congress – Page 17 – WindowsTechs.com

Private sector isn’t sharing data with DHS’s threat portal

Posted on June 28, 2018 by Sean Lyngaas

For years, U.S. government officials have been trying to provide firms with actionable threat data in time for corporate officials to block hackers from compromising their networks. The 2015 Cybersecurity Information Sharing Act (CISA) gave firms legal cover to provide threat data to the government; the Department of Homeland Security rolled out an automated threat-sharing program in 2016; and Republican and Democratic administrations have preached the information-sharing gospel at conferences across the country. But today, amid consistent nation-state cyberthreats to U.S. companies, there is a growing consensus in Congress and in the private sector that these federal efforts are falling way short of expectations and needs. Two years after DHS established its Automated Indicator Sharing (AIS) program, just six non-federal organizations are using it to share threat indicators with the government, a DHS official told CyberScoop. “That’s unacceptable and it surely doesn’t reach the threshold I hoped it was going […]

The post Private sector isn’t sharing data with DHS’s threat portal appeared first on Cyberscoop.

Continue reading Private sector isn’t sharing data with DHS’s threat portal→

Senate bill hopes to sort out supply-chain cybersecurity risks, prevent next Kaspersky drama

Posted on June 19, 2018 by Sean Lyngaas

A new bipartisan Senate bill would try to get to the bottom of supply chain risks by setting up a new federal acquisition council that would include representation from the intelligence community and Defense Department. The goal of the bill is to help streamline coordination between agencies so that the government can avoid buying technology that’s bugged by foreign spies. The “Federal Acquisition Supply Chain Security Act” was introduced Tuesday by Sens. James Lankford, R-Okla., and Claire McCaskill, D-Mo. It tasks agencies across the government with creating a strategy to tackle supply chain threats embedded in federally procured technology systems. If a malicious piece of equipment enters the supply chain of government agencies, experts say it could be used for espionage or more destructive purposes. The announcement comes after a year in which top officials have repeatedly grappled with national security concerns surrounding Moscow-based Kaspersky Lab, an anti-virus software maker that […]

The post Senate bill hopes to sort out supply-chain cybersecurity risks, prevent next Kaspersky drama appeared first on Cyberscoop.

Continue reading Senate bill hopes to sort out supply-chain cybersecurity risks, prevent next Kaspersky drama→

Capitol Hill staffers learn what really happens when there’s a data breach

Posted on June 18, 2018 by Sean Lyngaas

In the past three years, U.S. lawmakers have struggled to nail down key details of how two of the biggest data breaches in history affected the public and private sectors. “How far back does your information database go that was compromised?” former Utah Rep. Jason Chaffetz demanded of then-Office of Personnel Management director Katherine Archuleta at a June 2015 hearing. Chaffetz berated Archuleta for failing to secure OPM’s IT systems, from which alleged Chinese hackers extracted data on 22 million current and former federal workers. “I just hope we get to the bottom of this…because this is a mess,” Rep. Ben Ray Luján, D-N.M., said in October after questioning former Equifax CEO Richard Smith on when he knew hackers had struck the credit-reporting firm. The breach compromised data on 148 million people. To try to demystify future breach-related discussions on Capitol Hill, cybersecurity firm FireEye held a quiet training session for roughly […]

The post Capitol Hill staffers learn what really happens when there’s a data breach appeared first on Cyberscoop.

Continue reading Capitol Hill staffers learn what really happens when there’s a data breach→

Congress wants to prevent states from weakening encryption

Posted on June 7, 2018 by Sean Lyngaas

A bipartisan group of House lawmakers has reintroduced legislation that would preempt any attempts by states to weaken encryption. The bill would bar states from compelling a tech company to “design or alter the security functions in its product or service to allow the surveillance of any user of such product or service,” according to its text. Republican Reps. Mike Bishop of Michigan and Jim Jordan of Ohio and Democratic Reps. Ted Lieu of California and Suzan DelBene of Washington are the bill’s sponsors. The bill also would keep states from prohibiting the sale of products or services with strong encryption. Lieu introduced the legislation in 2016, but it stalled during that congressional session. Law enforcement officials have said strong encryption has hampered numerous investigations by thwarting access to a suspect’s communications. However, those claims were undercut after the FBI admitted in May it had vastly overstated the number of encrypted devices […]

The post Congress wants to prevent states from weakening encryption appeared first on Cyberscoop.

Continue reading Congress wants to prevent states from weakening encryption→

Lawmakers advance bill to codify DHS cyber center for industrial plants

Posted on June 6, 2018 by Sean Lyngaas

The House Homeland Security Committee on Wednesday advanced legislation that would establish a Department of Homeland Security cybersecurity center as the lead agency for handling threats to industrial control systems, like those underpinning the energy sector. The bill would make clear that DHS’s National Cybersecurity and Communications Integration Center (NCCIC) is the hub for mitigating ICS vulnerabilities and provide the private sector with a “permanent place for assistance to address cybersecurity risk,” Rep. Don Bacon, R-N.E., who introduced the bill, said at a markup. “We know we are vulnerable…to these cyberattacks on our energy grid, and the time is now to start building that resiliency in our energy grid,” Bacon stated. With DHS and the Department of Energy both concerning themselves with ICS, “there’s some ambiguity [on] who does what” on the issue, Bacon told CyberScoop after the hearing. “The NCCIC has been doing a lot of this,” he explained. […]

The post Lawmakers advance bill to codify DHS cyber center for industrial plants appeared first on Cyberscoop.

Continue reading Lawmakers advance bill to codify DHS cyber center for industrial plants→

House panel rejects call for cyberthreat report on ZTE amid Trump deal

Posted on June 6, 2018 by Sean Lyngaas

On the heels of a reported U.S. deal with embattled Chinese telecom company ZTE, American lawmakers rejected a Democratic measure that would have directed the Department of Homeland Security to provide more information on any cybersecurity risks posed by the international tech company. The top Republican and Democrat on the House Homeland Security Committee sparred over the utility of the resolution, which would have tasked DHS with providing any documentation it has on cyber risks introduced by the use of ZTE products on federal, state and local government networks. The Republican-led panel voted 16-11 against the measure. Instead, lawmakers will get a classified briefing from officials at DHS, the FBI and the Defense Department on June 13 about the national security risks posed by ZTE and Huawei, another Chinese technology giant. Texas Republican Michael McCaul, the committee’s chairman, announced the briefing at a committee markup Wednesday on Capitol Hill. U.S. […]

The post House panel rejects call for cyberthreat report on ZTE amid Trump deal appeared first on Cyberscoop.

Continue reading House panel rejects call for cyberthreat report on ZTE amid Trump deal→

The L0pht Legacy

Posted on June 4, 2018 by Adrian Sanabria

20 Years Ago, Some Hackers Visited Congress… May 19th, 1998. I was just wrapping up my first year of college. My grades were terrible. Instead of going to classes, I had been huddled in my tiny dorm room with the computer my parents bought me. I … Continue reading The L0pht Legacy→

House of Representatives to boost info-sharing program with Five Eyes allies

Posted on May 31, 2018 by Sean Lyngaas

The U.S. House of Representatives is looking to ramp up a cyberthreat information-sharing program with the parliaments of allies Australia, Canada, New Zealand, and Britain, according to House CISO Randy Vickers. The information traded could be unclassified threat intelligence used to bolster the legislative bodies’ security. Vickers said there were already strong information-sharing relationships with the allied parliaments, the goal was simply to leverage them more. “We’re looking at ways to better share information on a more routine basis,” Vickers told CyberScoop Thursday. “It really is just about ensuring that we all have a common knowledge across our environments.” In practice, the program could be as simple as notifying the group of a new cybersecurity advisory from the Department of Homeland Security, Vickers said on the sidelines of the Cyberthreat Intelligence Forum presented by FireEye and produced by CyberScoop and FedScoop. The U.S. and the four other countries comprise the Five Eyes […]

The post House of Representatives to boost info-sharing program with Five Eyes allies appeared first on Cyberscoop.

Continue reading House of Representatives to boost info-sharing program with Five Eyes allies→

Lawmakers look to fortify federal cyber defenses ahead of 2018 midterms

Posted on May 23, 2018 by Sean Lyngaas

A bipartisan pair of House lawmakers have introduced legislation aimed at strengthening U.S. infrastructure ahead of midterm elections this fall. The bill from Reps. Elise Stefanik, R-N.Y., and Val Demings, D-Fla., is an effort to shore up U.S. cyber defenses by, among other measures, urging agencies to fully implement an executive order on cybersecurity that President Donald Trump issued last year. The president’s directive makes agency heads accountable for cyber risk – such as nation-state hacking – that can affect the entire government. Within 60 days of the legislation’s enactment, Trump would owe a report to Congress on what steps agencies had taken to “better detect, monitor, and mitigate cyberattacks.” Stefanik and Demings’s “Defend Against Russian Disinformation Act,” would also boost U.S. military cooperation with NATO. Cybersecurity analysts have held up Estonia, a neighbor of Russia and NATO member, as a model of cyber resiliency. The U.S. intelligence community concluded that […]

The post Lawmakers look to fortify federal cyber defenses ahead of 2018 midterms appeared first on Cyberscoop.

Continue reading Lawmakers look to fortify federal cyber defenses ahead of 2018 midterms→

Senators want National Guard on call for cyberattacks

Posted on May 22, 2018 by Sean Lyngaas

A pair of Senate Democrats have introduced legislation that would give the National Guard a bigger role in defending everything from election systems to dams from cyberattacks. The bill from Sens. Maria Cantwell, Wash., and Joe Manchin, W.Va., would set up National Guard “cyber civil support teams” in every state and territory “to bridge the gap between federal and non-federal cybersecurity efforts,” the senators’ offices said in a release. The bill would put $50 million toward the National Guard teams, which would be tasked with preventing and mitigating the impact of cyber incidents, training critical infrastructure operators, and relaying classified threat information from U.S. Cyber Command to the states and private companies. States would have until September 30, 2022 to make their National Guard cyber teams operational. Another Democrat from Washington State, Rep. Derek Kilmer, has introduced companion legislation in the house. “As cyberattacks on the United States increase, we must […]

The post Senators want National Guard on call for cyberattacks appeared first on Cyberscoop.

Continue reading Senators want National Guard on call for cyberattacks→