Key lawmakers to CISA: Let us send you more money, power

The Department of Homeland Security’s cyber division, a key government agency charged with helping stop and respond to cyberattacks, might be getting ready for a bigger role in the spotlight.  One key House committee advanced legislation in July to give the Cybersecurity and Infrastructure Security Agency an extra $400 million. Then, another committee on Sept. 14 separately advanced its take on legislation that would provide an additional nearly $800 million to the agency, which has a $2 billion total budget in the current fiscal year. Those proposed funds come on top of another extra $650 million that Congress and President Joe Biden already provided to CISA in March through the American Rescue Plan focused on COVID-19 relief. And the recent moves on Capitol Hill to bolster CISA, an agency formally established only three years ago, aren’t limited to cash. Both chambers of Congress are contemplating legislation that would make CISA the […]

The post Key lawmakers to CISA: Let us send you more money, power appeared first on CyberScoop.

Continue reading Key lawmakers to CISA: Let us send you more money, power

Key lawmakers to CISA: Let us send you more money, power

The Department of Homeland Security’s cyber division, a key government agency charged with helping stop and respond to cyberattacks, might be getting ready for a bigger role in the spotlight.  One key House committee advanced legislation in July to give the Cybersecurity and Infrastructure Security Agency an extra $400 million. Then, another committee on Sept. 14 separately advanced its take on legislation that would provide an additional nearly $800 million to the agency, which has a $2 billion total budget in the current fiscal year. Those proposed funds come on top of another extra $650 million that Congress and President Joe Biden already provided to CISA in March through the American Rescue Plan focused on COVID-19 relief. And the recent moves on Capitol Hill to bolster CISA, an agency formally established only three years ago, aren’t limited to cash. Both chambers of Congress are contemplating legislation that would make CISA the […]

The post Key lawmakers to CISA: Let us send you more money, power appeared first on CyberScoop.

Continue reading Key lawmakers to CISA: Let us send you more money, power

Apple, JPMorgan Chase bosses among industry heads set to gather at White House for cyber ‘call to action’

President Joe Biden will huddle Wednesday with industry leaders to issue a “call to action” on cybersecurity and make “concrete announcements” to counter the fundamental causes of cyberattacks, according to a senior administration official. It’s a star-studded afternoon gathering scheduled to include the likes of Apple CEO Tim Cook and JPMorgan Chase CEO Jamie Dimon from the financial, technology, energy, insurance and education sectors, then feature discussions led by top administration officials. The White House has been working to secure commitments from industry in advance of the meeting, mostly in the areas of “technology and talent,” the official said in a background call with reporters on Tuesday. Two points of emphasis, the official said, are building technology that is secure from the outset, and better defending critical infrastructure after the ransomware attack on Colonial Pipeline led to a fuel scare. “We need to bake in security by design into tech,” […]

The post Apple, JPMorgan Chase bosses among industry heads set to gather at White House for cyber ‘call to action’ appeared first on CyberScoop.

Continue reading Apple, JPMorgan Chase bosses among industry heads set to gather at White House for cyber ‘call to action’

A US official explains why the White House decided not to ban ransomware payments

The Biden administration backed away from the idea of banning ransomware payments after meetings with the private sector and cybersecurity experts, a top cybersecurity official said Wednesday. “Initially, I thought that was a good approach,” Anne Neuberger, deputy national security advisor for cyber and emerging technology, said at an Aspen Security Forum event. “We know that ransom payments are driving this ecosystem.” Experts, including former government officials serving on a non-profit ransomware task force, helped shift that view, following high-profile hacks against Colonial Pipeline, the food production company JBS and Kaseya, a Florida-based IT firm. Payments from the Colonial Pipeline and JBS attacks totaled more than $15 million, a number that likely represents a fraction of the funds sent to extortionists. “We heard loud and clear from many that the state of resilience is inadequate, and as such, if we banned ransom payments we would essentially drive even more of […]

The post A US official explains why the White House decided not to ban ransomware payments appeared first on CyberScoop.

Continue reading A US official explains why the White House decided not to ban ransomware payments

White House weighs cracking down on secret ransomware payments, pursuing hackers

Going on offense against attackers and penetrating the secrecy surrounding attacks are two ways the Biden administration is pondering to tackle ransomware, a top White House official said on Tuesday. Anne Neuberger, the deputy national security adviser, said that that a joint FBI, U.S. Cyber Command and private sector effort to cripple the Trickbot botnet, a hacking tool that U.S. officials had feared would disrupt 2020 election season, should be the kind of operation used to tackle ransomware gangs in the future. “Certainly that serves as a model to say where we identify actors and infrastructure that are used … to conduct ransomware attacks, we want to ensure that we make it a lot harder for those actors to operate,” Neuberger said at an event hosted by the Silverado Policy Accelerator, a nonprofit think tank. In advance of the 2020 election, Cyber Command and Microsoft led missions to weaken Trickbot, […]

The post White House weighs cracking down on secret ransomware payments, pursuing hackers appeared first on CyberScoop.

Continue reading White House weighs cracking down on secret ransomware payments, pursuing hackers

Government, industry scramble to prioritize ransomware amid fallout from pipeline, JBS breaches

Three weeks ago, the U.S. Chamber of Commerce — the most powerful business lobby in the country — called on the federal government to take several steps to combat ransomware. This week, the White House’s deputy national security adviser penned a letter to industry … urging them to take several steps to combat ransomware. Those are two of the latest moves in a long dance between the feds and private sector over cybersecurity, with a tempo that has hastened considerably since the Colonial Pipeline ransomware attack. Even as both sides say the respective calls for action on ransomware in the oft-hailed “public-private partnership” are well-received, they’re redoubling their messages to each other. As the ransomware challenge looms increasingly large and has proven difficult to wrestle, two of the largest players are trying to find their footing. “While businesses need to do what they can to enhance their security, the government […]

The post Government, industry scramble to prioritize ransomware amid fallout from pipeline, JBS breaches appeared first on CyberScoop.

Continue reading Government, industry scramble to prioritize ransomware amid fallout from pipeline, JBS breaches

FBI blames DarkSide ransomware operators for Colonial Pipeline incident

The FBI on Monday said that a cybercriminal enterprise behind a ransomware variant known as DarkSide was responsible for the hack that prompted one of the country’s largest pipeline operators to temporarily shut down. The FBI statement came as Colonial Pipeline, which says it transports some 45% of all fuel consumed on the East Coast, said that it was aiming to “substantially” restore its pipeline operations by the end of the week. In a private advisory to U.S. companies obtained by CyberScoop, the FBI said that it had been tracking the DarkSide ransomware variant since October. “Darkside has impacted numerous organizations across various sectors including manufacturing, legal, insurance, healthcare and energy,” the FBI advisory said. The authors of DarkSide lease their hacking tools to other criminals in a “ransomware-as-as-service” model that splits the proceeds among the perpetrators, the bureau added. The Colonial Pipeline incident, which began Friday, is one of […]

The post FBI blames DarkSide ransomware operators for Colonial Pipeline incident appeared first on CyberScoop.

Continue reading FBI blames DarkSide ransomware operators for Colonial Pipeline incident

After SolarWinds breach, White House preps executive order on software security

The White House is moving forward with an executive order to encourage software developers to build more security into their products as the investigation of a suspected Russian supply chain compromise continues, a top security official said Friday. The upcoming directive “will focus on building in standards for software, particularly software that’s used in critical areas,” Anne Neuberger, the deputy national security adviser for cyber and emerging technology, said at the SANS Institute’s ICS Security Summit. “The level of trust we have in our systems has to be directly proportional to the visibility we have. And the level of visibility has to match the consequences of the failure of those systems.” Neuberger said the directive would be one of the Biden administration’s multiple responses to the alleged Russian spying operation that has exploited software made by federal contractor SolarWinds, among other vendors, and breached nine federal agencies and 100 companies. […]

The post After SolarWinds breach, White House preps executive order on software security appeared first on CyberScoop.

Continue reading After SolarWinds breach, White House preps executive order on software security

SolarWinds CEO talks hack, remaining questions before Capitol Hill hearings

The chief executive of SolarWinds on Monday said his company is still seeking a fuller understanding of the scope of the hack on its Orion software — and laying the groundwork for what SolarWinds, as well as the federal government, should be doing next. “What we are… still learning is the breadth and depth of the sophistication of the attackers, number one,” Sudhakar Ramakrishna said at a Center for Strategic and International Studies online event where he noted that the company’s investigation into what happened is ongoing. “Number two is the patience with which they carried out these attacks, and obviously the persistence,” he said, citing as an example that the hackers appeared to use earlier versions of Orion code as a test bed for their eventual attack. Ramakrishna took over as CEO weeks after news about the hack of SolarWinds’ updates to its Orion software had become public. The […]

The post SolarWinds CEO talks hack, remaining questions before Capitol Hill hearings appeared first on CyberScoop.

Continue reading SolarWinds CEO talks hack, remaining questions before Capitol Hill hearings

White House warns SolarWinds breach cleanup will take time

The White House has a message for America: it’s going to take a long time to sort through the fallout from the massive espionage operation spurred on by the SolarWinds breach uncovered late last year. Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger stressed during a White House briefing Wednesday that the way the suspected Russian hackers infiltrated a SolarWinds network management software update with malicious code has made it more difficult for federal investigators to track down the details of the compromise. “We believe it took them months to plan and execute this compromise. It will take us some time to uncover this layer by layer,” Neuberger said, estimating it will take a number of months for the U.S. government to get its hands around the issue properly. “Many of the private sector compromises are technology companies including networks of companies whose products can be used […]

The post White House warns SolarWinds breach cleanup will take time appeared first on CyberScoop.

Continue reading White House warns SolarWinds breach cleanup will take time