Overnight Cybersecurity: Zuckerberg faces grilling in marathon hearing | What we learned from Facebook chief | Dems press Ryan to help get Russia hacking records | Top Trump security adviser resigning

View in your browser       Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...   THE BIG STORY: FACEBOOK, FACEBOOK, FACEBOOK. Facebook CEO Mark Zuckerberg faced lawmakers on the Senate Commerce and Judiciary Committees on Tuesday in the first of two marathon Capitol Hill hearings. Zuckerberg addressed the company's response to the Cambridge Analytica data controversy, efforts to combat disinformation following Russian interference in the presidential election, among other issues. Some of the big takeaways so far:   --ZUCKERBERG SAYS I'M SORRY: Zuckerberg opened his remarks to the Senate Judiciary and Commerce committees hearings with a contrite tone, apologizing for his company's recent missteps. "It's clear now that we didn't do enough to prevent these tools from being used for harm as well. That goes for fake news, foreign interference in elections and hate speech, as well as developers and data privacy. We didn't take a broad enough view of our responsibility, and that was a big mistake," Zuckerberg said, unilaterally shouldering the responsibility for Facebook's mistakes. "It was my mistake, and I'm sorry. I started Facebook, I run it, and I'm responsible for what happens here," he said. Zuckerberg spent the rest of his remarks detailing previously released details about the Cambridge Analytica scandal including steps his company is taking to improve consumer data.   --FACEBOOK DIDN'T NOTIFY FTC ABOUT LEAK: Zuckerberg told lawmakers that Facebook did not notify the Federal Trade Commission (FTC) about the Cambridge Analytica data scandal when it discovered the issue in 2015. "We had considered it a closed case," Zuckerberg said in response to questions from Sen. Bill Nelson (D-Fla.). Facebook said it told the data firm in 2015 to delete the information it had improperly obtained on millions of users, but only publicly disclosed the issue last month when reports emerged that the company did not delete the data despite being told to do so. The FTC is currently investigating Facebook for possibly violating a 2011 consent decree by allowing Cambridge Analytica to access the data. When asked by Nelson whether he thought Facebook had an "ethical obligation" to notify users whose data had been accessed, Zuckerberg reiterated that the company considered it a "closed case" in 2015. "We considered it a closed case," Zuckerberg said. "In retrospect, that was a mistake."   --FACEBOOK COOPERATING WITH MUELLER PROBE: Zuckerberg told Sen. Patrick Leahy (D-Vt.) that special counsel Robert Mueller has interviewed Facebook employees as part of his investigation into Russian interference. The Facebook CEO also said he "believes" the company may have been served with a subpoena from the special counsel's office. Facebook previously acknowledged that the company handed over information to Mueller on political advertisements purchased by Russia-linked accounts, but there have been few public details of the extent of the social media giant's cooperation in the investigation. "I want to be careful here because our work with the special counsel is confidential," Zuckerberg said Tuesday. "I know that we are working with them."   --ZUCKERBERG DECLINES TO BACK DEM PRIVACY BILL: Sen. Ed Markey (D-Mass.) was not able to pin down Zuckerberg's support for his new privacy legislation that would require internet services to get express consent from users before sharing their information. Though Markey repeatedly tried to frame his inquiry as a yes or no question, Zuckerberg evaded the questioning, only going so far as to say that he liked the concept of increased privacy controls but declining to say whether such standards should be required by law. "Senator, in general I think that principle is exactly right, and I think we should have a discussion about how to best codify that," the Facebook CEO said. Markey grew increasingly frustrated as Zuckerberg gave similar answers about legislation that would offer tougher privacy protections for children online. Key takeaway: Zuckerberg's answers are notable because protections similar to what Markey is proposing will soon be required under EU law. The new regulations, set to go into effect next month, will only apply to European countries, but the CEO has said that Facebook will offer new privacy controls to all of its users.   Check out our live coverage from the hearing, which is still ongoing here.   Zuckerberg is slated to testify before the House Energy and Commerce Committee on Wednesday morning. You can keep up with our coverage tomorrow at TheHill.com     A CAPITOL HILL UPDATE: A group of top House Democrats is appealing to Speaker Paul Ryan (R-Wis.) for help in obtaining records from the Trump administration related to the Russian attacks against 21 state election systems in 2016. The six Democrats, who serve as ranking members of congressional committees, say they are trying to recruit Ryan's help because they've exhausted all their other options. "Our goal is to obtain the documents collected and prepared by our federal agencies about these Russian attacks in order to take concrete steps to prevent them from happening again," they wrote in a letter to Ryan on Tuesday. "Unfortunately we are being blocked by Trump Administration officials who refuse to produce these documents to Congress and by Republican Chairmen who refuse to demand them. These actions create the unfortunate perception that House Republicans do not want to obtain these documents relating to the Russian attacks against state election systems," they added. A top Department of Homeland Security (DHS) official revealed during an appearance on Capitol Hill in June that Russia had targeted election-related systems in 21 states leading up to the 2016 presidential election, while declining to identify which states were impacted for confidentiality purposes. DHS has repeatedly said there is no evidence that any votes were changed. In January, the Democrats recounted in their letter how they pressed DHS for specific information about the affected 21 states, including "the names of the state officials or offices that were notified." The Democrats additionally describe their multiple attempts to wrestle the documents from DHS, saying the law enforcement agency repeatedly produced unsatisfactory responses to their requests. "To our knowledge, the Trump Administration has not provided any Committee in the House of Representatives with these classified documents about Russian-backed attacks against state election systems," they wrote. To read more of our coverage, click here.   A REPORT IN FOCUS: Verizon on Tuesday released its 2018 Data Breach Investigations Report, finding that ransomware continues to dominate the threat landscape. According to the report, ransomware remains the most popular form of malware, showing up in 39 percent of cases analyzed by Verizon. Gabe Bassett, who co-authored the latest iteration of Verizon's breach report, told The Hill that attackers are looking for the "greatest value proposition" when selecting their attack mechanisms and victims. He noted that ransomware attacks are easy to accomplish because would-be hackers can purchase ransomware kits on the dark web. The report draws on analysis of over 53,000 cyber incidents, including 2,216 confirmed data breaches, across a number of sectors, including health care, financial services, education, manufacturing, and government. Among the more interesting findings: Roughly three-quarters of the breaches analyzed by Verizon researchers were perpetrated by outsiders--50 percent attributed to criminal groups and 12 percent to nation-state hackers. The remaining 28 percent of incidents were insider attacks. Additionally, a whopping 68 percent of breaches reviewed took months or longer to detect. To read the full report, click here.   A LIGHTER CLICK:  Will gamers soon have self-learning, Kung-Fu-fighting, virtual characters? (Technology Review)     WHO'S IN (OR, OUT OF?) THE SPOTLIGHT:  TOM BOSSERT, President Trump's top homeland security aide is resigning, the latest in a long line of staffers to exit the West Wing. "The president is grateful for Tom's commitment to the safety and security of our great country," White House press secretary Sarah Huckabee Sanders said in a statement. "President Trump thanks him for his patriotic service and wishes him well," she added. Bossert has served in the White House since Trump's inauguration and played a key role in responding to cyber threats and last year's hurricanes that devastated Texas, Puerto Rico and the U.S. Virgin Islands. His departure comes one day after John Bolton took over as national security adviser, a move that was expected to cause turnover on Trump's security team. The 43-year-old aide is close to chief of staff John Kelly and Bolton's predecessor, H.R. McMaster. National Security Council spokesman Michael Anton announced his resignation two days before Bossert quit. A veteran of the George W. Bush administration, Bossert was one of the few Trump aides to have previous White House experience. Trump turned to Bossert in times of crisis, dispatching him to the White House briefing room and Sunday political talk shows to detail the administration's relief efforts during last summer's storms. Bossert's resignation is likely to have a significant impact on the Trump administration's cybersecurity efforts. Bossert played a major role in the crafting of Trump's cybersecurity executive order last year, and he has been a main point of contact at the White House for cybersecurity officials at the Department of Homeland Security. And it was Bossert who, from the White House podium, publicly blamed North Korea last December for the massive "Wanna Cry" malware attack that ravaged computer systems worldwide. In a statement Tuesday, Secretary of Homeland Security Kirstjen Nielsen specifically recognized Bossert for his work on cybersecurity and disaster response. "We at DHS thank him for his partnership and service and wish him the best as he takes new steps in his career," Nielsen said. To read more from our piece, click here.   IN CASE YOU MISSED IT: Links from our blog, The Hill, and around the Web. Twitter backs digital ad regulation. (The Hill) Facebook officially rolls out 'Data Abuse Bounty' program. (The Hill) White House: Trump believes he has power to fire Mueller. (The Hill) OP-ED: America isn't prepared for a 2 a.m. cyberattack. (The Hill) OP-ED: It would have taken more than privacy laws to prevent the Cambridge Analytica scandal. (The Hill) NSA official says US has yet to hit Russia 'where it hurts' for malicious cyber activity. (CyberScoop) The British government launches a new cyber center to help fund cyber start ups. (The Telegraph) The Marines are experimenting with cyber warriors in an expeditionary unit. (Defense News) Homeland Security's science and tech operation will demonstrate cyber technologies at the RSA conference. (DHS) If you'd like to receive our newsletter in your inbox, please sign up here.           Did a friend forward you this email? Sign up for Cybersecurity Newsletters     Forward Cybersecurity Newsletters       Privacy Policy  |  Manage Subscriptions  |  Unsubscribe  |  Email to a friend  |  Sign Up for Other Newsletters   The Hill 1625 K Street, NW 9th Floor, Washington DC 20006 ©2016 Capitol Hill Publishing Corp., a subsidiary of News Communications, Inc.