Collaborate Disseminate
Deputy Attorney General Lisa Monaco said the Disruptive Technology Strike Force will use intelligence and analytics to target illicit actors.
The post US government launches ‘strike force’ to combat Chinese and Russian technology threats appeared first on CyberScoop.
The prospect of an executive order limiting use of spyware within U.S. intelligence unleashes potentially even more debate in Washington.
The post White House expected to issue executive order reining in spyware appeared first on CyberScoop.
Continue reading White House expected to issue executive order reining in spyware
The executive order will give EU citizens redress for intelligence collection that violates U.S. laws.
The post White House announces new surveillance guardrails to meet EU Privacy Shield expectations appeared first on CyberScoop.
The executive order will give EU citizens redress for intelligence collection that violates U.S. laws.
The post White House announces new surveillance guardrails to meet EU Privacy Shield expectations appeared first on CyberScoop.
The bill tasks the Department of Commerce with creating new export rules.
The post Lawmakers want to restrict user data sales to nations like China, Russia appeared first on CyberScoop.
Continue reading Lawmakers want to restrict user data sales to nations like China, Russia
Open-source software and device firmware are two of the biggest areas of vulnerability in the supply chains for information and communications technology, according to a federal report Thursday that called for better risk management practices and improved monitoring efforts by government and industry. Another area that potentially affects U.S. cybersecurity is a shrinking manufacturing base for hardware, including a “significant reduction” in the related workforce, the report said. The Biden administration asked the departments of Commerce and Homeland Security for the review under an executive order signed in February 2021 as the White House worked to address challenges in the supply chains for goods and services overall. At the time, the breach of SolarWinds’ software supply chain by Russia-linked hackers had riled Washington, and Thursday’s report comes as the government and cybersecurity industry are still responding to the Log4shell bug found in December 2021 in a widely used piece of […]
The post In studying tech supply chain, feds cite open source products, device firmware appeared first on CyberScoop.
Continue reading In studying tech supply chain, feds cite open source products, device firmware
Tech giants and federal agencies will meet at the White House on Thursday to discuss open-source software security, a response to the widespread Log4j vulnerability that’s worrying industry and cyber leaders. Among the attendees are companies like Apple, Facebook and Google, as well as the Apache Software Foundation, which builds Log4j, a ubiquitous open-source logging framework for websites. “Building on the Log4j incident, the objective of this meeting is to facilitate an important discussion to improve the security of open source software — and to brainstorm how new collaboration could rapidly drive improvements,” a senior administration official said in advance of the meeting. The huddle convenes in light of a vulnerability discovered last month known as Log4Shell that could affect up to hundreds of millions of devices, and as federal officials, businesses and security researchers race to contain the potential fallout. It’s the latest of several Biden White House summits […]
The post White House hosts open-source software security summit in light of expansive Log4j flaw appeared first on CyberScoop.
The Commerce Department released a rule Wednesday aimed at stopping offensive cybersecurity tools made in the U.S. from falling into the hands of countries that use such software undermine human rights or national security. The new rule requires U.S. companies to obtain a license from the Commerce Department’s Bureau of Industry and Security before selling hacking tools to the governments and individuals in countries of national security concern, including China and Russia. Sales of defensive cybersecurity software are largely exempt from the rule. Technologies covered by the new rule include spyware and tools designed to carry out nefarious tasks, such as malicious trojans. “The United States is committed to working with our multilateral partners to deter the spread of certain technologies that can be used for malicious activities that threaten cybersecurity and human rights,” Commerce Secretary Gina Raimondo said in a statement. The new rule, which will take effect in […]
The post New Commerce Department rule to limit sale of offensive cyber tools to China, Russia appeared first on CyberScoop.
U.S. cybersecurity officials are seeking to put their stamp on cyber incident reporting legislation, wading into debates on Capitol Hill about questions like how swiftly companies must report attacks to federal agencies — and what happens if they don’t. The head of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency testified at a Senate hearing Thursday in favor of requiring critical infrastructure owners and operators, federal contractors and agencies to report attacks to CISA within 24 hours of detection. There are three leading proposals in Congress, each with a different timeframe for reporting attacks. The leaders of the Senate Intelligence Committee favor a 24-hour deadline. A draft bill from leaders of the Senate Homeland Security and Governmental Affairs Committee would set the range at between 72 hours and seven days, as determined by CISA. And a draft from leading members of the House Homeland Security Committee proposes leaving […]
The post Biden administration officials push Congress to shape breach reporting mandates appeared first on CyberScoop.
Continue reading Biden administration officials push Congress to shape breach reporting mandates
President Joe Biden will huddle Wednesday with industry leaders to issue a “call to action” on cybersecurity and make “concrete announcements” to counter the fundamental causes of cyberattacks, according to a senior administration official. It’s a star-studded afternoon gathering scheduled to include the likes of Apple CEO Tim Cook and JPMorgan Chase CEO Jamie Dimon from the financial, technology, energy, insurance and education sectors, then feature discussions led by top administration officials. The White House has been working to secure commitments from industry in advance of the meeting, mostly in the areas of “technology and talent,” the official said in a background call with reporters on Tuesday. Two points of emphasis, the official said, are building technology that is secure from the outset, and better defending critical infrastructure after the ransomware attack on Colonial Pipeline led to a fuel scare. “We need to bake in security by design into tech,” […]
The post Apple, JPMorgan Chase bosses among industry heads set to gather at White House for cyber ‘call to action’ appeared first on CyberScoop.