congress – Page 9 – WindowsTechs.com

Feds use gag orders to collect cloud data in secret, Microsoft executive tells Congress

Posted on June 30, 2021 by Tonya Riley

The Justice Department is abusing secret subpoenas to collect cloud user data at alarming rates, a top Microsoft executive testified in front of the House Judiciary Committee on Wednesday. Tom Burt, Microsoft’s vice president of customer security and trust, told lawmakers that the company currently receives between 2,400 to 3,500 secrecy orders each year. That’s roughly a third of the total number of requests that federal law enforcement sends to Microsoft, and it’s a number that has grown as more companies and organizations rely on cloud providers to serve as their virtual offices. The hearing comes on the heels of a revelation earlier this month that the Justice Department had used such gag orders to secretly subpoena Microsoft and Apple for data from two members of Congress, Capitol Hill staffers and some family members. “If law enforcement wants to secretly search someone’s physical office, it must meet a heightened burden […]

The post Feds use gag orders to collect cloud data in secret, Microsoft executive tells Congress appeared first on CyberScoop.

Continue reading Feds use gag orders to collect cloud data in secret, Microsoft executive tells Congress→

Senate bill proposes requiring cyber incident notification to feds within 24 hours

Posted on June 17, 2021 by Tim Starks

Senate Intelligence Chairman Mark Warner is sharing draft bipartisan legislation that would require critical infrastructure owners, cybersecurity incident response firms and federal contractors to report cyber intrusions to the Homeland Security Department within 24 hours. It’s one of the earliest bills to respond a spate of attacks that began with the SolarWinds breach and continued on through the Microsoft Exchange hack and ransomware incidents at Colonial Pipeline and meat supplier JBS. It won’t be the last, either in the House or Senate. Warner has been pushing the idea for months. At a February hearing of Warner’s committee the Virginia Democrat, other senators and witnesses from SolarWinds, Microsoft and FireEye discussed the thought Warner had been floating. The fear was that if FireEye hadn’t voluntarily disclosed that it was a victim of the SolarWinds supply chain hack that compromised nine federal agencies and many technology companies, the damage would’ve been more severe. […]

The post Senate bill proposes requiring cyber incident notification to feds within 24 hours appeared first on CyberScoop.

Continue reading Senate bill proposes requiring cyber incident notification to feds within 24 hours→

IRS, GAO at odds over cybersecurity requirements on tax preparers

Posted on June 14, 2021 by Tim Starks

The Internal Revenue Service hasn’t put in place a structure to issue cybersecurity dictates to paid tax preparers because it doesn’t believe it has the authority to do so — but the Government Accountability Office begs to differ. The government watchdog recommended the IRS establish a security structure in a 2019 report, but the agency contended Congress would need to take action to give the IRS more power. As of January of this year, the IRS still believes it needs statutory authority, the GAO said in a report released Monday. The GAO’s suggestion is that IRS should create a governance structure or steering committee to “to coordinate all aspects of IRS’s efforts to protect taxpayer information while at third-party providers.” Hackers have targeted tax preparation companies for years in identity theft and tax return theft schemes, as the IRS itself has repeatedly warned. In one recent case, a U.S. court […]

The post IRS, GAO at odds over cybersecurity requirements on tax preparers appeared first on CyberScoop.

Continue reading IRS, GAO at odds over cybersecurity requirements on tax preparers→

Biden cyber nominees Easterly, Inglis describe ransomware as urgent national security threat

Posted on June 10, 2021 by Sean Lyngaas

It’s been two months since President Joe Biden announced his two most important Senate-confirmed cybersecurity picks: Jen Easterly to lead the Department of Homeland Security’s cybersecurity agency, and Chris Inglis to be the national cyber director. During that time, ransomware attacks have forced temporary shutdowns of a major fuel pipeline and a big meat supplier, and Biden has signaled he will raise the issue of harboring criminal hackers in a meeting next week with Russian President Vladimir Putin. Americans got their closest look yet of how Inglis and Easterly would approach those pressing issues during a Senate confirmation hearing Thursday. The nominees labeled ransomware a “scourge” that threatens national security, vowed to work with critical infrastructure firms to improve their defenses, and wondered aloud if additional federal regulations were necessary to incentivize firms to reduce their vulnerabilities to hacking. The U.S. government, Inglis said, must “seize back the initiative that […]

The post Biden cyber nominees Easterly, Inglis describe ransomware as urgent national security threat appeared first on CyberScoop.

Continue reading Biden cyber nominees Easterly, Inglis describe ransomware as urgent national security threat→

Colonial Pipeline CEO says company didn’t have plan for potential ransomware attack

Posted on June 8, 2021 by Tonya Riley

Colonial Pipeline did not have guidance in place on how to handle a ransom demand from cybercriminals who locked up its systems, its CEO testified in a hearing before the Senate Homeland Security and Governmental Affairs Committee Tuesday. The company’s failure to prepare explicitly for a ransomware attack — despite warnings from Homeland Security Department’s Cybersecurity and Infrastructure Security Agency as early as February 2020 about the risk of such attacks against the pipeline industry — underscores growing concerns from lawmakers that the critical sector needs tighter regulations when it comes to cybersecurity. “We have an emergency response process: See the threat, contain the threat, remediate the threat, and restore,” Colonial Pipeline CEO Joseph Blount said in response to a question from Sen. Maggie Hassan, D-N.H. about ransomware-specific guidance. “So in this case, you use the same process, but you use a different set of experts.” Hassan chastized Blount’s response, […]

The post Colonial Pipeline CEO says company didn’t have plan for potential ransomware attack appeared first on CyberScoop.

Continue reading Colonial Pipeline CEO says company didn’t have plan for potential ransomware attack→

Ransomware hits iConstituent, a service lawmakers use to communicate with voters

Posted on June 8, 2021 by Sean Lyngaas

The scourge of ransomware has now hit closer to home for U.S. politicians. Ransomware has impacted the newsletter service of iConstituent, a firm that U.S. lawmakers use to contact constituents, the House of Representatives’ Chief Administrative Officer (CAO) said Tuesday. Individual offices choose to buy iConstituent services, which include virtual town halls, email and texting, and other data services. “At this time, the CAO is not aware of any impact to House data,” the CAO office said in an emailed statement. “The CAO is coordinating with the impacted offices supported by iConstituent and has taken measures to ensure that the attack does not affect the House network and offices’ data.” iConstituent boasts that its software “supports millions of digital interactions between people and their governments each year.” It was unclear Tuesday morning how broadly the incident would impact House legislators’ communication with constituents. The Washington-based firm did not immediately respond […]

The post Ransomware hits iConstituent, a service lawmakers use to communicate with voters appeared first on CyberScoop.

Continue reading Ransomware hits iConstituent, a service lawmakers use to communicate with voters→

Biden budget seeks $750 million to respond to SolarWinds compromises, plus billions more for cyber

Posted on May 28, 2021 by Tim Starks

President Joe Biden’s fiscal 2022 budget blueprint released Friday proposes $750 million for the federal government to respond to “lessons learned” from the SolarWinds supply chain hack that compromised nine agencies. In all, the budget proposes $9.8 billion in federal civilian cybersecurity funding, a 14% increase from the spending levels allocated for the current fiscal year, according to a summary. That number doesn’t take into account Defense Department funding requests, which would represent another large chunk of money, though that amount isn’t precisely spelled out in four documents shared Friday with reporters in advance of public release. “Cybersecurity is a top priority for this Administration, and recent events, such as the SolarWinds cyber incident, have shown that adversaries continue to target Federal systems,” one budget document reads. The blueprint also requests $15 million for the recently-created national cyber director office in the White House, and $20 million for a new […]

The post Biden budget seeks $750 million to respond to SolarWinds compromises, plus billions more for cyber appeared first on CyberScoop.

Continue reading Biden budget seeks $750 million to respond to SolarWinds compromises, plus billions more for cyber→

Colonial Pipeline CEO to face questions from Congress on $4.4 million ransom payment

Posted on May 19, 2021 by Sean Lyngaas

After Colonial Pipeline CEO Joseph Blount confirmed Wednesday that his company had paid hackers $4.4 million to recover its data, lawmakers said they would press Blount for more information at a congressional hearing next month. “I’ll have some questions about Blount’s judgement when he appears before [the committee] in a couple weeks,” tweeted Rep. Jim Langevin, D-RI., an influential member of the House Homeland Security Committee. The FBI has advised companies for years not to pay a ransom, and cybersecurity experts warn that doing so fuels yet more ransomware hacks that have already cost U.S. companies hundreds of millions of dollars.But the breach of Colonial Pipeline’s IT systems, which caused a multi-day shutdown of the pipeline system and indirectly resulted in shortages at gas stations in multiple states, has thrust the issue of ransomware payments into the national limelight. Blount defended the decision in an interview with The Wall Street […]

The post Colonial Pipeline CEO to face questions from Congress on $4.4 million ransom payment appeared first on CyberScoop.

Continue reading Colonial Pipeline CEO to face questions from Congress on $4.4 million ransom payment→

National security officials outline hopes for national data breach notification law

Posted on May 18, 2021 by Tim Starks

Top U.S. national security officials on Tuesday explained some ideal elements to a potential national data breach reporting law, describing the idea as one pathway to stopping massive security incidents like the SolarWinds hack. A national data breach reporting law would need to be clear and concise for companies to follow it, and generally not be a huge burden, said Tonya Ugoretz, deputy assistant director of the FBI. It also might function as an alternative to government surveillance of private sector networks, a controversial idea previously suggested as a means of detecting cyber-espionage. Such a law should be focused on receiving reports about only especially sensitive breaches, such as those which jeopardize national security and critical infrastructure or that compromise U.S. government information, Ugoretz said during a prerecorded segment that aired at the virtual 2021 RSA Conference. However, Ugoretz and Adam Hickey, the deputy assistant attorney general and the Justice […]

The post National security officials outline hopes for national data breach notification law appeared first on CyberScoop.

Continue reading National security officials outline hopes for national data breach notification law→

After Colonial Pipeline hack, lawmakers want more action on pipeline security

Posted on May 12, 2021 by Sean Lyngaas

As a major fuel delivery operator gradually returns to service five days after suffering a ransomware attack, U.S. lawmakers are pressing federal agencies on what more they can do to secure the nation’s pipelines from hackers. The disruption at Colonial Pipeline, which operates 5,500 miles of pipelines and provides 45% of the fuel consumed on the East Coast, has renewed longstanding concerns that the lead agency for pipeline cybersecurity, the Transportation Security Administration, is ill-equipped to deal with the scale of security challenges in the sector. A multi-agency initiative to bolster pipeline cybersecurity begun in 2018 is a good start, but more can be done, critics say. “I have raised significant concerns with TSA’s focus on surface transportation, including pipelines, for years,” Rep. Jim Langevin, D-R.I., told CyberScoop. He pointed to a 2018 audit from the Government Accountability Office that found that TSA’s pipeline cybersecurity work was inadequate and lacked […]

The post After Colonial Pipeline hack, lawmakers want more action on pipeline security appeared first on CyberScoop.

Continue reading After Colonial Pipeline hack, lawmakers want more action on pipeline security→