Hillicon Valley: Agencies show progress on email security | DHS pushes back on report claiming spike in election attacks | Judge approves SEC-Elon Musk settlement | Uber IPO proposal valued at $120B

View in Browser     Welcome to Hillicon Valley, The Hill's newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley. Welcome! Follow the cyber team, Olivia Beavers (@olivia_beavers) and Jacqueline Thomsen (@jacq_thomsen), and the tech team, Harper Neidig (@hneidig) and Ali Breland (@alibreland). And CLICK HERE to subscribe to our newsletter.   SUCCESS? Agari, a cyber firm, said the Department of Homeland Security's order requiring federal agencies to implement stronger cyber standards has been a huge success. The firm said 85 percent of federal domains have adopted HTTPS and DMARC -- an email authentication standard that protects against domain spoofing. That's compared to 18 percent a year ago and before the Binding Operational Directive (BOD) was issued. Seventy-four percent of federal executive branch domains have implemented a reject policy for DMARC compared to less than 10 percent a year ago. "BOD 18-01 has clearly made a positive impact on the cybersecurity posture of the United States government. It's really great to see such a dramatic increase in adoption in such a short time frame. This is the fastest and most complete adoption of the DMARC standard for any industry in history," according to an Agari press release. "Private enterprise is definitely lagging behind the public sector now, but we will explore those concerns in some future research." The firm noted that still 278 domains are out of compliance with the BOD, including 28 that are not "actively sending email." The numbers vary on just how many of the domains adopted the DMARC process: Cybersecurity firm Proofpoint found that 60.5 percent of the federal domains were compliant with the order, and that 74 percent had published DMARC records. That means 26 percent of government domains failed to meet the deadline. Robert Holmes, vice president of email security at Proofpoint, wrote in a blog post that the percentage of compliant sites "is a significant achievement as many agencies did not have this initiative in their plans/budgets when the mandate was announced and DMARC implementation can be complex." The firm last year found that about 12.4 percent of emails sent from government domains were unauthorized. At that time, about 20 percent of domains had implemented the authentication process.  Read more here.   NOT SO FAST: The Department of Homeland Security's (DHS) top cyber official said Tuesday that a report on an increased number of cyberattacks on election infrastructure points to a rise in reports of attempted hacks and not necessarily a spike in the attacks themselves. Christoper Krebs, the head of the National Protection and Programs Directorate (NPPD), said at an event on election security hosted by The Bridge that the report on a DHS assessment "seems to indicate that there's been an uptick in activity" when it comes to cyberattacks on the election systems. "It's not an uptick in activity," he continued, saying state and local election officials have gotten better at sharing information about cyber activities targeting election systems like voter registration databases since the 2016 election, when that kind of information sharing largely wasn't happening. "Are we seeing an uptick? I don't know if we are," Krebs said. "I think we're seeing a consistent and persistent level of activity." NBC News reported Monday that the DHS intelligence assessment stated that there has been a "growing volume of cyber activity targeting election infrastructure in 2018." The assessment, issued by DHS's Cyber Mission Center and obtained by the network, stated that all of the attempted cyberattacks were prevented. It also said federal officials do not know the sources of the targeted cyber acts.  Read more here.   JUDGE APPROVES SEC-MUSK SETTLEMENT: A federal judge on Tuesday approved a settlement between the Securities and Exchange Commission (SEC), Tesla and its CEO Elon Musk. The settlement follows an SEC investigation last month into a Musk tweet from August in which he said he had secured funding to take Tesla private at $420 per share. The settlement requires Musk to step down as chairman and pay a $20 million civil penalty. Tesla will also have to pay a separate $20 million fee. The company will not be charged with fraud. Musk appeared to mock the SEC on Twitter after being ordered by the court on Oct. 4 to explain the settlement, calling the agency the "Shortseller Enrichment Commission." Read more here.   AMAZON WORKERS SPEAK UP AGAIN:  An Amazon employee is seeking to put new pressure on the company to stop selling its facial recognition technology to law enforcement. An anonymous worker, whose employment at Amazon was verified by Medium, published an op-ed on that platform on Tuesday criticizing the company's facial recognition work and urging the company to respond to an open letter delivered by a group of employees. The employee wrote that the government has used surveillance tools in a way that disproportionately hurts "communities of color, immigrants, and people exercising their First Amendment rights." This isn't the first time: A group of over 400 employees signed a letter in June urging Amazon to stop selling its facial recognition software to law enforcement and working with Palantir, which provides digital services to Immigration and Customs Enforcement. Amazon at the time defended its products by saying that there is always risk in new technology and potential misuse should not hinder the development of products. The worker in the op-ed referenced that letter, urging Amazon to take action "right now." It's happening at other companies too: Microsoft employees did the same thing on Friday. Read more here.   UBER VALUED AT $120 BILLION IN IPO PROPOSALS: Uber received valuations from Wall Street banks that could put the value of the company at up to $120 billion for an initial public offering. That IPO could happen as soon as early next year, according to the Wall Street Journal. That value would be almost double what Uber was valued at in a fundraising round earlier this year. Uber has been eyeing a potential IPO in 2019 for some time now, saying in May that they were "on track" for the move. "I do think that we're on track in 2019 for an IPO. Lots of things can happen in the world but we have a reasonable buffer as well, so I think we're in a pretty good spot," CEO Dara Khosrowshahi said on CNBC. Read more here.   COMPANIES SUBPOENAED IN NET NEUTRALITY PROBE: New York Attorney General Barbara Underwood (D) has subpoenaed more than a dozen companies and organizations as part of the state's investigation into widespread fake public comments submitted to the Federal Communications Commission (FCC) over net neutrality, according to The New York Times. "The F.C.C.'s public comment process was corrupted by millions of fake comments," Underwood said in a statement to the Times. "The law protects New Yorkers from deception and the misuse of their identities. My office will get to the bottom of what happened and hold accountable those responsible for using stolen identities to distort public opinion on net neutrality." Read more here.   NO SUCH THING AS A FREE APP STORE: Google is set to start charging phone makers to use its Google Play app store and it will also allow use of rivals to its Android mobile operating system. The changes are part of steps the company is taking to comply with a European Union antitrust order. The company is still appealing the EU's original antitrust order from July, which ruled that Google must stop forcing phone makers it works with to bundle its apps. The EU also fined Google $5 billion in the ruling. Despite the appeal, Google is changing some of its practices to comply with the ruling in the meantime. In a blog post on Tuesday, Google senior vice president of platforms and ecosystems Hiroshi Lockheimer explained that in addition to charging a licensing fee for its app store and not blocking competing operating systems, it would also not bundle its Chrome browser and search in the same download. here.   A LIGHTER CLICK: When your doppelganger is also involved in cyber/tech going-ons.   AN OP-ED TO CHEW ON: Ignoring the EMP threat is a death sentence for Americans.   NOTABLE LINKS FROM AROUND THE WEB: Fusion GPS co-founder pleads the Fifth following House GOP subpoena. (The Hill) The implications of social media hegemony. (Verso) Wired magazine turns 25 with a brainy party. (The New York Times) Facebook reverses position on no ad targeting with data from its new Portal device. (Recode) Facebook's 'spam purge' is silencing genuine debate, political page creators say (The Guardian) Security seals used to protect voting machines can be easily opened with shim crafted from a soda can (Motherboard)         Did a friend forward you this email? Sign up for Technology Newsletters     Forward Technology Newsletters       Privacy Policy  |  Manage Subscriptions  |  Unsubscribe  |  Email to a friend  |  Sign Up for Other Newsletters   The Hill 1625 K Street, NW 9th Floor, Washington DC 20006 ©2018 Capitol Hill Publishing Corp., a subsidiary of News Communications, Inc.