Overnight Cybersecurity: Ex-NSA staffers strike gold in Silicon Valley

Ex-NSA staffers strike gold in Silicon Valley February 24, 2015 By Cory Bennett and Elise Viebeck Welcome to OVERNIGHT CYBERSECURITY, your daily run-down of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry wrap their arms around cyberthreats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ... THE BIG STORIES: --NSA STAFFERS RAKE IN SILICON VALLEY CASH: Former NSA employees are a hot commodity in Silicon Valley these days, despite the tech industry's battle against government surveillance. Investors looking to ride the boom in cybersecurity are dangling big paydays in front of former NSA alums, seeking to secure access to the insider knowledge they gained while working for the world's most elite surveillance agency. "Networks on the West Coast are quite substantial," said Jay Kaplan, one of the former NSA employees behind Synack, a security firm that launched from Boston in May 2013 but soon packed up for the West Coast, where the company just raised $25 million. "I think it was a great decision," Kaplan said of the move. To read our full piece, click here.  --'TURBOTAX OF NONPROFIT WORLD' HACKED: Add the Urban Institute to the (long) list of D.C. think tanks that have been breached by hackers. The organization, which helps more than one million nonprofit organizations file tax forms with the IRS, noticed suspicious activity on its network in January. By Feb. 4, a forensic investigation revealed that hackers accessed account data for 600,000 to 700,000 groups, including username and password combinations, email addresses and IP addresses. The breach highlights hackers' interest in D.C. institutions — from law firms to agencies to advocacy outfits, no group seems truly safe online. To read our full piece, click here. --FBI OFFERS LARGEST REWARD EVER FOR CYBER CROOK: Want $3 million? Help law enforcement find one of the world's most elusive black-hat hackers. The FBI on Tuesday announced a new reward for information leading to the arrest of Evgeniy Bogachev, the Russian national who allegedly infected 1 million computers with malware last year. "We've really not done something like this," said Robert Anderson, who leads the FBI's Criminal, Cyber, Response, and Services Branch. "The blogs of hackers around the world will light up." To read the FBI "Most Wanted" list for cybersecurity, click here. To read our full piece, click here. --CIA, NSA PREPARE TO RUMBLE OVER CYBER OPS: Get ready for a turf war between the two largest U.S. spy agencies. If Central Intelligence Agency (CIA) Director John Brennan gets his wish, his spies will double down on hacking and cyber-operations, a plan that could introduce tensions with the National Security Agency (NSA). Brennan is encouraging agents to think cyber when it comes to espionage, and has weighed creating a new cyber-intel directorate that would rival the operations and analysis branches. To read the news in the Washington Post, click here. For additional insight, check out FCW's follow-on piece here. WHO'S IN THE SPOTLIGHT: --PHYLLIS SCHNECK, deputy under secretary for cybersecurity and communications with the Department of Homeland Security (DHS). Last week, Schneck explained that DHS cyber officials are building bridges with Silicon Valley by regularly heading out West to meet with leading cyber startups. On Wednesday, she'll get a chance to lobby for the DHS to be the lead agency on the government's public-private cyber efforts, testifying before the House Homeland Security Committee. A REPORT IN FOCUS: --PRIVATE SECTOR SPENDING on cybersecurity is expected to grow 15.4 percent this year, eclipsing government spending growth for the first time since 2009. Companies' growing investment in cyberdefenses is the bottom line of a report issued Tuesday by the Telecommunications Industry Association, which described changes looming in private industry's approach to cybersecurity.  "Instead of being relegated to being an IT issue, unrelated to basic business, cybersecurity is becoming a critical part of business strategy," the report stated. The report was released in connection with TIA's 2014 ICT Market Review & Forecast, available in summary here. A LOOK AHEAD: --WEDNESDAY: At a House Homeland Security Committee hearing, Department of Homeland Security officials will face lawmakers' questions on the agency's plans to enhance cybersecurity information sharing between the government and private sector. The White House has been pushing to make the DHS the lead agency on government cybersecurity efforts. --THURSDAY: When the White House unveiled its updated cybersecurity legislative agenda in January, the administration said it would release a "Consumer Privacy Bill of Rights" legislative proposal within 45 days. Thursday is the deadline for the offering, and the administration has been mum on whether it will have a proposal ready by then. --FRIDAY: DHS funding expires at the end of the month and Congress still seems far away from a deal. Although the agency's major cybersecurity functions are deemed "essential" and would continue under a shutdown, former DHS officials have warned that the budget uncertainty is hampering the agency's cyber efforts. IN CASE YOU MISSED IT: --Cyber crimes would be harder to solve if lawmakers don't reauthorize part of the Patriot Act, FBI officials said. (The Hill) --The FBI is close to identifying the culprit in the Anthem attack, but it may not tell the public. (The Hill) --Sony named a replacement for ousted chairman Amy Pascal. (Huffington Post) --Another casualty from the Sony hack? Actors' paychecks. (The Hill) --Does the United States need a 'Cyber Red Cross'? (NextGov) --At least 8.8 million non-Anthem customers could be victims in the insurer's recent data breach. (Reuters) --Reddit is cracking down on stolen nude photos with a new privacy policy. (ABC News) --ICYMI: The Commerce Committee wants to flex its muscle on cybersecurity this Congress. (National Journal: Parts 1, 2, 3, 4) We’ll be working to stay on top of these and other stories throughout the week, so check The Hill’s cybersecurity page early and often for the latest. And send any comments, complaints or cyber news tips our way, viacbennett@thehill.com or eviebeck@thehill.com. And follow us at@cory_bennett and @eliseviebeck.