congress – Page 8 – WindowsTechs.com

Election officials don’t need to report cyber incidents to the feds. That could soon change.

Posted on October 28, 2021 by AJ Vicens

Security personnel charged with the challenging and high-stakes work of protecting election systems from digital threats might soon have another task on their to-do list: reporting any cyber incidents to the federal government. That’s if election technology, designated critical infrastructure in 2017, falls under proposed rules requiring critical infrastructure owners and operators to notify federal officials about cyber incidents, such as attempted hacks and ransomware attacks. The idea has surfaced again in a recent Stanford Internet Observatory paper authored by a former high ranking election security official who offered recommendations for election administration reform, ranging from increased funding to centralizing election IT infrastructure at the state level. The proposals are consistent with multiple bills under consideration in Congress, where momentum is building to require operators of critical infrastructure—pipeline owners, electrical grids, and other industries key to U.S. interests—to disclose yet-to-be defined cyber “incidents” to the Department of Homeland Security, FBI […]

The post Election officials don’t need to report cyber incidents to the feds. That could soon change. appeared first on CyberScoop.

Continue reading Election officials don’t need to report cyber incidents to the feds. That could soon change.→

Biden administration officials push Congress to shape breach reporting mandates

Posted on September 23, 2021 by Tim Starks

U.S. cybersecurity officials are seeking to put their stamp on cyber incident reporting legislation, wading into debates on Capitol Hill about questions like how swiftly companies must report attacks to federal agencies — and what happens if they don’t. The head of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency testified at a Senate hearing Thursday in favor of requiring critical infrastructure owners and operators, federal contractors and agencies to report attacks to CISA within 24 hours of detection. There are three leading proposals in Congress, each with a different timeframe for reporting attacks. The leaders of the Senate Intelligence Committee favor a 24-hour deadline. A draft bill from leaders of the Senate Homeland Security and Governmental Affairs Committee would set the range at between 72 hours and seven days, as determined by CISA. And a draft from leading members of the House Homeland Security Committee proposes leaving […]

The post Biden administration officials push Congress to shape breach reporting mandates appeared first on CyberScoop.

Continue reading Biden administration officials push Congress to shape breach reporting mandates→

Email scammers posed as DOT officials in phishing messages focused on $1 trillion bill

Posted on September 15, 2021 by Tim Starks

Shortly after Congress took action on a $1 trillion infrastructure bill, hackers posing as U.S. Transportation Department officials offered fake project bid opportunities to seduce companies into handing over Microsoft credentials, researchers say. The ploy included layers of attempts to disguise the malicious appeals as authentic government solicitations, and even eventually led the would-be victims back to the actual Department of Transportation website, according to a Wednesday blog post from INKY, an email security company. “The basic pitch was, with a trillion dollars of government money flowing through the system, you, dear target, are being invited to bid for some of this bounty,” wrote Roger Kay, vice president of security strategy for the firm. Never mind that the infrastructure legislation hasn’t fully worked its way through Congress yet, nor that few of the phishing campaign’s targets would even be eligible for the infrastructure projects that bill would fund. It’s the […]

The post Email scammers posed as DOT officials in phishing messages focused on $1 trillion bill appeared first on CyberScoop.

Continue reading Email scammers posed as DOT officials in phishing messages focused on $1 trillion bill→

T-Mobile breach climbs to over 50 million people

Posted on August 20, 2021 by Tonya Riley

T-Mobile on Friday announced roughly 6 million additional accounts had data was swiped in a recent hack, bringing the total number of victims of the breach to over approximately 55 million individuals. The revelations come as lawmakers have ramped up scrutiny of the company. An additional 5.3 million subscriber accounts had addresses, names, dates of birth, and phone numbers accessed, T-Mobile said. The company also found that the data of 667,000 more accounts of former T-Mobile customers, including their names, phone numbers, addresses and dates of birth, had been accessed Unlike the first set of customers identified by T-Mobile on Wednesday, none of these additional accounts had their Social Security Numbers or ID information compromised, the company said. The new findings also reveal that phone data, IMEI and IMSIs were also accessed. IMEIs, which are often used for advertising purposes, are a unique fingerprint for a device that cannot be […]

The post T-Mobile breach climbs to over 50 million people appeared first on CyberScoop.

Continue reading T-Mobile breach climbs to over 50 million people→

Senate fails to amend cryptocurrency reporting requirements, moving fight to the House

Posted on August 10, 2021 by Tonya Riley

The Senate stopped short Monday of passing an amendment that would have altered language in the current $1 trillion infrastructure bill to narrow the definition of parties that will be required to report cryptocurrency sales to the Internal Revenue Service. Senators failed to reach unanimous consent because of an objection to an unrelated requested attachment to increase military spending. A group of Senate Republicans and Democrats as well as representatives of the Treasury Department had struck a compromise to narrow the language on Monday and had hoped to pass the amendment through unanimous consent. Cryptocurrency industry leaders and privacy experts say that if the current language in the bill goes through it could handicap the emerging technology in the United States and strip privacy from users. “We may very well have to go back and revisit the rules but we shouldn’t just have an overly broad mandate or reporting requirement […]

The post Senate fails to amend cryptocurrency reporting requirements, moving fight to the House appeared first on CyberScoop.

Continue reading Senate fails to amend cryptocurrency reporting requirements, moving fight to the House→

Wyden bill would require digital signatures for sensitive court orders

Posted on July 29, 2021 by Tim Starks

Miscreants have leveraged counterfeit court documents to authorize wiretaps on romantic interests or dupe Google into removing embarrassing links from search results, among other instances of fraud, in recent years. Sen. Ron Wyden on Wednesday is unveiling bipartisan legislation to counter that kind of forgery by requiring federal, state and tribal courts to use digital signatures — which rely on encryption technology — for orders that authorize surveillance, domain seizures and online content removal. The legislation, first reported by CyberScoop, also directs the National Institute for Standards and Technology to develop standards for court order digital signatures within two years, for federal courts to test out the technology and then for state and tribal courts to adopt it within four years after the rules are finished. The senator said the bill aims to curb opportunities for fraud by forcing the use of digital signatures, which are rapidly surging in popularity. […]

The post Wyden bill would require digital signatures for sensitive court orders appeared first on CyberScoop.

Continue reading Wyden bill would require digital signatures for sensitive court orders→

Justice Department officials urge Congress to pass ransomware notification law

Posted on July 27, 2021 by Tonya Riley

U.S. Justice Department officials came out in strong support of legislation requiring companies to report ransomware attacks and other severe data breaches to federal authorities. “Without prompt reporting, investigative opportunities are lost, our ability to assist other victims facing the same attacks is degraded and the government and Congress does not have a full picture of the threat facing American companies,” said Richard Downing, deputy assistant attorney general for the criminal division of the U.S. Department of Justice, at a Senate Judiciary hearing on ransomware Tuesday. The sentiment was shared by Bryan Vorndran, assistant director of the cyber division at the FBI. “We need a federal cyber incident reporting standard for breaches that pose significant risks because inconsistent volunteer reporting is simply not enough,” said Vorndran. Current versions of reporting legislation circulating on Capitol Hill put the Department of Homeland Security’s cybersecurity agency at the center of reporting. Eric Goldstein, […]

The post Justice Department officials urge Congress to pass ransomware notification law appeared first on CyberScoop.

Continue reading Justice Department officials urge Congress to pass ransomware notification law→

New legislation would boost the FTC’s role in fighting ransomware

Posted on July 21, 2021 by Tonya Riley

A new bill could direct the Federal Trade Commission’s international efforts towards taking on ransomware. Rep. Gus Bilirakis (R-Fla.), the top Republican on the House Energy and Commerce consumer protection subcommittee, filed legislation Tuesday that would require the agency to report the number of ransomware and cyberattack-related complaints it receives, and how it cooperated with international law enforcement to respond to those issues. The new text would update a 2006 law enabling the agency to work with foreign law enforcement agencies on consumer protection issues. Under the amended law, the FTC would also be charged with providing recommendations for legislation and best practices to mitigate and defend against ransomware. The FTC has always played a role in trying to mitigate data breaches and online fraud, including the enforcement of privacy policies and pursuing companies like Equifax for failing to take basic security precautions. It has in the past also offered […]

The post New legislation would boost the FTC’s role in fighting ransomware appeared first on CyberScoop.

Continue reading New legislation would boost the FTC’s role in fighting ransomware→

Momentum builds on federal oversight of facial recognition tech after reported abuses

Posted on July 15, 2021 by Tonya Riley

Lawmakers in the House and Senate are considering legislation that would halt the use of facial recognition and biometric data collection tools by federal law enforcement, signaling that the controversial technologies may soon be subject to oversight after years of debate and revelations about its role in discriminatory policing. The Facial Recognition and Biometric Technology Moratorium Act, reintroduced in June by Sen. Ed Markey (D-Mass.) and Rep. Pramila Jayapal (D-Wash.), would fully ban the use of facial recognition and biometric technology by federal agencies, barring a lift by Congress. It would also block funding to state and local law enforcement who do not cease use of the tech. The bill would allow cities and states to keep and make their own laws. More than 40 privacy and civil liberties groups have thrown their weight on the Hill and organizing power behind the Biometric Technology Moratorium Act, saying that cases in […]

The post Momentum builds on federal oversight of facial recognition tech after reported abuses appeared first on CyberScoop.

Continue reading Momentum builds on federal oversight of facial recognition tech after reported abuses→

Senate confirms former White House, NSA official Jen Easterly as CISA director after delay

Posted on July 12, 2021 by Tim Starks

Seven months into Joe Biden’s presidency, an administration confronting several cybersecurity crises finally has a permanent director en route to take over one of the top few cyber posts in the federal government. The Senate on Monday confirmed Jen Easterly as director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency by voice vote. Once she’s sworn in, Easterly — the departing head of Morgan Stanley’s Fusion Resilience Center and a former White House and National Security Agency official — will be busy with the aftermath of a spree of ransomware attacks that have attracted the attention of policymakers like none before. They include incidents at fuel supplier Colonial Pipeline, meat processor JBS and software company Kaseya, where a compromise opened the door for attackers to claim perhaps thousands of victims. In the early months of the Biden administration, officials also have contended with a cyber-espionage operation that […]

The post Senate confirms former White House, NSA official Jen Easterly as CISA director after delay appeared first on CyberScoop.

Continue reading Senate confirms former White House, NSA official Jen Easterly as CISA director after delay→