Appropriations Subcommittee to Hear Cyber Needs- Report: 1 in 3 Hit by Undetected Malware
DHS TO GET ITS (AP)PROPS – Staffers expect an informative and collegial hearing today as top cybersecurity officials from Homeland Security, Immigration and Customs and Secret Service will brief Senate appropriators on what their agencies are up to and what their budget needs are. The Senate Appropriations Subcommittee on Homeland Security is holding a 2 p.m. hearing on cybersecurity investments that will feature Deputy Homeland Security Undersecretary for Cybersecurity Phyllis Schneck; Peter Edge, executive associate director for homeland security investigations at U.S. Immigration and Customs Enforcement; and William Noonan, deputy special agent in charge in the U.S. Secret Service's Criminal Investigative Division - Cyber Operations, as well as non-governmental representatives from University of Maryland’s Cybersecurity Center, CenturyLink, Indiana Statewide Association of Rural Electric Cooperatives and Entergy.
Staffers for both parties on the subcommittee said a key focus of the hearing will be highlighting the work DHS and other agencies are doing already, including improvements they’ve made. Staffers for subcommittee Chairwoman Mary Landrieu say she will focus especially on training a cybersecurity workforce, as well as lessons from her home state of Louisiana. Republican committee aides said Ranking Member Dan Coats is especially focused on information sharing, both between the government and the private sector as well as among private companies. Neither side expects fireworks this afternoon, but they say that cybersecurity will be a key piece of future appropriations legislation. We’ll be tracking, and you can watch it here:http://1.usa.gov/Su3Tyc
FIRST LOOK: 1 IN 3 FINANCIAL, ENERGY FIRMS INFECTED BY MALWARE – About one-third of companies in the financial services and energy sectors reported that their endpoints had been infected by malware that evaded their defenses’ detection in the past year, according to a new survey out this morning from ThreatTrack Security. Thirty-five percent of business overall – 37 percent of energy firms and 31 percent of financial organizations – said they had been victim to infection. Email was the biggest way in for energy firms, but financial companies reported more malware from Web-based attacks.
Another sobering stat: Just 28 percent of IT security professionals surveyed said it was unlikely their company would a target of sophisticated cybercrime. Fourteen percent called it a certainty, 24 percent said it was highly likely and 34 percent said it was at least somewhat likely. Plenty more in the full report: http://politico.pro/1g6Ooky. And the executive summary, live this morning: http://bit.ly/1s0TvIo
HAPPY WEDNESDAY and welcome to Morning Cybersecurity. It’s that time of year when I realize that NBA and NHL playoffs seriously take forever, even if at least one of my teams is still alive (Go Blackhawks! Wizards – not sure if I can forgive you yet.) As always, send your tips, thoughts, sports-related heckling and feedback to tkopan@politico.com and follow @talkopan, @POLITICOPro and @MorningCybersec.
ALSO TODAY: NDAA MARKUP – The full House Armed Services Committee takes on the National Defense Authorization Act today starting at 10 a.m. While cybersecurity isn’t mentioned in the fact sheet summarizing the chairman’s mark (http://1.usa.gov/QcdnvW), cybersecurity accounts for plenty of line items in the full bill (http://1.usa.gov/1mAFM9V), and Rep. Derek Kilmer’s office on Tuesday hailed the inclusion of provisions from the subcommittee’s mark on cyber training and testing ranges. The fun will be broadcast live starting at 10 a.m.:http://bit.ly/1iv8UvA
WORTH WATCHING: NSA BILLS IN THE HOUSE – Two separate and divergent proposals to reform the NSA’s surveillance programs are picking up speed in the House. One from Judiciary, one from HPSCI. Siobhan Gorman for The Wall Street Journal: “Backers of both measures agree that chances have improved for action in the House, which is likely to put pressure on the Senate to act. An aide close to the negotiations said leadership expects the committees to be able to work out their differences and have a bill ready for a floor vote as soon as the week of May 19. ... However, still unclear is which committee's proposal will win out.” More:http://on.wsj.com/1kKfQHz
Watch this space for our colleague David Perera’s analysis of the differences between the two bills and, later today, Pro’s coverage of the Judiciary Committee mark-up.http://1.usa.gov/1niCGen
FIREEYE BEEFS UP – The security firm FireEye has acquired Charlottesville, Va.-based nPulse Technologies, a network forensics company, in a $70 million deal, FireEye announced yesterday afternoon. Already having acquired Mandiant this year, California-based FireEye said in a press release that the nPulse addition will allow its platform to more quickly and effectively monitor and respond to breaches “from network intrusion to endpoint exploitation and lateral movement.” The deal is expected to close in the second quarter.
N.Y. TO ASSESS BANKS ON CYBER – N.Y.-based banks’ cybersecurity readiness will be assessed as part of their regular exam process, Gov. Andrew Cuomo announced yesterday. The governor’s office made the announcement in conjunction with releasing the results of a yearlong survey of the 154 banks the New York Department of Financial Services regulates, which found that most of the institutions experienced cyber incidents or attempted intrusions in the last three years. Of the wrongful activity conducted by intruders, 46 percent of the attacks were account takeovers, 18 percent were identity theft, 15 percent were telecommunication network disruptions and 9.3 percent were data integrity breaches. Pro Financial Services’ Kate Davidson with more: http://politico.pro/1mAzRSe
WANTED: ASSET MANAGEMENT MODELS – The National Cybersecurity Center of Excellence in Maryland is seeking tech companies for a demonstration project developing a single integrated system banks and other financial services companies can use to keep track of all their IT software and hardware. The group, a collaboration between NIST, Maryland and Montgomery County, aims to “create a model, standards-based system that companies in the financial services sector could use to integrate their existing asset management, hardware and software support and information technology security into a single comprehensive system.” The notice, out yesterday: http://1.usa.gov/1fS1w2w
UPDATE YOUR DATEBOOK – A House Homeland Security subcommittee hearing on “Assessing Persistent and Emerging Cyber Threats to the U.S. Homeland” that was slated for Thursday has been rescheduled. The joint hearing before the Subcommittee on Counterterrorism and Intelligence and the Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies will now be May 21 at 10 a.m. in Cannon 311. Witnesses are TBD.
QUICK BYTES
-- NSA’s mysterious coded tweet is deciphered – and it’s a hiring call. CNET:http://cnet.co/1fSf12m
-- And two security professionals decode the cover of the Verizon Data Breach Investigations Report. Dark Reading: http://ubm.io/1fSg9D3
-- The Target breach by the numbers. Krebs on Security: http://bit.ly/1kRAfw1
-- Do-gooder or criminal? White-hat hacker talks about his run-in with the FBI. Ars Technica:http://bit.ly/1nmPvle
-- Agency that manages the Pentagon Police Department hit by “catastrophic network technological outage,” which is blamed on a failed legacy component. NextGov:http://bit.ly/1qct4Us
-- Password management programs, ranked. WSJ: http://on.wsj.com/1iVuZZE
-- Emails suggest a cozy relationship between Google and the NSA. Al Jazeera America:http://alj.am/1myp2js
-- CORE Security President Mark Hatton argues when it comes to cybersecurity, no news is actually bad news. Security Week: http://bit.ly/1hw0rZ4
-- -- New whitepapers from Microsoft on CIP and software supply chain security. Via Information Security Week: http://bit.ly/RmQ83h
-- Lighter Click: How viruses get their names: http://bit.ly/1j29Wif
FOR YOUR CALENDAR
10 a.m. – The House Armed Services Committee marks up the FY2015 National Defense Authorization Act. 2118 Rayburn.
1 p.m. – The House Judiciary Committee marks up the “USA FREEDOM Act”. Rayburn 2141
2 p.m. – The Senate Appropriations Subcommittee on Homeland Security holds a hearing on "Investing in Cybersecurity: Understanding Risks and Building Capabilities for the Future." Dirksen SD-192.
4 p.m. – The House Energy and Commerce Committee marks up the DOTCOM Act, among other bills. Rayburn 2123.
5:30 p.m. – The Coalition for National Science Funding holds an exhibition and reception on "Investments in STEM Research and Education: Fueling American Innovation." Rayburn B-338-340.