Brandon Wales reflects on 20 years of cyber as he leaves CISA

SolarWinds, election security and protecting federal networks were among the highlights, he said in an interview with CyberScoop.

The post Brandon Wales reflects on 20 years of cyber as he leaves CISA appeared first on CyberScoop.

Continue reading Brandon Wales reflects on 20 years of cyber as he leaves CISA

Ivanti-linked breach of CISA potentially affected more than 100,000 individuals

A senior CISA official shared details with CyberScoop regarding the incident after the agency notified Congress about it on Friday.

The post Ivanti-linked breach of CISA potentially affected more than 100,000 individuals appeared first on CyberScoop.

Continue reading Ivanti-linked breach of CISA potentially affected more than 100,000 individuals

Seven years later, DHS set to roll out dramatic changes to system for hiring cyber pros

Soon, a cybersecurity professional at the Department of Homeland Security could make as much money as the vice president of the United States, $255,800 — or more, up to $332,100, if they’re in a geographic market where that salary makes the offer competitive. It’s just one feature of a dramatic overhaul of how DHS hires cyber personnel rolling out on Nov. 15 after seven years in the making. The Cyber Talent Management System dispenses with traditional federal job classifications in place since 1949, changes how applicants prove themselves, ties pay increases to something other than longevity of service and much more. At a time when private sector organizations and government agenies struggle to recruit and retain cyber personnel, DHS officials and outside observers alike are hopeful the system will deliver results. It’s a priority not just for DHS Secretary Alejandro Mayorkas but for the chief of the Cybersecurity and Infrastructure […]

The post Seven years later, DHS set to roll out dramatic changes to system for hiring cyber pros appeared first on CyberScoop.

Continue reading Seven years later, DHS set to roll out dramatic changes to system for hiring cyber pros

Nations investing in cyber, ‘democratization’ of malware are factors accelerating dangers online, CISA official says

Two trends are combining to amplify the threat that cyber poses to the U.S., according to a top Cybersecurity and Infrastructure Security Agency official: nation-states expanding their offensive capabilities, and the wider availability of easily-used hacking tools. Brandon Wales, executive director of the Department of Homeland Security’s cyber wing CISA, said Monday that nations like China, Russia, Iran and North Korea “are investing significantly in tools to target our networks.” A small number of ransomware gangs also are producing malware for wider use as part of their affiliate programs, Wales said at CyberWeek, a Scoop News Group event. “We continue to see a democratization of malicious cyber capabilities,” he said. “Today, hacking tools can be purchased for use by any criminal, regardless of expertise, or even rented to provide as a service capability.” Those separate phenomena are responsible for many of the most troubling developments in cyberspace over the past […]

The post Nations investing in cyber, ‘democratization’ of malware are factors accelerating dangers online, CISA official says appeared first on CyberScoop.

Continue reading Nations investing in cyber, ‘democratization’ of malware are factors accelerating dangers online, CISA official says

Colonial Pipeline didn’t tell CISA about ransomware incident, highlighting questions about information sharing

Colonial Pipeline didn’t notify the Homeland Security Department’s Cybersecurity and Infrastructure Security Agency of its ransomware incident, and CISA still didn’t have technical details about the attack as of Tuesday morning, the agency’s top official told senators. Acting director Brandon Wales also said he didn’t think Colonial would have reached out to CISA if the FBI hadn’t alerted his agency, he said in testimony before the Homeland Security and Governmental Affairs Committee. That exchange — and others over the course of a hearing that touched on several major recent security incidents — served as yet another reminder that despite the constant drumbeat for improved cybersecurity information sharing between industry and government, it still doesn’t happen fully in even some of the most dire circumstances. “This is potentially the most substantial and damaging attack on U.S. critical infrastructure ever,” said Ohio Sen. Rob Portman, the top Republican on the panel, in […]

The post Colonial Pipeline didn’t tell CISA about ransomware incident, highlighting questions about information sharing appeared first on CyberScoop.

Continue reading Colonial Pipeline didn’t tell CISA about ransomware incident, highlighting questions about information sharing

Colonial Pipeline didn’t tell CISA about ransomware incident, highlighting questions about information sharing

Colonial Pipeline didn’t notify the Homeland Security Department’s Cybersecurity and Infrastructure Security Agency of its ransomware incident, and CISA still didn’t have technical details about the attack as of Tuesday morning, the agency’s top official told senators. Acting director Brandon Wales also said he didn’t think Colonial would have reached out to CISA if the FBI hadn’t alerted his agency, he said in testimony before the Homeland Security and Governmental Affairs Committee. That exchange — and others over the course of a hearing that touched on several major recent security incidents — served as yet another reminder that despite the constant drumbeat for improved cybersecurity information sharing between industry and government, it still doesn’t happen fully in even some of the most dire circumstances. “This is potentially the most substantial and damaging attack on U.S. critical infrastructure ever,” said Ohio Sen. Rob Portman, the top Republican on the panel, in […]

The post Colonial Pipeline didn’t tell CISA about ransomware incident, highlighting questions about information sharing appeared first on CyberScoop.

Continue reading Colonial Pipeline didn’t tell CISA about ransomware incident, highlighting questions about information sharing

Biden’s cyber executive order to include new rules for federal agencies, contractors

Under a forthcoming White House order, companies that do business with the federal government would have to meet software security standards and swiftly report cyber incidents to a new entity within the Department of Homeland Security, sources familiar with a draft version of the document said. The order, which could be made public in a matter of weeks, is meant to improve the government’s ability to detect, coordinate, response to and investigate cybersecurity incidents, as well as promote supply chain security and push government contractors to up their defenses. It is spurred largely by the suspected Russian campaign in which hackers exploited the update process for SolarWinds’ Orion software, which led to the compromise of nine federal agencies and roughly 100 companies, the White House previously said. Some of the order’s measures are aimed at strengthening DHS and its Cybersecurity and Infrastructure Security Agency. The White House directive would establish […]

The post Biden’s cyber executive order to include new rules for federal agencies, contractors appeared first on CyberScoop.

Continue reading Biden’s cyber executive order to include new rules for federal agencies, contractors

Feds aren’t well prepared to spot SolarWinds-style hacks at agencies, CISA official says

In one of the bluntest assessments of U.S. government security shortcomings around the SolarWinds hack, a top Department of Homeland Security official told senators on Thursday that federal defenses simply aren’t aligned properly to detect advanced attackers. The testimony before the Senate Homeland Security and Governmental Affairs Committee on federal cybersecurity weaknesses points to a forthcoming reorientation of how DHS’s Cybersecurity and Infrastructure Security Agency protects agencies from threats. It’s a shift resulting from the fallout from the hack at federal contractor SolarWinds that resulted in breaches at numerous federal agencies and major technology companies. And it’s a shift that Congress is aiding with $650 million that it recently appropriated for CISA. “Part of the challenge is that you can only secure what you can see,” Brandon Wales, acting director of the agency, told committee Chairman Gary Peters, D-Mich. “Over the past decade our system of protection has largely relied […]

The post Feds aren’t well prepared to spot SolarWinds-style hacks at agencies, CISA official says appeared first on CyberScoop.

Continue reading Feds aren’t well prepared to spot SolarWinds-style hacks at agencies, CISA official says

Tim Maurer takes front office DHS cybersecurity job advising Mayorkas

Tim Maurer, director of the Cyber Policy Initiative at the Carnegie Endowment for International Peace, is joining the Department of Homeland Security as a senior political appointee in the role of senior counselor for cybersecurity to Secretary Alejandro Mayorkas, two sources familiar with the move told CyberScoop. It’s a job title that a number of cybersecurity luminaries to pass through the department have held over the years, including the current acting director of DHS’s Cybersecurity and Infrastructure Agency, Brandon Wales, former CISA Director Chris Krebs and CISA’s former assistant secretary for cybersecurity, Jeanette Manfra. According to his Carnegie bio, Maurer “works on the geopolitical implications of the Internet and cybersecurity, with a focus on the global financial system, influence operations, and other areas of importance as actors exploit the gray space between war and peace.” He also was a senior fellow at Carnegie’s Technology and International Affairs program. He recently […]

The post Tim Maurer takes front office DHS cybersecurity job advising Mayorkas appeared first on CyberScoop.

Continue reading Tim Maurer takes front office DHS cybersecurity job advising Mayorkas