| NSA CONTRACTOR PLEADS GUILTY IN TRUMP'S FIRST LEAK CASE: Reality Winner, the former government contractor charged with leaking classified information, pleaded guilty in federal court Tuesday as part of a plea agreement reached with federal prosecutors. Winner, a 26-year-old former contractor for the National Security Agency, was arrested in June 2017 after allegedly mailing a classified report on Russian interference in the federal election to the news outlet The Intercept, which later published the document. "All of my actions I did willfully, meaning I did so of my own free will," Winner said in federal court in Georgia at a hearing Tuesday morning, according to The New York Times. Winner was arrested last June and charged with one count of violating the Espionage Act. She is the first person to be prosecuted for Espionage Act violations under the Trump administration. Court documents filed Thursday indicated that Winner had entered into a plea agreement, though the details of the deal were not known at the time. The agreement calls for a sentence of 63 months -- just over five years -- in federal prison in exchange for Winner's plea, according to the Times. However, she will be sentenced at a later date. More here. RISING CONCERNS OVER HACKERS TARGETING SATELLITES: The rapidly expanding number of satellites transmitting GPS locations, cellphone signals and other sensitive information is creating new opportunities for hackers. It's a risk exacerbated by the growing number of aging satellite systems in circulation. While it is cheaper to leave old satellites in orbit rather than pulling them from space, the outdated systems are even easier targets for hacking. Just last week, security researchers at Symantec warned that a China-based cyber espionage group known as Thrip targeted satellite, telecom and defense companies in the United States and Southeast Asia. "Thrip's attack on telecoms and satellite operators exposes the possibility that the attackers could intercept or even alter communications traffic from enterprises and consumers," Symantec said in a statement. Thrip used malware to infect computers linked to the satellites in an attempt to seize control of them -- efforts that suggest the group's motivations could extend beyond spying and include "disruption," according to Symantec. The satellite concerns has further inflamed fears about China's efforts to spy on the U.S. and to steal U.S. intellectual property. The head of the House Homeland Security Committee connected the report on Thrip to Beijing's efforts to steal intellectual property. "Our satellites are more advanced so they are stealing our intellectual property -- it is espionage to make their satellites on par with ours," Rep. Michael McCaul (R-Texas) told The Hill in an interview. "Both commercial and military -- it is a huge threat." Other lawmakers said it is a wake-up call that highlights how critical infrastructure must be protected from outside threats. Read more of our piece here. SENATE VOTES TO REQUIRE PENTAGON TO DISCLOSE CELLPHONE SPYING NEAR MILITARY: The Senate passed legislation late Monday evening that would require the Pentagon to notify Congress of cellphone spying activity near U.S. military facilities. Sen. Ron Wyden (D-Ore.) successfully added the amendment to the spending legislation approved by the upper chamber. The provision comes amid fresh concerns over surveillance activity in the nation's capital after the U.S. government detected evidence of International Mobile Subscriber Identity (IMSI) catchers -- sophisticated cellphone spying technology often referred to as "Stingrays" -- in the Washington, D.C., region. The devices work by masquerading as actual cell towers and tricking cellphones to lock onto them, thereby allowing their owners to track cellphone users' locations or intercept their communications. The provision passed Monday would require the Pentagon to provide the congressional Armed Services Committees with a "full accounting" of all cell-site simulator activity detected near Defense Department facilities over the last three years. It would also mandate that the Defense Department report to the committees on actions the department has taken to guard military facilities as well as military personnel and their families from foreign surveillance using these devices. Some key context: In correspondence to Wyden earlier this year, the Department of Homeland Security revealed that it had detected likely IMSI catcher activity in the D.C. region in a study last year, including near sensitive facilities like the White House. Read more here. TECH, INTELLIGENCE OFFICIALS MEET ON ELECTION SECURITY: Representatives from eight major technology companies met with U.S. intelligence officials last month to discuss election security on their platforms in advance of the 2018 midterms, according to a New York Times report. Representatives from Amazon, Apple, Google, Microsoft, Oath, Snap and Twitter reportedly met with intelligence officials at Facebook's headquarters in Menlo Park, Calif., on May 23. Officials in attendance included Christopher Krebs, an undersecretary for the Department of Homeland Security, and a representative of the Federal Bureau of Investigation's new "foreign influence" task force. According to the report, officials did not share intelligence with the companies or advise them on threats to expect despite the tech companies pressing for more information. Details here. MEANWHILE ... HOUSE PASSES BILL TO SHORE UP INDUSTRIAL CYBERSECURITY: House lawmakers approved legislation Monday aimed at securing technology used to power critical infrastructure from cyberattacks. The bill offered by Rep. Don Bacon (R-Neb.) would codify work the Department of Homeland Security is currently doing to identify cyber threats to industrial control systems and mitigate them. Industrial control systems are used to run critical services in the United States, including the electric grid, water systems, and manufacturing plants. The House passed the legislation in a voice vote Monday evening, after it cleared the House Homeland Security Committee earlier this month. However, there is currently no companion legislation being offered in the Senate. Bacon introduced the legislation in May, after FBI and Homeland Security officials blamed hackers linked to the Russian government for waging a cyberattack campaign against the energy sector and other critical infrastructure sectors. In some cases, the hackers successfully breached networks where they were able to access information on industrial control and supervisory control and data acquisition, or SCADA, systems. What's in it: The bill, formally known as the "DHS Industrial Control Systems Capabilities Enhancement Act of 2018," would codify into law Homeland Security's efforts to protect these systems by amending the Homeland Security Act of 2002 to instruct the department to maintain capabilities to help identify threats to industrial control systems and take the lead on coordinating across critical sectors to respond to cyber incidents. More on the legislation here. SENATE PANEL MOVES TO RESTORE STATE CYBER OFFICE: A key Senate panel advanced a bill on Tuesday that aims to boost U.S. cyber diplomacy by creating a high-level position within the State Department to oversee cyber policy abroad. By a unanimous voice vote, the Senate Foreign Relations Committee passed "The Cyber Diplomacy Act," which would establish the Office of Cyberspace and the Digital Economy at State. The bill aims to boost engagement with other foreign nations on common cyber threats as well spread U.S. cyberspace interests abroad. The legislation counteracts former Secretary of State Rex Tillerson's decision to shutdown what was the agency's Office of the Coordinator for Cyber Issues as part of his controversial reorganization of State, which was ostensibly aimed at streamlining operations. Tillerson had faced criticism from lawmakers on both sides of the aisle after he announced his decision to eliminate the cyber office and hand its responsibilities to a bureau responsible for economic and business affairs. The Senate bill made a series of changes to the House legislation that passed the lower chamber in January -- a bill co-sponsored by House Foreign Affairs Chairman Ed Royce (R-Va.) that received bipartisan support. Read more here. HOUSE DEM PRESSES FOR MORE INFORMATION ON 2015 OPM BREACH: The top Democrat on the House Oversight and Government Reform Committee is pressing the Justice Department for more information on the 2015 data breach that resulted in hackers stealing the data of millions of federal employees and contractors. "I write to request further information regarding the first publicly disclosed case filed by the Department of Justice involving the criminal use of information illegally obtained through the 2015 Office of Personnel Management (OPM) data breach," Rep. Gerry Connolly (D-Va.) wrote in a Tuesday letter to Attorney General Jeff Sessions. "I believe further details about how the defendants obtained the [personally identifiable information] could be useful for the purposes of protecting victims of the breach from further criminal activity," the Virginia Democrat added. Why now? The letter comes after The Washington Post reported earlier this month that two people pled guilty to conspiracy to commit bank fraud and aggravated identity theft in what appears to be the first case involving data stolen in the OPM hack. The two people, Kariva Cross and Marlon McKnight, revealed in a federal court in Newport News, Va. that they had taken out fake loans using stolen identities, according to the Post. While the OPM hack has been traced back to the Chinese, it remains unclear how Cross and McKnight, two Maryland natives, obtained the government employees' information. We've gor more here. DOE CYBER NOMINEE AGREES TO PRESS ADMINISTRATION ON 'CYBER DOCTRINE': President Trump's nominee to lead a new office at the Department of Energy agreed Tuesday to urge the administration to develop a cyber deterrence strategy. Sen. Angus King (I-Maine) asked Karen Evans, Trump's pick to lead a new energy cybersecurity office, to prod the administration to develop a cyber doctrine and select "one point of authority" at the White House to coordinate cybersecurity efforts if she is confirmed to the position. "I hope those are two messages that you can carry back," King told Evans during her confirmation hearing Tuesday before the Senate Energy and Natural Resources Committee. "I would be happy to do that, sir," Evans replied. Earlier this month, Trump nominated Evans, who held information technology leadership positions in the George W. Bush administration, to lead the Department of Energy's new Office of Cybersecurity, Energy Security and Emergency Response. On Tuesday, she pledged to address evolving threats to U.S. energy systems by executing plans to make them more secure and resilient if confirmed to the assistant secretary role. Lawmakers have increasingly raised alarm over potential threats to the power grid and other assets, particularly in the wake of cyberattacks that knocked out portions of Ukraine's electric grid in 2015 and 2016. "I don't want to admire the problem anymore. I think a lot of us have done that through the years. It really now [is time] to execute and to start looking at how do you make these systems more resilient, how do you ensure that you have a response plan, that you exercise that response plan and you do it in partnership with private industry and state and local governments," Evans told lawmakers. Read more from our story here. SPACING OUT: Lawmakers on Tuesday held a hearing on commercial space transportation with executives testifying on ways to boost their growing industry. The hearing before the House Transportation and Infrastructure Subcommittee on Aviation comes as the Federal Aviation Administration is in the midst of a review to reform its regulation of the industry. Rep. Frank LoBiondo (R-N.J.), the chairman of the subcommittee, praised the "tremendous growth for the industry" and FAA efforts to streamline regulations. "There have been more FAA licensed launches in this first half of 2018 than there were in all of 2016," he said in his opening remarks. But Democrats on the committee questioned if the one-year time frame for FAA to review its regulations was enough. Read the full story here. UBER WINS TEMPORARY LONDON LICENSE: Uber is being awarded a 15-month probationary license to keep operating in London, after a judge ruled that the company cleaned up its act since regulators moved to block it from the city last year, according to The Guardian. "We are pleased with today's decision," Tom Elvidge, Uber's UK general manager said in a statement. "We will continue to work with [Transport for London] to address their concerns and earn their trust, while providing the best possible service for our customers." In September, Transport for London (TfL) chose not to renew Uber's license, arguing that the company was not "fit and proper" to operate in the city. Uber argued during its appeal that the decision had been the right one at the time but that it had since made a number of changes to appease regulators. BUT LOSES ITS CASE FOR FORCED ARBITRATION: A federal court of appeals on Monday ruled against Uber's forced arbitration clause which made customers who had legal issues with the company settle them privately. A panel of First Circuit Court of Appeals judges reversed U.S. District Judge Douglas Woodlock's decision to let Uber handle a price gouging case in private arbitration. The judges, Juan Torruella, Ojetta Rogeriee Thompson and William Kayatta Jr. said in their ruling that Uber did not "reasonably communicate" that when users agreed to the app's terms of service they were waiving their rights to take the company to court. Uber argued that before users agree to its terms of service they presented with a box linking them to the full agreement that they can click if they so choose. The judges said that because the link was presented in a "grey rectangular box," as opposed to blue underlined text that they said commonly communicates a hyperlink, users could not reasonably be expected to know that they were seeing a link to Uber's terms of service. WARNER, RUBIO ASK TRUMP TO REINSTATE ZTE SANCTIONS: Sens. Mark Warner (D-Va.) and Marco Rubio (R-Fla.) are asking President Trump to reinstate a ban from earlier this year on the Chinese telecom firm ZTE, warning that the company poses a threat to U.S. national security. "We strongly believe that the April sanctions order--which would have threatened ZTE's survival--should not be used as a bargaining chip in negotiations with China on unrelated matters," the two wrote in a letter to Trump Tuesday. "The Senate and the U.S. Intelligence Community are in agreement that ZTE poses a significant threat to our national security." Amid trade talks with China and ahead of a summit with North Korea, the Trump administration reached a deal to lift sanctions on ZTE earlier this month. In exchange for changes to the company's leadership, the Commerce Department agreed to lift a ban on U.S. businesses selling to ZTE that it had imposed in April. FACEBOOK DIALS BACK CRYPTO AD RULES: Facebook is easing its ban on cryptocurrency related advertisements, though it said on Tuesday that ads for things like initial coin offerings (ICOs) will still not be welcome on its platform. The social media giant says that it will now allow some cryptocurrency-related ads from pre-approved advertisers that go through its application process. Posts promoting binary options which are often associated with cryptocurrency scams will still be banned. "Given these restrictions, not everyone who wants to advertise will be able to do so," Facebook product manager Rob Leathern wrote in a company's blog post. "But we'll listen to feedback, look at how well this policy works and continue to study this technology so that, if necessary, we can revise it over time." CRACKING DOWN ON EMAIL SCHEMES: Eight individuals were arrested in connection with an Africa-based business email compromise scheme, including five who were arrested in the United States, the Justice Department announced Monday evening. "The defendants allegedly unleashed a barrage of international fraud schemes that targeted U.S. businesses and individuals, robbing them to the tune of approximately $15 million," Acting Assistant Attorney General John Cronan of the department's criminal division said in a statement. "The Department of Justice will continue to work with our international partners to aggressively disrupt and dismantle criminal enterprises that victimize our citizens and businesses." A LIGHTER TWITTER CLICK: You know it is 2018 when a new music video references incidents from the unverified Trump Russia dossier. SOME OP-EDS TO CHEW ON: Supreme Court recognizes digital age with win for cellphone privacy. (The Hill) Gorsuch's dissent in 'Carpenter' case has implications for the future of privacy. (The Hill) ON TAP FOR WEDNESDAY: The House Small Business Committee is holding a hearing on ZTE, "a threat to America's small businesses. The Joint Economic Committee will hold a hearing on U.S. leadership in digital trade at 10 a.m. The House Science Committee is holding a hearing on threats from IMSI 'Stingray' catchers at 2 p.m. FBI counterintelligence agent Peter Strzok is expected to appear before the House Judiciary Committee hearing to testify about his conduct during the 2016 election. While it is closed-doors, news from the hearing will likely ooze out. The Senate Judiciary subcommittee on antitrust will hold a hearing on the proposed T-Mobile-Sprint merger at 2:30 p.m. NOTABLE LINKS FROM AROUND THE WEB: An HSBC branch in New York is staffed with robots. (CNBC) Ukraine says Russian hackers are preparing for a massive coordinated attack. (Reuters) Former Pentagon official says Google withdrawal from AI project could hurt American lives. (Defense One) Federal and local officials address election security in Annapolis on day of Maryland primaries. (WBAL Baltimore) Facial recognition CEO says tech not ready to be used by law enforcement | 
沒有留言:
張貼留言