cybersecurity executive order

National Cyber Director Chris Inglis calls for ‘new social contract’ to redistribute risk

Posted on February 22, 2022 by Tim Starks

Cyberspace needs a “new social contract” where “isolated individuals, small businesses and local governments” no longer shoulder “absurd levels of risk,” says a top U.S. cyber official. National Cyber Director Chris Inglis, writing in Foreign Affairs over the weekend with a senior adviser, said that the tech sector should make deeper investments in hardware and software security and the U.S. government should take a greater role in fostering digital defenses. “Those more capable of carrying the load — such as governments and large firms — must take on some of the burden, and collective, collaborative defense needs to replace atomized and divided efforts,” write Inglis and Harry Krejsa, the acting assistant national cyber director for strategy and research. “Until then, the problem will always look like someone else’s to solve.” Their overarching message about the need to improve private-public cooperation has been a refrain of cyber experts for decades. The […]

The post National Cyber Director Chris Inglis calls for ‘new social contract’ to redistribute risk appeared first on CyberScoop.

Continue reading National Cyber Director Chris Inglis calls for ‘new social contract’ to redistribute risk→

How trust, connection and understanding can shape the future of cyber

Posted on August 18, 2021 by james.mahoney

Tim Li is a principal at Deloitte Risk & Financial Advisory and Deloitte Touche LLP and leads Deloitte’s Strategic Growth Cyber portfolio for federal, state and local governments and higher education institutions. Cybersecurity incidents continue to make headlines, challenging public agencies in the US to modernize cybersecurity defenses to protect citizens and the country. The recent Executive Order (EO) on Improving the Nation’s Cybersecurity calls for the federal government to “improve its efforts to identify, deter, protect against, detect and respond to these actions and actors.” As cyber challenges evolve in complexity and scale, they create multi-faceted challenges for government. So, while the EO lays out a solid foundation of recommendations, organizations should also take heed of the following considerations as they evolve their future cyber thinking: Enable trust as the foundation for collaboration. The EO calls for the private sector to share information with government to improve overall cyber […]

The post How trust, connection and understanding can shape the future of cyber appeared first on CyberScoop.

Continue reading How trust, connection and understanding can shape the future of cyber→

The latest attempt by the State Department to set behavior norms

Posted on June 1, 2018 by Sean Lyngaas

Following lawmakers’ calls for the Trump administration to lay out a clear cyber deterrence strategy, the State Department has proposed developing a broader set of consequences that the government can impose on adversaries to ward off cyberattacks. The unclassified version of the State Department’s deterrence recommendations, published Thursday, calls for the U.S. to work with allies to inflict “swift, costly, and transparent consequences” on foreign governments that use “significant” malicious cyber activity to harm U.S. interests. To do that, the U.S. government needs to clearly and publicly outline the malicious activity it seeks to deter, according to the State Department report, which was required by a 2017 White House executive order. The document doesn’t go into detail on deterrence tools, but U.S. officials have said that sanctions, indictments, publicly attributing attacks, and covert offensive operations are all on the table. Dating back to the Obama administration, lawmakers have urged the executive branch to delineate a […]

The post The latest attempt by the State Department to set behavior norms appeared first on Cyberscoop.

Continue reading The latest attempt by the State Department to set behavior norms→

In war against botnets, manufacturers need to step up, report says

Posted on May 30, 2018 by Sean Lyngaas

The problem of botnets — the legions of computers used to carry out distributed denial-of-service attacks — is exacerbated by the fact that developers do not have the cost incentives to build more security into their products, according to a new report from the departments of Commerce and Homeland Security. “Product developers, manufacturers, and vendors are motivated to minimize cost and time to market, rather than to build in security or offer efficient security updates,” states the report mandated by a White House executive order last year. “Market incentives must be realigned to promote a better balance between security and convenience when developing products.” The report says the government should give companies some help by prioritizing research and development funding for botnet-thwarting products, and it suggests the private sector should expedite its own work on those technologies. The R&D — in techniques like data analytics, machine learning, and artificial intelligence is — “urgently needed to get […]

The post In war against botnets, manufacturers need to step up, report says appeared first on Cyberscoop.

Continue reading In war against botnets, manufacturers need to step up, report says→

OMB slams agencies on cyber risk, calls for ‘bold’ new approaches

Posted on May 29, 2018 by Sean Lyngaas

Nearly three quarters of 96 agencies reviewed by federal officials have cybersecurity programs that are either “at risk” or at “high risk,” meaning “bold approaches” are needed to secure federal networks, according to the Office of Management and Budget. Risk assessments carried out by OMB show that a lack of threat information available to agencies “results in ineffective allocations” of their limited budgets, OMB said in a report released last week. “This situation creates enterprise-wide gaps in network visibility, IT tool and capability standardization, and common operating procedures, all of which negatively impact federal cybersecurity.” In the report, a “high risk” designation means that key cybersecurity policies and tools are either absent or insufficiently deployed, while an “at risk” rating means some key policies are in place to lessen cyber risk, “but significant gaps remain.” An executive order that President Donald Trump signed last year mandated the governmentwide survey of […]

The post OMB slams agencies on cyber risk, calls for ‘bold’ new approaches appeared first on Cyberscoop.

Continue reading OMB slams agencies on cyber risk, calls for ‘bold’ new approaches→

Lawmakers look to fortify federal cyber defenses ahead of 2018 midterms

Posted on May 23, 2018 by Sean Lyngaas

A bipartisan pair of House lawmakers have introduced legislation aimed at strengthening U.S. infrastructure ahead of midterm elections this fall. The bill from Reps. Elise Stefanik, R-N.Y., and Val Demings, D-Fla., is an effort to shore up U.S. cyber defenses by, among other measures, urging agencies to fully implement an executive order on cybersecurity that President Donald Trump issued last year. The president’s directive makes agency heads accountable for cyber risk – such as nation-state hacking – that can affect the entire government. Within 60 days of the legislation’s enactment, Trump would owe a report to Congress on what steps agencies had taken to “better detect, monitor, and mitigate cyberattacks.” Stefanik and Demings’s “Defend Against Russian Disinformation Act,” would also boost U.S. military cooperation with NATO. Cybersecurity analysts have held up Estonia, a neighbor of Russia and NATO member, as a model of cyber resiliency. The U.S. intelligence community concluded that […]

The post Lawmakers look to fortify federal cyber defenses ahead of 2018 midterms appeared first on Cyberscoop.

Continue reading Lawmakers look to fortify federal cyber defenses ahead of 2018 midterms→

The small government agency creating a policy to stop botnets

Posted on January 30, 2018 by Shaun Waterman

When White House officials were drafting the cybersecurity executive order that President Donald Trump signed last May, they faced a problem: Making the internet more secure against massive botnet attacks while taking coordinated action between a bewildering variety of stakeholders from a dozen different industries. Action was essential: The threat from huge automated attacks — like the one that brought the stopped internet traffic it its tracks in October 2016 — was growing exponentially as the “Internet of Things” connected billions of insecure devices to the larger global network. But forcing industry to act through regulation was off the table in an administration committed to cutting red tape. Instead, officials approached a small agency within the Commerce Department, the National Telecommunications and Information Administration, which was acquiring a reputation for addressing complex cybersecurity problems using a new model of policymaking. NTIA’s multi-stakeholder process “was generating a lot of interest” early […]

The post The small government agency creating a policy to stop botnets appeared first on Cyberscoop.

Continue reading The small government agency creating a policy to stop botnets→

OMB sees risk management efforts slowly coming to fruition

Posted on October 26, 2017 by Shaun Waterman

U.S. officials are finally starting to get the real-time situational awareness cybersecurity data they need to make risk management decisions about their networks, a federal advisory panel was told Wednesday. But much of the news isn’t good and they way decisions are handled can have a big impact on the effectiveness of government-wide efforts like the Department of Homeland Security’s Continuous Diagnostics and Monitoring program, officials said. The report on agency risk — one of two required by President Donald Trump’s executive order on cybersecurity — has been submitted to the president, NIST’s Information Security and Privacy Advisory Board was told. The report on IT modernization was being finalized for submission after an analysis on the report’s public comments, Joshua Moses, from the office of the federal CIO, said. Moses said officials were keen to leverage the EO’s authorities the EO in order to improve measurability and accountability related to agencies’ […]

The post OMB sees risk management efforts slowly coming to fruition appeared first on Cyberscoop.

Continue reading OMB sees risk management efforts slowly coming to fruition→

HHS faces flak over new cyber center

Posted on June 23, 2017 by Shaun Waterman

The Department of Health and Human Services’ new national cybersecurity intelligence-sharing clearinghouse appears to duplicate the role of similar entities in the federal government and in the private sector, say key lawmakers and some leaders in the health care industry. Critics say the creation of the Healthcare Cybersecurity and Communications Integration Center, or HCCIC, is moving the goalposts for the industry, which was answering the U.S. government’s call to create a private-sector cyberthreat-sharing ecosystem. HCCIC is being modeled after the Department of Homeland Security’s 24-hour watch center, the National Cybersecurity and Communications Integration Center, or NCCIC — and some fret it may duplicate its functions. Defenders of the new clearinghouse are playing down the idea that HCCIC might be redundant. They argue it can provide a depth of specialist knowledge about the health care sector DHS lacks, and that the industry’s own membership-based information sharing organizations cannot match the universal service HCCIC will provide. The health care industry “feels […]

The post HHS faces flak over new cyber center appeared first on Cyberscoop.

Continue reading HHS faces flak over new cyber center→

Trump’s Cybersecurity Executive Order Under Fire

Posted on June 21, 2017 by Tom Spring

Former AT&T CSO, Ed Amoroso, says government needs to shift from talk to action when it comes to cybersecurity. Continue reading Trump’s Cybersecurity Executive Order Under Fire→