Roll Call: Latest News on Capitol Hill, Congress, Politics and Elections
December 20, 2014

Posts in "Security"

December 19, 2014

Weekly Wrapup: Sony Pictures, CFPB Sues Sprint, and Senate GOP Rosters Change

Holiday vacations are fast-approaching for many, but before you jet off, here’s a roundup of some news and Technocrat posts this week.

  • The Federal Bureau of Investigation announced that it has determined that North Korea was behind the cyberattack on Sony Pictures Entertainment.
  • President Barack Obama said Sony Pictures had “made a mistake” in pulling the movie “The Interview.”
  • The White House’s announcement on Cuba included allowing commercial export of some communications devices and allowing telecommunications companies to establish infrastructure in Cuba so they can provide service.
  • The Consumer Financial Protection Bureau sued Sprint, alleging the company billed wireless customers for unauthorized third-party charges over a roughly 10-year period.
  • There are some changes in store for the Republican rosters on the Senate Commerce, Science and Transportation Committee and the Judiciary Committee .
  • A group of 36 Democrats in the House and Senate wrote to Federal Communications Commission chairman Tom Wheeler, saying it’s “time for action” on net neutrality rules.
  • The Senate confirmed FCC commissioner Michael O’Rielly for a full five-year term that started July 1, 2014.
  • Sen. Al Franken, D-Minn., wasn’t satisfied with Uber’s response to his letter where he raised privacy concerns.
  • The National Highway Traffic Safety Administration announced it has an app to help the tipsy find a ride home.

FBI Says North Korea Responsible for Cyberattack on Sony Pictures

The FBI on Friday officially accused North Korea of conducting a recent cyberattack on Sony Pictures Entertainment, the effects of which have continued to be felt weeks after the hacking.

“As a result of our investigation, and in close collaboration with other U.S. government departments and agencies, the FBI now has enough information to conclude that the North Korean government is responsible for these actions,” the FBI said in a statement.

In the statement, the FBI said it’s”deeply concerned” about how destructive the attack was on a private company and people who worked there.

From the FBI’s statement:

North Korea’s attack on SPE reaffirms that cyber threats pose one of the gravest national security dangers to the United States. Though the FBI has seen a wide variety and increasing number of cyber intrusions, the destructive nature of this attack, coupled with its coercive nature, sets it apart. North Korea’s actions were intended to inflict significant harm on a U.S. business and suppress the right of American citizens to express themselves. Such acts of intimidation fall outside the bounds of acceptable state behavior. The FBI takes seriously any attempt—whether through cyber-enabled means, threats of violence, or otherwise—to undermine the economic and social prosperity of our citizens.

The FBI said it came to the determination that North Korea was responsible for the cyberattack based, in part, on three factors. From the FBI’s release:

  • Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks.

  • The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the U.S. government has previously linked directly to North Korea. For example, the FBI discovered that several Internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack

  • Separately, the tools used in the SPE attack have similarities to a cyber attack in March of last year against South Korean banks and media outlets, which was carried out by North Korea.
     

During a press conference later on Friday, President Barack Obama said the U.S. would respond “proportionally.” He also said there was “no indication” that North Korea was acting together with another country.

December 8, 2014

The Week Ahead: Human Space Flight, the Sharing Economy and Surveillance

It could be the last week of the 113th Congress (maybe?) and with the December holidays fast approaching, it promises to be a packed with congressional hearings on intellectual property nominees, drones and human space flight and events on issues from surveillance to the sharing economy.

Monday

The Advisory Committee to the Congressional Internet Caucus hosts a panel discussion on the sharing economy.

The Direct Marketing Association and Venable LLP hold an event titled the “The Dynamic State of Data: A Policy Briefing for the Data-Driven Marketing Community.”

The Personal Connected Health Alliance’s mHealth Summit on mobile and connected health continues into the week.

Tuesday

The Atlantic holds a panel event on science, technology, education and math careers.

National Consumers League holds a panel discussion on legislation on data security standards.

Wednesday

The American Enterprise Institute holds an event on surveillance, specifically on “legal intercept.”

The Brookings Institution holds an event on mobile technologies and developing economies.

BSA | The Software Alliance holds a panel discussion on data.

The Computer and Communications Industry Association and The American Antitrust Institute hold an event on patent assertion entities.

A House Science, Space and Technology subcommittee holds a hearing on NASA’s heavy rocket and and crew vehicle.

A House Transportation and Infrastructure subcommittee holds a hearing on drones.

The Senate Banking, Housing, and Urban Affairs Committee holds a cybersecurity hearing.

The Senate Judiciary Committee holds a hearing on the nominations of Michelle K. Lee, to head the U.S. Patent and Trademark Office, and Daniel H. Marti, to be the White House’s intellectual property enforcement coordinator.

Thursday

The Federal Communications Commission holds its December open meeting.

Friday

The Cato Institute holds a day-long surveillance conference.

The Center for Strategic and International Studies holds a panel discussion on the Internet of Things.

December 1, 2014

The Week Ahead: Cybercrime, Telecommunications Law and the Internet of Things

I hope you had your rest and relaxation over the Thanksgiving holiday because things are kicking into gear again, with events on cybercrime, telecommunications law and the Internet of Things.

Tuesday

The Federalist Society for Law & Public Policy Studies holds an event on patent regulation and policy.

New America hosts talk with Shane Harris, author of “@War: The Rise of the Military-Internet Complex.”

New York University’s Information Law Institute and Microsoft’s Innovation & Policy center host an event titled “Building Privacy Into Data-Driven Education.”

The Phoenix Center for Advanced Legal & Economic  Public Policy Studies holds its U.S. Telecoms Symposium.

The Planetary Society holds an event on the future of solar system exploration.

Wednesday

The Bipartisan Policy Center holds an event on health information technology.

The Cato Institute hosts a talk with Terence Kealey, vice-chancellor emeritus at the University of Buckingham, on public funding of science and research.

The House Oversight & Government Reform Committee holds a hearing on the Digital Accountability and Transparency Act.

The Information Technology Industry Council and Intel host an event on technology, policy and emerging health crises.

Thursday

Georgetown University Law Center and the Justice Department’s Criminal Division sponsor an event titled “Cybercrime 2020: The Future of Online Crime and Investigations.”

The Information Technology & Innovation Foundation’s Center for Data Innovation holds an event on the Internet of Things.

Republic 3.0 hosts a panel discussion on progressives and a rewrite of the 1996 Telecommunications Act.

November 26, 2014

Senate Cybersecurity Vote Not Likely in Lame Duck

Senate Intelligence Chairwoman Dianne Feinstein, D-Calif., has acknowledged that a Senate vote on her cybersecurity bill likely isn’t going to happen before the 113th Congress ends, according to a story (subscription) by CQ Roll Call’s Rob Margetta.

Margetta writes that the bill’s backers have been making “last-minute pitches” as the end of the 113th Congress nears, but the bill hasn’t moved in the Senate (It was marked up by the Intelligence panel back in July):

Authorization legislation has remained low on the priority list for years, even while Congress has pointed to cybersecurity as a priority for the nation. But the bill’s supporters are also fighting a perception that the bill’s tangled up in surveillance issues that may make it seem too complicated to be passed.

Leaders of the House Intelligence panel at a recent hearing tried to separate the issues of surveillance and cybersecurity, Margetta reports. The cybersecurity measures in both chambers deal with cyberthreat information sharing between the private sector and government.

Margetta writes:

But in a Congress where surveillance has been a buzzword for the past two years, and where members have constantly been hearing from companies that say they’re worried about losing customers angry about government intrusions, the idea of handing over any more data has run into resistance — even if the bill’s architects stress that they specifically don’t want to collect information on people.

November 19, 2014

Lynch, Unhappy With Postal Service Data Breach Response, Mulls Legislation

After a data breach affecting roughly 800,000 U.S. Postal Service employees was made public earlier this month, the ranking Democrat on a House Oversight & Government Affairs subcommittee signaled he was thinking about legislation that would require automatic disclosure.

Stephen F. Lynch, D-Mass. said at a Federal Workforce, U.S. Postal Service and the Census Subcommittee hearing on Wednesday that he was “disappointed” with the Postal Service’s response, arguing employees should have been notified earlier.

Employees should be notified as soon as it’s known that personally identifiable information has been compromised, Lynch said at the hearing.

Under the Postal Service’s plan, a U.S. government agency could have Social Security numbers of all its employees compromised, and it decides based on its own interests when they’ll be notified, he said.

“That doesn’t work,” he said.

“We gotta figure something out,” Lynch said in questioning Randy Miskanic, vice president of the U.S. Postal Service’s Secure Digital Solutions group. “Maybe it’s legislatively we need… mandate this, but you have to be more forthcoming with the people that you’re supposed to be protecting than you have been in this case.”

Full story

November 14, 2014

Weekly Wrapup: Net Neutrality, Surveillance Overhaul Legislation & Drones

Net neutrality, surveillance overhaul legislation and drones are in your weekly wrap-up.

Full story

November 10, 2014

Postal Service Network Breach Compromises Employee Data

Small USPS Truck 330x185 Postal Service Network Breach Compromises Employee Data

Courtesy of USPS

Data belonging to more than 800,000 United States Postal Service employees has been compromised in a computer network breach.

The breach, discovered in mid-September, is being investigated by the FBI. Remediation of the hack did not begin until this weekend, although planning began immediately, according to the agency.

“Acting too quickly could have caused more data to be compromised,” USPS spokesman David Partenheimer said in a statement.

Names, dates of birth, Social Security numbers, addresses, dates of employment and other information are among the compromised data. According to the agency, employees at all levels were affected, from letter carries to the postmaster general.

However no customer credit card information from online purchases at usps.com or at post offices were exposed.

New security measures were implemented over the weekend to prevent future breaches, Partenheimer said. Enacting the new safeguards caused system outages and slowed the delivery of external email.

Notification of employees began on Monday. USPS is providing free credit-monitoring services for one year.

The Week Ahead: Net Neutrality, Cybersecurity and Lifeline

Congress returns for the lame duck session and events on net neutrality, cybersecurity and the Universal Service Fund’s Lifeline program are on tap this week.

Full story

November 3, 2014

The Week Ahead: Antitrust, Crypto-Currencies and Farming & Space Tech Transfer

Attention will be focused on the mid-term elections this week, but there are other events happening as well that cover issues including antitrust, crypto-currencies and farming and space tech transfer.

Full story

Sign In

Forgot password?

Or

Subscribe

Receive daily coverage of the people, politics and personality of Capitol Hill.

Subscription | Free Trial

Logging you in. One moment, please...