Author Archives: Shaun Waterman

Looking to fit it all together, banks adopt standards for cyber automation and integration

Posted on by

To understand the Integrated Adaptive Cyber Defense system that U.S. banks and other financial institutions agreed to adopt this week, you have to think about plumbing. “When you go to the hardware store to buy plumbing supplies, you don’t have to wonder ‘Will this fit with the plumbing I already have in my home?’ because there are universal standards,” said Tony Sager, senior vice president and chief evangelist for the Center for Internet Security. The idea of the Integrated Adaptive Cyber Defense (IACD) system is to bring that approach to cybersecurity, explained Sager, who was a senior executive at the National Security Agency for many years. Government entities like the Pentagon and industries like banking “spend millions on these tools … and then they can’t work together,” he said, because of completely different architectures or proprietary interfaces. Many of the latest tools come equipped with an application programming interface (API) — essentially a software […]

The post Looking to fit it all together, banks adopt standards for cyber automation and integration appeared first on Cyberscoop.

Continue reading Looking to fit it all together, banks adopt standards for cyber automation and integration

Lawmaker to HHS: Label software in medical devices

Posted on by

The Trump administration should convene a national effort in partnership with the private sector to ensure that the owners and operators of medical devices, hospital IT networks and electronic health records systems can find out what software and other components are in the products they buy, says the chairman of the powerful House Energy and Commerce Committee. In a letter Thursday to acting Health and Human Services Secretary Eric Hargen, committee Chairman Greg Walden, R-Ore., notes a congressionally chartered task force on health care cybersecurity earlier this year recommended such transparency requirements. The congressional report said there should be a “Bill of Materials” (BOM) for medical products because hospital IT managers and network administrators “must first understand what they have on their systems, before they can determine whether these technologies are impacted by a given threat or vulnerability.” “We write today to request that [HHS] convene a sector-wide effort to develop a plan of action for creating, deploying and leveraging BOMs […]

The post Lawmaker to HHS: Label software in medical devices appeared first on Cyberscoop.

Continue reading Lawmaker to HHS: Label software in medical devices

Experts ask: Why does the VEP cut out health care agencies?

Posted on by

The U.S. government’s policy for disclosing freshly discovered software vulnerabilities effectively sidelines a small but vital slice of the global IT ecosystem, critics charge — flaws in the computer programs that run medical devices, hospital equipment and digital health records systems. The Vulnerabilities Equities Process (VEP) sets out how the government decides whether to secretly retain a new vulnerability — called a zero day — for use in spying operations, or disclose it to the manufacturer so the software can be fixed or patched. The process’s details were released Wednesday by the White House. The Equities Review Board, the body which discusses vulnerabilities and makes decisions under the VEP, is made up of representatives from 10 federal agencies and departments, including the Department of Defense, Department of Homeland Security and the Office of the Director of National Intelligence. But there’s no representative from the Department of Health and Human Services. When asked […]

The post Experts ask: Why does the VEP cut out health care agencies? appeared first on Cyberscoop.

Continue reading Experts ask: Why does the VEP cut out health care agencies?

Free DNS service from internet nonprofits makes security ‘as simple as humanly possible’

Posted on by

A free DNS service from nonprofits Global Cyber Alliance and Packet Clearing House launched Thursday will block users and devices from visiting known malicious websites, acting as an “immune system” for internet-connected devices. The new Quad9 Domain Name System (DNS) filtering service is aimed at individual users, micro-enterprises and small businesses, but will be useful for any enterprise that doesn’t have a dedicated IT team, the alliance’s Executive Director for the UK and Europe Andy Bates, explained to CyberScoop. “We’ve made it as simple as humanly possible,” he said. Using threat intelligence feeds from IBM’s X-Force security service and 18 other partner organizations, Quad9 compiles a constantly updated blacklist of known bad websites — ones that contaminate visitors with malware or are used to control infected computers. If a user clicks on a link, for instance in a phishing email, Quad9 will block the move. The 18 other partner companies include Abuse.ch, the Anti-Phishing […]

The post Free DNS service from internet nonprofits makes security ‘as simple as humanly possible’ appeared first on Cyberscoop.

Continue reading Free DNS service from internet nonprofits makes security ‘as simple as humanly possible’

Experts say government’s information sharing program is all take and no give

Posted on by

Information sharing among private sector companies and with the federal government suffers from a tragedy of the commons, lawmakers were told Wednesday — everyone wants to receive information about cyberthreats, but few are prepared to make the effort to give back. “To do information sharing, that takes work,” said former White House cyber official Rob Knake, testifying on behalf of the Global Resilience Institute before the House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection. Additional staff have to be hired, or existing ones assigned away from their regular duties, he said. Especially during the immediate aftermath of a hack, “That’s the last thing you want to do.” But it is precisely at that time that the value of sharing is greatest, he added, calling that “One of the hardest problems in information sharing — when you’re attacked, sharing information doesn’t help you, it helps everyone else. When an incident happens, what everybody wants […]

The post Experts say government’s information sharing program is all take and no give appeared first on Cyberscoop.

Continue reading Experts say government’s information sharing program is all take and no give

DHS nominee Kirstjen Nielsen gets committee nod 11-4

Posted on by

The Senate Homeland Security and Governmental Affairs Committee voted 11-4 Tuesday to advance the nomination of Kirstjen Nielsen as the next secretary of Homeland Security, despite Democratic concerns about her experience, doubts about her independence from the White House and ethics questions from a nonprofit watchdog group. The nomination now moves onto the full Senate, and sources tell CyberScoop that Republican leaders want a floor vote before the Thanksgiving recess starts Friday. Four senators voted against advancing the nomination: Tom Carper, D-Del., Kamala Harris, D-Calif., Maggie Hassan, D-N.H. and Gary Peters, D-Mich. All four were signatories — along with Sen. Heidi Heitkamp, D-N.D. — on a letter last week calling for a second hearing where Nielsen could answer additional questions about her experience and independence from the White House. The letter followed a Washington Post report that Nielsen’s current boss, White House Chief of Staff John Kelly, had tried to bully acting DHS […]

The post DHS nominee Kirstjen Nielsen gets committee nod 11-4 appeared first on Cyberscoop.

Continue reading DHS nominee Kirstjen Nielsen gets committee nod 11-4

Freedom House: Governments are turning cyberweapons on their own people

Posted on by

More and more governments are using cyberweapons like malware and distributed denial-of-service (DDoS) attacks against internal critics and dissidents, making online attacks the second-most-common form of repression after actual arrests, according to a new report from human rights group Freedom House. “Cyberattacks became more common due in part to the increased availability of relevant technology, which is sold in a weakly regulated market, and in part to inadequate security practices among many of the targeted groups,” the group states in its 2017 Freedom on the Net report, adding that falling prices and widening proliferation of cyberweapon technology means that even local officials and police have access. “The relatively low cost of cyberattack tools has enabled not only central governments but also local government officials and law enforcement agencies to obtain and employ them against their perceived foes,” like human rights advocates or watchdogs seeking to expose corruption and abuse, the report warns. Freedom House says governments […]

The post Freedom House: Governments are turning cyberweapons on their own people appeared first on Cyberscoop.

Continue reading Freedom House: Governments are turning cyberweapons on their own people

DHS nomination vote postponed again amid ethics violation allegations

Posted on by

A Senate committee vote to confirm Kirstjen Nielsen as the next Secretary of Homeland Security has been postponed a third time amid ethics charges and requests by Democrats for a second hearing. The business meeting of the Senate Homeland Security and Governmental Affairs Committee — originally scheduled for last week, then moved to Monday and subsequently postponed until Tuesday morning — was pushed back again overnight to some time Tuesday afternoon. “By agreement of the chairman and ranking member, [Tuesday] morning’s business meeting is postponed to be rescheduled … at a time to be determined in conjunction with upcoming floor votes. Further notice will be forthcoming,” read a note from committee leadership Monday evening. The postponement follows an ethics complaint filed against Nielsen Monday by the nonprofit nonpartisan Campaign Legal Center, regarding her acceptance of voluntary services from non-government personnel to help her prepare for her confirmation hearing last week. A spokeswoman […]

The post DHS nomination vote postponed again amid ethics violation allegations appeared first on Cyberscoop.

Continue reading DHS nomination vote postponed again amid ethics violation allegations

Watchdog complains about consultant helping Nielsen’s DHS confirmation

Posted on by

A government ethics watchdog is calling for an investigation into potential violations of federal laws and ethics regulations by Homeland Security secretary nominee Kirstjen Nielsen, following CyberScoop reports that a consultant representing companies with hundreds of millions of dollars at stake had volunteered to help run her confirmation preparation. The nonprofit, nonpartisan Campaign Legal Center has asked federal officials — including Attorney General Jeff Sessions — to probe the matter. Government departments aren’t allowed to accept voluntary work, for the same reason officials cannot accept valuable gifts — because of the risk it might create an obligation that could be repaid with an official act, explained the center’s Brendan Fischer. “There’s a risk that such work would engender a feeling indebtedness on Nielsen’s part,” Fischer told CyberScoop, noting that DHS handed out $23 billion worth of contracts last year. “It appears that Nielsen has been guided through the confirmation process by an individual whose clients have hundreds […]

The post Watchdog complains about consultant helping Nielsen’s DHS confirmation appeared first on Cyberscoop.

Continue reading Watchdog complains about consultant helping Nielsen’s DHS confirmation

Russians, other foreigners, spoofing unprotected .gov email addresses, report says

Posted on by

Thousands of web domains belonging to hundreds of federal departments and agencies are being spoofed by email hackers, including many from Russia and other adversary nations, according to new figures reported this week. The cyberspies and online fraudsters are trying to trick message recipients into clicking on malicious links or downloading malware designed to steal passwords and other personal information, according to an analysis by cybersecurity outfit Proofpoint, which specializes in providing online security for large organizations. The company looked at nearly 70 million emails sent during October from 5,000 unique .gov parent domains protected by Proofpoint, the company’s VP of Email Fraud strategy Robert Holmes told CyberScoop. More than 3,000 of those domains had been spoofed by hackers sending phishing emails that purported to come from a trusted communicant. “We saw over 8.5 million fraudulent messages,” Holmes wrote in a blog post Monday, “Almost 10 percent of which were not even sent from a US-based [internet or IP] address.” The […]

The post Russians, other foreigners, spoofing unprotected .gov email addresses, report says appeared first on Cyberscoop.

Continue reading Russians, other foreigners, spoofing unprotected .gov email addresses, report says