Lawmakers question Microsoft president over China ties, repeated breaches

Brad Smith defended the company at a time of growing concerns about whether the tech giant is sufficiently prioritizing security.

The post Lawmakers question Microsoft president over China ties, repeated breaches appeared first on CyberScoop.

Continue reading Lawmakers question Microsoft president over China ties, repeated breaches

House panel leaders call on Microsoft president to testify over security shortcomings

The Homeland Security Committee plans a May 22 hearing.

The post House panel leaders call on Microsoft president to testify over security shortcomings appeared first on CyberScoop.

Continue reading House panel leaders call on Microsoft president to testify over security shortcomings

Congress pummels Colonial Pipeline CEO over government coordination after disruptive ransomware incident

Lawmakers repeatedly challenged Colonial Pipeline CEO Joseph Blount on Wednesday about the steps it took to work with the government after a May ransomware attack, often suggesting the company fell short. A long string of House Homeland Security Committee members questioned Blount about his assertion that Colonial had not, as reported, refused voluntary Transportation Security Administration cybersecurity reviews. Instead, the company delayed them due to COVID-19 restrictions and a physical move to a new building, he said. “Delaying these assessments for so long amounts to declining them, sir,” said Rep. Bonnie Watson Coleman, D-N.J., citing communications that began in March of 2020. “It raises serious questions,” she said, while noting that her information says that Colonial turned down even a virtual assessment offers before the ransomware attack that led to fuel delivery slowdowns last month. Colonial has now scheduled a TSA review for late July, Blount said. Blount’s answers about government […]

The post Congress pummels Colonial Pipeline CEO over government coordination after disruptive ransomware incident appeared first on CyberScoop.

Continue reading Congress pummels Colonial Pipeline CEO over government coordination after disruptive ransomware incident

Lawmakers say Colonial Pipeline’s refusal to discuss ransom undermines US efforts

U.S. lawmakers are demanding to know whether Colonial Pipeline paid a ransom to hackers who forced the company to shut down operations for days. Following a Monday briefing with Colonial Pipeline, the heads of the House Homeland Security and Oversight and Reform committees said the company’s refusal to share information on any ransom payment hindered their ability to craft legislation to address the ransomware problem. Bloomberg News reported that Colonial Pipeline, which says it supplies 45% of the fuel consumed on the East Coast, paid cybercriminals nearly $5 million to recover their computer systems. “We’re disappointed that the company refused to share any specific information regarding the reported payment of ransom during today’s briefing,” Democratic Reps. Bennie Thompson of Mississippi and Carolyn Maloney of New York said in a statement. “In order for Congress to legislate effectively on ransomware, we need this information.” When contacted by CyberScoop on Tuesday, a […]

The post Lawmakers say Colonial Pipeline’s refusal to discuss ransom undermines US efforts appeared first on CyberScoop.

Continue reading Lawmakers say Colonial Pipeline’s refusal to discuss ransom undermines US efforts

After Colonial Pipeline hack, lawmakers want more action on pipeline security

As a major fuel delivery operator gradually returns to service five days after suffering a ransomware attack, U.S. lawmakers are pressing federal agencies on what more they can do to secure the nation’s pipelines from hackers. The disruption at Colonial Pipeline, which operates 5,500 miles of pipelines and provides 45% of the fuel consumed on the East Coast, has renewed longstanding concerns that the lead agency for pipeline cybersecurity, the Transportation Security Administration, is ill-equipped to deal with the scale of security challenges in the sector. A multi-agency initiative to bolster pipeline cybersecurity begun in 2018 is a good start, but more can be done, critics say. “I have raised significant concerns with TSA’s focus on surface transportation, including pipelines, for years,” Rep. Jim Langevin, D-R.I., told CyberScoop. He pointed to a 2018 audit from the Government Accountability Office that found that TSA’s pipeline cybersecurity work was inadequate and lacked […]

The post After Colonial Pipeline hack, lawmakers want more action on pipeline security appeared first on CyberScoop.

Continue reading After Colonial Pipeline hack, lawmakers want more action on pipeline security

Ex-government officials urge US to take action to avoid another SolarWinds-style hack

The U.S. government requires dramatic updates to its current approach toward cybersecurity if Americans want to avoid the kind of cyber-espionage campaigns that have recently rocked the national security establishment, a panel of security practitioners told Congress Wednesday.   During testimony in front of the House Homeland Security Committee, Gordon likened the state of data protection in the U.S. to the stock market crash of 1929, which triggered the Great Depression. The government responded to reckless behavior on Wall Street by creating oversight in the form of the U.S. Securities and Exchange Commission and requiring regular financial filings from publicly-listed companies. Recent events in cyberspace — such as an alleged Russian espionage campaign involving the federal contractor SolarWinds and a Feb. 5 hack at a Florida water treatment facility — are proof that the U.S. faces a similar moment of reckoning in 2021, Gordon said.  “We need to stop pretending like […]

The post Ex-government officials urge US to take action to avoid another SolarWinds-style hack appeared first on CyberScoop.

Continue reading Ex-government officials urge US to take action to avoid another SolarWinds-style hack

Voting Village brings equipment to lawmakers to boost urgency on election security

A year from the 2020 election and with a new round of election security funding stalled in Congress, the DEF CON Voting Village organizers have again taken to Capitol Hill to raise awareness about software vulnerabilities in voting equipment. This time, they brought the equipment with them to drive home their point. “If we’re going to meaningfully introduce funding or introduce new technologies for 2020, time is rapidly running out to be able to do that,” Matt Blaze, a professor at Georgetown University and co-organizer of the Voting Village, told CyberScoop. “We need to act pretty fast.” A handful of House Democrats and their staffers sauntered up to equipment on display, including a ballot-marking device and an electronic voting machine, to ask the researchers about the software bugs they found. “This is really helpful in understanding that these aren’t just abstract problems, that these are real things,” Blaze, an expert […]

The post Voting Village brings equipment to lawmakers to boost urgency on election security appeared first on CyberScoop.

Continue reading Voting Village brings equipment to lawmakers to boost urgency on election security

Shutdown erodes feds’ ability to set cyber strategies, say lawmaker and ex-DHS officials

A top House lawmaker, along with former Department of Homeland Security officials, say the partial government shutdown is hampering federal officials’ ability to anticipate and proactively address cyberthreats. “We can kind of address things as they come, but we can’t look forward and do additional mitigation and other kinds of things that we normally do,” Rep. Bennie Thompson, D-Miss., told reporters Thursday at an event on Capitol Hill on the security implications of the shutdown. “So if somebody tells us about something or we identify it, we can go after it,” added Thompson, who is chairman of the Homeland Security Committee. “But we can’t plan for the next month or the next three months because we don’t have the capacity to do it with the shutdown.” Former DHS officials agreed that the partial shutdown, which began Dec. 22 and has 800,000 workers across all agencies furloughed or working without pay, […]

The post Shutdown erodes feds’ ability to set cyber strategies, say lawmaker and ex-DHS officials appeared first on CyberScoop.

Continue reading Shutdown erodes feds’ ability to set cyber strategies, say lawmaker and ex-DHS officials

Democrats’ massive House bill to include election security measures

House Democrats will include proposed cybersecurity measures in a massive bill due to be unveiled Friday as Congress begins a new session. The bill, H.R. 1, includes an array of legislation, such as a plan to force all presidential nominees to disclose their tax returns, new campaign finance rules and changes to sexual harassment law. Cybersecurity also is a major component, as reports indicate H.R. 1 will repurpose much of the language from the Elections Security Act, proposed last year by Rep. Bennie Thompson, D-Miss. H.R. 1, known as the “For the People Act,” also would require states to replace paperless voting systems, create grants to help states audit their election results, and force election system vendors to report data breaches, according to the Brennan Center. Last year’s version of the bill designated $1.7 billion for states to secure their voting technology and would have required the White House to […]

The post Democrats’ massive House bill to include election security measures appeared first on CyberScoop.

Continue reading Democrats’ massive House bill to include election security measures

House panel rejects call for cyberthreat report on ZTE amid Trump deal

On the heels of a reported U.S. deal with embattled Chinese telecom company ZTE, American lawmakers rejected a Democratic measure that would have directed the Department of Homeland Security to provide more information on any cybersecurity risks posed by the international tech company. The top Republican and Democrat on the House Homeland Security Committee sparred over the utility of the resolution, which would have tasked DHS with providing any documentation it has on cyber risks introduced by the use of ZTE products on federal, state and local government networks. The Republican-led panel voted 16-11 against the measure. Instead, lawmakers will get a classified briefing from officials at DHS, the FBI and the Defense Department on June 13 about the  national security risks posed by ZTE and Huawei, another Chinese technology giant. Texas Republican Michael McCaul, the committee’s chairman, announced the briefing at a committee markup Wednesday on Capitol Hill. U.S. […]

The post House panel rejects call for cyberthreat report on ZTE amid Trump deal appeared first on Cyberscoop.

Continue reading House panel rejects call for cyberthreat report on ZTE amid Trump deal