CISA could return to the Senate agenda this week

With help from Joseph Marks and David Perera

CISA COULD BE BACK THIS WEEK — Senate sources are divided on how sure it is that the Cybersecurity Information Sharing Act will return this week, but it looks like it’s at least an option. One Senate source told MC that it was “likely.” Another said it was “all very uncertain” and “technically possible, but nothing definitive.” A spokesman for Senate Majority Leader Mitch McConnell didn’t rule it in or out, noting that a continuing resolution to fund the government was the first order of business. “The Leader hasn’t announced any sked for that yet. We’ll be on the CR at least Monday and Tuesday. But no announcements yet beyond that,” said Don Stewart. “When we do turn to that bill, we’ll announce it.”


CISA OPPONENTS READY FOR ROUND THREE, CLAIM VICTORY OVER BSA — Civil liberties groups have also heard talk of CISA’s return to the Senate floor and say they’re spinning up another blast of criticism against what they call a “surveillance bill in disguise.”

“I hope they remember how contentious this bill is. I hope they remember they've got 21 amendments in order. I hope they choose something else,” said Access senior legislative manager Nathan White, who on Sunday said the likelihood of a renewed CISA push has gone from rumor to “likely.”

Evan Greer, campaign manager at Fight for the Future, said her group is planning a number of things this week to pressure CISA supporters. Among them: a legislative scorecard on privacy related legislation and renewed pressure on tech companies of the type that led BSA | The Software Alliance and Salesforce.com to walk back an arguably implicit endorsement of the bill on Friday. “BSA has consistently advocated for strong privacy protections in all information sharing bills currently pending before the Congress,” the association said in a statement, adding that it doesn’t support any of the three active cybersecurity bills before Congress. http://bit.ly/1QHpBGh

A Sept. 14 BSA-organized letter that included Saleforce.com as a signatory urged passage of “cyber threat information sharing legislation” without citing either CISA or the House-approved Protecting Cyber Networks Act and National Cybersecurity and Communications Integration Center Act. Still, Fight For the Future called on Sept. 22 for an online boycott of Salesforce.com CEO for signing the letter, saying the letter amounted to CISA advocacy. That led company CEO Marc Benioff to Tweet by the end of the week that “The letter clearly was a mistake and doesn’t imply CISA support. We need to clarify. I’m against it.” http://bit.ly/1Fto4mY

** A message from Northrop Grumman: Today’s enemy threats have taken on forms like never before. That’s why our full-spectrum cyber capabilities enable our military to tackle challenges at the push of a button. See how at http://bit.ly/1IM0OAJ **

A HEAVY CYBER WEEK ON THE HILL — The House Armed Services Committee’s Emerging Threats and Capabilities subcommittee is gearing up for what Chairman Joe Wilson is calling a “cyber week.” The panel will gather perspectives from outside experts on the Defense Department’s Cyber Strategy on Tuesday, including from New America Foundation’s Ian Wallace and FireEye’s Richard Bejtlich. ( http://1.usa.gov/1R9OF9S) On Wednesday, the panel will call in DoD’s top cyber officials: Cyber Command Chief Adm. Michael Rogers, Chief Information Officer Terry Halvorsen and Deputy Secretary of Defense Robert Work. ( http://1.usa.gov/1FBDNjB) That same day, the House Foreign Affairs Committee will examine cyberwar, deterrence theory and the broader foreign policy context with the Center for Strategic and International Studies’ Jim Lewis, Georgetown University’s Catherine Lotrionte and the Center for a New American Security’s Bob Butler. ( http://1.usa.gov/1JtEoPz) We’ll be tracking.

HAPPY MONDAY and welcome to Morning Cybersecurity! Your MC host is celebrating the news about “Black Mirror” – a show repeatedly and accurately described as “’Twilight Zone’ for the digital age” – getting a revival from Netflix: http://bit.ly/1WmRN5e Send your thoughts, feedback and especially your tips to [email protected] and follow @timstarks, @POLITICOPro and @MorningCybersec. Full team info is below.

NOW AVAILABLE: POLITICO PRO EUROPE BRIEF — Today POLITICO Pro, POLITICO’s premium subscription service, launches a twice daily newsletter dedicated to making sense of European policy and politics through an American lens. Drawing on POLITICO resources in both Brussels and D.C., POLITICO Pro Europe Brief will track and analyze European policy from taxes to trade to mergers and acquisitions, energy and financial services and keep track of who the key political and regulatory influencers are. Contact us to learn more about POLITICO Pro Europe Brief.

OUT TODAY: THE MIXED PROGRESS ON WOMEN IN CYBER GIGS — The percentage of women in the global cyber workforce has remained “stubbornly stagnant” at 10 percent, but women are increasingly represented within governance, risk management and compliance jobs according to a study out today from Booz Allen Hamilton, (ISC) 2 and Frost & Sullivan. One in five women claim jobs that are primarily about governance, risk management and compliance, compared to one in eight for men. Looking to the future, women have a generally higher level of education overall and “the undergraduate degrees of women in InfoSec are converging on their male counterparts.” The report recommends non-monetary incentives like flexible work arrangements to recruit women, and suggests that industry should support cybersecurity education.

L.A. TIMES 'HACKER' TRIAL STARTS TODAY — Former Tribune Media employee Matthew Keys goes to trial today in U.S. District Court in Sacramento over his role in a 2010 defacement of an online Los Angeles Times article by a member of the Anonymous hacker collective. Keys is charged with multiple Computer Fraud and Abuse Act violations after he allegedly revealed content management system login credentials to Anonymous member “sharpie,” who briefly vandalized an article about House Democratic reaction to a tax-cut deal. He faces up to 25 years in jail.

Defense attorneys will argue the government is attempting to apply the CFAA too broadly, since the actions in question don’t amount to computer “damage.” Edits to the news article “neither impaired the integrity or availability” of the article, since it was backed up and was available through other means. To convict Keys under the CFAA “would permit felony prosecutions for editing Microsoft Word documents without someone’s permission, even though a saved version of the document exited,” write attorneys Tor Ekeland and Jason Liederman. They also push back against the government’s contention that Key caused more than $5,000 worth of damage, a threshold for CFAA felony prosecutions.

Government prosecutors, for their part, will argue that the reputational damage caused to the L.A. Times alone is worth more than $5,000 – and that parent Tribune Co. spent $1.5 million in technology improvements after the incident. Keys is also charged with stealing emails of Tribune-owned KXTL FOX40 TV station viewers and sending them disparaging statements about its news coverage after being fired from it as a web producer. Trial briefs from the prosecution: http://politico.pro/1Ra6shd And defense: http://politico.pro/1iUXaKS

KASICH URGES OFENSE IN CYBERSPACE — Ohio Gov. John Kasich became the latest Republican presidential hopeful to talk tough on cyber this weekend, telling a crowd in Sioux City, Iowa, that “people have to know that if you are going to mess with us, that not only are we in a position to defend ourselves, but also to come back at them,” the Des Moines Register reported. During a national security forum at a community college, Kasich was asked about President Barack Obama’s meeting with President Xi Jinping, the Register reported. He replied that the nations have reached a “common understanding” but he’d take a trust-but-verify approach. More from the Register: http://dmreg.co/1KDQx8z

IS THE CHINA DEAL A BIG DEAL? — After a week of lowering expectations, the White House dropped a bombshell during Obama’s meeting with Xi: A clear statement from both sides that they will not engage in economic hacking. Experts are split, however, on whether this marks the beginning of the end of Chinese hacking or just a delaying tactic on the Chinese side. The chief question, all agree, is, as Obama said, “are words followed by actions?” Here’s the backstory from Joe: http://politico.pro/1KUNWZd

— A brand new bilat: Among Friday’s announcements, the U.S. and China agreed to launch a “high-level joint dialogue mechanism on fighting cybercrime and related issues” with the Homeland Security and Justice departments leading the way on the U.S. side. This isn’t precisely a resumption of the State Department-led governmentwide dialogue that China bolted after the U.S. indicted five members of the People’s Liberation Army in 2014. It goes beyond a basic cybercrime dialogue launched by DHS and China's Ministry of Public Security in April, though, a White House official told POLITICO. The official said the dialogue "reflects a new venue more specifically focused on law enforcement and investigations.”

— What happened behind the scenes?: If Friday’s deal does represent a fundamental change in Chinese policy, there’s probably more behind the change of heart than is publicly known, speculates Harvard Law School professor Jack Goldsmith. Among the possible influences: The threat of retaliatory cyber strikes by the U.S. and some quid pro quo from the U.S. side, possibly an agreement to reduce U.S. efforts to undermine China’s Great Firewall. More from Goldsmith: http://bit.ly/1MShtFl

QUICK BYTES

— The latest from Edward Snowden is that the U.K.’s Government Communications Headquarters aimed to record the browsing habits of “every visible user on the Internet.” The Intercept: http://bit.ly/1PB1IA6

— Yahoo! has released a web security scanning tool. Security Week: http://bit.ly/1YISZls

— Could the Volkswagen scandal lead to better security for connected cars? Network World: http://bit.ly/1h0JDPZ

— Linus Torvalds says that secure computing is a fantasy. BGR: http://bit.ly/1FtzWFJ

— Cookies could help attackers access private HTTPS sessions. Security Week: http://bit.ly/1Vk5Oya

That’s all for today. Anyone who knows what love is will understand. http://bit.ly/1GaOGE1

Stay in touch with the whole team: Joseph Marks ([email protected] ,@Joseph_Marks_ ); David Perera ([email protected] , @daveperera ); and Tim Starks ([email protected] , @timstarks ).

** A message from Northrop Grumman: To meet today’s most advanced enemy threats, our military needs to be able to eliminate them — without putting troops in harm’s way. That’s why we’re the leader in full-spectrum cyber. Learn more at http://bit.ly/1IM0OAJ **

Follow us on Twitter Heidi Vogt @HeidiVogt



Eric Geller @ericgeller



Martin Matishak @martinmatishak



Tim Starks @timstarks