Biden administration is studying whether to strip DOD of Trump-era cyber authorities

The Biden administration is considering revising the Trump-era policy which gave broad cyber authorities to the Department of Defense and Cyber Command.

The post Biden administration is studying whether to strip DOD of Trump-era cyber authorities appeared first on CyberScoop.

Continue reading Biden administration is studying whether to strip DOD of Trump-era cyber authorities

Biden budget requests big increase for cybersecurity

DHS would get the biggest slice of the federal cybersecurity budget request at $2.6 billion.

The post Biden budget requests big increase for cybersecurity appeared first on CyberScoop.

Continue reading Biden budget requests big increase for cybersecurity

Biden administration seeks money to bolster Ukraine war-related cybersecurity at home, abroad

The Biden administration is requesting additional funds from Congress to help Ukraine with its digital defenses, strengthen cybersecurity in Europe and enhance U.S. capabilities to respond to the fallout from the Russian invasion. The overall fiscal 2022 supplemental request, sent to Capitol Hill this week, seeks $10 billion in Ukraine-related needs and $22.5 billion in funding related to COVID-19. Among the bigger pots of cybersecurity-focused funding the administration is requesting is $1.25 billion for the Defense Department to assist Ukraine with support on “operational surges across multiple national defense components, including accelerated cyber capabilities, weapons systems upgrades, increased intelligence support, and classified programs.” A $1.75 billion request for the State Department to provide economic aid to Ukraine includes support for “continuity of government” and resilience work, including cybersecurity and efforts to counter disinformation. Other funds sought for Ukraine assistance include Department of Energy money to evaluate cybersecurity needs for connecting Ukraine’s […]

The post Biden administration seeks money to bolster Ukraine war-related cybersecurity at home, abroad appeared first on CyberScoop.

Continue reading Biden administration seeks money to bolster Ukraine war-related cybersecurity at home, abroad

‘Russian state-sponsored cyber actors’ cited in hacks of U.S. defense contractors

For more than two years, “Russian state-sponsored cyber actors” have targeted the emails and other data of U.S. defense contractors that handle sensitive information about weapons development, computer systems, intelligence-gathering technology and more, the federal government warned Wednesday. The alert from the Cybersecurity and Infrastructure Security Agency said cleared defense contractors (CDCs) are the primary victims of the breaches. Those companies are authorized by the Department of Defense to access, receive and store classified information as part of their contracting work. The alert does not say whether classified information was accessed. The attackers, however, have been able to “acquire sensitive, unclassified information, as well as CDC-proprietary and export-controlled technology,” the alert said, by focusing on “enterprise and cloud networks, prioritizing their efforts against the widely used Microsoft 365 (M365) environment.” “The acquired information provides significant insight into U.S. weapons platforms development and deployment timelines, vehicle specifications, and plans for communications […]

The post ‘Russian state-sponsored cyber actors’ cited in hacks of U.S. defense contractors appeared first on CyberScoop.

Continue reading ‘Russian state-sponsored cyber actors’ cited in hacks of U.S. defense contractors

White House hosts open-source software security summit in light of expansive Log4j flaw

Tech giants and federal agencies will meet at the White House on Thursday to discuss open-source software security, a response to the widespread Log4j vulnerability that’s worrying industry and cyber leaders. Among the attendees are companies like Apple, Facebook and Google, as well as the Apache Software Foundation, which builds Log4j, a ubiquitous open-source logging framework for websites. “Building on the Log4j incident, the objective of this meeting is to facilitate an important discussion to improve the security of open source software — and to brainstorm how new collaboration could rapidly drive improvements,” a senior administration official said in advance of the meeting. The huddle convenes in light of a vulnerability discovered last month known as Log4Shell that could affect up to hundreds of millions of devices, and as federal officials, businesses and security researchers race to contain the potential fallout. It’s the latest of several Biden White House summits […]

The post White House hosts open-source software security summit in light of expansive Log4j flaw appeared first on CyberScoop.

Continue reading White House hosts open-source software security summit in light of expansive Log4j flaw

DHS establishes its own bug bounty program, offering outsiders $500 to $5K for discovering flaws

The Homeland Security Department is launching a bug bounty program to invite researchers to probe its systems for flaws, DHS Secretary Alejandro Mayorkas said Tuesday. Under the “Hack DHS” initiative Mayorkas discussed at the Bloomberg Technology Summit, ethical hackers would receive between $500 and $5,000 for identifying vulnerabilities, depending on their severity. The department would verify flaws within 48 hours and fix them within 15 days, or for complex bugs, develop a plan to do so during that period. “We’re focused not only on protecting and enhancing the cybersecurity of the private sector and of the federal government at large but, of course, we as a department have to lead by example and so what we are very focused on is identifying vulnerabilities and addressing or remediating those vulnerabilities,” Mayorkas said. DHS is later to the bug bounty trend than some other federal agencies, with the Defense Department initiating its […]

The post DHS establishes its own bug bounty program, offering outsiders $500 to $5K for discovering flaws appeared first on CyberScoop.

Continue reading DHS establishes its own bug bounty program, offering outsiders $500 to $5K for discovering flaws

Cyber incident reporting mandates suffer another congressional setback

House and Senate negotiators have excluded provisions from a must-pass defense bill that would have mandated many companies to report major cyberattacks and ransomware payments to federal officials. A compromise version of the fiscal 2022 National Defense Authorization Act (NDAA) released Tuesday leaves out the language, which would set timeframes for when critical infrastructure owners and operators must report major incidents and some companies would have to report making ransomware payments. Supporters of the language ran out of time to reach an agreement on the final phrasing before NDAA sponsors moved ahead on their final compromise bill, a senior Senate aide said. It’s a big setback for backers of the reporting mandates, as attaching provisions to the annual NDAA has been the path for a number of monumental cyber ideas to become law. Still, some key disputes over the reporting mandate provisions have been resolved, and backers might be able […]

The post Cyber incident reporting mandates suffer another congressional setback appeared first on CyberScoop.

Continue reading Cyber incident reporting mandates suffer another congressional setback

‘Almost every nation’ now has cyber vulnerability exploitation program, NSA official says

Nearly every country on the planet now has a program to exploit digital vulnerabilities, a top National Security Agency cyber official said Wednesday, and while most are focused on espionage, more are beginning to experiment with more aggressive techniques. Rob Joyce, director of cybersecurity at the NSA, said there’s a lot of focus on China, Iran, North Korea and Russia, but those countries, which he described as the “big four,” are not the only nations weaponizing technology. “Almost every nation in the world now has a cyber exploitation program. The vast majority of those are used for espionage and intelligence purposes,” Joyce said at the Aspen Cyber Summit. “There is interest in dabbling in offensive cyber and outcomes.” Even some smaller nations have proven to be advanced, Joyce said. It’s just that they’re usually more confined in how they pursue their national interests, by things like the amount of money […]

The post ‘Almost every nation’ now has cyber vulnerability exploitation program, NSA official says appeared first on CyberScoop.

Continue reading ‘Almost every nation’ now has cyber vulnerability exploitation program, NSA official says

NSA, CISA share guidelines for securing VPNs as hacking groups keep busy

Cautioning that foreign government-backed hackers are actively exploiting vulnerabilities in virtual private network devices, the National Security Agency and the Department of Homeland Security’s cyber wing on Tuesday published guidelines for securing VPNs. While the advice is broad, the NSA and DHS’ Cybersecurity and Infrastructure Security Agency specifically said it would help protect the Defense Department, national security systems and defense contractors against such advanced persistent threat groups, a term that typically refers to state-sponsored hacking groups. The NSA has specifically warned in the past about Chinese hackers exploiting VPN vulnerabilities, as has CISA, but the history of advanced groups seizing on VPN vulnerabilities is far broader and lengthier. “VPN servers are entry points into protected networks, making them attractive targets,” Rob Joyce, director of cybersecurity at the NSA, said on Twitter. “APT actors have and will exploit VPNs.” In one case, the FBI warned in May about hackers leveraging […]

The post NSA, CISA share guidelines for securing VPNs as hacking groups keep busy appeared first on CyberScoop.

Continue reading NSA, CISA share guidelines for securing VPNs as hacking groups keep busy

Key lawmakers to CISA: Let us send you more money, power

The Department of Homeland Security’s cyber division, a key government agency charged with helping stop and respond to cyberattacks, might be getting ready for a bigger role in the spotlight.  One key House committee advanced legislation in July to give the Cybersecurity and Infrastructure Security Agency an extra $400 million. Then, another committee on Sept. 14 separately advanced its take on legislation that would provide an additional nearly $800 million to the agency, which has a $2 billion total budget in the current fiscal year. Those proposed funds come on top of another extra $650 million that Congress and President Joe Biden already provided to CISA in March through the American Rescue Plan focused on COVID-19 relief. And the recent moves on Capitol Hill to bolster CISA, an agency formally established only three years ago, aren’t limited to cash. Both chambers of Congress are contemplating legislation that would make CISA the […]

The post Key lawmakers to CISA: Let us send you more money, power appeared first on CyberScoop.

Continue reading Key lawmakers to CISA: Let us send you more money, power