OPM breach broadens | Fixing federal cybersecurity | Does info-sharing work?




The info-sharing week that almost was

Democrats (and some Republicans) foiled Senate Majority Leader Mitch McConnell's plan to push through a cybersecurity measure as part of a national defense policy bill. Lawmakers wanted more time to debate the measure – meant to aid threat info exchanges between Washington and the private sector – especially amid concerns it could enable more government snooping.

Though it did not advance this week, lawmakers from both parties came out in support of passing a standalone cybersecurity bill in the near future. "The cyber bill will take time. You just can’t pretend it’s an amendment that you can do in an hour," said Sen. Dianne Feinstein, the top Democrat on the Senate Intelligence Committee.

The White House also supports info-sharing legislation as a way to safeguard the country's computer networks, yet the tech industry isn't so convinced. Many complain that Washington is too interested in getting threat information from private companies and not focused enough on sharing its own threat intelligence. For the plan to work, they say, the government needs to learn to share better, too. Read more. // Sara Sorcher

After OPM hack, 3 steps to improve government cybersecurity

The Office of Personnel Management breach returns the spotlight to the insecurity of federal networks, which can be strengthened if Washington starts acting a bit more like Silicon Valley. // Alan D. Cohn

Security pros: Cyberthreat info-sharing won’t be as effective as Congress thinks

Though there's renewed momentum in Congress to finally pass a cybersecurity information-sharing bill, technology industry professionals say the proposals will primarily help government and won’t aid the private sector. // Sara Sorcher  

FCC slams PayPal's robocall plan

By accepting PayPal's new terms of service, customers agree to being robocalled or robo-texted by marketing and debt-collection companies without any means to opt out from receiving the calls and texts. Enter the Federal Communication Commission, which has informed PayPal that "requiring a consumer to consent to receive autodialed or prerecorded telemarketing or advertising calls as a condition of purchasing any property, good, or service" is prohibited under the law. // Bob Sullivan 

EVENT: Thinking big on cyberconflict

How do cyberconflicts arise? Who wins and who loses? Is a country "winning" in cyberspace if it seizes more digital hilltops or if it wins the hearts and minds of digital natives around the globe?

Register here to join Passcode and The Atlantic Council on Wednesday, June 17, from 4 to 5:30 p.m. in Washington for a discussion on the strategy of cyberconflict featuring Passcode columnist and Atlantic Council Senior Fellow Jay Healey; former NSA deputy director Chris Inglis; Brandon Valeriano, senior lecturer at the University of Glasgow; and moderated by Nora Bensahel, distinguished scholar in residence at American University.
 
OPM hack gets bigger and bigger
The Associated Press reported that unnamed officials confirmed accusations the Office of Personnel Management breach targeted the government's Central Personnel Data File, which contains up to 780 pieces of information on each employee, including Social Security Numbers, in files that weren't encrypted.

That puts the potential number of employees affected by the breach at around 14 million – far larger than initially reported. Earlier, J. David Cox, president of the American Federation of Government Employees, speculated the attack was much worse than originally reported.

ABC News reported that the hack went undetected for as long as a year. If true, that would be in line with the common mode of attack known as an advanced persistent threat. Meanwhile, details are emerging on how the attack was eventually discovered. The Wall Street Journal reported the malware may have been discovered during a sales demo for CyTech cybersecurity software. There's no word if the firm closed the deal. // Joe Uchill 

Ode to code

A 38,000-word Valentine to computer programming, taking the form of an explanation of coding for the novice. // Bloomberg Business Week

NSA art installation 

This year's prestigious Venice Art Biennale features an installation based on the graphic design elements of the Edward Snowden-leaked documents.

“There’s been a lot of discussion about these programs, but the visuals of the documents haven’t been unpacked,” said New Zealand artist Simon Denny. "They give us a hand in understanding more about the culture." // The Intercept

Rapid7 files to go public

The Boston-based security firm, maker of the Metasploit penetration testing platform, is planning an $80 million initial public offering. // Boston Business Journal

A go-to-sleep call for the 'wake-up call'

Policymakers have been describing cybersecurity incidents as "wake-up calls" for 40 years. Maybe it's time to give it a rest. // CTOVision 

TECHNOLOGY FRIDAY

iOS 9 vs Android M: An Early Visual Comparison - Phone Arena
11 Intriguing Features in Apple's iOS 9 - Chloe Albanesius, PC Magazine
Why Apple Wants to Let You Block Ads - L. Bershidsky, Bloomberg View
Tesla's Latest Home Battery Rival? Mercedes - Viknesh Vijayenthiran, BI
What Is Code? - Paul Ford, Bloomberg

Posted by at