Hillicon Valley: Senators introduce bill to require some cyber incident reporting | UK citizen arrested in connection to 2020 Twitter hack | Officials warn of cyber vulnerabilities in water systems
Welcome to Hillicon Valley, The Hill’s newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley. If you don’t already, be sure to sign up for our newsletter by clicking HERE.
A much-anticipated bipartisan measure to respond to recent major cyberattacks on both the federal government and the private sector was rolled out by Senate Intelligence Committee leaders on Wednesday. The bill would increase the government’s visibility into cyberattacks by requiring some key companies to report breaches.
Meanwhile, the Justice Department announced that a British citizen has been arrested in Spain for allegedly having helped carry out the hack against Twitter last year that compromised accounts of verified individuals including President BidenJoe BidenKentucky lawmaker faces scrutiny for comparing Fauci to Jonestown cult leader Omar leads lawmakers in calling for US envoy to combat Islamophobia Public charter schools group blasts proposed Democratic cut MORE and former President Obama, and back on Capitol Hill experts warned of glaring cyber vulnerabilities facing water systems.
MAJOR CYBER BILL ROLLED OUT: Leaders of the Senate Intelligence Committee and other bipartisan lawmakers on Wednesday formally introduced legislation requiring federal contractors and critical infrastructure groups to report attempted breaches following months of escalating cyberattacks.
The Cyber Incident Notification Act would require federal agencies, government contractors and groups considered critical to national security — such as hospitals, utilities, financial services and information technology groups — to report cyber incidents to the Cybersecurity and Infrastructure Security Agency (CISA) within 24 hours.
The bill would grant liability protections to groups that report breaches, along with anonymizing personal information of the companies involved in the incidents in order to encourage reporting.
The bill is primarily sponsored by Senate Intelligence Committee Chairman Mark WarnerMark Robert WarnerThe Hill’s Morning Report – Will Schumer back down on his deadline? Schumer sets up Wednesday infrastructure showdown Biden opens new cyber fight with China MORE (D-Va.), Vice Chairman Marco RubioMarco Antonio RubioThe Hill’s Morning Report – Surging COVID-19 infections loom over US, Olympics Six takeaways: What the FEC reports tell us about the midterm elections The Memo: Trump is diminished but hasn’t faded MORE (R-Fla.) and committee member Susan CollinsSusan Margaret CollinsLiberal House Democrats urge Schumer to stick to infrastructure ultimatum GOP centrists call on Schumer to delay infrastructure vote The Hill’s Morning Report – Will Schumer back down on his deadline? MORE (R-Maine), with the measure circulating in the Senate and among stakeholders in draft format over the last month.
Read more about the new bill here.
YOU CAN ONLY RUN SO LONG: A citizen of the United Kingdom was arrested in Spain on Wednesday in connection with the July 2020 Twitter hack that compromised politicians’ and celebrities’ accounts, the Justice Department announced.
Joseph O’Connor, 22, is facing several federal charges in connection with the July 15, 2020 hack that compromised over 130 Twitter accounts, including those of President Biden, former President Obama and Elon MuskElon Reeve MuskHillicon Valley: Biden: Social media platforms ‘killing people’ | Tech executives increased political donations amid lobbying push | Top House antitrust Republican forms ‘Freedom from Big Tech Caucus’ Equilibrium/ Sustainability — The gentler side of Shark Week Branson: I’d be delighted to go to Bezos space launch if invited MORE.
The Justice Department said the U.K.’s National Crime Agency and the Spanish National Police provided assistance in the investigation and the arrest.
Read more about the hack here.
WATER INSECURITY: Lawmakers and experts on Wednesday warned of gaping cybersecurity vulnerabilities in the nation’s critical water sector amid escalating attacks against a number of U.S. organizations.
“I believe that the next Pearl Harbor, the next 9/11, will be cyber, and we are facing a vulnerability in all of our systems, but water is one of the most critical and I think one of the most vulnerable,” Sen. Angus KingAngus KingBiden administration stepping up efforts to respond to ransomware attacks Cybersecurity bills gain new urgency after rash of attacks Number of nonwhite Democratic Senate staffers ticks up from 2020 MORE (I-Maine), the co-chairman of the Cyberspace Solarium Commission (CSC), testified to the Senate Environment and Public Works Committee.
“There is an incipient nightmare here, and it involves all sectors of our critical infrastructure, but water I think is probably the most vulnerable because of the dispersed nature of water systems in the country,” he warned.
Cyber threats have soared in recent years, including recent ransomware attacks on critical infrastructure such as Colonial Pipeline, and the water sector has not been immune.
Read more about the hearing here.
EVERYONE’S A CRITIC: The Biden administration’s push to weed out COVID-19 misinformation online is spotlighting calls to reform Section 230, while further highlighting the deep partisan divide among lawmakers’ approaches to modify the law that provides tech companies a liability shield.
Critical comments against Facebook made by President Biden and action taken by Twitter against a controversial lawmaker this week raised the pressure on big tech companies already on defense over their content policies, but also showcased the opposing reasons both parties are concerned.
Biden in recent days joined congressional Democrats’ efforts to press social media companies to take action against misinformation about the coronavirus and vaccines. But amid the administration’s push, Republicans are piling on criticism of the Silicon Valley giants and the government-led effort to hold them accountable.
Read more here.
SMALL BUSINESS WOES: The recent ransomware attack on software group Kaseya hit small businesses especially hard, targeting companies that often have few resources to defend themselves and highlighting long-standing vulnerabilities.
The attack has been made worse during the pandemic when cyber threats against small businesses have multiplied, and companies have scrambled to stay afloat.
“When large businesses aren’t doing the basics it’s negligence,” Kiersten Todt, managing director of the Cyber Readiness Institute, told The Hill.
“When small businesses aren’t doing the basics, it’s often because they don’t have the resources, or the knowledge, or the education,” Todt added.
Read more about small business concerns here.
…AND SMALL BUSINESS WINS: Small businesses are leveraging popular trends on TikTok to build their brands and gain global followings.
Unlike its older social media peers, popular content on TikTok tends to be more stripped down which can give small businesses a leg up, said Eric Dahan, co-founder and CEO of influencer marketing agency Open Influence.
“People crave that raw, behind-the-scenes experience, they crave authenticity. So businesses are able to build a much more human connection,” Dahan said.
“That’s an advantage [small businesses] have, where they get rewarded for having a more human voice. For the big companies it’s much more of a challenge for them to do that,” he said.
Read more about what small business owners had to say.
BILLS, BILLS, BILLS: The House Energy and Commerce Committee on Wednesday approved multiple pieces of legislation meant to strengthen telecommunications against cyberattacks.
The committee approved by voice vote eight bipartisan bills covering issues including increasing cybersecurity best practices, communications security, and strengthening cyber programs at the Federal Communications Commission (FCC) and the National Telecommunications and Information Administration (NTIA).
“Today I am proud that the Energy and Commerce Committee came together to pass urgently needed legislation that will promote more secure networks and supply chains, bringing us one step closer to a safer and more secure wireless future,” House Energy and Commerce Committee Chairman Frank Pallone (D-N.J.) said in a statement following the markup of the bills.
Read more about the bills moving forward here.
CLUBHOUSE OPENS: The live audio room app Clubhouse is no longer invite-only, the company announced Wednesday, ending the platform’s year-long beta stage.
Users on both iOS and Android will now be able to make accounts and join the app, which exploded in popularity during the coronavirus pandemic, without needing the referral of an existing member.
“It’s been a rollercoaster first half of the year, and we’ve emerged much bigger than we were in January,” co-founders Paul Davison and Rohan Seth wrote in a blog post.
$5M FOR MISINFORMATION: The Knight Foundation will invest $5 million in research projects aimed at addressing online misinformation with a focus on the impact on communities of color, the nonprofit organization said Wednesday.
The investment includes a $1.5 million open call for proposals for research that “can lead to effective interventions to mitigate the effects of racialized disinformation or targeted manipulation of communities of color,” according to the Knight Foundation announcement.
Read more here.
ICYMI: CYBER FRONT AND CENTER: A series of disruptive cyberattacks targeting sectors from food to energy to technology has forced President Biden to put cybersecurity at the center of his agenda in his first six months in office.
Biden has focused on Russia and China as two nations that present major threats to America’s national and economic security, with cyber issues being prime areas of engagement with those countries as ransomware attacks on critical infrastructure become a constant headache.
Read more about Biden’s cyber efforts here.
What we’re watching this week:
-The Senate Environment and Public Works Committee will hold a hearing Thursday to examine cybersecurity vulnerabilities impacting critical infrastructure.
An op-ed to chew on: ‘Move fast and break things’ won’t work for autonomous vehicles
Lighter click: Treat yourself!
NOTABLE LINKS FROM AROUND THE WEB:
Investigation: How TikTok’s Algorithm Figures Out Your Deepest Desires (The Wall Street Journal)
Female Twitch Streamers Spend Their Lives Online. Predators Are Watching. (HuffPost / Jesselyn Cook)
The New Brandeis Movement Has Its Moment (The American Prospect / David Dayen and Alexander Sammon)
The Biden administration should take the First Amendment as seriously as Facebook misinformation (The Verge / Adi Robertson)
Chat logs show how Egregor, an $80 million ransomware gang, handled negotiations with little mercy (CyberScoop / Tim Starks)