Overnight Cybersecurity: House Intel votes to release Russia report | Lawmakers demand Zuckerberg testify | Senators unveil updated election cyber bill

View in your browser       Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...   THE BIG STORIES: --HOUSE INTEL VOTES TO RELEASE RUSSIA REPORT: The House Intelligence Committee on Thursday voted along party lines to release its controversial, Republican-authored report on Russian interference in the 2016 presidential election, bookending a year of contentious committee infighting. The report will not immediately be made public. It must first be sent to the intelligence community for a declassification review. Democrats are outraged by the end of the investigation, which they say was premature and done to protect the White House from scrutiny. The minority is in the process of preparing its own views to be appended to the Republican report, according to Democratic Rep. Jim Himes (Conn.). That document, which the minority has until Monday night to complete under committee rules, will also have to go through the declassification process. The Republican report and the dissenting minority views will be submitted together. The top Republican leading the investigation, Rep. Mike Conaway (Texas), said they expect that review to be completed in two weeks, so the report can be made public after Congress's two-week Easter recess. The report is now pushing 250 pages, he said, up from a 150-page draft. According to a summary of the report released on Thursday, Republicans will assert that they found no evidence of collusion between the Trump campaign and Moscow. The report will also claim that the tradecraft behind an official U.S. intelligence community assessment that Russian President Vladimir Putin showed a "preference" for Donald Trump during the race was not "proper." In fact, the summary claims, "possible Russian efforts to set up a 'back channel' with Trump's associates after the election suggest the absence of collusion during the campaign, since the communication associated with collusion would have rendered such a 'back channel' unnecessary." To read more from our piece, click here.   --THE LATEST: HOUSE PANEL DEMANDS ZUCKERBERG TESTIMONY: Top lawmakers on the House Energy and Commerce Committee are calling for Facebook chief executive Mark Zuckerberg to testify before the panel over the Cambridge Analytica controversy. Committee Chairman Greg Walden (R-Ore.) and Rep. Frank Pallone Jr. (D-N.J.), the panel's ranking member, said in a statement Thursday that they want Zuckerberg to appear before the committee. They join a growing chorus of lawmakers who are pushing for the Facebook CEO to testify on Capitol Hill following new revelations regarding the social media platform's handling of sensitive user data. Along with Republicans like Sens. Jerry Moran (Kan.) and John Kennedy (La.) and Democrats like Sens. Amy Klobuchar (Minn.) and Ed Markey (Mass.), the pair wants Zuckerberg to explain how Cambridge Analytica, a firm used by the Trump campaign during the 2016 presidential race, improperly obtained data from 50 million Facebook users. "After committee staff received a briefing yesterday from Facebook officials, we felt that many questions were left unanswered," Walden and Pallone said in a joint statement. "Mr. Zuckerberg has stated that he would be willing to testify if he is the right person. We believe, as CEO of Facebook, he is the right witness to provide answers to the American people," they said. They said in the statement that a formal letter will be sent to Zuckerberg "in the coming days." Zuckerberg said during a media blitz on Wednesday night that he is open to testifying before Congress, but only if he is the correct person at Facebook to do so. To read more from our piece, click here.   SOME LEGISLATIVE UPDATES: --SENATORS UNVEIL REVISED ELECTION SECURITY BILL: A bipartisan group of senators on Thursday unveiled revised legislation to secure U.S. voting systems from cyberattack. The bill, originally introduced in December, retains its original tenets, including authorizing grants for states to replace outdated voting systems with more secure technology. However, it contains several revisions that appear designed to address individual states' concerns with the bill. The new bill, like its predecessor, aims to address future threats to voter registration databases and other systems following Russian interference in the 2016 presidential vote. The Department of Homeland Security has said that Russian hackers tried to break into election systems in 21 states before the election, as part of a broader interference plot. In one case, hackers successfully breached a voter registration database in Illinois. Sen. James Lankford (R-Okla.), a lead cosponsor of the "Secure Elections Act" bill, said Thursday that the revised version "adequately helps the states prepare our election infrastructure for the possibility of interference from not just Russia, but possibly another adversary like Iran or North Korea or a hacktivist group." With the revisions, the bill now has the support of Senate Intelligence Committee leaders Richard Burr (R-N.C.) and Mark Warner (D-Va.). Specifically, the bill aims to streamline information sharing between federal and state election officials, revise the delivery of security clearances to state officials to view sensitive cyber threat information related to elections and provide aid to states to bolster the security around digital election infrastructure. However, the new bill modifies the reporting requirements for state election officials to share information about suspected cybersecurity incidents with the federal government. It says that states should provide the notification "in the most expedient time possible" but drops the original mandate that states share the information within three calendar days. The revised bill also says that local jurisdictions are eligible for federal grants to boost security around digital voting infrastructure. States, which are responsible for administering elections, have voiced concerns about some efforts by the federal government to bolster election security, fearing it would mean a federal takeover. The lawmakers reintroduced the bill one day after the Senate Intelligence Committee held an open hearing on election security, during which several senators voiced the need for federal officials to tackle the issue with more urgency ahead of the 2018 midterm elections. To read more from our piece, click here.   --HOUSE PASSES OMNIBUS: The House easily passed a $1.3 trillion spending package on Thursday, sending legislation to the Senate that would prevent a shutdown and deliver the largest federal spending increase in years. Lawmakers approved the bill in a 256-167 vote on Thursday, with majorities in each caucus backing the measure. Ninety Republicans and 77 Democrats voted against the bill. A large number of conservative Republicans were among those voting no over the measure's massive price tag and lack of transparency in the bill-writing process. Among the cyber-related provisions, the bill includes a provision to allow law enforcement to search and seize data stored overseas, potentially canceling a case now before the Supreme Court. The bipartisan Clarifying Lawful Overseas Use of Data, or CLOUD, Act, led by Rep. Doug Collins (R-Ga.) in the House and Sen. Orrin Hatch (R-Utah) in the Senate, allows investigators to obtain electronic data stored anywhere in the world by technology firms. The omnibus appropriations bill also includes $380 million that the U.S. Election Commission can dole out in cybersecurity grants for states to secure digital voting infrastructure. Ahead of the House vote Thursday, state officials urged lawmakers to pass the bill, expressing support for the election security funds. "There is no higher priority than protecting our election systems," said Indiana Secretary of State Connie Lawson (R), the current president of the National Association of Secretaries of State (NASS). Lawson, like many other secretaries of state, serves as the chief election official for her state. Lawson said she looks forward to investing the funds "in system upgrades, voting protections, and voter education." Vermont Secretary of State Jim Condos (D), president-elect of NASS, told The Hill that his state would look to use the funds to implement a range of security measures, such as additional penetration testing of state systems and enabling two-factor authentication for town clerks who access part of the state voter registration database. He noted that Vermont has already taken a number of steps to secure its systems.  "We will look at how we can ramp up even more security," Condos said.  The funding measure is now in the Senate's hands.  To read more from our coverage, click here, here and here.   A REPORT IN FOCUS:  CRYPTO MINING, RANSOMWARE AMONG 2017 CYBER THREAT TRENDS: Cybersecurity firm Symantec released its annual threat report on Thursday, highlighting a number of emerging trends in cyberspace. For one, the report explores the "explosion" of malicious cryptocurrency coin mining, in which hackers mine cryptocurrencies like Monero using victims' computer processing power to generate a profit. The report notes that cyber criminals seem to primarily be targeting computers to mine cryptocurrencies but are also turning to the Internet of Things (IoT) to fuel their operations. Symantec observed a whopping 600 percent surge in cyberattacks in these internet-connected devices in 2017 over the previous year. The cyber firm also observed a decline in average ransom demands in attacks; the average demand in 2017 was $522, roughly half the average for the previous year. At the same time, the number of ransomware variants increased by nearly 50 percent last year. Symantec also says in the report that cyber activity related to "targeted attack groups" increased by 10 percent last year and was largely tied to intelligence gathering operations. To check out the full report, click here.   A LIGHTER CLICK:  Digital …. athletes? (Technology Review)   WHAT'S IN THE SPOTLIGHT:  TRUMP'S CHINA TARIFFS: President Trump on Thursday announced he plans to slap tens of billions of dollars in tariffs and penalties on imports from China to try to curb what he described as its efforts to steal intellectual property from U.S. companies. The president signed a memorandum directing the Office of the U.S. Trade Representative (USTR) and the Treasury Department to launch a broad range of actions against China. During an event at the White House, Trump said that imposing tariffs on China is "going to make us a much stronger, much richer nation." The president called China a "friend" but demanded the world's second-largest economy adopt more favorable trade practices with the U.S. "We want reciprocal, mirror," he said. "If they charge us, we charge them the same thing. That's the way it's gotta be." Trump said the tariffs "could be about $60 billion," hours after his own advisers said the number would be closer to $50 billion. The memorandum is a result of a Section 301 investigation launched in August that found that China's theft of U.S. intellectual property is costing the U.S. economy billions of dollars. "This is the first of many," Trump said as he signed the memorandum. Trump will ask U.S. Trade Representative Robert Lighthizer to consider whether the actions by China should result in increased tariffs on their imports. Within 15 days, the USTR is expected to publish a proposed list of products and recommended tariff increases for public comment. The memo issued by Trump on Thursday specifically calls out China for conducting and supporting "unauthorized intrusions into, and theft from, the computer networks of U.S. companies," despite an Obama-era agreement in which the U.S. and China agreed to not support cyber-enabled intellectual property theft against businesses in each others' borders. "These actions provide the Chinese government with unauthorized access to intellectual property, trade secrets, or confidential business information, including technical data, negotiating positions, and sensitive and proprietary internal business communications, and they also support China's strategic development goals, including its science and technology advancement, military modernization, and economic development," the memo says. To read more from our piece, click here.   IN CASE YOU MISSED IT: Links from our blog, The Hill, and around the Web. Five takeaways from Mark Zuckerberg's media blitz. (The Hill) Mozilla stops Facebook ads amid data privacy concerns. (The Hill) OP-ED: Facebook is complicit, not a victim, in the abuse and misuse of personal data. (The Hill) Former Pentagon cyber official argues that cyber defense isn't enough. (Foreign Affairs) Computer systems belonging to the City of Atlanta are grappling with a cyberattack. (CBS 46) A guide to Facebook's privacy settings. (Wired) If you'd like to receive our newsletter in your inbox, please sign up here.           Did a friend forward you this email? Sign up for Cybersecurity Newsletters     Forward Cybersecurity Newsletters       Privacy Policy  |  Manage Subscriptions  |  Unsubscribe  |  Email to a friend  |  Sign Up for Other Newsletters   The Hill 1625 K Street, NW 9th Floor, Washington DC 20006 ©2016 Capitol Hill Publishing Corp., a subsidiary of News Communications, Inc.