Overnight Cybersecurity: Computer chip flaws present new security challenge | DOJ to offer House key documents in Russia probe | Vulnerability found in Google Apps Script

View in your browser       Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...   THE BIG STORY: --FLAWS IN COMPUTER CHIPS LEAVE FEDS VULNERABLE TO HACKS: Two critical vulnerabilities that affect modern computer processing chips are about to become a huge headache for governments worldwide. The vulnerabilities could allow hackers to pilfer sensitive data from virtually all modern computing devices, ranging from computers to smartphones to cloud infrastructure. Experts believe that they may be the most dangerous computer processor flaws to date. The Department of Homeland Security issued guidance on the matter late Wednesday, noting that while operating system updates could help mitigate the issues, the only true solution would be to replace computer processing units' hardware. This means that mitigating the flaws will likely cost federal, state and local governments a significant amount of time, money and effort. --PROBLEM MORE WIDESPREAD THAN BELIEVED: The cyber-flaws, which were originally believed to only be in Intel chips, affect an array of chip vendors including, AMD, Google, Microsoft and Apple, and impacts millions of modern computing systems developed over the last decade. "These processors are used in most government systems around the globe and are likely vulnerable," said Tony Cole, vice president and global government chief technology officer at FireEye. The discovery, which came from months of work by computer researchers, has sent programmers at major companies scrambling to issue patches to prevent possible hacks. The researchers had planned to go public with the details later in January after notifying affected companies, but some details about the flaws leaked to the media on Tuesday. Now that the vulnerabilities have been made public, the clock is ticking for organizations to take steps to guard their systems. To read the rest of our story on the security flaws, click here. --MEANWHILE … INTEL CEO REPORTEDLY SOLD STOCK AFTER FINDING OUT ABOUT VULNERABILITIES: Intel CEO Brian Krzanich reportedly sold more than $20 million worth of stock after his company had been informed of a massive cybersecurity flaw in its chips and prior to the firm publicly disclosing the flaw. Krzanich sold stock and exercised options worth a rough total of $24 million on Nov. 29, reducing his holdings of Intel shares to 245,743 -- the minimum required by his contract with the firm. The Intel CEO's sale occurred as developers were racing to fix enormous vulnerabilities in their computer processors. Though the sale raises insider trading concerns, the Securities and Exchange Commission has not publicly said if it will investigate. Intel says that his selloff came independently of the vulnerabilities and notes that it was preplanned. "Brian's sale is unrelated," an Intel spokesperson told Gizmodo. Krzanich. To read the rest of our story, click here.   A FEW CAPITOL HILL UPDATES: --DEMS WANT INTEL ASSESSMENT ON TRUMP NUKE BUTTON TWEET: Two Senate Democrats are asking for an intelligence assessment of the risk from President Trump's tweet about his nuclear button being "bigger and more powerful" than that of North Korean leader Kim Jong Un. Sens. Ron Wyden (D-Ore.) and Martin Heinrich (D-N.M.), both of whom are members of the Senate Intelligence Committee, wrote to Director of National Intelligence Dan Coats on Thursday asking him to produce an assessment of the "risk" posed by Trump's Twitter message, which he posted Tuesday evening. Trump posted the message after Kim said during annual address that the U.S. is in range of Pyongyang's nuclear arsenal and that "a nuclear button is always on my desk." "North Korean Leader Kim Jong Un just stated that the 'Nuclear Button is on his desk at all times,'" Trump wrote. "Will someone from his depleted and food starved regime please inform him that I too have a Nuclear Button, but it is a much bigger & more powerful one than his, and my Button works!" Trump has been heavily criticized for the tweet and others, which some say risk escalating the situation further at a time of high tensions over North Korea's nuclear program. "We request that the assessment address the likely North Korean response to the President's January 2 tweet and the President's other threatening tweets and statements, and whether this rhetoric serves as a deterrent or a provocation," Wyden and Heinrich wrote. "We also ask the Intelligence Community to assess the impact of the president's message on U.S. credibility and leadership with regard to our regional and international partners and allies." "In light of the current serious risk of conflict, including nuclear escalation with North Korea, the implications, of the president's recent communications are of particular interest and significance to the American people," they wrote, adding that the assessment should be made public if possible. --DOJ TO OFFER DOCS IN HOUSE RUSSIA PROBE: The House and Justice Department reached a deal Wednesday night to provide the probe into Russian election meddling with long-sought documents and access to key witnesses. The deal was reached after FBI Director Christopher Wray and Deputy Attorney General Rod Rosenstein made a surprise visit to House Speaker Paul Ryan (R-Wis.). It was announced by House Intelligence Committee Chairman Devin Nunes (R-Calif.), who had sought the information and threatened more drastic action if his panel continued to be denied access to the information. "After speaking to Deputy Attorney General Rosenstein this evening, I believe the House Intelligence Committee has reached an agreement with the Department of Justice that will provide the committee with access to all the documents and witnesses we have requested," Nunes said in a statement. "The committee looks forward to receiving access to the documents over the coming days." Nunes has in recent months lashed out against the Justice Department over its failure to respond to requests for the documents, suggesting the department was doing so deliberately. "At this point it seems the DOJ and FBI need to be investigating themselves," Nunes wrote in a letter to Rosenstein last week. A small group of GOP members have suggested the FBI used the documents, found in a controversial dossier of salacious allegations about the president, in order to launch an investigation into Trump. To read the rest of our piece, click here.   A LIGHTER (IF NOT SLIGHTLY SCARY) CLICK:  Nissan is working to develop a car that can read your mind. (Motherboard)   A REPORT IN FOCUS:  Researchers at cybersecurity firm Proofpoint have discovered a way in which hackers can exploit the Google Apps Script to deliver malware using URLs. Google Apps Script is a scripting language based in JavaScript that allows for the creation of standalone web applications and extensions to elements in the Google ecosystem. Researchers say that the vulnerability lets attackers "automatically download arbitrary malware hosted in Google Drive to a victim's computer." "Google Apps Script and the normal document sharing capabilities built into Google Apps supported automatic malware downloads and sophisticated social engineering schemes designed to convince recipients to execute the malware once it has been downloaded," the company wrote in a blog post on Thursday. "We also confirmed that it was possible to trigger exploits with this type of attack without user interaction, making it more urgent that organizations mitigated these threats before they reach end users, whenever possible." Proofpoint has shared the findings with Google, which has taken steps to mitigate the threat. To read more about the research, click here.   WHAT'S IN THE SPOTLIGHT:  THREATS TO INDUSTRIAL SECTOR: Industrial companies are increasingly facing cyberattacks, with roughly one in four companies saying they were targeted last year in a new survey. Twenty-eight percent of 900 industrial organizations surveyed by Moscow-based Kaspersky Lab reported facing a targeted attack in 2017, according to the research released on Thursday. The figure represents a nearly one-third increase over the 20 percent who reported such attacks in 2016. The survey comes less than a month after cybersecurity researchers publicly identified a new type of malware targeting industrial control systems that was used in an attack that disrupted operations at a critical infrastructure organization. Experts and officials are particularly wary of cyberattacks that could target critical infrastructure operations. The Department of Homeland Security is responsible for engaging with critical infrastructure operators--the majority of which are private organizations--to help mitigate cyber and physical threats. The Kaspersky survey also found that industrial organizations took considerable amounts of time to detect cyberattacks, with 34 percent spending several days and 20 percent several weeks to detect the incidents.   IN CASE YOU MISSED IT: Links from our blog, The Hill, and around the Web. Trump dissolves voter fraud commission. (The Hill) US regulators to discuss Bitcoin futures trading. (The Hill) Feud erupts between Grassley, Fusion GPS over transcripts. (The Hill) The Trump Organization has given documents to Russia investigators. (CNN) French president Emmanuel Macron unveils plans for 'fake news' law. (BBC) A Homeland Security data breach impacted over 240,000 current and former employees. (CyberScoop) If you'd like to receive our newsletter in your inbox, please sign up here.           Did a friend forward you this email? Sign up for Cybersecurity Newsletters     Forward Cybersecurity Newsletters       Privacy Policy  |  Manage Subscriptions  |  Unsubscribe  |  Email to a friend  |  Sign Up for Other Newsletters   The Hill 1625 K Street, NW 9th Floor, Washington DC 20006 ©2016 Capitol Hill Publishing Corp., a subsidiary of News Communications, Inc.

Overnight Health Care: New Trump rule targets ObamaCare | CDC to hold briefing on how to prepare for nuclear explosion | Study finds high school students having less sex

View in your browser     Trump offers new rule going after ObamaCare A Trump administration proposal to allow more flexibility to groups and small businesses who band together to buy health insurance could undermine the stability of the ObamaCare marketplace, experts warn. Under a proposed rule released Thursday by the Department of Labor, small businesses and self-employed individuals would be allowed to join together in an "association health plan." The proposed rule was issued in response to an executive order by President Trump and would allow those associations to purchase cheaper health insurance that's not subject to some of the key ObamaCare insurance rules. Republicans blame those rules for rising insurance premiums. Under current law, small businesses and self-employed workers that buy insurance through associations are considered to be part of ObamaCare's individual market and are subject to all the law's rules and regulations. Association health plans (AHPs) already exist, but they are limited under federal law. The proposed rule would expand the types of groups that can form an AHP and allow for membership across state lines. It would also allow self-employed individuals to take part in a large-group AHP. The administration said the proposal could make insurance available for up to 11 million people who lack employer-sponsored coverage. Republicans argue the proposal would give employers more flexibility to choose the insurance plan that works best. Still, critics say AHPs could still find other ways to cherry-pick only young, healthy people. Read more here.   More than half think painkillers a major problem, but not a national emergency: report A little over half the country considers prescription painkiller addiction a major problem for the nation, but say it doesn't rise to the level of national emergency, a new report in the New England Journal of Medicine notes. In late October, President Trump declared the epidemic a national public health emergency. Declaring some type of national emergency was the "first and most urgent" recommendation from the president's commission to address the opioid epidemic. Advocates and Democrats have been pushing for more funding, saying federal dollars are needed to make the emergency declaration effective. The journal article examined data from seven national polls from 2016 and 2017 to paint a portrait of how the public believes the opioid epidemic should be addressed. "Many of the findings may surprise people who have been following this issue in professional journals and the media," Robert Blendon and John Benson, from Harvard's public health school, wrote in the article. Read more here.   Shortage of IV fluids caused by hurricane expected to improve The Food and Drug Administration (FDA) is confident the shortage of saline IV fluids and bags caused by the hurricane that hit Puerto Rico last year will soon subside. The hurricane crippled a leading manufacturer -- Baxter International -- in Puerto Rico. But Baxter has announced all of their facilities on the island have returned to the commercial power grid, FDA Commissioner Scott Gottlieb said Thursday. Hospitals across the U.S. have faced dire shortages of supplies after the hurricane. The storm primarily affected production of IV saline fluids and bags, which are used to rehydrate patients and dilute medications. Read more here.   CDC schedules briefing on preparing for nuclear detonation The Centers for Disease Control and Prevention has scheduled a briefing for later this month on how to plan and prepare for a nuclear detonation. The briefing, for CDC employees, is part of a monthly series at the agency meant to "further strengthen CDC's common scientific culture and foster discussion and debate on major public health issues." "While a nuclear detonation is unlikely, it would have devastating results and there would be limited time to take critical protection steps," the CDC said in a notice for the briefing. "Despite the fear surrounding such an event, planning and preparation can lessen deaths and illness." It's unclear when the briefing was first scheduled. Earlier this week, President Trump bragged about U.S. nuclear capabilities in a tweet directed at North Korean leader Kim Jong Un. Read more here.   High school students having less sex, government study finds American high school students are having less sex than they were a decade ago, while those who are having sexual intercourse are doing so at a later age, according to a new government report. The research, released by the Centers for Disease Control and Prevention (CDC), shows just over 41 percent of students in grades 9 through 12 reported having had sexual intercourse, down from almost 47 percent in 2005 and from 53 percent in 1995. The most significant declines occurred among 9th and 10th grade students. Just under a quarter of 9th graders reported having sex, down 10 percentage points from a decade ago, while the number of 10th graders with sexual experience declined by 7 points. Read more here.   What we're reading High praise: Pot churches proliferate as states ease access to marijuana (Kaiser Health News) Out-of-pocket health costs are rising, but not that much (Bloomberg View) Trump firing sets back AIDS prevention efforts (Politico)   State by state Medicaid expansion fight looms after Virginia statehouse drawing (Politico) Arkansas governor: Medicaid rolls dropped by 117K last year (Associated Press) N.H. hospitals sound alarm over supply shortages tied to Hurricane Maria (New Hampshire Public Radio)   From the Hill's op-ed pages: Patients, not PBMs, should decide which pharmacy they use Former HHS secretaries: Alex Azar a perfect pick to lead Health agency     Send tips and comments to Jessie Hellmann, jhellmann@thehill.com; Peter Sullivan, psullivan@thehill.com; Rachel Roubein, rroubein@thehill.com; and Nathaniel Weixel, nweixel@thehill.com. Follow us on Twitter: @thehill, @jessiehellmann, @PeterSullivan4, @rachel_roubein, and @NateWeixel.         Did a friend forward you this email? Sign up for Healthcare Newsletters     Forward Healthcare Newsletters       Privacy Policy  |  Manage Subscriptions  |  Unsubscribe  |  Email to a friend  |  Sign Up for Other Newsletters   The Hill 1625 K Street, NW 9th Floor, Washington DC 20006 ©2016 Capitol Hill Publishing Corp., a subsidiary of News Communications, Inc.

Overnight Regulation: Sessions sparks firestorm with new marijuana policy | Trump plans to expand offshore drilling | New rule takes aim at ObamaCare

View in your browser     Welcome to Overnight Regulations, your daily rundown of news from the federal agencies, Capitol Hill and the courts. It's Thursday evening here in Washington where the White House is firing back at a new book about the Trump administration. Read about it here.    THE BIG STORIES  Attorney General Jeff Sessions is following through on his long expected plan to crack down on marijuana.  Sessions rolled back an Obama-era policy Thursday that allowed states to legalize marijuana for medical and/or recreational use. He rescinded guidance, known as the Cole memo, which directed U.S. states attorneys not to charge people with marijuana-related offenses in states where the drug is legal. For more on Sessions's decision, click here. Here's what Sessions said in the new memo:  Federal prosecutors should revert back to 1980 principles when deciding which marijuana activities to prosecute. Those principles require prosecutors to weigh federal law enforcement priorities set by the attorney general, the seriousness of the crime, the deterrent effect of criminal prosecution and the cumulative impact of particular crimes on the community. To read Sessions's memo, click here. Here's why this is a big deal:  Sessions is essentially telling federal prosecutors to ignore state laws and start cracking down on marijuana. As Reid Wilson reports, each United States attorney, appointed by the Trump administration, could decide to prosecute legal marijuana businesses and business owners under federal law. That threw the booming marijuana industry into chaos Thursday, with stock prices falling. Reid's story about how the marijuana industry is responding to the news is here.   Lawmakers react: Sessions is facing a barrage of criticism from both parties for ending a policy that gave states the flexibility to allow sales of recreational marijuana.  Republicans, primarily from states that have legalized marijuana, joined Democrats in slamming the decision and vowing to take action to pressure Sessions to reverse course. Sen. Cory Gardner (R-Colo.) took to the Senate floor to assert that Sessions had told him before his confirmation as attorney general that he didn't plan to try to reverse his state's policies legalizing marijuana. "I would like to know from the attorney general what has changed," Gardner said. "What has changed the president's mind? Why is Donald Trump thinking differently than what he promised the people of Colorado?" Cristina Marcos and Jordain Carney have the story here.    REG ROUNDUP Healthcare: A Trump administration proposal to allow more flexibility to groups and small businesses who band together to buy health insurance could undermine the stability of the ObamaCare marketplace, experts warn. Under a proposed rule released Thursday by the Department of Labor, small businesses and self-employed individuals would be allowed to join together in an "association health plan." The proposed rule was issued in response to an executive order by President Trump and would allow those associations to purchase cheaper health insurance that's not subject to some of the key ObamaCare insurance rules. Republicans blame those rules for rising insurance premiums. Under current law, small businesses and self-employed workers that buy insurance through associations are considered to be part of ObamaCare's individual market and are subject to all the law's rules and regulations. Nathaniel Weixel has the story here.    Energy: The Trump administration is proposing to greatly expand the areas available for offshore oil and natural gas drilling, including off the Pacific and Atlantic coasts. In the first major step toward the administration's promised expansion of offshore drilling, Interior Secretary Ryan Zinke said nearly all of the nation's outer continental shelf is being considered for drilling, including areas off the coasts of Maine, California, Florida and Alaska. The proposal, which environmentalists immediately panned as an environmental disaster and giveaway to the fossil fuel industry, is far larger than what was envisioned in President Trump's executive order last year seeking a new plan for the future of auctions of offshore drilling rights. That order asked Zinke to consider drilling expansions in the Atlantic and Arctic oceans. "This is a start on looking at American energy dominance and looking at our offshore assets and beginning a dialogue of when, how, where and how fast those offshore assets should be, or could be, developed," Zinke told reporters Thursday. Timothy Cama has the story here.  Reaction... The move invited quick pushback from Florida Republicans. Sen. Marco Rubio (R-Fla.) proposed extending a moratorium on drilling in parts of the Gulf of Mexico near Florida. In a statement, Rubio asked Zinke to take the eastern Gulf off the table. More on that here. Florida Gov. Rick Scott (R) also opposes the move. Scott said Thursday he had asked to "immediately meet" with Zinke to discuss the plan. More on that here.   Finance: The Securities and Exchange Commission (SEC) warned investors Thursday that those firms and brokers who offer cryptocurrency investments are often breaking federal trading laws. In a joint statement, SEC Chairman Jay Clayton and commissioners Kara Stein and Michael Piwowar also said the agency faces severe challenges in recovering losses for jilted cryptocurrency investors. The SEC has reviewed cryptocurrencies that are traded as securities, holding them subject to the same disclosure laws as other commonly traded assets. The agency has also blocked initial coin offerings (ICOs), sales of cryptocurrencies meant to raise capital for a business, that don't follow federal trading laws. Sylvan Lane has the story here.   Finance: The Commodity Futures Trading Commission (CFTC) said Thursday that it will meet on Jan. 31 to discuss the trading of cryptocurrency futures contracts. The agency says that its technology and risk advisory committees will meet to discuss the self-certification process for such derivative contracts, focusing on "oversight, surveillance, and monitoring" of listed cryptocurrency derivatives. The meeting comes after two exchanges launched bitcoin futures in December. The value of major digital currencies like bitcoin, Ethereum and Ripple have increased by thousands of percent over the past year. Sylvan Lane has more here.   Tech: Federal Communications Commission (FCC) Chairman Ajit Pai decided not to attend the Consumer Electronics Show this week after receiving death threats, Recode reported Thursday. An FCC spokesman declined to confirm the report, saying in an email to The Hill, "We do not comment on security measures or concerns." According to the news outlet, which cited two agency sources, the details on the threats are still unclear. It's not the first threat the chairman has faced in recent months. As Pai was chairing an agency vote to overturn the Obama-era net neutrality rules last month, the meeting room was abruptly evacuated because of a bomb threat. Beyond the room, the target was not clear. But Pai and his family have faced harassment over the controversial decision to repeal the rule. Harper Neidig has the story here.   Finance: Sen. Ron Johnson (R-Wis.) on Thursday called on a federal watchdog to review the "flawed" process in which Leandra English jumped from a position as political appointee to serving as a senior career civil servant at the Consumer Financial Protection Bureau (CFPB). Johnson, the head of the Senate Homeland Security and Governmental Affairs Committee, sent a letter to the head of the Office of Special Counsel (OSC), Henry Kerner, raising concerns about the conversion process in the final days of the Obama administration. "Based on the information that [the Office of Personnel Management] provided to the Committee, it may be appropriate for the Office of Special Counsel to review whether the conversion of Ms. English from a political appointment at OPM to a career position within CFPB adhered to the merit system principles," Johnson wrote. Johnson's letter comes after a showdown in November over dueling appointments between the White House and the outgoing CFPB head over who would lead the agency. Exiting CFPB Director Richard Cordray, an Obama-era appointee, promoted English, his chief of staff, to deputy director -- leaving her in a position to lead the agency after he departed. But President Trump appointed Mick Mulvaney -- his White House budget chief – to lead the agency. Sylvan Lane explains here.   Energy: A Democratic senator plans to use the Congressional Review Act (CRA) to block President Trump from overturning safety rules put in place after the Deepwater Horizon oil spill disaster in 2010. Florida Sen. Bill Nelson (D) said on the Senate floor Wednesday that he will use the CRA, which Republicans have used to dismantle many Obama-era regulations under the Trump presidency, to block the administration's proposed rule changes. The law allows for an expedited review to overturn a regulation by resolution. "The BP spill devastated my state's economy and 11 people lost their lives," Nelson said in remarks reported by the Washington Examiner. "That's why I plan to subject this misguided rule to the Congressional Review Act." One of the changes proposed by the Interior Department's Bureau of Safety and Environmental Enforcement would reduce the authority of third-party safety inspectors to review documents related to oil rig operations and reduce the requirement that certified engineers review safety equipment plans to require the review of only the "most critical documents." John Bowden has more here.   Energy: Federal regulators under the Obama administration were inconsistent in how they processed applications to conduct seismic research for offshore oil and natural gas, the Government Accountability Office (GAO) found. Auditors found in a report released Thursday that, depending on the regional office, the Interior Department's Bureau of Ocean Energy Management (BOEM) took as much as 340 days to review seismic applications, or sometimes approved them the day they were complete. Furthermore, the National Marine Fisheries Service (NMFS) and the Fish and Wildlife Service (FWS), which are responsible for reviewing seismic applications for compliance with wildlife laws, don't have consistent standards for how to record the time they take to process applications, GAO said. Timothy Cama has the details here.   IN OTHER NEWS  Trump administration seeks curb on student loan forgiveness – Wall Street Journal  As Europe's 'Mifid' regulations roll out, bond volumes fall – The Wall Street Journal Citibank fined $70 million for anti-money laundering compliance shortcomings – Reuters  OPINION: Sessions is targeting the cannabis community - it's time for Congress to intervene    Got a tip? Send it to your Overnight host at lwheeler@thehill.com and follow her on Twitter @wheelerlydia.          Did a friend forward you this email? Sign up for Regulation Newsletters     Forward Regulation Newsletters       Privacy Policy  |  Manage Subscriptions  |  Unsubscribe  |  Email to a friend  |  Sign Up for Other Newsletters   The Hill 1625 K Street, NW 9th Floor, Washington DC 20006 ©2016 Capitol Hill Publishing Corp., a subsidiary of News Communications, Inc.