congress – Page 10 – WindowsTechs.com

CISA used new subpoena power to contact US companies vulnerable to hacking

Posted on May 5, 2021 by Sean Lyngaas

The Department of Homeland Security’s cybersecurity agency used a new subpoena power for the first time last week to contact at least one U.S. internet service provider with customers whose software is vulnerable to hacking. It’s an authority that DHS’s Cybersecurity and Infrastructure Security Agency has long sought, as agency officials struggled to communicate with some technology firms before flaws in their equipment became public and risked exploitation by state-linked or criminal hackers. Congress granted CISA the subpoena power in a bill that became law in January, allowing the agency to obtain a list of an internet service provider’s vulnerable customers and notify them directly rather than relying on third party communication. CISA issued two such subpoenas last week, acting agency director Brandon Wales said. A CISA spokesperson declined to say which U.S. company or companies had been subpoenaed, or whether the vulnerabilities pertained to an ongoing hacking campaign. “The […]

The post CISA used new subpoena power to contact US companies vulnerable to hacking appeared first on CyberScoop.

Continue reading CISA used new subpoena power to contact US companies vulnerable to hacking→

White House asks for additional $110 million in CISA funding to address cyber threats

Posted on April 9, 2021 by Sean Lyngaas

The White House on Friday asked Congress for $110 million in additional funding in 2022 to help the Department of Homeland Security shore up federal and state defenses in the wake of high-profile hacking operations. The money would allow DHS’s Cybersecurity and Infrastructure Security Agency to improve its defensive tools, hire more experts and “obtain support services to protect and defend federal information technology systems,” Shalanda Young, the acting director of the Office of Management and Budget, wrote in an April 9 letter to congressional appropriators. It would add to a recent $650 million funding boost for CISA that was part of the coronavirus relief package cleared by Congress. The White House’s discretionary funding request for CISA in fiscal 2022 totals $2.1 billion, or $110 million more than Congress allotted the agency the previous fiscal year. Discretionary budgets are those that Congress can alter with appropriations bills, in contrast to the […]

The post White House asks for additional $110 million in CISA funding to address cyber threats appeared first on CyberScoop.

Continue reading White House asks for additional $110 million in CISA funding to address cyber threats→

Biden’s cyber executive order to include new rules for federal agencies, contractors

Posted on April 1, 2021 by Tim Starks

Under a forthcoming White House order, companies that do business with the federal government would have to meet software security standards and swiftly report cyber incidents to a new entity within the Department of Homeland Security, sources familiar with a draft version of the document said. The order, which could be made public in a matter of weeks, is meant to improve the government’s ability to detect, coordinate, response to and investigate cybersecurity incidents, as well as promote supply chain security and push government contractors to up their defenses. It is spurred largely by the suspected Russian campaign in which hackers exploited the update process for SolarWinds’ Orion software, which led to the compromise of nine federal agencies and roughly 100 companies, the White House previously said. Some of the order’s measures are aimed at strengthening DHS and its Cybersecurity and Infrastructure Security Agency. The White House directive would establish […]

The post Biden’s cyber executive order to include new rules for federal agencies, contractors appeared first on CyberScoop.

Continue reading Biden’s cyber executive order to include new rules for federal agencies, contractors→

Encryption Backdoor Debate, Microsoft Exchange Attacks, Airline Supplier Data Breach

Posted on March 15, 2021 by Tom Eston

Why is federal law enforcement (still) asking Congress for encryption backdoors? Attacks on Microsoft Exchange servers seem to have gotten worse, details on an airline supplier data breach, and the real reason Kevin hasn’t replaced his Chewbacca manneq… Continue reading Encryption Backdoor Debate, Microsoft Exchange Attacks, Airline Supplier Data Breach→

Is Congress finally ready to pass meaningful ransomware legislation?

Posted on March 9, 2021 by Tim Starks

During the entire last two-year session of Congress, lawmakers only signed one bill law that mentioned the word “ransomware.” With the epidemic of digital extortion showing no signs of abating, though, and as ransomware attacks claim ever more victims across all parts of the U.S., evidence is mounting that the next two years could bring a more concerted push for legitlation. “I think it will be a focus because essentially every congressional district has had some kind of ransomware incident, whether public or not,” said Michael Garcia, a senior policy adviser in the national security program at Third Way, a center-left think tank. “Just look at the number of hospitals getting hit, of schools being hit.” In one recent incident, a Mississippi public school system revealed it had paid $300,000 to ransomware attacks, while a U.S. medical company, Universal Health Services, said it lost $67 million as a result of […]

The post Is Congress finally ready to pass meaningful ransomware legislation? appeared first on CyberScoop.

Continue reading Is Congress finally ready to pass meaningful ransomware legislation?→

Senate hearing on SolarWinds hack lays bare US shortcomings, remaining mysteries

Posted on February 23, 2021 by Tim Starks

A host of federal government policy failures contributed to the rippling damage of the SolarWinds hack, leaders of cyber firms told a Senate panel on Tuesday, with even lawmakers saying Congress must do more to prevent a repeat. More than two months after the hack became public, the wide-ranging Senate Select Committee on Intelligence hearing committee demonstrated that the U.S. government, the private sector and digital incident responders still are wrestling with the ramifications of an suspected Russian espionage campaign that leveraged the federal contractor SolarWinds. A number of big questions remain: SolarWinds still hasn’t determined how the hackers originally got into its systems, nobody has fully settled debates on whether the incident amount to espionage, or something worse, and suspicions abound that more victims remain unrevealed. “It has become clear that there is much more to learn about this incident, its causes, its scope and scale, and where we […]

The post Senate hearing on SolarWinds hack lays bare US shortcomings, remaining mysteries appeared first on CyberScoop.

Continue reading Senate hearing on SolarWinds hack lays bare US shortcomings, remaining mysteries→

SolarWinds CEO talks hack, remaining questions before Capitol Hill hearings

Posted on February 22, 2021 by Tim Starks

The chief executive of SolarWinds on Monday said his company is still seeking a fuller understanding of the scope of the hack on its Orion software — and laying the groundwork for what SolarWinds, as well as the federal government, should be doing next. “What we are… still learning is the breadth and depth of the sophistication of the attackers, number one,” Sudhakar Ramakrishna said at a Center for Strategic and International Studies online event where he noted that the company’s investigation into what happened is ongoing. “Number two is the patience with which they carried out these attacks, and obviously the persistence,” he said, citing as an example that the hackers appeared to use earlier versions of Orion code as a test bed for their eventual attack. Ramakrishna took over as CEO weeks after news about the hack of SolarWinds’ updates to its Orion software had become public. The […]

The post SolarWinds CEO talks hack, remaining questions before Capitol Hill hearings appeared first on CyberScoop.

Continue reading SolarWinds CEO talks hack, remaining questions before Capitol Hill hearings→

GAO Finds Gaps in DoD Cyberdefenses, Highlights Importance of Breach and Attack Simulation Tools

Posted on February 8, 2021 by Stacey Meyer

AttackIQ’s Security Optimization Platform gives an agency a proactive—rather than a reactive—security posture. It enables continuous validation of security controls to definitively establish the effectiveness of key initiatives, to include zero-trust c… Continue reading GAO Finds Gaps in DoD Cyberdefenses, Highlights Importance of Breach and Attack Simulation Tools→

Congress is starting to move on more cyber bills, even if few become law

Posted on February 3, 2021 by Tim Starks

Congress dramatically ratcheted up the number of cybersecurity bills introduced in the last two years compared to the prior session of Congress, but that didn’t equate to much more of it becoming law, according to a think tank study out today. And while cybersecurity legislation remained a relative oasis of bipartisanship, that tendency sharply dropped off when it came to election security, found the tally from Third Way — which CyberScoop is first reporting. The findings offer potential insights into how the issue is evolving, and where it might go next, even if the trends don’t lend themselves to a simple explanation. In all, lawmakers introduced 316 cybersecurity bills in the 116th Congress that ran from 2019 to 2020, a 40% increase from the 115th Congress. That continues a trend that took off in that session of Congress: The 114th Congress saw just 22 cybersecurity measures offered, the center-left think […]

The post Congress is starting to move on more cyber bills, even if few become law appeared first on CyberScoop.

Continue reading Congress is starting to move on more cyber bills, even if few become law→

After SolarWinds breach, lawmakers ask NSA for help in cracking Juniper cold case

Posted on January 29, 2021 by Sean Lyngaas

As the U.S. investigation into the SolarWinds hacking campaign grinds on, lawmakers are demanding answers from the National Security Agency about another troubling supply chain breach that was disclosed five years ago. A group of lawmakers led by Sen. Ron Wyden, D-Ore., are asking the NSA what steps it took to secure defense networks following a years-old breach of software made by Juniper Networks, a major provider of firewall devices for the federal government. Juniper revealed its incident in December 2015, saying that hackers had slipped unauthorized code into the firm’s software that could allow access to firewalls and the ability to decrypt virtual private network connections. Despite repeated inquiries from Capitol Hill— and concern in the Pentagon about the potential exposure of its contractors to the hack — there has been no public U.S. government assessment of who carried out the hack, and what data was accessed. Lawmakers are […]

The post After SolarWinds breach, lawmakers ask NSA for help in cracking Juniper cold case appeared first on CyberScoop.

Continue reading After SolarWinds breach, lawmakers ask NSA for help in cracking Juniper cold case→