Key lawmakers to CISA: Let us send you more money, power

The Department of Homeland Security’s cyber division, a key government agency charged with helping stop and respond to cyberattacks, might be getting ready for a bigger role in the spotlight.  One key House committee advanced legislation in July to give the Cybersecurity and Infrastructure Security Agency an extra $400 million. Then, another committee on Sept. 14 separately advanced its take on legislation that would provide an additional nearly $800 million to the agency, which has a $2 billion total budget in the current fiscal year. Those proposed funds come on top of another extra $650 million that Congress and President Joe Biden already provided to CISA in March through the American Rescue Plan focused on COVID-19 relief. And the recent moves on Capitol Hill to bolster CISA, an agency formally established only three years ago, aren’t limited to cash. Both chambers of Congress are contemplating legislation that would make CISA the […]

The post Key lawmakers to CISA: Let us send you more money, power appeared first on CyberScoop.

Continue reading Key lawmakers to CISA: Let us send you more money, power

Pentagon office left military designs for body armor, vehicle gear open to hackers, watchdog finds

The office in charge of the U.S. military’s 3D printing left designs for defense technology vulnerable to theft by hackers and adversaries, according to a watchdog report made public on Wednesday. If left unfixed, the security gaps could lead to a number of nightmare scenarios, including adversaries stealing military designs, compromising Department of Defense networks or even introducing flaws into design data that could make its way into battlefield products, the report’s authors concluded. Designs included blueprints for protective body armor, tactical vehicle gear, weapons systems brackets and prosthetic body parts, according to the report. The report found that officials were unaware that the systems connected to local networks and the internet. Because the systems were miscategorized, the office failed to conduct a risk assessment required by the department altogether. Officials also failed to monitor removable media entering the systems. The security gaps would have left a plethora of entry […]

The post Pentagon office left military designs for body armor, vehicle gear open to hackers, watchdog finds appeared first on CyberScoop.

Continue reading Pentagon office left military designs for body armor, vehicle gear open to hackers, watchdog finds

Biden budget seeks $750 million to respond to SolarWinds compromises, plus billions more for cyber

President Joe Biden’s fiscal 2022 budget blueprint released Friday proposes $750 million for the federal government to respond to “lessons learned” from the SolarWinds supply chain hack that compromised nine agencies. In all, the budget proposes $9.8 billion in federal civilian cybersecurity funding, a 14% increase from the spending levels allocated for the current fiscal year, according to a summary. That number doesn’t take into account Defense Department funding requests, which would represent another large chunk of money, though that amount isn’t precisely spelled out in four documents shared Friday with reporters in advance of public release. “Cybersecurity is a top priority for this Administration, and recent events, such as the SolarWinds cyber incident, have shown that adversaries continue to target Federal systems,” one budget document reads. The blueprint also requests $15 million for the recently-created national cyber director office in the White House, and $20 million for a new […]

The post Biden budget seeks $750 million to respond to SolarWinds compromises, plus billions more for cyber appeared first on CyberScoop.

Continue reading Biden budget seeks $750 million to respond to SolarWinds compromises, plus billions more for cyber

DOD expands vulnerability disclosure program, giving hackers more approved targets

The Pentagon is letting outside hackers go after more Department of Defense targets than ever before, in an effort to find DOD’s vulnerabilities before foreign hackers do, DOD announced Wednesday. The program, “Hack the Pentagon,” is expanding the number of DOD targets that ethical hackers can go after to try to ferret out vulnerabilities, according to the announcement. The program, which launched in 2016, previously allowed cybersecurity professionals to test DOD systems when it involved public-facing websites and applications. Now interested hackers may go after all publicly-accessible DOD information systems, including publicly-accessible networks, Internet of Things devices and industrial control systems, according to DOD. “This expansion is a testament to transforming the government’s approach to security and leapfrogging the current state of technology within DOD,” said Brett Goldstein, the director of the Defense Digital Service (DDS). The DOD Cyber Crime Center, which oversees the program, said the expansion was always […]

The post DOD expands vulnerability disclosure program, giving hackers more approved targets appeared first on CyberScoop.

Continue reading DOD expands vulnerability disclosure program, giving hackers more approved targets

Biden’s cyber executive order to include new rules for federal agencies, contractors

Under a forthcoming White House order, companies that do business with the federal government would have to meet software security standards and swiftly report cyber incidents to a new entity within the Department of Homeland Security, sources familiar with a draft version of the document said. The order, which could be made public in a matter of weeks, is meant to improve the government’s ability to detect, coordinate, response to and investigate cybersecurity incidents, as well as promote supply chain security and push government contractors to up their defenses. It is spurred largely by the suspected Russian campaign in which hackers exploited the update process for SolarWinds’ Orion software, which led to the compromise of nine federal agencies and roughly 100 companies, the White House previously said. Some of the order’s measures are aimed at strengthening DHS and its Cybersecurity and Infrastructure Security Agency. The White House directive would establish […]

The post Biden’s cyber executive order to include new rules for federal agencies, contractors appeared first on CyberScoop.

Continue reading Biden’s cyber executive order to include new rules for federal agencies, contractors

SolarWinds CEO talks hack, remaining questions before Capitol Hill hearings

The chief executive of SolarWinds on Monday said his company is still seeking a fuller understanding of the scope of the hack on its Orion software — and laying the groundwork for what SolarWinds, as well as the federal government, should be doing next. “What we are… still learning is the breadth and depth of the sophistication of the attackers, number one,” Sudhakar Ramakrishna said at a Center for Strategic and International Studies online event where he noted that the company’s investigation into what happened is ongoing. “Number two is the patience with which they carried out these attacks, and obviously the persistence,” he said, citing as an example that the hackers appeared to use earlier versions of Orion code as a test bed for their eventual attack. Ramakrishna took over as CEO weeks after news about the hack of SolarWinds’ updates to its Orion software had become public. The […]

The post SolarWinds CEO talks hack, remaining questions before Capitol Hill hearings appeared first on CyberScoop.

Continue reading SolarWinds CEO talks hack, remaining questions before Capitol Hill hearings

The NSA has a new interim cybersecurity director

Dave Luber is serving as the National Security Agency’s cybersecurity director in an interim manner as the agency transitions in new leadership in the Biden administration, CyberScoop has learned. The Biden administration this month tapped the most recent director, Anne Neuberger, to join the White House National Security Council. And while the NSA Cybersecurity Directorate recently selected Rob Joyce, the NSA’s top intelligence liaison in the U.K., to take on the role as NSA cybersecurity director, he has not yet taken up the reins. Luber, a longtime NSA and Cyber Command employee, previously served as the executive director of Cyber Command, the Department of Defense’s offensive and defensive cyber-operations arm. In that role, as the third-in-command and highest-ranking civilian post at Cyber Command, Luber led approximately 12,000 personnel, including those who work to defend Pentagon networks from intruders and those who run military cyber-operations in support of the U.S. military’s […]

The post The NSA has a new interim cybersecurity director appeared first on CyberScoop.

Continue reading The NSA has a new interim cybersecurity director

Michael Sulmeyer, who held cyber posts under Trump and Obama, gets Biden White House gig

Michael Sulmeyer, a senior adviser to National Security Agency and U.S. Cyber Command leader Gen. Paul Nakasone, will take the position of senior director for cyber in the Biden White House. Sulmeyer’s selection came with no formal announcement. Instead, the transition website posted his position Monday evening. Sulmeyer is a cybersecurity veteran with broad experience, one of many to join the Biden administration. He’s also one of several whose tenures have included roles in the Trump administration. Beyond serving under Nakasone, he also served in the Obama administration at the Defense Department, where he was director for plans and operations for cyber policy. Between roles in the Trump and Obama administrations, he was director of the Belfer Center’s Cyber Security Project at the Harvard Kennedy School. He also wrote extensively for Lawfare on subjects like election security, federal cybersecurity strategy and DOD-related cybersecurity issues. In the past, the National Security […]

The post Michael Sulmeyer, who held cyber posts under Trump and Obama, gets Biden White House gig appeared first on CyberScoop.

Continue reading Michael Sulmeyer, who held cyber posts under Trump and Obama, gets Biden White House gig

NSA Urges SysAdmins to Replace Obsolete TLS Protocols

The NSA released new guidance providing system administrators with the tools to update outdated TLS protocols. Continue reading NSA Urges SysAdmins to Replace Obsolete TLS Protocols

Lawmakers throw cold water on splitting Cyber Command from NSA

Although Pentagon officials have suggested in recent days that the nation’s offensive cyber arm should split away from the National Security Agency, Cyber Command is a long way from being ready to stand on its own, according to a bipartisan group of lawmakers. The proposal, which some DOD officials have been entertaining in the last several days, would separate out the command from the Department of Defense’s foreign signals intelligence agency, which it has been co-located with for 10 years in order to help it find its footing. Both the NSA and Cyber Command are currently run by the same leader, Gen. Paul Nakasone, and some critics say the Trump administration has been interested in separating the two in order to carve out a leadership spot for a political ally at the helm of the NSA before his time in the Oval Office expires, according to The Washington Post. But […]

The post Lawmakers throw cold water on splitting Cyber Command from NSA appeared first on CyberScoop.

Continue reading Lawmakers throw cold water on splitting Cyber Command from NSA