Collaborate Disseminate
Eric Goldstein spoke with CyberScoop about where the Cybersecurity and Infrastructure Security Agency has made progress, lessons learned and what’s next.
The post Departing top CISA official reflects on nearly four years in the cyber hot seat appeared first on CyberScoop.
Continue reading Departing top CISA official reflects on nearly four years in the cyber hot seat
Goldstein has served as the executive assistant director for cybersecurity and worked on a number of key priorities for the agency.
The post Top CISA official Eric Goldstein to depart agency next month appeared first on CyberScoop.
Continue reading Top CISA official Eric Goldstein to depart agency next month
Executive assistant director for cybersecurity says the current model “does not account for the capability and the acceleration of the adversaries who we’re up against.”
The post CISA’s Goldstein wants to ditch ‘patch faster, fix faster’ model appeared first on CyberScoop.
Continue reading CISA’s Goldstein wants to ditch ‘patch faster, fix faster’ model
During the 2023 RSA Conference, top officials provided rare insight into sharing information to protect U.S. networks from malicious hackers.
The post Collaboration between CISA, Cyber Command thwarted dangerous cyberattacks, officials said appeared first on CyberScoop.
The ransomware has previously received little public scrutiny.
The post FBI, CISA, Treasury: North Korean hackers taking aim at health care with Maui ransomware appeared first on CyberScoop.
While CISA says the catalog is catching on, some think it needs improvement.
The post How CISA’s list of “must-patch” vulnerabilities has expanded in both size, and in who’s using it appeared first on CyberScoop.
Eric Goldstein said agencies are focusing hard on adopting MFA, but some are dealing with older IT.
The post Multifactor authentication could be long haul for some federal agencies, CISA official says appeared first on CyberScoop.
Federal officials cautioned Monday that, while the widespread Log4j vulnerability hasn’t led to any major known intrusions in the U.S., there could be a “lag” between when the flaw became known, and when attackers exploit it. Cybersecurity and Infrastructure Security Agency Director Jen Easterly said that there were months between the discovery of the vulnerability that led to the 2017 Equifax breach, which exposed the personal information of nearly 150 million Americans, and word of the breach itself, invoking one of the most notable hacks in history. “We do expect Log4j to be used in intrusions well into the future,” Easterly said on a call with reporters. “There may be a lag between when this vulnerability is being used and when it is being actively deployed.” Apache Struts, an open-source tool, was at the center of the Equifax breach, and Apache’s Log4j is a ubiquitous open-source logging tool. Easterly said […]
The post If hackers are exploiting the Log4j flaw, CISA says we might not know yet appeared first on CyberScoop.
Continue reading If hackers are exploiting the Log4j flaw, CISA says we might not know yet
A top government cyber official said Tuesday that the Cybersecurity and Infrastructure Security Agency hasn’t seen hackers compromise federal agencies by exploiting the Apache Log4j vulnerability — but the agency’s still fearful of widespread attacks stemming from it. Most of all, CISA’s Eric Goldstein said during a phone call Tuesday evening, the government is eager for help from the public in assembling a comprehensive list of all the products that might be susceptible to hackers using the vulnerability, known as Log4Shell in the widely deployed logging library, which the agency expects could affect hundreds of millions of devices or more. CISA and private sector cybersecurity investigators have struck exceptionally dire notes about the potential fallout that have not, as of yet, come to fruition. It’s that unknown potential, however, that has prompted CISA to try to get organizations to patch their systems and take other steps to secure them. “Certainly […]
The post CISA probes scope, potential fallout of Log4j vulnerability appeared first on CyberScoop.
Continue reading CISA probes scope, potential fallout of Log4j vulnerability
A winning streak of hitting deadlines under President Joe Biden’s ambitious May cybersecurity executive order is widely expected to end Monday, affecting changes that administration officials have touted most: implementing multifactor authentication and encryption at all civilian federal agencies. Multifactor authentication — which requires users to access websites and systems by entering a password and also using a second device to verify their identity — could prevent 80% to 90% of all successful cyberattacks, Deputy National Security Adviser for Cyber and Emerging Technologies Anne Neuberger said in September. Encryption is another of the handful of technologies the administration has emphasized that “dramatically reduce the risk of attack,” Neuberger has said. The executive order’s goal was to set “aggressive but achievable” deadlines, officials have repeatedly said, and “We’ve met each timeline along the way,” Neuberger said in October. As important as multifactor authentication (MFA) and encryption are, however, current and former […]
The post Feds likely to fall short of deadline for strengthening encryption, multifactor authentication appeared first on CyberScoop.