DHS’s cyber agency is led by career official Brandon Wales. For now.

Less than 24 hours after President Donald Trump fired Chris Krebs, the dust is still settling at the Department of Homeland Security cybersecurity agency that Krebs led. Officials at the Cybersecurity and Infrastructure Security Agency (CISA) who have spent months refuting conspiracy theories and battling disinformation surrounding the election say they will continue to do so, despite a White House purge of the agency’s leadership. CISA is now led on an acting basis by Brandon Wales, a 15-year veteran of DHS who is deeply familiar with CISA’s operations after serving as the agency’s top career civil servant. A former senior cybersecurity adviser to then-Homeland Security Secretary Kirstjen Nielsen, Wales is well-liked at CISA and known for his technical acumen. How long Wales will lead the agency, though, remains unclear. The dismantling of CISA’s leadership has employees on edge. And CISA’s continued work to debunk fraud claims could draw additional White House scrutiny. After Trump fired Krebs via tweet on […]

The post DHS’s cyber agency is led by career official Brandon Wales. For now. appeared first on CyberScoop.

Continue reading DHS’s cyber agency is led by career official Brandon Wales. For now.

Trump Fires DHS Cybersecurity Agency Over Election Remarks

Chris Krebs, director of the Cybersecurity and Infrastructure Security Agency (CISA), has been fired by President Trump. His crime? Making a “highly inaccurate” statement about the 2020 presidential election. CISA called the election “the most secure … Continue reading Trump Fires DHS Cybersecurity Agency Over Election Remarks

Trump fires CISA chief Chris Krebs, who guarded the 2020 election from interference and domestic misinformation

President Donald Trump on Tuesday said he has fired Chris Krebs, a widely respected Department of Homeland Security official who helped protect the 2020 election from hacking and disinformation, the latest in a series of purges of officials deemed insufficiently loyal to the president. As head of DHS’s Cybersecurity and Infrastructure Security Agency, Krebs has repeatedly debunked baseless claims from Trump and his allies of widespread electoral fraud while generally avoiding mentioning the president by name. CISA’s “rumor control” public website, which refuted conspiracy theories about stolen votes or dead people voting, reportedly angered the White House. Trump tweeted Tuesday evening that he fired Krebs because his agency issued a “highly inaccurate” statement that the 2020 election was secure. That statement, which was signed by numerous election officials across the country, and backed up by independent security experts, said the election was the most secure in U.S. history. A former Microsoft executive whom […]

The post Trump fires CISA chief Chris Krebs, who guarded the 2020 election from interference and domestic misinformation appeared first on CyberScoop.

Continue reading Trump fires CISA chief Chris Krebs, who guarded the 2020 election from interference and domestic misinformation

Lawmakers back CISA chief Krebs after report that he expects to be fired

Multiple Democratic U.S. lawmakers on Thursday reacted with concern to a media report that a senior Department of Homeland Security cybersecurity official has told associates that he expects to be fired by the White House. Rep. Jim Langevin, D-R.I., and Sen. Mark Warner, D-Va, the ranking member of the Senate Intelligence Committee, were among those who hailed the work of Cybersecurity and Infrastructure Security Director Chris Krebs, who has been at the forefront of federal agencies’ efforts to protect the 2020 election from hacking and disinformation. “It would not be a surprise [but] would disappoint me profoundly if he were to be fired,” Langevin, who is co-founder of the Congressional Cybersecurity Caucus, said in an interview. “I think Chris Krebs has served in his role as director of CISA with great professionalism, with passion, in a nonpartisan way. He’s someone who is respected on both sides of the aisle.” Krebs, […]

The post Lawmakers back CISA chief Krebs after report that he expects to be fired appeared first on CyberScoop.

Continue reading Lawmakers back CISA chief Krebs after report that he expects to be fired

CISA chief rips IG report, touts election security efforts

The head of the U.S. Cybersecurity and Infrastructure Security Agency has slammed a new inspector general report criticizing some of the agency’s election security work, calling the investigation “poorly timed” and its conclusions misleading. The Department of Homeland Security’s inspector general credited CISA for making progress in helping election officials mitigate cyberthreats, but also concluded the agency hadn’t invested enough resources in countering physical threats to election infrastructure. CISA officials say they’ve accounted for those threats in their preparation. Multiple federal agencies, including the FBI, also are working with state officials to guard against cyber and physical threats to the election. “While the OIG [office of the inspector general] recognizes our extensive coordination effort, releasing this report before Election Day fails to account for CISA’s actions throughout the entirety of the actual 2020 election cycle,” CISA Director Chris Krebs said in a statement. “While we can certainly update plans, use […]

The post CISA chief rips IG report, touts election security efforts appeared first on CyberScoop.

Continue reading CISA chief rips IG report, touts election security efforts

How US security officials are watching for threats ahead of Election Day

FBI Director Christopher Wray once called the 2018 midterm elections a “dress rehearsal for the big show” of protecting the 2020 presidential election from foreign interference. The big show is finally here, and American officials say they are pulling out all the stops to keep it secure. U.S. intelligence, law enforcement and national security agencies have for weeks been in an “enhanced operational posture” to share any election-related threats with state and local officials, said Chris Krebs, director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. The week before Election Day, which is Nov. 3, those security efforts will kick into overdrive. Officials from the Department of Defense, FBI, the Election Assistance Commission, political campaigns and the private sector are scheduled to gather at CISA’s operations center outside of Washington, D.C. The U.S. Postal Service, which is playing an expanded role in this year’s election with the increase in […]

The post How US security officials are watching for threats ahead of Election Day appeared first on CyberScoop.

Continue reading How US security officials are watching for threats ahead of Election Day

Top voting vendor ES&S publishes vulnerability disclosure policy

Election Systems & Software, the biggest vendor of U.S. voting equipment, on Wednesday announced a policy to work more closely with security researchers to find software bugs in the company’s IT networks and websites. “Hackers are going to hack, researchers are going to research, whether or not there’s a policy in place,” Chris Wlaschin, ES&S’s vice president of systems security, told CyberScoop. “We think it’s important to have that safe harbor language out there to set expectations.” The policy allows researchers to probe ES&S’s corporate systems and public-facing websites, but not the election systems in place at jurisdictions around the country, which are subject to different testing regimes. The ES&S policy gives the company 90 days to fix vulnerabilities before researchers can report on them publicly — a standard timeline in the research community. For ES&S, the policy marks another step in collaborating with a white-hat hacking community with which it […]

The post Top voting vendor ES&S publishes vulnerability disclosure policy appeared first on CyberScoop.

Continue reading Top voting vendor ES&S publishes vulnerability disclosure policy

Cyber Command backs ‘urgent’ patch for F5 security vulnerability

One of the largest providers of enterprise networking equipment in the world, F5 Networks, has issued a security fix for a major vulnerability that, if exploited, could result in a “complete system compromise.” F5’s BIG-IP is among the most popular networking gear in use today, with adoption through government networks, internet service providers, and cloud computing data centers. If security administrators fail to patch the new vulnerability, though, attackers could wreak havoc on their systems, according to a information security specialists. Mikhail Klyuchnikov, the senior web application security researcher at Positive Technologies who uncovered the flaw, estimated that there are approximately 8,000 vulnerable devices exposed to the internet. The remote code execution vulnerability, called CVE-2020-5902, affects the BIG-IP products’ Traffic Management User Interface (TMIU), which can function as load balancers, firewalls, rate limiters, and web traffic shaping systems. Attackers who exploit the weakness can execute arbitrary system commands, create files, delete files, or disable services, according to […]

The post Cyber Command backs ‘urgent’ patch for F5 security vulnerability appeared first on CyberScoop.

Continue reading Cyber Command backs ‘urgent’ patch for F5 security vulnerability

US cyber officials try to channel Liam Neeson in responding to coronavirus threats

In early March, as the novel coronavirus swept through the U.S., the Department of Homeland Security’s cybersecurity wing quietly began an initiative that would single out the critical government and private-sector organizations that needed protection from spies and criminals during the pandemic. The list of essential organizations would include U.S. labs working on a vaccine, pharmaceutical firms researching virus treatments and a constellation of equipment suppliers with global supply chains. The initiative turned into something U.S. officials call Project Taken — a multi-agency effort to protect U.S. vaccine research and other data from hacking and infiltration. “We really need to identify the parts of the United States government and industry that are going to get us through this COVID crisis,” recalled Bryan S. Ware, assistant director at DHS’s Cybersecurity and Infrastructure Security Agency. “And we need to prioritize … our capabilities and our outreach to those entities.” While other parts of the […]

The post US cyber officials try to channel Liam Neeson in responding to coronavirus threats appeared first on CyberScoop.

Continue reading US cyber officials try to channel Liam Neeson in responding to coronavirus threats

DHS’s cyber wing pledges to invest more in industrial control systems security

The Department of Homeland Security’s cybersecurity division on Tuesday unveiled a strategy to help protect industrial control systems that support energy, transportation, and other critical sectors from being hacked. The goal is to use data analytics, enhanced training, and better technology to help guard U.S. critical infrastructure operators from foreign hacking groups that have shown a steady interest in their networks. “We’re going to ask more of the ICS community, but we’re also going to deliver more to you,” Chris Krebs, head of DHS’s Cybersecurity and Infrastructure Security Agency, said at a virtual meeting of the ICS Joint Working Group, a government-industry organization. A better understanding of cyber-risk in the industrial space can lead to “being out in front of the adversary…putting friction into their plans so that they have to go off and they have to develop new capabilities,” Krebs said. “We’re going to develop deep data capabilities to […]

The post DHS’s cyber wing pledges to invest more in industrial control systems security appeared first on CyberScoop.

Continue reading DHS’s cyber wing pledges to invest more in industrial control systems security