Category Archives: Cyberspace Solarium Commission

White House to nominate NSA veterans Chris Inglis, Jen Easterly as national cyber director, CISA chief

Posted on by

President Joe Biden has picked two veterans of the National Security Agency, Chris Inglis and Jen Easterly, for senior cybersecurity positions at the White House and Department of Homeland Security, the White House said Monday. Biden intends to nominate Inglis as the national cyber director and Easterly as the director of DHS’s Cybersecurity and Infrastructure Security Agency, the White House said in a statement. Both positions are subject to Senate confirmation. The nominations come as the Biden administration continues to grapple with two high-profile hacking operations linked to Russia and China that have exposed vulnerabilities in federal, state and local government networks. The national cyber director is a new, congressionally mandated role designed to make the government better at responding to those types of major hacks. If confirmed, Inglis, who spent nearly three decades at the NSA, will be charged with coordinating offensive and defensive operations across the vast federal […]

The post White House to nominate NSA veterans Chris Inglis, Jen Easterly as national cyber director, CISA chief appeared first on CyberScoop.

Continue reading White House to nominate NSA veterans Chris Inglis, Jen Easterly as national cyber director, CISA chief

Biden administration mulls software security grades after SolarWinds

Posted on by

The White House is contemplating the use of cybersecurity ratings and standards for U.S. software, a move akin to how New York City grades restaurants on sanitation or Singapore labels internet of things devices, a senior administration official told reporters on Friday. “There will be ideas coming on both of those in an executive action in the next few weeks,” the official said, briefing reporters on the condition of anonymity about simultaneous major security incidents that continue to roil the country: the SolarWinds supply chain attack, and the exploitation of Microsoft Exchange Server vulnerabilities. The concept of government labeling and grading in cybersecurity isn’t entirely new. Some experts have long coveted an Energy Star-style rating system resembling the program that the Environmental Protection Agency and Energy Department use to promote energy-efficient devices. Among them: the Cybersecurity Solarium Commission, which last year recommended that Congress establish a National Cybersecurity Certification and […]

The post Biden administration mulls software security grades after SolarWinds appeared first on CyberScoop.

Continue reading Biden administration mulls software security grades after SolarWinds

Is Congress finally ready to pass meaningful ransomware legislation?

Posted on by

During the entire last two-year session of Congress, lawmakers only signed one bill law that mentioned the word “ransomware.” With the epidemic of digital extortion showing no signs of abating, though, and as ransomware attacks claim ever more victims across all parts of the U.S., evidence is mounting that the next two years could bring a more concerted push for legitlation. “I think it will be a focus because essentially every congressional district has had some kind of ransomware incident, whether public or not,” said Michael Garcia, a senior policy adviser in the national security program at Third Way, a center-left think tank. “Just look at the number of hospitals getting hit, of schools being hit.” In one recent incident, a Mississippi public school system revealed it had paid $300,000 to ransomware attacks, while a U.S. medical company, Universal Health Services, said it lost $67 million as a result of […]

The post Is Congress finally ready to pass meaningful ransomware legislation? appeared first on CyberScoop.

Continue reading Is Congress finally ready to pass meaningful ransomware legislation?

Congress is starting to move on more cyber bills, even if few become law

Posted on by

Congress dramatically ratcheted up the number of cybersecurity bills introduced in the last two years compared to the prior session of Congress, but that didn’t equate to much more of it becoming law, according to a think tank study out today. And while cybersecurity legislation remained a relative oasis of bipartisanship, that tendency sharply dropped off when it came to election security, found the tally from Third Way — which CyberScoop is first reporting. The findings offer potential insights into how the issue is evolving, and where it might go next, even if the trends don’t lend themselves to a simple explanation. In all, lawmakers introduced 316 cybersecurity bills in the 116th Congress that ran from 2019 to 2020, a 40% increase from the 115th Congress. That continues a trend that took off in that session of Congress: The 114th Congress saw just 22 cybersecurity measures offered, the center-left think […]

The post Congress is starting to move on more cyber bills, even if few become law appeared first on CyberScoop.

Continue reading Congress is starting to move on more cyber bills, even if few become law

Watchdog suggests State Department should have used ‘evidence’ to explain new cyber bureau

Posted on by

Government auditors concluded in a withering, deadpan report Thursday that the State Department should have used “data and evidence to justify its proposal” to establish a new cyber-focused bureau. Just before the Trump administration wound down, the State Department said it would create a Bureau of Cyberspace Security and Emerging Technologies, drawing fire from the chairman of the House Foreign Affairs Committee, Rep. Gregory Meeks, D-N.Y., who said he agreed that State needed a cyber bureau but that its last-minute proposal was “ill-suited” for the job. The Government Accountability Office reviewed the Jan. 7 proposal, and found that State “has not demonstrated that it used data and evidence to support its proposal, particularly for the bureau’s focus and organizational placement.” “Without developing evidence to support its proposal for the new bureau, State lacks needed assurance that the proposal will effectively set priorities and allocate appropriate resources for the bureau to […]

The post Watchdog suggests State Department should have used ‘evidence’ to explain new cyber bureau appeared first on CyberScoop.

Continue reading Watchdog suggests State Department should have used ‘evidence’ to explain new cyber bureau

Does the U.S. Need a National Cyber Strategy?

Posted on by

As high-profile hacks mount, should the government be involved in creating and enforcing a national cyber strategy? The number of identified companies and government entities that were among the 17,000+ compromised in the SolarWinds backdoor injection… Continue reading Does the U.S. Need a National Cyber Strategy?

Lawmakers throw cold water on splitting Cyber Command from NSA

Posted on by

Although Pentagon officials have suggested in recent days that the nation’s offensive cyber arm should split away from the National Security Agency, Cyber Command is a long way from being ready to stand on its own, according to a bipartisan group of lawmakers. The proposal, which some DOD officials have been entertaining in the last several days, would separate out the command from the Department of Defense’s foreign signals intelligence agency, which it has been co-located with for 10 years in order to help it find its footing. Both the NSA and Cyber Command are currently run by the same leader, Gen. Paul Nakasone, and some critics say the Trump administration has been interested in separating the two in order to carve out a leadership spot for a political ally at the helm of the NSA before his time in the Oval Office expires, according to The Washington Post. But […]

The post Lawmakers throw cold water on splitting Cyber Command from NSA appeared first on CyberScoop.

Continue reading Lawmakers throw cold water on splitting Cyber Command from NSA

A look inside Congress’ biggest cyber bill ever

Posted on by

Congress this week is slated to pass what just might be the most significant cybersecurity legislation ever. This year’s annual defense policy bill, known as the National Defense Authorization Act (NDAA), is loaded with provisions that would reshape the federal bureaucracy on cybersecurity. It would create a national cyber director in the White House and strengthen the Department of Homeland Security’s Cybersecurity and Information Security Agency (CISA), among other changes. “I believe it’s safe to say that this is the most important piece of cybersecurity legislation ever passed” should the final bill advance this week, said Sen. Angus King, I-Maine, who co-chaired the Cyberspace Solarium Commission that produced many of the proposals in the legislation. Mark Montgomery, executive director of the commission, called it “the most substantive” cyber legislation Congress will have passed. Others agree. “I think that’s true, 100%,” said Jonathan Reiber, a former Defense Department cybersecurity official during […]

The post A look inside Congress’ biggest cyber bill ever appeared first on CyberScoop.

Continue reading A look inside Congress’ biggest cyber bill ever

Congress set to establish White House national cyber director, enact other Solarium Commission recommendations

Posted on by

Congress is on the verge of creating a Senate-confirmed national cyber director within the White House who would advise the president on cybersecurity and coordinate the federal government’s related work. And supporters say it would improve on a White House czar position that President Donald Trump controversially eliminated: In addition to Senate confirmation, it would be housed outside of, rather than under, the National Security Council. Multiple sources familiar with negotiations on an annual must-pass defense policy bill say that the final agreement will include the national cyber director position. And it will largely reflect a proposal by the Cyberspace Solarium Commission, which earlier this year put together a comprehensive report that made sweeping recommendations. The Trump White House had opposed the creation of the position. It’s not the only major recommendation from the Solarium Commission that was included in the legislation, either, according to those sources. It would grant the Department of Homeland Security the power to […]

The post Congress set to establish White House national cyber director, enact other Solarium Commission recommendations appeared first on CyberScoop.

Continue reading Congress set to establish White House national cyber director, enact other Solarium Commission recommendations

Why the Biden administration needs a National Cyber Director more than ever

Posted on by

As the Biden-Harris administration thinks about cyber appointments and cyber strategy for the first 100 days of the administration, appointing a National Cyber Director role requiring Senate confirmation is critical. The National Cyber Director will coordinate, support, and deconflict efforts on cyber, technology, and related issues led by executive branch agencies, engage the private sector to build trust and advance shared priorities, and represent the administration at home and abroad on cyber. The administration will face a number of cybersecurity and technology challenges upon entering the White House. Effective mobilization and coordination of the government, and engagement with industry and civil society requires a coordinated strategy led by an empowered National Cyber Director who is responsible for the work. That person also must be able to hold federal agencies accountable. The cybersecurity landscape has only grown more complex since President-Elect Biden left office as vice president. Election security, foreign investment […]

The post Why the Biden administration needs a National Cyber Director more than ever appeared first on CyberScoop.

Continue reading Why the Biden administration needs a National Cyber Director more than ever