Global private companies confident, but unprepared for hacking threat: PwC

LONDON (Reuters) – The chief executives of some of the worlds’ leading private companies are confident about their firms’ prospects and plan to recruit more staff, but are ill-prepared for cyber attacks, according to a report by PwC on Thursday.

The “Undaunted, but underprepared?” report found 86 percent of CEOs were confident about their companies revenue prospects in 2017, an increase of 5 percent from last year.

That made it the first time in five years that private company bosses were more confident than public company CEOs.

The report, based on responses from 781 private company CEOs in 79 countries, also found that 41 percent of private company CEOs were not concerned about cyber threats and only 68 percent were concerned about the speed of technological change.

Stephanie Hyde, Global Entrepreneurial and Private Business Leader for PwC UK, said it was worrying that private company CEOs were less concerned about technology and cyber compared to their public counterparts, as they had less resources available to invest in addressing these issues.

“This may make them more vulnerable to cyber attacks, so in theory they should be more concerned about these threats not less,” she said.

“In our view, this is probably the single most worrying finding in our report, especially in light of growing evidence that hackers are now targeting smaller and private businesses, thinking they will not be so well protected.”

(Reporting by Michael Holden)

SAP pushes to patch risky HANA security flaws before hackers strike

SAP logo at SAP headquarters in Walldorf, Germany, January 24, 2017. REUTERS/Ralph Orlowski

By Eric Auchard

FRANKFURT (Reuters) – Europe’s top software maker SAP said on Tuesday it had patched vulnerabilities in its latest HANA software that had a potentially high risk of giving hackers control over databases and business applications used to run big multinational firms. While hacks on phones, websites and computers that consumers rely on every day grab headlines, vulnerabilities in big business software are more lucrative to attackers as these tools store data and run transactions which are the lifeblood of businesses. The latest security weaknesses, known in industry parlance as “zero day” vulnerabilities, rank among the most critical ever found in HANA, the engine that runs SAP’s latest database, cloud and other more traditional business apps, according to Onapsis, the security company which uncovered these issues.

SAP software acts as the corporate plumbing for many multinationals and the company claims 87 percent of the top 2,000 global companies as customers.

Onapsis said vulnerabilities lay in a HANA component known as “User Self Service” (USS) which would allow malicious insiders or remote attackers to fully compromise vulnerable systems, without so much as valid usernames and passwords.

It reported 10 HANA vulnerabilities to SAP less than 60 days ago, which the German software maker fixed in near-record time, according to interviews with executives of both companies.

The resulting patch issued by SAP on Tuesday was rated by it as 9.8 on a scale of 10, “very high” in terms of relative risk to its customers. SAP is releasing five HANA patches this week to fix a range of vulnerabilities uncovered in recent months.

“SAP has done a great job by releasing fixes much faster than in past situations,” Onapsis Chief Executive Mariano Nunez told Reuters in an interview.

Customers must in turn choose when to apply such patches to software that runs their most critical corporate functions, a process that may take months or years, in rare cases. They must balance security risks against operational demands.

SAP executives urged security managers working for its customers to patch relevant systems.

“There has not been one case where a customer who applied the recommended patches has been affected,” Siddhartha Rao, vice president of SAP Product Security Response, said of the six years he has been on the job. “We currently expect there will not be that many customers affected by these issues,” he said.

Last May, however, the U.S. Department of Homeland Security issued an alert advising SAP customers they needed to urgently plug holes for which SAP already had offered patches in 2010, but which some customers failed to adopt, leaving dozens exposed to hacker break-ins afterward. (http://reut.rs/2mkTVgI)

Three dozen enterprises were found to have telltale signs of unauthorized access due to outdated or misconfigured SAP NetWeaver Java systems, Onapsis said at the time.

Onapsis helps secure more than 200 SAP customers ranging from Schlumberger to Sony Corp, Westinghouse and the U.S. Army. It also identifies security vulnerabilities for corporate customers in rival systems from Oracle.

Giving HANA customers breathing room, the USS component first offered by SAP in October 2014 is not activated by default, but must be specially enabled, Onapsis said.

It has identified two companies – an energy company and a retailer – where vulnerabilities were found and fixed. Companies which are not using USS features are unaffected, Onapsis said.

Technical details can be found on the security blogs of SAP (https://goo.gl/11Dz5w) and Onapsis (https://goo.gl/Xiryyp). There is no evidence hackers have taken advantage so far, the companies said.

Last year, the company issued more than 160 patches in all, SAP said. Ten percent of these were HANA related, Onapsis added.

(Reporting by Eric Auchard; Editing by Stephen Coates)

WikiLeaks offers CIA hacking tools to tech companies: Assange

WikiLeaks founder Julian Assange makes a speech from the balcony of the Ecuadorian Embassy, in central London, Britain February 5, 2016. REUTERS/Peter Nicholls/Files

By Dustin Volz and Eric Auchard

WASHINGTON/FRANKFURT (Reuters) – WikiLeaks will provide technology companies with exclusive access to CIA hacking tools that it possesses, to allow them to patch software flaws, founder Julian Assange said on Thursday.

The offer, if legitimate, could put Silicon Valley in the unusual position of deciding whether to cooperate with Assange, a man believed by some U.S. officials and lawmakers to be an untrustworthy pawn of Russian President Vladimir Putin, or a secretive U.S. spy agency.

It was not clear how WikiLeaks intended to cooperate with technology companies, or if they would accept his offer. The anti-secrecy group published documents on Tuesday describing secret Central Intelligence Agency hacking tools and snippets of computer code. It did not publish the full programs that would be needed to actually conduct cyber exploits against phones, computers and Internet-connected televisions.

Representatives of Alphabet Inc’s Google Apple Inc, Microsoft Corp <MSFT.O> and Cisco Systems Inc <CSCO.O>, all of whose wares are subject to attacks described in the documents, did not immediately respond to requests for comment before regular business hours on the U.S. West Coast.

“Considering what we think is the best way to proceed and hearing these calls from some of the manufacturers, we have decided to work with them to give them some exclusive access to the additional technical details that we have so that the fixes can be developed and pushed out, so people can be secure,” Assange said during a press conference broadcast via Facebook Live.

Responding to Assange’s comments, CIA spokesman Jonathan Liu, said in a statement, “As we’ve said previously, Julian Assange is not exactly a bastion of truth and integrity.”

“Despite the efforts of Assange and his ilk, CIA continues to aggressively collect foreign intelligence overseas to protect America from terrorists, hostile nation states and other adversaries.”

The disclosures alarmed the technology world and among consumers concerned about the potential privacy implications of the cyber espionage tactics that were described.

One file described a program known as Weeping Angel that purportedly could take over a Samsung smart television, making it appear it was off when in fact it was recording conversations in the room.

Other documents described ways to hack into Apple Inc <AAPL.O> iPhones, devices running Google’s <GOOGL.O> Android software and other gadgets in a way that could observe communications before they are protected by end-to-end encryption offered by messaging apps like Signal or WhatsApp.

Several companies have already said they are confident that their recent security updates have already accounted for the purported flaws described in the CIA documents. Apple said in a statement on Tuesday that “many of the issues” leaked had already been patched in the latest version of its operating system.

WikiLeaks’ publication of the documents reignited a debate about whether U.S. intelligence agencies should hoard serious cyber security vulnerabilities rather than share them with the public. An interagency process created under former President Barack Obama called for erring on the side of disclosure.

President Donald Trump believed changes were needed to safeguard secrets at the CIA, White House spokesman Sean Spicer told a news briefing on Thursday. “He believes that the systems at the CIA are outdated and need to be updated.”

Two U.S. intelligence and law enforcement officials told Reuters on Wednesday that intelligence agencies have been aware since the end of last year of a breach at the CIA, which led to WikiLeaks releasing thousands of pages of information on its website.

The officials, speaking on condition of anonymity, said contractors likely breached security and handed over the documents to WikiLeaks. The CIA has declined to comment on the authenticity of the documents leaked, but the officials said they believed the pages about hacking techniques used between 2013 and 2016 were authentic.

Contractors have been revealed as the source of sensitive government information leaks in recent years, most notably Edward Snowden and Harold Thomas Martin, both employed by consulting firm Booz Allen Hamilton <BAH.N> while working for the National Security Agency.

Assange said he possessed “a lot more information” about the CIA’s cyber arsenal that would be released soon. He criticized the CIA for “devastating incompetence” for not being able to control access to such sensitive material.

Nigel Farage, the former leader of the populist UK Independence Party, visited Assange at the Ecuadorean embassy in London earlier on Thursday. A representative for Farage said he was unaware what was discussed.

Assange has been holed up since 2012 at the embassy, where he fled to avoid extradition to Sweden over allegations of rape, which he denies.

(Reporting by Dustin Volz; Additional reporting by Eric Auchard in Frankfurt, Joseph Menn in San Francisco and Guy Falconbridge in London; Editing by Frances Kerry and Grant McCool)

CIA contractors likely source of latest WikiLeaks release: U.S. officials

The lobby of the CIA Headquarters Building in Langley, Virginia, U.S. on August 14, 2008. REUTERS/Larry Downing/File Photo

By John Walcott and Mark Hosenball

WASHINGTON (Reuters) – Contractors likely breached security and handed over documents describing the Central Intelligence Agency’s use of hacking tools to anti-secrecy group WikiLeaks, U.S. intelligence and law enforcement officials told Reuters on Wednesday.

Two officials speaking on condition of anonymity said intelligence agencies have been aware since the end of last year of the breach, which led to WikiLeaks releasing thousands of pages of information on its website on Tuesday.

According to the documents, CIA hackers could get into Apple Inc <AAPL.O> iPhones, devices running Google’s Android software and other gadgets in order to capture text and voice messages before they were encrypted with sophisticated software.

The White House said on Wednesday that President Donald Trump was “extremely concerned” about the CIA security breach that led to the WikiLeaks release.

“Anybody who leaks classified information will be held to the highest degree of law,” spokesman Sean Spicer said.

The two officials told Reuters they believed the published documents about CIA hacking techniques used between 2013 and 2016 were authentic.

One of the officials with knowledge of the investigation said companies that are contractors for the CIA have been checking to see which of their employees had access to the material that WikiLeaks published, and then going over their computer logs, emails and other communications for any evidence of who might be responsible.

On Tuesday in a press release, WikiLeaks itself said the CIA had “lost control” of an archive of hacking methods and it appeared to have been circulated “among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.”

The CIA, which is the United States’ civilian foreign intelligence service, declined to comment on the authenticity of purported intelligence documents.

The agency said in a statement that its mission was to collect foreign intelligence abroad “to protect America from terrorists, hostile nation states and other adversaries” and to be “innovative, cutting-edge, and the first line of defense in protecting this country from enemies abroad.”

The CIA is legally prohibited from surveillance inside the United States and “does not do so”, the statement added.

CONTRACTORS MUST BE ‘LOYAL TO AMERICA’

A U.S. government source familiar with the matter said it would be normal for the Federal Bureau of Investigation and the CIA both to open investigations into such leaks. U.S. officials previously have confirmed that prosecutors in Alexandria, Virginia for years have been conducting a federal grand jury investigation of WikiLeaks and its personnel.

A spokesman for the prosecutors declined to comment on the possibility of that probe being expanded. It is not clear if the investigation of the latest CIA leaks is part of the probe.

Contractors have been revealed as the source of sensitive government information leaks in recent years, most notably Edward Snowden and Harold Thomas Martin, both employed by consulting firm Booz Allen Hamilton <BAH.N> while working for the National Security Agency.

U.S. Senator Dianne Feinstein of California and a Democrat on the intelligence committee, said the government needed to stop the breaches.

“I think we really need to take a look at the contractor portion of the employee workforce, because you have to be loyal to America to work for an intelligence agency, otherwise don’t do it,” Feinstein said.

Both U.S. Senate and U.S. House of Representatives intelligence committees have either opened or are expected to open inquiries into the CIA breach, congressional officials said.

Some cyber security experts and technology companies have criticized the government for opting to exploit rather than disclose software vulnerabilities, though an interagency review process set up under former President Barack Obama was intended to err on the side of disclosure.

Those concerns would grow if U.S. authorities did not notify companies that CIA documents describing various hacking techniques had been compromised.

Apple, Alphabet Inc’s <GOOGL.O> Google, Cisco Systems Inc <CSCO.O> and Oracle Corp <ORCL.N> did not immediately respond when asked if they were notified of a CIA breach before WikiLeaks made its files public.

At Apple, none of the vulnerabilities described in the documents provoked a panic, though analysis was continuing, according to a person who spoke with engineers there.

Google’s director of information security and privacy, Heather Adkins, said in a statement: “As we’ve reviewed the documents, we’re confident that security updates and protections in both Chrome and Android (operating systems) already shield users from many of these alleged vulnerabilities. Our analysis is ongoing and we will implement any further necessary protections.”

LARGER NUMBER OF CONTRACTORS

One reason the investigation is focused on a potential leak by contractors rather than for example a hack by Russian intelligence, another official said, is that so far there is no evidence that Russian intelligence agencies tried to exploit any of the leaked material before it was published.

One European official, speaking on condition of anonymity, said the WikiLeaks material could in fact lead to closer cooperation between European intelligence agencies and U.S. counterparts, which share concerns about Russian intelligence operations.

U.S. intelligence agencies have accused Russia of seeking to tilt last year’s U.S. presidential election in Trump’s favor, including by hacking into Democratic Party emails. Moscow has denied the allegation.

One major security problem was that the number of contractors with access to information with the highest secrecy classification has “exploded” because of federal budget constraints, the first U.S. official said.

U.S. intelligence agencies have been unable to hire additional permanent staff needed to keep pace with technological advances such as the “internet of things” that connects cars, home security and heating systems and other devices to computer networks, or to pay salaries competitive with the private sector, the official said.

Reuters could not immediately verify the contents of the published documents.

A person familiar with WikiLeaks’ activities said the group has had the CIA hacking material for months, and that the release of the material was in the works “for a long time.”

In Germany on Wednesday, the chief federal prosecutor’s office said that it would review the WikiLeaks documents because some suggested that the CIA ran a hacking hub from the U.S. consulate in Frankfurt.

“We will initiate an investigation if we see evidence of concrete criminal acts or specific perpetrators,” a spokesman for the federal prosecutor’s office told Reuters.

Chancellor Angela Merkel is scheduled to visit Washington on March 14 for her first meeting with Trump, who has sharply criticized Berlin for everything from its trade policy to what he considers inadequate levels of military spending.

(Reporting by John Walcott, Mark Hosenball, Dustin Volz, Yara Bayoumy in Washington and Matthias Sobolewski and Andrea Shalal in Berlin; Additional reporting by Joseph Menn in San Francisco; Writing by Grant McCool; Editing by Peter Graff and Bill Rigby)

WikiLeaks says it releases files on CIA cyber spying tools

FILE PHOTO: People are silhouetted as they pose with laptops in front of a screen projected with binary code and a Central Inteligence Agency (CIA) emblem, in this picture illustration taken in Zenica, Bosnia and Herzegovina October 29, 2014. REUTERS/Dado Ruvic/File Photo/Illustration

By Dustin Volz and Warren Strobel

WASHINGTON (Reuters) – Anti-secrecy group WikiLeaks on Tuesday published what it said were thousands of pages of internal CIA discussions about hacking techniques used over several years, renewing concerns about the security of consumer electronics and embarrassing yet another U.S. intelligence agency.

The discussion transcripts showed that CIA hackers could get into Apple Inc iPhones, Google Inc Android devices and other gadgets in order to capture text and voice messages before they were encrypted with sophisticated software.

Cyber security experts disagreed about the extent of the fallout from the data dump, but said a lot would depend on whether WikiLeaks followed through on a threat to publish the actual hacking tools that could do damage.

Reuters could not immediately verify the contents of the published documents, but several contractors and private cyber security experts said the materials, dated between 2013 and 2016, appeared to be legitimate.

A longtime intelligence contractor with expertise in U.S. hacking tools told Reuters the documents included correct “cover” terms describing active cyber programs.

Among the most noteworthy WikiLeaks claims is that the Central Intelligence Agency, in partnership with other U.S. and foreign agencies, has been able to bypass the encryption on popular messaging apps such as WhatsApp, Telegram and Signal.

The files did not indicate the actual encryption of Signal or other secure messaging apps had been compromised.

The information in what WikiLeaks said were 7,818 web pages with 943 attachments appears to represent the latest breach in recent years of classified material from U.S. intelligence agencies.

Security experts differed over how much the disclosures could damage U.S. cyber espionage. Many said that, while harmful, they do not compare to former National Security Agency contractor Edward Snowden’s revelations in 2013 of mass NSA data collection.

“This is a big dump about extremely sophisticated tools that can be used to target individual user devices … I haven’t yet come across the mass exploiting of mobile devices,” said Tarah Wheeler, senior director of engineering and principal security advocate for Symantec.

Stuart McClure, CEO of Cylance, an Irvine, California, cyber security firm, said that one of the most significant disclosures shows how CIA hackers cover their tracks by leaving electronic trails suggesting they are from Russia, China and Iran rather than the United States.

Other revelations show how the CIA took advantage of vulnerabilities that are known, if not widely publicized.

In one case, the documents say, U.S. and British personnel, under a program known as Weeping Angel, developed ways to take over a Samsung smart television, making it appear it was off when in fact it was recording conversations in the room.

The CIA and White House declined comment. “We do not comment on the authenticity or content of purported intelligence documents,” CIA spokesman Jonathan Liu said in a statement.

Google declined to comment on the purported hacking of its Android platform, but said it was investigating the matter.

Snowden on Twitter said the files amount to the first public evidence that the U.S. government secretly buys software to exploit technology, referring to a table published by WikiLeaks that appeared to list various Apple iOS flaws purchased by the CIA and other intelligence agencies.

Apple Inc did not respond to a request for comment.

The documents refer to means for accessing phones directly in order to catch messages before they are protected by end-to-end encryption tools like Signal.

Signal inventor Moxie Marlinspike said he took that as “confirmation that what we’re doing is working.” Signal and the like are “pushing intelligence agencies from a world of undetectable mass surveillance to a world where they have to use expensive, high-risk, extremely targeted attacks.”

CIA CYBER PROGRAMS

The CIA in recent years underwent a restructuring to focus more on cyber warfare to keep pace with the increasing digital sophistication of foreign adversaries. The spy agency is prohibited by law from collecting intelligence that details domestic activities of Americans and is generally restricted in how it may gather any U.S. data for counterintelligence purposes.

The documents published Tuesday appeared to supply specific details to what has been long-known in the abstract: U.S. intelligence agencies, like their allies and adversaries, are constantly working to discover and exploit flaws in any manner of technology products.

Unlike the Snowden leaks, which revealed the NSA was secretly collecting details of telephone calls by ordinary Americans, the new WikiLeaks material did not appear to contain material that would fundamentally change what is publicly known about cyber espionage.

WikiLeaks, led by Julian Assange, said its publication of the documents on the hacking tools was the first in a series of releases drawing from a data set that includes several hundred million lines of code and includes the CIA’s “entire hacking capacity.”

The documents only include snippets of computer code, not the full programs that would be needed to conduct cyber exploits.

WikiLeaks said it was refraining from disclosing usable code from CIA’s cyber arsenal “until a consensus emerges on the technical and political nature of the C.I.A.’s program and how such ‘weapons’ should be analyzed, disarmed and published.”

U.S. intelligence agencies have said that Wikileaks has ties to Russia’s security services. During the 2016 U.S. presidential campaign, Wikileaks published internal emails of top Democratic Party officials, which the agencies said were hacked by Moscow as part of a coordinated influence campaign to help Republican Donald Trump win the presidency.

WikiLeaks has denied ties to Russian spy agencies.

Trump praised WikiLeaks during the campaign, often citing hacked emails it published to bolster his attacks on Democratic Party candidate Hillary Clinton.

WikiLeaks said on Tuesday that the documents showed that the CIA hoarded serious security vulnerabilities rather than share them with the public, as called for under a process established by President Barack Obama.

Rob Knake, a former official who dealt with the issue under Obama, said he had not seen evidence in what was published to support that conclusion.

The process “is not a policy of unilateral disarmament in cyberspace. The mere fact that the CIA may have exploited zero-day [previously undisclosed] vulnerabilities should not surprise anyone,” said Knake, now at the Council on Foreign Relations.

U.S. officials, speaking on condition of anonymity, said they did not know where WikiLeaks might have obtained the material.

In a press release, the group said, “The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.”

U.S. intelligence agencies have suffered a series of security breaches, including Snowden’s.

In 2010, U.S. military intelligence analyst Chelsea Manning provided more than 700,000 documents, videos, diplomatic cables and battlefield accounts to Wikileaks.

Last month, former NSA contractor Harold Thomas Martin was indicted on charges of taking highly sensitive government materials over a course of 20 years, storing the secrets in his home.

(Reporting by Dustin Volz and Warren Strobel; additional reporting by Joseph Menn, Mark Hosenball, Jonathan Landay and Jim Finkle; Editing by Grant McCool)

China warns against cyber ‘battlefield’ in internet strategy

A map of China is seen through a magnifying glass on a computer screen showing binary digits in Singapore in this January 2, 2014 photo illustration. REUTERS/Edgar Su

BEIJING (Reuters) – The strengthening of cyber capabilities is an important part of China’s military modernization, the government said on Wednesday, warning that the internet should not become “a new battlefield”.

China, home to the largest number of internet users, has long called for greater cooperation among countries in developing and governing the internet, while reiterating the need to respect “cyber sovereignty”.

But Beijing, which operates the world’s most sophisticated online censorship mechanism known elsewhere as the “Great Firewall”, has also signaled that it wants to rectify “imbalances” in the way standards across cyberspace are set.

“The building of national defense cyberspace capabilities is an important part of China’s military modernization,” the Foreign Ministry and the Cyberspace Administration of China, the country’s internet regulator, said in a strategy paper on the ministry’s website.

China will help the military in its important role of “safeguarding national cyberspace sovereignty, security and development interests” and “hasten the building of cyberspace capabilities”, they said, but also called on countries to “guard against cyberspace becoming a new battlefield”.

Countries should not engage in internet activities that harm nations’ security, interfere in their internal affairs, and “should not engage in cyber hegemony”.

“Enhancing deterrence, pursing absolute security and engaging in a (cyber) arms race – this is a road to nowhere,” Long Zhao, the Foreign Ministry’s coordinator of cyberspace affairs, said at a briefing on the strategy.

“China is deeply worried by the increase of cyber attacks around the world,” Long said.

The United States has accused China’s government and military of cyber attacks on U.S. government computer systems. China denies the accusations and says it is a victim of hacking.

A cyber attack from China crashed the website of South Korea’s Lotte Duty Free on Thursday, a company official said, at a time when South Korean firms are reporting difficulties in China following the deployment of a U.S. missile defense system in South Korea that China objects to.

While China’s influence in global technology has grown, its ruling Communist Party led by President Xi Jinping has presided over broader and more vigorous efforts to control and censor the flow of information online.

The “Great Firewall” blocks many social media services, such as Twitter, Facebook, YouTube, Instagram, Snapchat and Google, along with sites run by human rights groups and those of some foreign media agencies.

Chinese officials say the country’s internet is thriving and controls are needed for security and stability.

(Reporting by Michael Martina and Catherine Cadell; Editing by Nick Macfie)

FCC chair to block stricter broadband data privacy rules

File Photo: Ajit Pai speaks at a FCC Net Neutrality hearing in Washington February 26, 2015. REUTERS/Yuri Gripas

By David Shepardson

WASHINGTON (Reuters) – The U.S. Federal Communications Commission will block some Obama administration rules that subject broadband providers to stricter scrutiny than websites, a spokesman said on Friday, in a victory for internet providers such as AT&T Inc <T.N>, Comcast Corp <CMCSA.O> and Verizon Communications Inc <VZ.N>.

The rules approved by the FCC in October in a 3-2 vote were aimed at protecting sensitive personal consumer data, but the spokesman said Ajit Pai, the FCC chairman appointed by President Donald Trump, believes all companies in the “online space should be subject to the same rules, and the federal government should not favor one set of companies over another.”

FCC spokesman Mark Wigfield said in a statement that the suspension affects only the data security rules, which are set to take effect on March 2. Some other aspects of the rules are under review by the White House Office of Management and Budget.

Pai plans by March 2 to delay the implementation of some rules, which subject companies to stricter oversight than websites under Federal Trade Commission rules, the spokesman said. Such a temporary stay is a first step toward permanently preventing the rules from taking effect.

The rules would subject broadband internet service providers to more stringent requirements than websites like Facebook Inc <FB.O>, Twitter Inc <TWTR.N> or Alphabet Inc’s <GOOGL.O> Google.

Providers would need to obtain consumer consent before using certain user data for advertising and internal marketing. They would be required to get consent for details like precise geo-location, financial information, health information, children’s information, Web browsing history, app usage history and communication content.

For less sensitive information such as email addresses or service tiers, consumers would be able to opt out.

Republican commissioners including Pai, said in October the rules unfairly give websites the ability to harvest more data than service providers and dominate digital advertising.

Pai said in October the FCC “adopted one-sided rules that will cement edge providers’ dominance in the online advertising market.” Google and Facebook dominate that market and account for about two-thirds of all revenue.

Former FCC Chairman Tom Wheeler, who authored the privacy rules, told Reuters on Friday that they are necessary because consumers have few options when it comes to broadband providers. “The fact of the matter is it’s the consumer’s information,” he said. “It’s not the network’s information.”

Berin Szóka, president of TechFreedom, said Pai’s decision was a good move because “because the real question isn’t a policy question but a legal one: does the FCC even have authority to regulate broadband privacy?”

(Reporting by David Shepardson in Washington; Additional reporting by Anjali Athavaley in New York; Editing by Richard Chang and Grant McCool)

U.S. weather service says hit by first-ever data system outage

residents dig out winter snow

WASHINGTON (Reuters) – The U.S. National Weather Service said on Tuesday it suffered its first-ever outage of its data system during Monday’s blizzard in New England, keeping the agency from sending out forecasts and warnings for more than two hours.

The weather service’s Advanced Weather Interactive Processing System Network Control Facility failed Monday afternoon when the primary and backup routers lost power, the NWS said in a statement. The outage lasted two hours and 36 minutes.

“The AWIPS communications system is a very reliable configuration and this is the first time both routers failed simultaneously,” the weather service said.

The outage came as a blizzard was pummeling New England and engineers in Northern California were trying to repair problems at the United States’ tallest dam ahead of more rain.

The failure prevented the NWS from putting out forecasts, warnings, current conditions, satellite and radar imagery and updates to its main public site.

The director of the agency’s Office of Central Processing, David Michaud, called the impact “significant” in an email to weather service employees. The NWS’ Network Control Facility also was unable to connect with a backup system, he said.

During the outage, the weather service sent out forecasts, watches and warnings through the National Oceanic and Atmospheric Administration’s Weather Radio and the social media accounts of local offices.

The routers at the main site were replaced and service restored. The cause of the outage is under investigation.

(Reporting by Ian Simpson; Editing by Paul Simao)

‘Alphabet soup’ of agencies leave UK exposed to cyber attacks: report

projection of man in binary code representing cyber security or cyber attack

LONDON (Reuters) – Britain’s government has taken too long to coordinate an “alphabet soup” of agencies tasked with protecting the country from an ever-increasing risk of cyber attack, a parliamentary report said on Friday.

The Public Accounts Committee report said that as of last April there were at least 12 separate organizations in Britain responsible for protecting information, with “several lines of accountability with little coherence between them.”

Processes for recording breaches of personal data by government departments are inconsistent and chaotic, the report said, adding that the government is struggling to meet a skills gap in the security profession.

The findings come in the wake of a spate of cyber attacks that have targeted banks, businesses and institutions, including Tesco Bank, Lloyd’s Bank, Talk-Talk, and the National Health Service.

“The threat of cyber-crime is ever-growing yet evidence shows Britain ranks below Brazil, South Africa and China in keeping phones and laptops secure,” said committee chair Meg Hillier.

“Leadership from the center is inadequate and, while the National Cyber Security Centre (NCSC) has the potential to address this, practical aspects of its role must be clarified quickly.”

The NCSC was established by the government last October as part of a 1.9 billion-pound ($2.37 billion) program to tighten cyber security.

An NCSC spokesman said in response to the report: “The government has been clear that the newly formed NCSC is the UK’s definitive authority on cyber security.”

On Thursday night, British defense minister Michael Fallon said Russian president Vladimir Putin was trying to undermine the West by spreading lies and attacking critical infrastructure with hackers.

The Kremlin called the accusation baseless.

Britain launched a cyber security review in January after U.S. intelligence agencies said Putin ordered an effort to help President Donald Trump’s electoral chances by discrediting his rival Hillary Clinton in the 2016 U.S. presidential campaign.

(Reporting by Ritvik Carvalho)

Trump expected to sign cyber security executive order Tuesday: source

President Donald Trump signing executive orders

By Dustin Volz and Steve Holland

WASHINGTON (Reuters) – President Donald Trump is expected to sign an executive order on cyber security on Tuesday, two sources familiar with the situation said, marking the first action to address what he has called a top priority of his administration.

The order is expected to commission several different reviews of the government’s offensive and defensive cyber capabilities, according to one of the sources and a third briefed on a draft of the order that circulated last week.

The move follows a presidential campaign that was dominated by running storylines related to cyber security, including the hacking and subsequent leaking of Democratic emails as part of what U.S. intelligence agencies determined was a wide-ranging influence operation intended to help Trump win the White House and denigrate his challenger, Democrat Hillary Clinton.

For months Trump refused to accept the conclusions of the agencies that Russia was responsible, before stating at a press conference on January 11 that, “as far as hacking I think it was Russia.”

In his answer, Trump, then the president-elect, pivoted to say that “we also get hacked by other countries, and other people” while vowing to launch a government-wide review of vulnerabilities to cyber attacks.

The order is expected to also initiate a audit of several federal agencies’ cyber capabilities, seek input on how to improve protections for critical infrastructure, and review government efforts to attract and train a technically sophisticated workforce, according to two of the sources briefed on the draft, which was first published by the Washington Post.

The draft order would also seek ways to give the private sector incentives to adopt strong security measures.

(Reporting by Steve Holland and Dustin Volz; Editing by Chris Reese and Grant McCool)