposing sanctions to limit this activity.
Their concerns came days after the Commerce Department announced the addition of NSO Group and three other international companies to its “entity list,” effectively blacklisting them.
While NSO Group has pushed back against charges that its Pegasus software poses a threat, it has been accused of providing spyware that various foreign governments have used to target thousands of dissidents, journalists, human rights advocates, and others.
Reps. Tom Malinowski (D-N.J.), Anna Eshoo (D-Calif.), Katie Porter (D-Calif,) and Joaquin Castro (D-Texas) put out a joint statement Friday describing the entity listing as a “victory for human rights,” particularly following a previous action by the Commerce Department last month to crackdown on the sale of hacking products.
The same group of House Democrats previously pressed the Biden administration to establish a sanctions regime against individuals and groups selling tools like Pegasus to foreign governments. They reiterated their call for action on Friday.
That’s it for today, thanks for reading. Check out The Hill’s technology and cybersecurity pages for the latest news and coverage. We’ll see you Monday.
Copyright 2023 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed. Regular the hill posts