The Cyber and Tech Overnights are joining forces to give you Hillicon Valley, The Hill's new comprehensive newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley.
Welcome! Follow the cyber team, Morgan Chalfant (@mchalfant16) and Olivia Beavers (@olivia_beavers), and the tech team, Ali Breland (@alibreland) and Harper Neidig (@hneidig), on Twitter. Send us your scoops, tips and compliments.
DEADLY ATTACKS FEARED AS HACKERS TARGET INDUSTRIAL SITES: The hacking threat to critical infrastructure in the United States and beyond is growing larger, with nation states and other malicious actors looking to gain a foothold in sensitive technologies to conduct espionage and potentially stage disruptive or destructive attacks.
Dragos, a firm that specializes in industrial cybersecurity, has released new research asserting that a hacker group responsible for deploying highly sophisticated, destructive malware to an industrial plant in the Middle East last year has begun to expand its operations beyond its initial targets.
"This is no longer about data theft or business disruption. Someone can get hurt. It's about physical consequences," said Dan Scali, senior manager for FireEye's industrial control system security consulting practice.
Background: Last week, researchers at Dragos released new details about a threat group they call Xenotime. They said the group has developed hacking tools to compromise and disrupt industrial safety instrumented systems -- hardware and software controls that are used to ensure the safe operations of large-scale nuclear, chemical and other industrial plants and allow for emergency stops to take place.
The group, whose origins are not publicly known, deployed malware to an industrial plant in the Middle East last year that specifically targeted Triconex safety systems manufactured by Schneider Electric. The attack caused the plant to shut down.
The new worry: Dragos says that the actors have expanded their operations, making their way into networks of industrial organizations beyond the Middle East. The group has also demonstrated capabilities to potentially disrupt safety systems other than Triconex. The developments have raised concerns that Xenotime could be moving to carry out destructive attacks, such as triggering chemical explosions.
Key quote: "It is the most dangerous cyber threat in the world, period," said Sergio Caltagirone, director of threat intelligence at Dragos. "Really, there has been no malware in the world so far that has actually put lives at risk, demonstrably. This adversary is."
Dragos said it has alerted U.S. officials and other foreign governments to the threat.
To read more of our coverage, click here.
MCCARTHY LASHES OUT AT GOOGLE: House Majority Leader Kevin McCarthyKevin Owen McCarthyHillicon Valley: Senators pressure Bolton to save cyber post | Judge rejects Kaspersky lawsuit | DHS, Commerce release report on fighting botnets | Trump official worries EU data law will hurt trade House GOP leader accuses tech companies of anti-conservative bias House GOP prepares to consider Trump's billion clawback MORE (R-Calif.) is calling out Silicon Valley for the second day in a row, this time Google for associating the California GOP with "Nazism."
A Google search for "California Republican Party" apparently returned a sidebar result listing Nazism as one of the party's ideologies alongside "conservatism" and "market liberalism."
"Dear @Google, This is a disgrace #StopTheBias," McCarthy tweeted Thursday.
--On Wednesday, McCarthy tweeted out a video of himself giving a speech in which he blasted tech companies over anti-conservative bias.
Google responds: "This was not the result of any manual change by anyone at Google. We don't bias our search results toward any political party. Sometimes people vandalize public information sources, like Wikipedia, which can impact the information that appears in search," a Google spokesperson said in a statement. "We have systems in place that catch vandalism before it impacts search results, but occasionally errors get through, and that's what happened here. This would have been fixed systematically once we processed the removal from Wikipedia, but when we noticed the vandalism we worked quickly to accelerate this process to remove the erroneous information."
To read more, click here.
NO LET UP IN NORTH KOREAN BANK ATTACKS: Suspected North Korean hackers have been conducting offensive cyber operations on financial institutions amid discussions between Washington and Pyongyang on a possible nuclear summit between President TrumpDonald John TrumpKoch brothers company tweets support for Kim Kardashian after Trump meeting Romney reveals he wrote in wife's name for president in 2016 Pompeo has dinner with top North Korean official in New York: report MORE and Kim Jong Un, a cybersecurity firm says.
An executive with FireEye said Thursday that the firm has continued to observe North Korean-linked hackers targeting financial institutions in order to siphon off money for the regime, which has been increasingly strapped for cash as a result of international sanctions.
"We've seen a suspected North Korean threat actor continue offensive operations against financial institutions," said Charles Carmakal, vice president for Mandiant Consulting, a subsidiary of FireEye that provides cyber incident response to organizations across the globe. He indicated hackers are primarily targeting banking institutions in Latin America and Asia.
"What we're observing right now, which we've observed for the past year in both Latin America and Asia is essentially they are breaking into banking and financial institutions and stealing money leveraging banking systems, moving money and essentially burning the house down afterwards" likely to cover their tracks, Carmakal continued.
In recent years, cybersecurity experts have observed a pattern of North Korea-linked hackers targeting banking technology in an effort to move large sums out of foreign financial institutions to the regime.
To read more of our coverage, click here.
RUBIO PRESSES ELECTION COMMISSION FOR CYBERSECURITY FUNDING: Sen. Marco RubioMarco Antonio RubioImmigrant fight heats up Budowsky: Marco Rubio takes center stage The Hill's Morning Report — Trump hits the campaign trail to help upbeat GOP MORE (R-Fla.) on Thursday issued a request for cybersecurity funding to ensure the state's voting systems are properly secured against hacking ahead of the 2018 midterm elections.
Rubio, a member of the Senate Intelligence and Appropriations committees, urged the U.S. Election Assistance Commission (EAC) to grant the state funding, noting that foreign actors targeted Florida in the 2016 presidential election and could seek to target the state again in the upcoming midterms.
"With less than six months until Election Day, I urge you to promptly approve the State of Florida's request so that the state may expedite their plans to strengthen our election systems," Rubio wrote in a letter to Brian Newby, executive director of the EAC.
Rubio wrote that Florida needs approximately $19.2 million in funding from the EAC.
"Florida is the third most populous state in the union, and based on reviews of foreign interference in the 2016 election, we know Florida is a target," he said.
To read more of our piece, click here.
ONE OF MANY: We're pretty much finished digesting the slew of cybersecurity-related reports released by the Trump administration on Wednesday, in accordance with last year's cyber executive order. Among the more interesting of the documents … An assessment released by the departments of Energy and Homeland Security this week finds that there are shortfalls preventing the energy sector from improving its ability to respond rapidly in the event of a major cyberattack that disrupts the electric grid.
The report, which was mandated by President Trump's 2017 cybersecurity executive order, states that the U.S. is generally "well prepared" to manage major disruptions to the electric grid, such as cyberattacks that knock out power.
It emphasizes the action the federal government has taken over the last two years to prepare for a significant cyber incident. However, the report details a number of "gaps" preventing private electric utilities, government entities and other stakeholders from bolstering their ability to provide effective incident response in the event of a major cyber assault on the grid.
These include a lack of clarity around the roles of specific organizations in responding to prospective cyber incidents; shortfalls in the electric sector's cyber workforce; a lack of effort to address supply chain vulnerabilities specific to the electric sector; and lackluster information sharing between private industry and the federal government.
Why this is so important: The threat posed by hackers to the electric grid has attracted attention in the wake of cyberattacks that took out portions of Ukraine's power grid in 2015 and 2016. Russia is suspected of carrying out both attacks.
To read more, click here.
There are also some interesting tidbits from the joint Department of Homeland Security and National Institute of Standards and Technology report on bolstering the federal government's cybersecurity workforce.
ALSO: The State Department on Thursday published two unclassified cyber reports that give President Trump recommendations on how the administration could improve its international engagement strategy as well as how to better deter cyber threats.
The unclassified versions of the two reports were mandated under President Trump's cybersecurity executive order issued last May, which directed key departments and agencies to provide reports detailing how to improve cybersecurity throughout the federal government.
"These documents and their recommendations emphasize the importance of the Department's and the U.S. government's ongoing work to engage foreign partners to address a range of threats in cyberspace, thereby improving the cybersecurity of the nation," Secretary of State Mike PompeoMichael (Mike) Richard PompeoPompeo has dinner with top North Korean official in New York: report North Korean official arrives in New York for talks with Pompeo Pompeo warns Russia against 'interfering in US domestic matters' MORE said in a statement.
"They further acknowledge the necessity of enhancing U.S. government coordination on all fronts to maximize the effectiveness of international outreach on cyber policy. The Department of State is committed to fulfilling its leadership role in this process."
The State Department's engagement strategy lays out five international cyber objectives and corresponding actions for the administration to take to "achieve its vision" of a stable digital world. Many of the priorities hinged on the fact that there is no global agreement or framework laying out the rules of cyberspace. To read more, click here.
AT&T DROPPING FTC FIGHT: AT&T is dropping a court challenge to the Federal Trade Commission's (FTC) authority over telecommunications providers, ending a legal battle that critics said could have left the post-net neutrality internet with little oversight.
In a court filing on Wednesday, AT&T's lawyers said that the telecommunications giant would not be petitioning the Supreme Court for a review of a federal appeals court decision that said the FTC had jurisdiction over them.
"We have decided not to seek review by the Supreme Court, to focus instead on negotiating a fair resolution of the case with the Federal Trade Commission," AT&T spokesman Michael Balmoris said in a statement to The Hill.
In February, the full 9th Circuit Court of Appeals had overturned an earlier ruling that said the FTC couldn't take action against companies that engage in the telecommunications business because telecom companies are common carriers with less legal liability.
To read more, click here.
GOOGLE WARNED ABOUT TERROR CONTENT: Google has ignored warnings about pro-ISIS content on its social media platform, Google Plus, according to users who flagged posts to the company and an expert who said he flagged the content directly to Google.
Despite those actions, a trio of pro-ISIS communities were active on Google Plus on Wednesday after users mass reported to them to the company more than nine months ago.
The company removed the groups from Google Plus between Wednesday and Thursday after The Hill asked about them.
A researcher also said that he and his staff had a conference call with a Google representative in March in which links to extremist content on Google Plus were provided to the company.
Background: Google Plus for months, and possibly years, has been rife with pro-terror content. In many cases it was easy as searching phrases like "caliphate" in Arabic or even hashtags like #just_terror and #Islamic_State, in English, as we reported last week.
What Google says about all of this: The company said that "we recognize we have more to do, we're committed to getting this right," but said it has teams in place and is working on the issue.
POLL FINDS TEENS FAVOR YOUTUBE, INSTAGRAM, SNAPCHAT: A new poll from the Pew Research Center shows some remarkable trends about teenagers' social media use. Here are some of the highlights.
-The survey found that 85 percent of teens use YouTube, 72 percent use Instagram and 69 percent use Snapchat. Facebook and Twitter register 51 percent and 32 percent, respectively.
-The survey also found that 95 percent of teens have access to a smartphone and 45 percent report using the internet "almost constantly."
-And the respondents, all of whom are between 13 and 17 years old, report mixed feelings about social media's effect on their generation. Thirty-one percent say it has a mostly positive effect, 24 percent say it's mostly negative and 45 percent say it's neither.
CALIFORNIA NET NEUTRALITY BILL CLEARS SENATE: The California Senate passed a bill Wednesday that would reinstate the net neutrality rules the Federal Communications Commission (FCC) voted to repeal last year.
"Under President Obama, our country was moving in the right direction on guaranteeing an open internet, but the Trump-led FCC pulled the rug out from under the American people by repealing net neutrality protections," Democratic state Sen. Scott Wiener said in a statement last month. Wiener wrote the net neutrality bill.
ATTENTION, DAN COATS: Two-dozen civil liberties organizations are urging U.S. officials to disclose more details on the more than 500 million call records on Americans collected by the National Security Agency (NSA) last year. More here.
A LIGHTER TWITTER CLICK:
🙏🏼🙏🏼🙏🏼 https://t.co/Dm87FyMcxf— jack (@jack) May 31, 2018
AN OP-ED TO CHEW ON: To win the new space race, the U.S. must abandon clunky, outdated systems.
NOTABLE LINKS FROM AROUND THE WEB:
Activists went after major technology companies in San Francisco. (Motherboard)
The Madness of King Musk. (The Baffler)
Tech's Titans Tiptoe Toward Monopoly. (WSJ)
Twitter blocking users who were underage when they signed up in accordance with GDPR. (The Guardian)
ZTE to replace top exec as China seeks to lift US ban. (Bloomberg)
Meet the lawyer using GDPR to go after tech giants. (The New York Times)