Overnight Cybersecurity: DHS chief eyes new ways to bolster cyber workforce | Dems grill Diamond and Silk | Senate panel approves bill to protect Mueller | Two-thirds of agencies using email fraud tool

View in your browser       Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...   THE BIG STORIES:  --DHS CHIEF FOCUSED ON FILLING WORKFORCE: The head of the Department of Homeland Security (DHS) on Thursday told Congress that the agency continues to look for ways to recruit and retain a skilled cyber workforce, even as the federal government struggles to overcome a shortage of unfilled positions. DHS Secretary Kirstjen Nielsen  told Rep. John Ratcliffe (R-Texas) during a hearing that while the government cannot pay their cybersecurity employees as much as the private industry, they have found they can still attract skilled cyber workers to serve their country if people understand the threat and the mission. The DHS uses the National Initiative for Cybersecurity Education framework to help "identify the unique skill sets" the agency needs to hire. But she said the agency also is working to help "folks in the community understand the mission." And to boost the training their cyber workforce receives, Nielsen pointed to pilot programs they have with the private industry that help cross-train government and private sector employees. "So we can both benefit from that experience," she added. The bottom line: Lawmakers have long pressed agency officials on workforce and recruitment issues. And while the government has long confronted the challenge of training and then retaining skilled employees, the demand for skilled cyber specialists continues to grow. This month, Cybersecurity Ventures predicted that by 2021 there will be 3.5 million unfilled cybersecurity positions, a 1 million-position jump from the empty desks it reported in 2014. To read more from our piece, click here.   --DIAMOND AND SILK ON THE HILL: Democrats clashed with conservative YouTube megastars Lynnette Hardaway and Rochelle Richardson -- better known as "Diamond and Silk" -- over alleged social media bias against them during a congressional hearing on Thursday. Rep. Jerrold Nadler (D-N.Y.), the top Democrat on the House Judiciary Committee, bashed the entire premise of the hearing during his remarks. "[Republicans] have prioritized this spectacle over every other kind of conversation we should be having today and we should have been having for the past year," Nadler said. The New York lawmaker said that claims that YouTube personalities had been censored or discriminated against by the social media platforms didn't stand up to any scrutiny, nor did broader claims of conservative bias. "Diamond and Silk's tremendous reach and growth is evidence that they haven't been censored," he said. During their questioning, the duo fired back, charging Democrats with being biased themselves. "If the shoe was on the other foot and Mark Zuckerberg was a conservative and we were liberals. All fences and chains would have broke loose," Hardaway said. They received quite a bit of pushback. Lawmakers also questioned Hardaway and Richardson about inconsistencies in their testimony. Hardaway and Richardson repeatedly claimed that they had been censored by Facebook, relaying their accounts of what they claimed were otherwise-unexplained declines in their viewership numbers and anecdotes from their fans who said that their videos have become harder to find. Richardson also answered "yes" when asked if Diamond and Silk were "blocked" on Facebook, despite being unable to produce any record of this. To read more of our coverage, click here.     A LEGISLATIVE UPDATE:  SENATE PANEL APPROVES BILL TO PROTECT MUELLER: The Senate Judiciary Committee approved legislation on Thursday to protect special counsel Robert Mueller. In a 14-7 vote, the panel approved the bipartisan proposal that deeply divided Republicans on the committee.  With every committee Democrat backing the legislation, only one Republican was needed to secure passage. In the end, four Republicans voted for the bill: Sens. Thom Tillis (N.C.), Lindsey Graham (S.C.), Chuck Grassley (Iowa) and Jeff Flake (Ariz.). Republican Sens. Orrin Hatch (Utah), Mike Lee (Utah), John Cornyn (Texas), Mike Crapo (Idaho), Ben Sasse (Neb.), John Kennedy (La.) and Ted Cruz (Texas) opposed it. The vote marks the first time Congress has advanced legislation to formally protect Mueller from being fired by President Trump, who has railed against him in public and reportedly talked in private of dismissing him. The bill, sponsored by Tillis and Graham (R-S.C.) with Sens. Cory Booker (D-N.J.) and Christopher Coons (D-Del.), would codify Department of Justice regulations that say only a senior Department of Justice official can fire Mueller or another special counsel. It would give a special counsel an "expedited review" of their firing. If a court determines that it wasn't for "good cause," the special counsel would be reinstated. The committee also added new reporting requirements into the bill, including notification when a special counsel is appointed or removed and requiring a report be given to Congress after an investigation wraps up; that report would detail the investigation's findings and prosecution decisions. Sen. Mike Lee (R-Utah) blasted the reporting requirements as "reckless" because it would require a special counsel to hand over the names of individuals whom they decided not to prosecute. But Democrats praised Grassley for being willing to compromise on his amendment, marking a political 180 from as recently as Wednesday, when Democrats were concerned Grassley's amendment could sink the bill. To read more of our piece, click here.   MEANWHILE: Attorney General Jeff Sessions on Thursday defended his decision not to appoint a second special counsel to investigate alleged bias in the Justice Department, saying the current probe into Russia's election meddling has already taken "on a life of its own." Asked by a House Appropriations panel about GOP accusations of surveillance abuse, Sessions told lawmakers that the Robert Mueller probe proved that it was a bad idea to appoint special counsels "willy-nilly." "I do not think we need to willy-nilly appoint special counsels," Sessions said. "As we can see, it can really take on a life of its own." He added that the Department of Justice (DOJ) needs to "be disciplined and stay within our classical procedure and rules" before opening further investigations. To read more of our piece, click here.   A REPORT IN FOCUS:  A new study from email authentication company Valimail finds that 68 percent of federal government agencies have started using an email fraud reporting tool known as the Domain-based Message Authentication, Reporting and Conformance (DMARC). The federal government is "far ahead" of private sector companies in implementing the tool, which allows organizations to report fraudulent emails or, when the strongest setting is enabled, prevent them from reaching a recipient's mailbox entirely. Ninety-three percent of Fortune 500 companies do not use DMARC, according to Valimail. The wide adoption of the tool across the government is largely due to the Department of Homeland Security's decision to require federal agencies and departments operating .gov domains to use DMARC. Homeland Security set a mid-January deadline for departments to start implementing the tool. The Valimail study signals that some agencies have missed that deadline. The study also found that a whopping 14 billion fraudulent email messages are sent worldwide daily--constituting one out of every 20 emails. U.S. media companies have the lowest adoption rate of DMARC, according to Valimail.   A LIGHTER CLICK:  A ballooning...solution? The National Weather Service turns to weather balloons in Alaska. (Technology Review)   WHO'S IN THE SPOTLIGHT:  CIA DIRECTOR NO MORE: The Senate narrowly confirmed CIA Director Mike Pompeo to be secretary of State on Thursday, overcoming steep opposition to his nomination. Senators voted 57-42, just over the simple majority needed for approval by the chamber. Pompeo's confirmation was a virtual lock after Sen. Rand Paul (R-Ky.) reversed his position and said he would support Trump's pick. The announcement came amid an intense pressure campaign by the White House and spared Pompeo the dubious distinction of being the first secretary of State nominee since at least 1925 to fail to win over the Senate Foreign Relations Committee. "After calling continuously for weeks for Director Pompeo to support President Trump's belief that the Iraq war was a mistake, and that it is time to leave Afghanistan, today I received confirmation that Director Pompeo agrees with President Trump," Rand said explaining his decision. But Pompeo's nomination faced historic opposition from Democrats, sparking an unusually partisan confirmation fight for a secretary of State nomination. The cyber angle: As Pompeo takes the reins at State, a big unanswered question is what will he do about the State Department's cyber efforts? His predecessor, Rex Tillerson, weathered criticism from lawmakers in Congress for shuttering the department's Office of Cybersecurity Coordinator as part of a broader reorganization at State. Pompeo was asked about the issue at his confirmation hearing but provided no details on his specific plans. To read more of our coverage, click here.   IN CASE YOU MISSED IT: Links from our blog, The Hill, and around the Web. Dem lawmaker to Diamond and Silk: 'This is a stupid and ridiculous hearing.' (The Hill) EU proposes regulating how web platforms treat businesses. (The Hill) Bannon directed Cambridge Analytica to research discouraging voter turnout, whistleblower says. (The Hill) Uber execs plan to update 'bug bounty' program policies after 2016 data breach. (Reuters) Hackers exploited Internet vulnerabilities to steal Ethereum from popular digital wallet service. (NextGov) It's officially World Intellectual Property Day. (White House) A phishing attack targets 550 million users across the globe. (VadeSecure) If you'd like to receive our newsletter in your inbox, please sign up here.           Did a friend forward you this email? Sign up for Cybersecurity Newsletters     Forward Cybersecurity Newsletters       Privacy Policy  |  Manage Subscriptions  |  Unsubscribe  |  Email to a friend  |  Sign Up for Other Newsletters   The Hill 1625 K Street, NW 9th Floor, Washington DC 20006 ©2016 Capitol Hill Publishing Corp., a subsidiary of News Communications, Inc.