Threat awareness, cloud security, quantum computing among chief agency cyber policy priorities ahead

The interim Federal Chief Information Security Officer spelled out some 2025 agenda items for feds at CyberTalks.

The post Threat awareness, cloud security, quantum computing among chief agency cyber policy priorities ahead appeared first on CyberScoop.

Continue reading Threat awareness, cloud security, quantum computing among chief agency cyber policy priorities ahead

NSA cyber director explains why US missed suspected Russian espionage operation

When Russia’s Foreign Intelligence Service staged a sweeping espionage campaign targeting hundreds of U.S. companies and federal government agencies last year, it was a private sector cybersecurity firm that first uncovered the operation, not the U.S. government. Lawmakers have asked in recent weeks why the U.S. intelligence community appears to have gaps in its visibility into foreign hacking, and whether the National Security Agency needs new surveillance authorities. But the NSA’s cybersecurity director, Rob Joyce, suggested that that may not be the best solution. “Inside the U.S. you would expect us to have the best tools and capabilities, but instead what we’re finding — in General Nakasone’s words — is we don’t even see the dots, let alone connect the dots,” Joyce said at CyberTalks, a summit presented by CyberScoop. The NSA Cybersecurity Directorate, which Joyce leads, is responsible for preventing and eradicating threats from foreign hackers targeting U.S. entities. […]

The post NSA cyber director explains why US missed suspected Russian espionage operation appeared first on CyberScoop.

Continue reading NSA cyber director explains why US missed suspected Russian espionage operation

DOJ efforts to weaken encryption place national security at risk, congressman says

Rep. Ro Khanna has one message for politicians who continue to suggest technology companies should give law enforcement agencies access to encrypted data: This is a power grab. The U.S. Department of Justice has long called for technology firms to create software that would allow law enforcement agencies to investigate suspects who use encryption to hide illegal behavior. For Khanna, a California Democrat, the tradeoff is too dangerous. Legislation that enables law enforcement to crack strong security measures in order to root out some criminals, while also but leaving other people’s communications exposed, just is not worth it, he said Wednesday during CyberTalks, a virtual event produced by CyberScoop. “What I worry about is at a time where we already have an imbalance between the power of the U.S. government and the power of corporations and the individual, is it would shift more power to the tech companies and the government,” he said. “If you […]

The post DOJ efforts to weaken encryption place national security at risk, congressman says appeared first on CyberScoop.

Continue reading DOJ efforts to weaken encryption place national security at risk, congressman says

Why social media disinformation represents such a security threat

Disinformation works on you, too. Coordinated social media campaigns aimed at influencing public opinion, both in the U.S. and abroad, represent such a threat to democratic discourse because propagandists seize on emotional conversations with little accountability. By using Facebook and Twitter to plant misinformation, attackers implicitly nudge readers into the kind of tunnel vision that accelerates a cycle of mistrust, according to two researchers who have spent years examining the issue. Graham Brookie, the director and managing editor of the Atlantic Council’s Digital Forensic Research Lab, and Nina Jankowicz, author of “How to Lose the Information War,” said during a panel Tuesday that stopping disinformation requires the kind of cooperation that increasingly is difficult to find in American society. “The tricky thing about disinformation is that everybody thinks of it as somebody else’s problem, right?” Brookie said Tuesday during CyberTalks, a virtual summit hosted by CyberScoop. “We’re all looking at social […]

The post Why social media disinformation represents such a security threat appeared first on CyberScoop.

Continue reading Why social media disinformation represents such a security threat

Anti-stalkerware group still working to protect domestic abuse victims

When it comes to stamping out the kind of surveillance software that domestic abusers use to spy on their romantic partners, there’s still a long way to go. Security firms, victim advocacy groups and anti-domestic abuse organizations combined forces roughly a year ago to bring an end to stalkerware, the kind of technology that people use to monitor their domestic partners’ devices. The group, known as the Coalition Against Stalkerware, has made progress in the past 12 months or so, though there’s still a long road ahead, said Eva Galperin, the director of cybersecurity at the Electronic Frontier Foundation, one of the founding members of the coalition. The surveillance can be incredibly intrusive — stalkerware can monitor targets’ geolocation, texts, phone calls, cameras, and more — and especially during a pandemic, can be used to box in abuse victims and isolate them from external help and resources. Targets of stalkerware often aren’t aware […]

The post Anti-stalkerware group still working to protect domestic abuse victims appeared first on CyberScoop.

Continue reading Anti-stalkerware group still working to protect domestic abuse victims

Justice official: U.S. private and public sectors face the same Chinese spying tactics

Chinese spies are trying the same tactics to steal intellectual property from U.S. companies as they use to cultivate assets from U.S. national security circles, a top Department of Justice official has warned the private sector. Chinese intelligence officers have looked to recruit employees at U.S. companies and use that foothold to steal trade secrets in sophisticated operations, according to John Demers, the assistant attorney general for national security. Intelligence agencies, companies and research institutes in China are also coordinating deeply to pinpoint the data they want, Demers said Thursday at CyberTalks in Washington, D.C. “[C]learly, I think our cases reflect an increased focus by the [Chinese] intelligence services to do this kind of intellectual property collection,” Demers said, referring to cyber-enabled theft. The department last year tapped Demers to lead a new task force dedicated to combatting alleged Chinese economic espionage. Under the initiative, FBI officials are reaching out universities to warn them of the risk of intellectual property theft, while prosecutors are […]

The post Justice official: U.S. private and public sectors face the same Chinese spying tactics appeared first on CyberScoop.

Continue reading Justice official: U.S. private and public sectors face the same Chinese spying tactics

Coats: ODNI has seen ‘no evidence’ of supply chain hack detailed in Bloomberg story

Director of National Intelligence Dan Coats told CyberScoop on Thursday that he’s seen no evidence of Chinese actors tampering with motherboards made by Super Micro Computer, becoming the latest national security official to question a Bloomberg report that stated the company was the victim of a supply chain hack. “We’ve seen no evidence of that, but we’re not taking anything for granted,” Coats told CyberScoop. “We’ve haven’t seen anything, but we’re always watching.” The comments came before a speech Coats delivered at CyberTalks, where the director touched on supply chain threats as one facet the administration is focused on when it comes to cybersecurity threats. “Be aware of supply chain threats,” Coats said in his speech. “Understand that cyberthreats to your supply chain are an insidious problem that can jeopardize the integrity of your products.” The remarks come after a cover story in Bloomberg Businessweek stated that Chinese intelligence agents […]

The post Coats: ODNI has seen ‘no evidence’ of supply chain hack detailed in Bloomberg story appeared first on Cyberscoop.

Continue reading Coats: ODNI has seen ‘no evidence’ of supply chain hack detailed in Bloomberg story

The key to protecting the midterms is resilience for election systems, experts say

With less than three weeks until the midterm elections, a lot of work has gone into preparing for the threat of election interference. But experts speaking at the CyberTalks conference on Thursday acknowledged that disaster could still strike, and that the officials who run U.S. elections have to be armed with proper resources and resilient systems. “We’re not seeing activity right now relating to direct election hacking. We’re not seeing anything right now along the lines of 2016, and that frankly makes me a little nervous,” said Homeland Security Undersecretary Chris Krebs. “So we’re working aggressively with our partners, the state and local [officials] to work through what an adversary could do with a two-and-a-half-week lead-up to the midterm elections.” U.S. intelligence officials have stressed over the past two years that Russia attempted to interfere in the 2016 election. Krebs said the hope is now to avoid a “failure of […]

The post The key to protecting the midterms is resilience for election systems, experts say appeared first on Cyberscoop.

Continue reading The key to protecting the midterms is resilience for election systems, experts say

Why DHS is telling all feds to implement DMARC email security

An email security program that the Department of Homeland Security has made mandatory for U.S. agencies will stop hackers, online scammers and spies from impersonating federal email addresses — and boy, is it ever needed. It comes as new figures suggest that more than 1 in 4 emails from .gov addresses might be malicious criminal spam. Domain-based Message Authentication, Reporting and Conformance (DMARC) is the industry standard measure to prevent the spoofing of emails — when hackers make their messages appear as if they come from trusted correspondents, explained DHS Assistant Secretary for Cybersecurity and Communications Jeanette Manfra. “It’s a reasonable action that agencies can take; it’s in line with industry best practices; and it has broad, scalable impact across the whole [online] ecosystem,” Manfra told CyberScoop in an interview, outlining her rationale. “It was one of the first things we started work on” after she was appointed acting assistant secretary earlier this year. Agari, a company […]

The post Why DHS is telling all feds to implement DMARC email security appeared first on Cyberscoop.

Continue reading Why DHS is telling all feds to implement DMARC email security

DOJ examines controversial new ‘hack back’ bill

Washington is waiting and watching for the Department of Justice to weigh in on the newly introduced Active Cyber Defence Certainty (ACDC) Act, a controversial proposal to legalize companies’ ability to “hack back” after being targeted in cyberattacks. Speaking at CyberTalks in Washington, D.C., on Wednesday, DOJ special counsel Leonard Bailey said the department is still looking at the House bill, and he commended co-sponsors Tom Graves, R-Ga. and Kyrsten Sinema, D-Ariz. for taking a years-long discussion “and actually producing legislative text.” “We look forward to thinking about that and figuring out what that balance looks like,” Bailey said. The DOJ’s position on ACDC is crucial because the bill would amend the Computer Fraud and Abuse Act (CFAA) as well as requiring law enforcement oversight and reports to the government by “entities that use active-defense techniques,” Graves explained last week when the newest version of the bill was introduced. NSA Director Adm. Mike Rogers warned Congress in May […]

The post DOJ examines controversial new ‘hack back’ bill appeared first on Cyberscoop.

Continue reading DOJ examines controversial new ‘hack back’ bill