After years of work, Congress passes ‘internet of things’ cybersecurity bill — and it’s kind of a big deal

Congress last week did something that it rarely does: It passed a meaningful cybersecurity bill. The legislation is aimed at enhancing the safeguards of internet-connected devices — also known as the internet of things (IoT) — such as smart sensors that monitor water quality or control ships in waterway locks. The bill is also a major step toward the federal government encouraging vulnerability disclosure policies that implement programs for organizations to work with security researchers to fix software flaws. “It is arguably the most significant U.S. IoT-specific cybersecurity law to date, as well as the most significant law promoting coordinated vulnerability disclosure in the private sector to date,” said Harley Geiger, director of public policy at Rapid7, a cybersecurity company. All it took to get across the finish line was more than three years of bipartisan work, encroaching state and foreign government IoT rules, a ticking legislative clock, goodwill toward […]

The post After years of work, Congress passes ‘internet of things’ cybersecurity bill — and it’s kind of a big deal appeared first on CyberScoop.

Continue reading After years of work, Congress passes ‘internet of things’ cybersecurity bill — and it’s kind of a big deal

DHS official briefs senators on state ransomware threats in classified meeting

The head of the Department of Homeland Security’s cybersecurity division on Wednesday provided senators with a classified briefing on ransomware attacks, the latest indication of the threat the file-locking malware poses to state and local governments. Chris Krebs, director of DHS’s Cybersecurity and Infrastructure Security Agency (CISA), briefed the Senate Cybersecurity Caucus, a bipartisan group of lawmakers led by Sens. Mark Warner, D-Va., and Cory Gardner, R-Colo. The newest member of the caucus, Sen. Maggie Hassan, D-N.H., confirmed the briefing in a statement. “From ransomware attacks on local hospitals to a hack of federal government records, cyberattacks pose a serious threat to our communities and national security,” Hassan said. In the last few years, poorly secured U.S. businesses, schools, and local governments have lost millions of dollars after ransomware infections. Over 100 public-sector ransomware attacks have been reported in 2019 alone, double the amount in 2018. This classified briefing followed an unprecedented, closed-door summit held by […]

The post DHS official briefs senators on state ransomware threats in classified meeting appeared first on CyberScoop.

Continue reading DHS official briefs senators on state ransomware threats in classified meeting

Senators want answers on State Department’s glaring cybersecurity gaps

The State Department must do more to shore up its cybersecurity posture, according to a bipartisan group of senators. The department is woefully behind on hitting various federal cybersecurity benchmarks, and it is weak on basic measures to protect against phishing, hacks and other cyberattacks, wrote Ron Wyden, D-Ore., Cory Gardner, R-Colo., Ed Markey, D-Mass., Rand Paul, R-Ky., and Jeanne Shaheen, D-N.H., in a letter to Secretary Mike Pompeo. The letter cites two recent reports: The department’s inspector general found last year that 33 percent of diplomatic missions failed to conduct even the most basic cyberthreat management practices, like regular reviews and audits. Also, the General Services Administration found that the department has only instituted enhanced access controls on 11 percent of agency devices. The Federal Cybersecurity Enhancement Act requires agencies to enable multi-factor authentication (MFA) for elevated privileged accounts. “We urge you to improve compliance by enabling more secure authentication mechanisms across […]

The post Senators want answers on State Department’s glaring cybersecurity gaps appeared first on Cyberscoop.

Continue reading Senators want answers on State Department’s glaring cybersecurity gaps

Senators call for DOJ investigation of Fancy Bear’s ‘CyberCaliphate’ ruse

A bipartisan pair of senators is calling on the Department of Justice to investigate the alleged harassment of U.S. military families by Russian government hackers posing as Islamic State sympathizers. “We urge you to investigate this potential false flag operation and to hold any perpetrators accountable,” Sens. Cory Gardner, R-Colo., and Ron Wyden, D-Ore., wrote in a July 9 letter to Attorney General Jeff Sessions. The senators’ call for inquiry builds on evidence that Russian military hackers have masqueraded as Islamic State extremists to harass U.S. military family members. A group calling itself the CyberCaliphate sent death threats to the wives of U.S. military personnel in 2015. However, activity from the CyberCaliphate coincided with attempts by the Russian hacking group, known as APT28 or Fancy Bear, to breach the women’s email accounts, the Associated Press reported in May. The same Russian hacking group is accused of meddling in the 2016 presidential […]

The post Senators call for DOJ investigation of Fancy Bear’s ‘CyberCaliphate’ ruse appeared first on Cyberscoop.

Continue reading Senators call for DOJ investigation of Fancy Bear’s ‘CyberCaliphate’ ruse

Senators introduce bipartisan bill to improve Internet of Things cybersecurity

A new bill introduced in the Senate Tuesday by Sen. Mark Warner, D-Va., and Sen. Cory Gardner, R-Colo., would establish a new set of cybersecurity standards for companies that hope to sell so-called “Internet of Things” devices to federal agencies. Inconspicuously named the “Internet of Things Cybersecurity Improvement Act of 2017,” the legislation mandates that any IoT product sold to the government must be able to receive software patches in case of a discovered vulnerability. In addition, the bill calls for manufacturers to discontinue the practice of hard-coding passwords into the firmware of devices — a process which is already condemned by security experts. Typically, a hard-coded password is hidden from the user and is intended for the manufacturer’s use only. But hackers have taken advantage of hardcoded passwords to break into IoT devices and incorporate them into distributed denial of service attacks. Notably, the bill also encourages curious researchers to […]

The post Senators introduce bipartisan bill to improve Internet of Things cybersecurity appeared first on Cyberscoop.

Continue reading Senators introduce bipartisan bill to improve Internet of Things cybersecurity

New Bill Seeks Basic IoT Security Standards

Lawmakers in the U.S. Senate today introduced a bill that would set baseline security standards for the government’s purchase and use of a broad range of Internet-connected devices, including computers, routers and security cameras. The legislation, which also seeks to remedy some widely-perceived shortcomings in existing cybercrime law, was developed in direct response to a series of massive cyber attacks in 2016 that were fueled for the most part by poorly-secured “Internet of Things” (IoT) devices. Continue reading New Bill Seeks Basic IoT Security Standards

Bill would launch cybersecurity grant program for state and local governments

Proposed legislation establishing a Department of Homeland Security grant program that would bolster cybersecurity for state and local government IT networks faces a steep climb in Congress, but its backers say the need is urgent. “There’s an acknowledgement that this is a real problem …[and that] things could get worse … As [former Defense Secretary] Leon Panetta has observed, we’re at something of a pre-9/11 point in cyber,” said Rep. Derek Kilmer, D-Wash., a co-sponsor of the State Cyber Resiliency Act, HR 1344. His GOP co-sponsor is Virginia Rep. Barbara Comstock. An identical companion bill in the Senate, S. 516, is sponsored by Sens. Mark Warner, D-Va., and Cory Gardner, R-Colo. Cyber threats “aren’t aimed at red districts or blue districts — all of our communities are vulnerable … There is an obvious need and I hope that makes it more likely that this bill could move,” Kilmer told CyberScoop in an […]

The post Bill would launch cybersecurity grant program for state and local governments appeared first on Cyberscoop.

Continue reading Bill would launch cybersecurity grant program for state and local governments