Trump chairs election-security meeting as Democrats call for strategy

President Donald Trump chaired an election-security meeting Friday afternoon with his top advisers as Democrats called on the White House to delineate a clear strategy to counter foreign attempts to meddle in the U.S. electoral process. The National Security Council meeting “addressed threats posed to our elections from malign foreign actors, efforts underway to provide cybersecurity assistance to state and local authorities, and actions to investigate, prosecute, and hold accountable those who illegally attempt to interfere in our political and electoral processes,” White House Press Secretary Sarah Huckabee Sanders said in a statement. Director of National Intelligence Dan Coats, National Security Agency Director Paul Nakasone, CIA Director Gina Haspel and FBI Director Christopher Wray were among the officials at the meeting, according to the White House. “The president has made it clear that his administration will not tolerate foreign interference in our elections from any nation-state or other malicious actors,” Sanders […]

The post Trump chairs election-security meeting as Democrats call for strategy appeared first on Cyberscoop.

Continue reading Trump chairs election-security meeting as Democrats call for strategy

Economic cyber-espionage is here to stay, U.S. counterintelligence report says

A new report from a U.S. counterintelligence agency details persistent efforts by China, Iran, and Russia to steal U.S. trade secrets, warns that those campaigns are here to stay and raises concerns about the software supply chain as a vector for economic espionage. China, Iran, and Russia are “three of the most capable and active cyber actors tied to economic espionage,” and they will “remain aggressive and capable collectors of sensitive U.S. economic information and technologies, particularly in cyberspace,” the report from the National Counterintelligence and Security Center (NCSC) states. Last year was a “watershed” year in public reporting of big software supply-chain operations, with seven incidents reported compared to just four between 2014 and 2016, according to the NCSC, which is part of the Office of the Director of National Intelligence (ODNI). The counterintelligence agency cites the seminal NotPetya attack, which U.S. officials blamed on Moscow, and the CCleaner backdoor, which […]

The post Economic cyber-espionage is here to stay, U.S. counterintelligence report says appeared first on Cyberscoop.

Continue reading Economic cyber-espionage is here to stay, U.S. counterintelligence report says

Wyden asks federal agencies to ditch Adobe Flash

Sen. Ron Wyden has called on federal agencies to stop using Adobe Flash, multimedia software that has consistently proven vulnerable over the years. Adobe will stop providing security updates for Flash in 2020, and Wyden, D-Ore., wants agencies charged with issuing federal cybersecurity guidance to get Flash off government systems before then. “At that point, Flash’s existing cybersecurity risks will only be compounded,” Wyden wrote in a July 25 letter to the heads of the Department of Homeland Security, National Security Agency, and National Institute of Standards and Technology. “The federal government has too often failed to promptly transition away from software that has been decommissioned.” The missive asks DHS, NIST, and the NSA to work together to produce a policy, effective within 60 days of its issuance, that bans the use of new Flash-based content on federal websites. For Wyden, agencies should not just refrain from deploying Flash but also […]

The post Wyden asks federal agencies to ditch Adobe Flash appeared first on Cyberscoop.

Continue reading Wyden asks federal agencies to ditch Adobe Flash

Automotive companies are warming up to vulnerability disclosure programs

The automotive industry is looking to step up its collaboration with cybersecurity researchers to identify software and hardware bugs in order to better protect vehicles which are becoming more connected and automated. “We’ve begun to actively develop relationships with the researcher community to encourage them to look at our vehicles and to let us know if they find vulnerabilities,” Harry Lightsey, an executive at General Motors, said Tuesday at the Wilson Center in Washington, D.C. A case in point is a workshop in Detroit next week that will show industry representatives how to set up an effective vulnerability disclosure program, a practice that enlists outside researchers to find bugs in an organization’s equipment. The workshop’s goal will be to “understand what a vulnerability disclosure program is, how to stand one up, what the pitfalls are,” Faye Francy told CyberScoop after the Wilson Center event. She heads the Automotive Information Sharing […]

The post Automotive companies are warming up to vulnerability disclosure programs appeared first on Cyberscoop.

Continue reading Automotive companies are warming up to vulnerability disclosure programs

NSA chief confirms he set up task force to counter Russian hackers

The head of the National Security Agency and U.S. Cyber Command confirmed over the weekend that he has set up a task force to counter Russian cyberthreats to the United States. Describing Russia as a “near-peer threat” in cyberspace that has “great capabilities,”Gen. Paul Nakasone said the task force is “in line with what the intelligence community has really been doing since post-2016/2017.” Speaking at a conference in Aspen, Colo., Nakasone didn’t elaborate on the activities or composition of the so-called “Russia Small Group,” but he did allude to the challenges of responding proportionally to foreign cyber operations that do not amount to acts of war. U.S. intelligence agencies concluded in a report in January 2017 that hackers linked with the Russian government meddled in the 2016 U.S. presidential election by breaching multiple political organizations. “What we’ve seen our adversaries do over a period of years is the fact that they operate […]

The post NSA chief confirms he set up task force to counter Russian hackers appeared first on Cyberscoop.

Continue reading NSA chief confirms he set up task force to counter Russian hackers

White House makes Grant Schneider the top cybersecurity official in government

Veteran government IT official Grant Schneider will serve as federal chief information security officer, an influential policy role charged with implementing cybersecurity practices across the executive branch, the Office of Management and Budget announced Thursday. “Grant Schneider brings extensive cybersecurity experience well aligned to lead efforts in securing government systems from cyberattacks,” Margaret Weichert, OMB’s deputy director for management, said in a statement. “As chief information security officer, Grant will play a key role in making sure the federal government’s technology networks are safe and secure,” she added. The federal CISO chairs the CISO Council, which allows collaboration across agencies on issues like identity management and vulnerability response. Schneider had been serving as federal CISO on an acting basis until today. He is also a senior director for cybersecurity at the National Security Council (NSC), where he helps manage the government’s cyber defense strategy. In June, the White House tapped […]

The post White House makes Grant Schneider the top cybersecurity official in government appeared first on Cyberscoop.

Continue reading White House makes Grant Schneider the top cybersecurity official in government

LabCorp attack highlights persistent ransomware threat to health sector

Ransomware has hit the vast medical-testing and blood diagnostics company LabCorp, the latest health care organization to be targeted by the hostage-taking malware. After detecting “suspicious activity” on its IT network over the weekend of July 14, LabCorp determined that it had been affected by “a new variant of ransomware,” company spokeswoman Pattie Kushner told CyberScoop. The North Carolina-based company, which has 60,000 employees worldwide and processes 2.5 million patient samples per week, is working with outside security experts and law enforcement to recover from the attack. The company took certain systems offline to clear them of the ransomware, which has “affected some test processing and customer access to test results,” Kushner said. “Work has been ongoing to restore full system functionality as quickly as possible, testing operations have substantially resumed, and we are working to restore additional systems and functions over the next several days,” she added. The ransomware was only detected on the company’s […]

The post LabCorp attack highlights persistent ransomware threat to health sector appeared first on Cyberscoop.

Continue reading LabCorp attack highlights persistent ransomware threat to health sector

McCaul: U.S. should go on the cyber offensive if Russia hacks midterms

The United States should respond with offensive cyber operations if the Russian government tries to meddle in the 2018 U.S. midterm elections like it did in the 2016 presidential election, according to an influential Republican lawmaker. “Personally, if [the Russians] attempt to do that again in the 2018 midterms, I think there should be an offensive response to it,” Texas Rep. Michael McCaul, chairman of the House Homeland Security Committee, told reporters Wednesday. In January 2017, the U.S. intelligence community concluded that Russian government-linked hackers meddled in the 2016 presidential election as part of a broad Kremlin-backed effort to help elect U.S. President Donald Trump. Over the last several months, senior U.S. intelligence officials have repeatedly warned of the possibility of renewed Russian information operations ahead of midterm elections this fall. While nothing on the scale of the 2016 meddling has been detected yet for the 2018 cycle, a public […]

The post McCaul: U.S. should go on the cyber offensive if Russia hacks midterms appeared first on Cyberscoop.

Continue reading McCaul: U.S. should go on the cyber offensive if Russia hacks midterms

Lawmakers ask Google, Facebook not to work with Vietnamese government on new data laws

A bipartisan and bicameral group of lawmakers has asked Google and Facebook not to share sensitive user data with the Vietnamese government that could enable surveillance and censorship of the country’s citizens. The lawmakers object to a heavy-handed Vietnamese law that requires tech companies to remove content within 24 hours of getting a request from Vietnamese authorities. Three senators and 17 members of the House of Representatives wrote to Facebook CEO Mark Zuckerberg and Google CEO Sundar Pichai asking the companies not to store data in Vietnam if it means it can be seized by authorities. The Southeast Asian country has a stifling climate for online expression, and the new law, which will take effect in January after its approval by legislators last month, will further tighten the screws. The human rights advocacy group Amnesty International urged tech companies to resist the measure, saying “this law can only work if tech […]

The post Lawmakers ask Google, Facebook not to work with Vietnamese government on new data laws appeared first on Cyberscoop.

Continue reading Lawmakers ask Google, Facebook not to work with Vietnamese government on new data laws

Voting machine vendor says it installed remote software connections in a ‘small number’ of systems

A top manufacturer of voting machines has conceded that it installed remote-access software for a “small number” of election management systems from 2000 to 2006, a practice that experts say leaves the equipment vulnerable to hackers. The revelation could be a teachable moment as state and local election officials work to shore up their voting infrastructure security for the 2018 midterm elections. In an April letter to Sen. Ron Wyden, D-Ore., obtained by CyberScoop, Election Systems and Software (ES&S) said it implemented the remote-access software on systems over a six-year period in order to facilitate customer support. Among other voting-related tasks, election management systems are used to program voting machines across a county. The software in question, pcAnywhere, has proven to be vulnerable to hackers, who stole its source code in 2006. The Nebraska-based vendor said it never set up a remote connection on voting devices like tabulators or ballot-marking […]

The post Voting machine vendor says it installed remote software connections in a ‘small number’ of systems appeared first on Cyberscoop.

Continue reading Voting machine vendor says it installed remote software connections in a ‘small number’ of systems