Hillicon Valley — The race to report cyber breaches

Today is Friday. Welcome to Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Subscribe here: thehill.com/newsletter-signup.

Follow The Hill’s cyber reporter, Maggie Miller (@magmill95), and tech team, Chris Mills Rodrigo (@millsrodrigo) and Rebecca Klar (@rebeccaklar_), for more coverage.

A group of key bipartisan senators announced they were putting forward an amendment to the upcoming annual defense bill that would give critical infrastructure groups 72 hours to report major cyber incidents, following negotiations and pushback from industry over the specific timeline.

In other Senate news, a bill aimed at limiting tech giants from making acquisitions that harm competition was introduced by Sens. Amy KlobucharAmy KlobucharMove deliberately and rebuild American tech leadership Hillicon Valley — The race to report cyber breaches Senators introduce bipartisan bill to limit mergers by tech giants MORE (D-Minn.) and Tom CottonTom Bryant CottonHillicon Valley — The race to report cyber breaches Senators introduce bipartisan bill to limit mergers by tech giants Overnight Defense & National Security — A new plan to treat Marines ‘like human beings’ MORE (R-Ark.). The bill is a companion to a proposal that advanced in the House Judiciary Committee in June. 

Let’s jump in.

Three days to save the world

A bipartisan group of senators are moving to insert a provision into the upcoming annual National Defense Authorization Act (NDAA) that would give certain critical infrastructure groups 72 hours to report major cyber incidents to the government. 

Ransomware element: The amendment, announced Thursday night, would also give critical infrastructure groups, non-profit organizations, state and local governments, and certain businesses 24 hours to report payments made to hackers due to a ransomware attack. 

The reports on the incidents and payments would both go to the Cybersecurity and Infrastructure Security Agency (CISA) as part of an effort to give the government greater transparency into the state of the nation’s cybersecurity following a year of escalating attacks. 

The amendment is sponsored by Senate Homeland Security and Governmental Affairs Committee Chairman Gary PetersGary PetersHillicon Valley — The race to report cyber breaches Senators move to include 72 hour timeline for cyber incident reporting in defense bill Activists pushing Interior for emergency protections for gray wolves MORE (D-Mich.), ranking member Rob PortmanRobert (Rob) Jones PortmanHillicon Valley — The race to report cyber breaches Senators move to include 72 hour timeline for cyber incident reporting in defense bill Framing our future beyond the climate crisis MORE (R-Ohio), Senate Intelligence Committee Chairman Mark WarnerMark Robert WarnerVirginia loss lays bare Democrats’ struggle with rural voters Sunday shows preview: House passes bipartisan infrastructure bill; Democrats suffer election loss in Virginia McAuliffe’s loss exposes deepening Democratic rift MORE (D-Va.) and Sen. Susan CollinsSusan Margaret CollinsHillicon Valley — The race to report cyber breaches Senators move to include 72 hour timeline for cyber incident reporting in defense bill Gillibrand plans to invite Meghan to DC to talk paid leave MORE (R-Maine). 

Negotiation: The amendment is the result of negotiations between the senators: Peters and Portman introduced legislation in September proposing the 72-hour timeline, while Warner, Collins and all but three other members of the Senate Intelligence Committee introduced a separate bill in July laying out a 24-hour timeline.

Industry groups have pushed back against the 24 hour reporting requirement, arguing that this did not give them enough time to assess incidents and limit reporting less major incidents. 

Read more here.

Taking on tech mergers

A bipartisan bill that aims to limit tech giants from making acquisitions that harm competition or reduce consumer choice was introduced in the Senate Friday. 

The backers: Sens. Amy Klobuchar (D-Minn.) and Tom Cotton’s (R-Ark.) proposal is a companion bill to one that advanced out of the House Judiciary Committee with bipartisan support in June, and is the latest that Klobuchar, the chair of the Senate Judiciary antitrust subcommittee, has introduced with GOP support that targets the market power of tech giants. 

The bill, known as the Platform Competition and Opportunities Act, would give antitrust enforcers stronger authority to stop acquisitions by dominant platforms that primarily serve to kill competitive threats. 

The proposals: It would also shift the burden onto dominant platforms to demonstrate that a merger is not anticompetitive.

The proposal comes as regulatory agencies are taking on the market power of tech giants. But critics argue antitrust enforcers are ill equipped with outdated laws. 

Read more here. 

DOCTORS ASK FACEBOOK FOR TRANSPARENCY

Hundreds of health care professionals are urging Facebook to disclose data on the breadth of COVID-19 disinformation on the platform, piling onto the criticism the social media giant has faced in recent weeks after a whistleblower leaked internal company documents. 

The health care workers underscored the importance of combating false claims after the vaccine became available to younger children.

“We simply cannot afford another deadly round of covid and vaccine misinformation,” they wrote in a letter Thursday to the company, now under the parent name Meta. 

“All of us — including technology platforms like Facebook — have a moral and civic duty to limit the spread of health disinformation,” the letter continues. 

The Doctors For America letter was signed by more than 500 health care professionals, including medical professors at New York University, Columbia University and Johns Hopkins Medicine. 

Read more here. 

BITS AND PIECES

An op-ed to chew on: To avoid virtual anarchy, we must move cautiously and fix things

Lighter click: Friendly reminder

Notable links from around the web:

Inside Facebook’s decision to eliminate facial recognition–for now (The Washington Post / Elizabeth Dwoskin)

Hackers apologize to Arab royal families for leaking their data (Vice Motherboard / Lorenzo Franceschi-Bicchierai)

Why do so many ex-Facebookers stay silent? (Protocol / Michelle Ma) 

One last thing: Good first step

A group of House Democrats on Friday applauded the Biden administration for blacklisting key companies involved in cyber espionage efforts, including Israeli company NSO Group, but called on the White House to go further and consider imposing sanctions to limit this activity.

Their concerns came days after the Commerce Department announced the addition of NSO Group and three other international companies to its “entity list,” effectively blacklisting them. 

While NSO Group has pushed back against charges that its Pegasus software poses a threat, it has been accused of providing spyware that various foreign governments have used to target thousands of dissidents, journalists, human rights advocates, and others. 

Reps. Tom MalinowskiThomas (Tom) MalinowskiHillicon Valley — The race to report cyber breaches Lawmakers call on Biden administration to take further steps against spyware groups Blacklisting of NSO Group shakes up spyware debate MORE (D-N.J.), Anna EshooAnna Georges EshooHillicon Valley — The race to report cyber breaches Lawmakers call on Biden administration to take further steps against spyware groups Senate approves bill to protect telecommunications infrastructure from foreign threats MORE (D-Calif.), Katie Porter (D-Calif,) and Joaquin CastroJoaquin CastroHillicon Valley — The race to report cyber breaches Lawmakers call on Biden administration to take further steps against spyware groups Pelosi presses ahead on vote without Manchin buy-in MORE (D-Texas) put out a joint statement Friday describing the entity listing as a “victory for human rights,” particularly following a previous action by the Commerce Department last month to crackdown on the sale of hacking products. 

The same group of House Democrats previously pressed the Biden administration to establish a sanctions regime against individuals and groups selling tools like Pegasus to foreign governments. They reiterated their call for action on Friday. 

Read more here. 

That’s it for today, thanks for reading. Check out The Hill’s technology and cybersecurity pages for the latest news and coverage. We’ll see you Monday.