congress – Page 10 – WindowsTechs.com

IRS, GAO at odds over cybersecurity requirements on tax preparers

Posted on June 14, 2021 by Tim Starks

The Internal Revenue Service hasn’t put in place a structure to issue cybersecurity dictates to paid tax preparers because it doesn’t believe it has the authority to do so — but the Government Accountability Office begs to differ. The government watchdog recommended the IRS establish a security structure in a 2019 report, but the agency contended Congress would need to take action to give the IRS more power. As of January of this year, the IRS still believes it needs statutory authority, the GAO said in a report released Monday. The GAO’s suggestion is that IRS should create a governance structure or steering committee to “to coordinate all aspects of IRS’s efforts to protect taxpayer information while at third-party providers.” Hackers have targeted tax preparation companies for years in identity theft and tax return theft schemes, as the IRS itself has repeatedly warned. In one recent case, a U.S. court […]

The post IRS, GAO at odds over cybersecurity requirements on tax preparers appeared first on CyberScoop.

Continue reading IRS, GAO at odds over cybersecurity requirements on tax preparers→

Biden cyber nominees Easterly, Inglis describe ransomware as urgent national security threat

Posted on June 10, 2021 by Sean Lyngaas

It’s been two months since President Joe Biden announced his two most important Senate-confirmed cybersecurity picks: Jen Easterly to lead the Department of Homeland Security’s cybersecurity agency, and Chris Inglis to be the national cyber director. During that time, ransomware attacks have forced temporary shutdowns of a major fuel pipeline and a big meat supplier, and Biden has signaled he will raise the issue of harboring criminal hackers in a meeting next week with Russian President Vladimir Putin. Americans got their closest look yet of how Inglis and Easterly would approach those pressing issues during a Senate confirmation hearing Thursday. The nominees labeled ransomware a “scourge” that threatens national security, vowed to work with critical infrastructure firms to improve their defenses, and wondered aloud if additional federal regulations were necessary to incentivize firms to reduce their vulnerabilities to hacking. The U.S. government, Inglis said, must “seize back the initiative that […]

The post Biden cyber nominees Easterly, Inglis describe ransomware as urgent national security threat appeared first on CyberScoop.

Continue reading Biden cyber nominees Easterly, Inglis describe ransomware as urgent national security threat→

Colonial Pipeline CEO says company didn’t have plan for potential ransomware attack

Posted on June 8, 2021 by Tonya Riley

Colonial Pipeline did not have guidance in place on how to handle a ransom demand from cybercriminals who locked up its systems, its CEO testified in a hearing before the Senate Homeland Security and Governmental Affairs Committee Tuesday. The company’s failure to prepare explicitly for a ransomware attack — despite warnings from Homeland Security Department’s Cybersecurity and Infrastructure Security Agency as early as February 2020 about the risk of such attacks against the pipeline industry — underscores growing concerns from lawmakers that the critical sector needs tighter regulations when it comes to cybersecurity. “We have an emergency response process: See the threat, contain the threat, remediate the threat, and restore,” Colonial Pipeline CEO Joseph Blount said in response to a question from Sen. Maggie Hassan, D-N.H. about ransomware-specific guidance. “So in this case, you use the same process, but you use a different set of experts.” Hassan chastized Blount’s response, […]

The post Colonial Pipeline CEO says company didn’t have plan for potential ransomware attack appeared first on CyberScoop.

Continue reading Colonial Pipeline CEO says company didn’t have plan for potential ransomware attack→

Ransomware hits iConstituent, a service lawmakers use to communicate with voters

Posted on June 8, 2021 by Sean Lyngaas

The scourge of ransomware has now hit closer to home for U.S. politicians. Ransomware has impacted the newsletter service of iConstituent, a firm that U.S. lawmakers use to contact constituents, the House of Representatives’ Chief Administrative Officer (CAO) said Tuesday. Individual offices choose to buy iConstituent services, which include virtual town halls, email and texting, and other data services. “At this time, the CAO is not aware of any impact to House data,” the CAO office said in an emailed statement. “The CAO is coordinating with the impacted offices supported by iConstituent and has taken measures to ensure that the attack does not affect the House network and offices’ data.” iConstituent boasts that its software “supports millions of digital interactions between people and their governments each year.” It was unclear Tuesday morning how broadly the incident would impact House legislators’ communication with constituents. The Washington-based firm did not immediately respond […]

The post Ransomware hits iConstituent, a service lawmakers use to communicate with voters appeared first on CyberScoop.

Continue reading Ransomware hits iConstituent, a service lawmakers use to communicate with voters→

Biden budget seeks $750 million to respond to SolarWinds compromises, plus billions more for cyber

Posted on May 28, 2021 by Tim Starks

President Joe Biden’s fiscal 2022 budget blueprint released Friday proposes $750 million for the federal government to respond to “lessons learned” from the SolarWinds supply chain hack that compromised nine agencies. In all, the budget proposes $9.8 billion in federal civilian cybersecurity funding, a 14% increase from the spending levels allocated for the current fiscal year, according to a summary. That number doesn’t take into account Defense Department funding requests, which would represent another large chunk of money, though that amount isn’t precisely spelled out in four documents shared Friday with reporters in advance of public release. “Cybersecurity is a top priority for this Administration, and recent events, such as the SolarWinds cyber incident, have shown that adversaries continue to target Federal systems,” one budget document reads. The blueprint also requests $15 million for the recently-created national cyber director office in the White House, and $20 million for a new […]

The post Biden budget seeks $750 million to respond to SolarWinds compromises, plus billions more for cyber appeared first on CyberScoop.

Continue reading Biden budget seeks $750 million to respond to SolarWinds compromises, plus billions more for cyber→

Colonial Pipeline CEO to face questions from Congress on $4.4 million ransom payment

Posted on May 19, 2021 by Sean Lyngaas

After Colonial Pipeline CEO Joseph Blount confirmed Wednesday that his company had paid hackers $4.4 million to recover its data, lawmakers said they would press Blount for more information at a congressional hearing next month. “I’ll have some questions about Blount’s judgement when he appears before [the committee] in a couple weeks,” tweeted Rep. Jim Langevin, D-RI., an influential member of the House Homeland Security Committee. The FBI has advised companies for years not to pay a ransom, and cybersecurity experts warn that doing so fuels yet more ransomware hacks that have already cost U.S. companies hundreds of millions of dollars.But the breach of Colonial Pipeline’s IT systems, which caused a multi-day shutdown of the pipeline system and indirectly resulted in shortages at gas stations in multiple states, has thrust the issue of ransomware payments into the national limelight. Blount defended the decision in an interview with The Wall Street […]

The post Colonial Pipeline CEO to face questions from Congress on $4.4 million ransom payment appeared first on CyberScoop.

Continue reading Colonial Pipeline CEO to face questions from Congress on $4.4 million ransom payment→

National security officials outline hopes for national data breach notification law

Posted on May 18, 2021 by Tim Starks

Top U.S. national security officials on Tuesday explained some ideal elements to a potential national data breach reporting law, describing the idea as one pathway to stopping massive security incidents like the SolarWinds hack. A national data breach reporting law would need to be clear and concise for companies to follow it, and generally not be a huge burden, said Tonya Ugoretz, deputy assistant director of the FBI. It also might function as an alternative to government surveillance of private sector networks, a controversial idea previously suggested as a means of detecting cyber-espionage. Such a law should be focused on receiving reports about only especially sensitive breaches, such as those which jeopardize national security and critical infrastructure or that compromise U.S. government information, Ugoretz said during a prerecorded segment that aired at the virtual 2021 RSA Conference. However, Ugoretz and Adam Hickey, the deputy assistant attorney general and the Justice […]

The post National security officials outline hopes for national data breach notification law appeared first on CyberScoop.

Continue reading National security officials outline hopes for national data breach notification law→

After Colonial Pipeline hack, lawmakers want more action on pipeline security

Posted on May 12, 2021 by Sean Lyngaas

As a major fuel delivery operator gradually returns to service five days after suffering a ransomware attack, U.S. lawmakers are pressing federal agencies on what more they can do to secure the nation’s pipelines from hackers. The disruption at Colonial Pipeline, which operates 5,500 miles of pipelines and provides 45% of the fuel consumed on the East Coast, has renewed longstanding concerns that the lead agency for pipeline cybersecurity, the Transportation Security Administration, is ill-equipped to deal with the scale of security challenges in the sector. A multi-agency initiative to bolster pipeline cybersecurity begun in 2018 is a good start, but more can be done, critics say. “I have raised significant concerns with TSA’s focus on surface transportation, including pipelines, for years,” Rep. Jim Langevin, D-R.I., told CyberScoop. He pointed to a 2018 audit from the Government Accountability Office that found that TSA’s pipeline cybersecurity work was inadequate and lacked […]

The post After Colonial Pipeline hack, lawmakers want more action on pipeline security appeared first on CyberScoop.

Continue reading After Colonial Pipeline hack, lawmakers want more action on pipeline security→

CISA used new subpoena power to contact US companies vulnerable to hacking

Posted on May 5, 2021 by Sean Lyngaas

The Department of Homeland Security’s cybersecurity agency used a new subpoena power for the first time last week to contact at least one U.S. internet service provider with customers whose software is vulnerable to hacking. It’s an authority that DHS’s Cybersecurity and Infrastructure Security Agency has long sought, as agency officials struggled to communicate with some technology firms before flaws in their equipment became public and risked exploitation by state-linked or criminal hackers. Congress granted CISA the subpoena power in a bill that became law in January, allowing the agency to obtain a list of an internet service provider’s vulnerable customers and notify them directly rather than relying on third party communication. CISA issued two such subpoenas last week, acting agency director Brandon Wales said. A CISA spokesperson declined to say which U.S. company or companies had been subpoenaed, or whether the vulnerabilities pertained to an ongoing hacking campaign. “The […]

The post CISA used new subpoena power to contact US companies vulnerable to hacking appeared first on CyberScoop.

Continue reading CISA used new subpoena power to contact US companies vulnerable to hacking→

White House asks for additional $110 million in CISA funding to address cyber threats

Posted on April 9, 2021 by Sean Lyngaas

The White House on Friday asked Congress for $110 million in additional funding in 2022 to help the Department of Homeland Security shore up federal and state defenses in the wake of high-profile hacking operations. The money would allow DHS’s Cybersecurity and Infrastructure Security Agency to improve its defensive tools, hire more experts and “obtain support services to protect and defend federal information technology systems,” Shalanda Young, the acting director of the Office of Management and Budget, wrote in an April 9 letter to congressional appropriators. It would add to a recent $650 million funding boost for CISA that was part of the coronavirus relief package cleared by Congress. The White House’s discretionary funding request for CISA in fiscal 2022 totals $2.1 billion, or $110 million more than Congress allotted the agency the previous fiscal year. Discretionary budgets are those that Congress can alter with appropriations bills, in contrast to the […]

The post White House asks for additional $110 million in CISA funding to address cyber threats appeared first on CyberScoop.

Continue reading White House asks for additional $110 million in CISA funding to address cyber threats→