Category Archives: congress

Biden’s cyber executive order to include new rules for federal agencies, contractors

Posted on by

Under a forthcoming White House order, companies that do business with the federal government would have to meet software security standards and swiftly report cyber incidents to a new entity within the Department of Homeland Security, sources familiar with a draft version of the document said. The order, which could be made public in a matter of weeks, is meant to improve the government’s ability to detect, coordinate, response to and investigate cybersecurity incidents, as well as promote supply chain security and push government contractors to up their defenses. It is spurred largely by the suspected Russian campaign in which hackers exploited the update process for SolarWinds’ Orion software, which led to the compromise of nine federal agencies and roughly 100 companies, the White House previously said. Some of the order’s measures are aimed at strengthening DHS and its Cybersecurity and Infrastructure Security Agency. The White House directive would establish […]

The post Biden’s cyber executive order to include new rules for federal agencies, contractors appeared first on CyberScoop.

Continue reading Biden’s cyber executive order to include new rules for federal agencies, contractors

Encryption Backdoor Debate, Microsoft Exchange Attacks, Airline Supplier Data Breach

Posted on by

Why is federal law enforcement (still) asking Congress for encryption backdoors? Attacks on Microsoft Exchange servers seem to have gotten worse, details on an airline supplier data breach, and the real reason Kevin hasn’t replaced his Chewbacca manneq… Continue reading Encryption Backdoor Debate, Microsoft Exchange Attacks, Airline Supplier Data Breach

Is Congress finally ready to pass meaningful ransomware legislation?

Posted on by

During the entire last two-year session of Congress, lawmakers only signed one bill law that mentioned the word “ransomware.” With the epidemic of digital extortion showing no signs of abating, though, and as ransomware attacks claim ever more victims across all parts of the U.S., evidence is mounting that the next two years could bring a more concerted push for legitlation. “I think it will be a focus because essentially every congressional district has had some kind of ransomware incident, whether public or not,” said Michael Garcia, a senior policy adviser in the national security program at Third Way, a center-left think tank. “Just look at the number of hospitals getting hit, of schools being hit.” In one recent incident, a Mississippi public school system revealed it had paid $300,000 to ransomware attacks, while a U.S. medical company, Universal Health Services, said it lost $67 million as a result of […]

The post Is Congress finally ready to pass meaningful ransomware legislation? appeared first on CyberScoop.

Continue reading Is Congress finally ready to pass meaningful ransomware legislation?

Senate hearing on SolarWinds hack lays bare US shortcomings, remaining mysteries

Posted on by

A host of federal government policy failures contributed to the rippling damage of the SolarWinds hack, leaders of cyber firms told a Senate panel on Tuesday, with even lawmakers saying Congress must do more to prevent a repeat. More than two months after the hack became public, the wide-ranging Senate Select Committee on Intelligence hearing committee demonstrated that the U.S. government, the private sector and digital incident responders still are wrestling with the ramifications of an suspected Russian espionage campaign that leveraged the federal contractor SolarWinds. A number of big questions remain: SolarWinds still hasn’t determined how the hackers originally got into its systems, nobody has fully settled debates on whether the incident amount to espionage, or something worse, and suspicions abound that more victims remain unrevealed. “It has become clear that there is much more to learn about this incident, its causes, its scope and scale, and where we […]

The post Senate hearing on SolarWinds hack lays bare US shortcomings, remaining mysteries appeared first on CyberScoop.

Continue reading Senate hearing on SolarWinds hack lays bare US shortcomings, remaining mysteries

SolarWinds CEO talks hack, remaining questions before Capitol Hill hearings

Posted on by

The chief executive of SolarWinds on Monday said his company is still seeking a fuller understanding of the scope of the hack on its Orion software — and laying the groundwork for what SolarWinds, as well as the federal government, should be doing next. “What we are… still learning is the breadth and depth of the sophistication of the attackers, number one,” Sudhakar Ramakrishna said at a Center for Strategic and International Studies online event where he noted that the company’s investigation into what happened is ongoing. “Number two is the patience with which they carried out these attacks, and obviously the persistence,” he said, citing as an example that the hackers appeared to use earlier versions of Orion code as a test bed for their eventual attack. Ramakrishna took over as CEO weeks after news about the hack of SolarWinds’ updates to its Orion software had become public. The […]

The post SolarWinds CEO talks hack, remaining questions before Capitol Hill hearings appeared first on CyberScoop.

Continue reading SolarWinds CEO talks hack, remaining questions before Capitol Hill hearings

GAO Finds Gaps in DoD Cyberdefenses, Highlights Importance of Breach and Attack Simulation Tools

Posted on by

AttackIQ’s Security Optimization Platform gives an agency a proactive—rather than a reactive—security posture. It enables continuous validation of security controls to definitively establish the effectiveness of key initiatives, to include zero-trust c… Continue reading GAO Finds Gaps in DoD Cyberdefenses, Highlights Importance of Breach and Attack Simulation Tools

Congress is starting to move on more cyber bills, even if few become law

Posted on by

Congress dramatically ratcheted up the number of cybersecurity bills introduced in the last two years compared to the prior session of Congress, but that didn’t equate to much more of it becoming law, according to a think tank study out today. And while cybersecurity legislation remained a relative oasis of bipartisanship, that tendency sharply dropped off when it came to election security, found the tally from Third Way — which CyberScoop is first reporting. The findings offer potential insights into how the issue is evolving, and where it might go next, even if the trends don’t lend themselves to a simple explanation. In all, lawmakers introduced 316 cybersecurity bills in the 116th Congress that ran from 2019 to 2020, a 40% increase from the 115th Congress. That continues a trend that took off in that session of Congress: The 114th Congress saw just 22 cybersecurity measures offered, the center-left think […]

The post Congress is starting to move on more cyber bills, even if few become law appeared first on CyberScoop.

Continue reading Congress is starting to move on more cyber bills, even if few become law

After SolarWinds breach, lawmakers ask NSA for help in cracking Juniper cold case

Posted on by

As the U.S. investigation into the SolarWinds hacking campaign grinds on, lawmakers are demanding answers from the National Security Agency about another troubling supply chain breach that was disclosed five years ago. A group of lawmakers led by Sen. Ron Wyden, D-Ore., are asking the NSA what steps it took to secure defense networks following a years-old breach of software made by Juniper Networks, a major provider of firewall devices for the federal government. Juniper revealed its incident in December 2015, saying that hackers had slipped unauthorized code into the firm’s software that could allow access to firewalls and the ability to decrypt virtual private network connections. Despite repeated inquiries from Capitol Hill— and concern in the Pentagon about the potential exposure of its contractors to the hack — there has been no public U.S. government assessment of who carried out the hack, and what data was accessed. Lawmakers are […]

The post After SolarWinds breach, lawmakers ask NSA for help in cracking Juniper cold case appeared first on CyberScoop.

Continue reading After SolarWinds breach, lawmakers ask NSA for help in cracking Juniper cold case

Deepfake laws emerge as harassment, security threats come into focus

Posted on by

A new flurry of state and federal legislation that aims to better understand the creation of doctored video and audio files — and help victims respond — couldn’t have come soon enough, analysts say.  The manipulated content, better known as deepfakes, has been used to falsely portray House Speaker Nancy Pelosi as ill or inebriated in a video that went viral in 2019. Other examples include a faked video of former president Obama, and an artificial intelligence service that has been enabling users to transform photos of women into nude pictures, enabling abuse, blackmail and other kinds of harassment.  Potential malicious uses of deepfakes include fraud, inciting acts of violence or sowing political unrest. Last week, several Trump supporters proposed on Parler that Trump’s concession speech may have been a manipulated video. The chatter is only more evidence that the existence of deepfakes, and the lack of truly effective screening […]

The post Deepfake laws emerge as harassment, security threats come into focus appeared first on CyberScoop.

Continue reading Deepfake laws emerge as harassment, security threats come into focus

Extra Crunch roundup: 2 VC surveys, Tesla’s melt up, The Roblox Gambit, more

Posted on by

Thanks very much for reading Extra Crunch this week. I hope we can all look forward to a nice, boring weekend with no breaking news alerts. Continue reading Extra Crunch roundup: 2 VC surveys, Tesla’s melt up, The Roblox Gambit, more