Overnight Cybersecurity: Cyber threat-sharing bill advances

Cyber threat-sharing bill advances March 12, 2015 By Cory Bennett and Elise Viebeck Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry wrap their arms around cyberthreats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ... THE BIG STORIES: --NEXT STOP, SENATE FLOOR: The Senate Intelligence Committee passed its controversial cybersecurity bill 14-1 Thursday afternoon, the Cybersecurity Information Sharing Act (CISA). The bill would give liability protections to companies sharing cyber threat data with government agencies, including the National Security Agency (NSA). Although several Senate committees and the White House have tossed around their own cyber data sharing bills this year, it seems Senate leaders are coalescing around the Intel panel's efforts. Intelligence Chairman Richard Burr (R-N.C.) told reporters he expects the bill to hit the floor sometime mid-April. To see why Republicans are differing on the Intelligence panel's bill, click here. --ANY OPPOSITION?: Privacy advocates, the White House and numerous Democratic senators opposed a discussion draft of CISA. Intelligence Committee Ranking Member Dianne Feinstein (D-Calif.) said she had met with White House Chief of Staff Denis McDonough this week to hammer out their differences. "I think he believes that a number of improvements have been made in the bill," she told reporters. Democrats introduced about 15 privacy-related amendments during a markup Thursday and 12 of them were incorporated in the bill, either in full or in part, Feinstein added. A notable nod to privacy advocates was the decision to only allow companies to share data with intelligence agencies if it is not electronic. All real-time, digital sharing must go through the Department of Homeland Security (DHS), a civilian agency. "Our preference is the electronic transfer through the DHS portal," Burr stressed. To read our full piece, click here. To see why Sen. Ron Wyden (D-Ore.) opposed the bill, click here. --NOT FEELING IT: "We will be looking very closely at the language to determine whether the changes effectively protect Americans' privacy," said Robyn Greene, policy counsel with New America's Open Technology Institute. "Based on how dangerously broad and vague the last version of the bill was, it would be surprising if the bill agreed to in secret today will garner the support of the privacy community." --OBAMA BACKS STRONG ENCRYPTION, SAYS CYBER CZAR: President Obama supports strong data encryption measures and has not called on companies to weaken encryption, an aide said Thursday. White House Cybersecurity Coordinator Michael Daniel sought to reframe the debate over data security with an argument that current technologies pose an "unprecedented" challenge to law enforcement. "The technology is taking us to a place where you can put information literally beyond the reach of law enforcement, even under due process," Daniel said during a panel discussion. "That is something we have not really faced before ... if you're creating essentially a place where [obtaining the data] is not possible, even physically possible, that's a new place to be." To read our full piece, click here. UPDATE ON CYBER POLICY: DON'T FORGET DATA BREACHES: Two House members rolled out draft legislation of a bill to protect people whose data may have been stolen by hackers. Reps. Peter Welch (D-Vt.) and Marsha Blackburn (R-Tenn.) unveiled the Data Security and Breach Notification Act on Thursday ahead of a House hearing on the topic next week. The measure would hold companies to a new national digital security standard that the authors claim is flexible enough not to restrain companies. It would also require that companies who have been breached notify people whose data may have been stolen within 30 days. Senate Homeland Security and Governmental Affairs Committee Chairman Ron Johnson (R-Wis.) said on Thursday that the Senate's "second priority" on cybersecurity should be a similar bill. There are currently 47 different state breach notification laws, creating a patchwork that is "just not workable" for businesses, Johnson said. Congress must move to eliminate the uncertainty, he said. "To me, I think that should be relatively easy, but apparently it's not." LIGHTER CLICK: FOR REAL? A tech blog writes an open letter to politicians proudly saying they've never used email in the wake of the Hillary Clinton private email kerfuffle. "Guys, seriously ... there's enough meat on the bone in the Hillary Clinton super-secret unofficial email fiasco-steak to work with. You really don't have to lose your minds and draw all the wrong kind of attention to yourselves as a result." (TechDirt) DARKER CLICK: Here's a USB drive that can fry (or blow up?) your computer. WHO'S IN THE SPOTLIGHT: TODD M. ROSENBLUM will join Third Way as a visiting fellow focused on cybersecurity, the group announced. Rosenblum left the Department of Defense in January after serving as the Principal Deputy Assistant Secretary for Homeland Defense and Americas' Security Affairs. He was previously a professional staff member on the Senate Intelligence Committee, and currently heads a consulting firm called National Security Outcomes. At Third Way, he will help draft cyber policy, the group said. A LOOK AHEAD: --FRIDAY: At a Council on Foreign Relations (CFR) event, CIA Director John Brennan will discuss the spy agency's historic shake-up that will bring more focus on cyber espionage. IN CASE YOU MISSED IT: Links from our blog, The Hill, and around the Web. ISIS supporters are launching their own social media network. (The Hill) U.K. users' browsing activity should have higher degrees of protection, a parliamentary committee said after a year-long probe. (The Hill) Hillary Clinton did not use an encryption certificate for her private email service for the first three months of her tenure at State, apparently. (The Hill) Critics allege the leading cybersecurity research firms are going easy on their home countries. (Reuters) British Telecom has announced a new partnership with security firm Darktrace. (InfoSecurity) IBM is looking at adopting the technology behind bitcoin to create a digital payment system. (Reuters) Cyber criminals are redirecting traffic from businesses' web addresses. (Wall Street Journal) The Obama administration wants to give courts more power to shut down bot nets. (Security Week) U.S. industrial control systems were hit by at least 245 cyberattacks over a 12-month period. (V3) Hackers appear to be threatening a South Korean nuclear reactor. (BusinessKorea) We'll be working to stay on top of these and other stories throughout the week, so check The Hill's cybersecurity page early and often for the latest. And send any comments, complaints or cyber news tips our way, viacbennett@thehill.com or eviebeck@thehill.com. And follow us at@cory_bennett and @eliseviebeck. If you'd like to receive our newsletter in your inbox, please sign up here: http://goo.gl/KZ0b4A