congress – Page 10 – WindowsTechs.com

Momentum builds on federal oversight of facial recognition tech after reported abuses

Posted on July 15, 2021 by Tonya Riley

Lawmakers in the House and Senate are considering legislation that would halt the use of facial recognition and biometric data collection tools by federal law enforcement, signaling that the controversial technologies may soon be subject to oversight after years of debate and revelations about its role in discriminatory policing. The Facial Recognition and Biometric Technology Moratorium Act, reintroduced in June by Sen. Ed Markey (D-Mass.) and Rep. Pramila Jayapal (D-Wash.), would fully ban the use of facial recognition and biometric technology by federal agencies, barring a lift by Congress. It would also block funding to state and local law enforcement who do not cease use of the tech. The bill would allow cities and states to keep and make their own laws. More than 40 privacy and civil liberties groups have thrown their weight on the Hill and organizing power behind the Biometric Technology Moratorium Act, saying that cases in […]

The post Momentum builds on federal oversight of facial recognition tech after reported abuses appeared first on CyberScoop.

Continue reading Momentum builds on federal oversight of facial recognition tech after reported abuses→

Senate confirms former White House, NSA official Jen Easterly as CISA director after delay

Posted on July 12, 2021 by Tim Starks

Seven months into Joe Biden’s presidency, an administration confronting several cybersecurity crises finally has a permanent director en route to take over one of the top few cyber posts in the federal government. The Senate on Monday confirmed Jen Easterly as director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency by voice vote. Once she’s sworn in, Easterly — the departing head of Morgan Stanley’s Fusion Resilience Center and a former White House and National Security Agency official — will be busy with the aftermath of a spree of ransomware attacks that have attracted the attention of policymakers like none before. They include incidents at fuel supplier Colonial Pipeline, meat processor JBS and software company Kaseya, where a compromise opened the door for attackers to claim perhaps thousands of victims. In the early months of the Biden administration, officials also have contended with a cyber-espionage operation that […]

The post Senate confirms former White House, NSA official Jen Easterly as CISA director after delay appeared first on CyberScoop.

Continue reading Senate confirms former White House, NSA official Jen Easterly as CISA director after delay→

Feds use gag orders to collect cloud data in secret, Microsoft executive tells Congress

Posted on June 30, 2021 by Tonya Riley

The Justice Department is abusing secret subpoenas to collect cloud user data at alarming rates, a top Microsoft executive testified in front of the House Judiciary Committee on Wednesday. Tom Burt, Microsoft’s vice president of customer security and trust, told lawmakers that the company currently receives between 2,400 to 3,500 secrecy orders each year. That’s roughly a third of the total number of requests that federal law enforcement sends to Microsoft, and it’s a number that has grown as more companies and organizations rely on cloud providers to serve as their virtual offices. The hearing comes on the heels of a revelation earlier this month that the Justice Department had used such gag orders to secretly subpoena Microsoft and Apple for data from two members of Congress, Capitol Hill staffers and some family members. “If law enforcement wants to secretly search someone’s physical office, it must meet a heightened burden […]

The post Feds use gag orders to collect cloud data in secret, Microsoft executive tells Congress appeared first on CyberScoop.

Continue reading Feds use gag orders to collect cloud data in secret, Microsoft executive tells Congress→

Senate bill proposes requiring cyber incident notification to feds within 24 hours

Posted on June 17, 2021 by Tim Starks

Senate Intelligence Chairman Mark Warner is sharing draft bipartisan legislation that would require critical infrastructure owners, cybersecurity incident response firms and federal contractors to report cyber intrusions to the Homeland Security Department within 24 hours. It’s one of the earliest bills to respond a spate of attacks that began with the SolarWinds breach and continued on through the Microsoft Exchange hack and ransomware incidents at Colonial Pipeline and meat supplier JBS. It won’t be the last, either in the House or Senate. Warner has been pushing the idea for months. At a February hearing of Warner’s committee the Virginia Democrat, other senators and witnesses from SolarWinds, Microsoft and FireEye discussed the thought Warner had been floating. The fear was that if FireEye hadn’t voluntarily disclosed that it was a victim of the SolarWinds supply chain hack that compromised nine federal agencies and many technology companies, the damage would’ve been more severe. […]

The post Senate bill proposes requiring cyber incident notification to feds within 24 hours appeared first on CyberScoop.

Continue reading Senate bill proposes requiring cyber incident notification to feds within 24 hours→

IRS, GAO at odds over cybersecurity requirements on tax preparers

Posted on June 14, 2021 by Tim Starks

The Internal Revenue Service hasn’t put in place a structure to issue cybersecurity dictates to paid tax preparers because it doesn’t believe it has the authority to do so — but the Government Accountability Office begs to differ. The government watchdog recommended the IRS establish a security structure in a 2019 report, but the agency contended Congress would need to take action to give the IRS more power. As of January of this year, the IRS still believes it needs statutory authority, the GAO said in a report released Monday. The GAO’s suggestion is that IRS should create a governance structure or steering committee to “to coordinate all aspects of IRS’s efforts to protect taxpayer information while at third-party providers.” Hackers have targeted tax preparation companies for years in identity theft and tax return theft schemes, as the IRS itself has repeatedly warned. In one recent case, a U.S. court […]

The post IRS, GAO at odds over cybersecurity requirements on tax preparers appeared first on CyberScoop.

Continue reading IRS, GAO at odds over cybersecurity requirements on tax preparers→

Biden cyber nominees Easterly, Inglis describe ransomware as urgent national security threat

Posted on June 10, 2021 by Sean Lyngaas

It’s been two months since President Joe Biden announced his two most important Senate-confirmed cybersecurity picks: Jen Easterly to lead the Department of Homeland Security’s cybersecurity agency, and Chris Inglis to be the national cyber director. During that time, ransomware attacks have forced temporary shutdowns of a major fuel pipeline and a big meat supplier, and Biden has signaled he will raise the issue of harboring criminal hackers in a meeting next week with Russian President Vladimir Putin. Americans got their closest look yet of how Inglis and Easterly would approach those pressing issues during a Senate confirmation hearing Thursday. The nominees labeled ransomware a “scourge” that threatens national security, vowed to work with critical infrastructure firms to improve their defenses, and wondered aloud if additional federal regulations were necessary to incentivize firms to reduce their vulnerabilities to hacking. The U.S. government, Inglis said, must “seize back the initiative that […]

The post Biden cyber nominees Easterly, Inglis describe ransomware as urgent national security threat appeared first on CyberScoop.

Continue reading Biden cyber nominees Easterly, Inglis describe ransomware as urgent national security threat→

Colonial Pipeline CEO says company didn’t have plan for potential ransomware attack

Posted on June 8, 2021 by Tonya Riley

Colonial Pipeline did not have guidance in place on how to handle a ransom demand from cybercriminals who locked up its systems, its CEO testified in a hearing before the Senate Homeland Security and Governmental Affairs Committee Tuesday. The company’s failure to prepare explicitly for a ransomware attack — despite warnings from Homeland Security Department’s Cybersecurity and Infrastructure Security Agency as early as February 2020 about the risk of such attacks against the pipeline industry — underscores growing concerns from lawmakers that the critical sector needs tighter regulations when it comes to cybersecurity. “We have an emergency response process: See the threat, contain the threat, remediate the threat, and restore,” Colonial Pipeline CEO Joseph Blount said in response to a question from Sen. Maggie Hassan, D-N.H. about ransomware-specific guidance. “So in this case, you use the same process, but you use a different set of experts.” Hassan chastized Blount’s response, […]

The post Colonial Pipeline CEO says company didn’t have plan for potential ransomware attack appeared first on CyberScoop.

Continue reading Colonial Pipeline CEO says company didn’t have plan for potential ransomware attack→

Ransomware hits iConstituent, a service lawmakers use to communicate with voters

Posted on June 8, 2021 by Sean Lyngaas

The scourge of ransomware has now hit closer to home for U.S. politicians. Ransomware has impacted the newsletter service of iConstituent, a firm that U.S. lawmakers use to contact constituents, the House of Representatives’ Chief Administrative Officer (CAO) said Tuesday. Individual offices choose to buy iConstituent services, which include virtual town halls, email and texting, and other data services. “At this time, the CAO is not aware of any impact to House data,” the CAO office said in an emailed statement. “The CAO is coordinating with the impacted offices supported by iConstituent and has taken measures to ensure that the attack does not affect the House network and offices’ data.” iConstituent boasts that its software “supports millions of digital interactions between people and their governments each year.” It was unclear Tuesday morning how broadly the incident would impact House legislators’ communication with constituents. The Washington-based firm did not immediately respond […]

The post Ransomware hits iConstituent, a service lawmakers use to communicate with voters appeared first on CyberScoop.

Continue reading Ransomware hits iConstituent, a service lawmakers use to communicate with voters→

Biden budget seeks $750 million to respond to SolarWinds compromises, plus billions more for cyber

Posted on May 28, 2021 by Tim Starks

President Joe Biden’s fiscal 2022 budget blueprint released Friday proposes $750 million for the federal government to respond to “lessons learned” from the SolarWinds supply chain hack that compromised nine agencies. In all, the budget proposes $9.8 billion in federal civilian cybersecurity funding, a 14% increase from the spending levels allocated for the current fiscal year, according to a summary. That number doesn’t take into account Defense Department funding requests, which would represent another large chunk of money, though that amount isn’t precisely spelled out in four documents shared Friday with reporters in advance of public release. “Cybersecurity is a top priority for this Administration, and recent events, such as the SolarWinds cyber incident, have shown that adversaries continue to target Federal systems,” one budget document reads. The blueprint also requests $15 million for the recently-created national cyber director office in the White House, and $20 million for a new […]

The post Biden budget seeks $750 million to respond to SolarWinds compromises, plus billions more for cyber appeared first on CyberScoop.

Continue reading Biden budget seeks $750 million to respond to SolarWinds compromises, plus billions more for cyber→

Colonial Pipeline CEO to face questions from Congress on $4.4 million ransom payment

Posted on May 19, 2021 by Sean Lyngaas

After Colonial Pipeline CEO Joseph Blount confirmed Wednesday that his company had paid hackers $4.4 million to recover its data, lawmakers said they would press Blount for more information at a congressional hearing next month. “I’ll have some questions about Blount’s judgement when he appears before [the committee] in a couple weeks,” tweeted Rep. Jim Langevin, D-RI., an influential member of the House Homeland Security Committee. The FBI has advised companies for years not to pay a ransom, and cybersecurity experts warn that doing so fuels yet more ransomware hacks that have already cost U.S. companies hundreds of millions of dollars.But the breach of Colonial Pipeline’s IT systems, which caused a multi-day shutdown of the pipeline system and indirectly resulted in shortages at gas stations in multiple states, has thrust the issue of ransomware payments into the national limelight. Blount defended the decision in an interview with The Wall Street […]

The post Colonial Pipeline CEO to face questions from Congress on $4.4 million ransom payment appeared first on CyberScoop.

Continue reading Colonial Pipeline CEO to face questions from Congress on $4.4 million ransom payment→