Collaborate Disseminate
The findings, first reported by CyberScoop, come in the first of three phases for the DHS bug bounty program.
The post Hackers find 122 vulnerabilities — 27 deemed critical — during first round of DHS bug bounty program appeared first on CyberScoop.
Rep. Will Hurd, who recently announced he is leaving Congress after his current term is up, has something to get off his chest. The Texas Republican has previously said he thinks the federal government should be able to issue security clearances in one week — but now he says it can be done in three days. “I never thought I would have to work on such a basic issue as this: [Getting a security clearance] shouldn’t take 9 months,” Hurd said Thursday at the Dell Technologies Forum. “I think we can do it in three days.” Currently, the federal government is currently working on overhauling the security clearance process as part of an overhaul known as Trusted Workforce 2.0 — and already in the last several months the government has made some progress on the backlog of applications. Hurd — a former CIA officer — has had a front-row seat for the process […]
The post Security clearance background checks should take three days, Rep. Will Hurd says appeared first on CyberScoop.
Continue reading Security clearance background checks should take three days, Rep. Will Hurd says
When Rep. Will Hurd made news Thursday night, just as the cybersecurity community was preparing to descend on Las Vegas for a week of events, it wasn’t about Hurd’s rescinded offer to speak at the Black Hat conference. The Texas Republican announced he will not seek re-election in 2020, becoming the sixth GOP representative and the third Texan in the past 10 days to announce retirement. Hurd, a former CIA officer, had distinguished himself among lawmakers for his attention to cybersecurity issues, including a support for encryption. He was slated to deliver a keynote address at the Black Hat cybersecurity conference next week until organizers canceled his invitation following a TechCrunch article that questioned the congressman’s voting records on women’s rights issues. In a statement on his website, Hurd said that he “made the decision to not seek reelection for the 23rd Congressional District of Texas in order to pursue opportunities outside the halls […]
The post With Will Hurd’s retirement, Congress loses a key cybersecurity advocate appeared first on CyberScoop.
Continue reading With Will Hurd’s retirement, Congress loses a key cybersecurity advocate
Technology giant Cisco has agreed to pay $8.6 million to settle allegations it knowingly sold video surveillance equipment with security vulnerabilities to federal, state and local government agencies, according to court records unsealed Wednesday. A company whistleblower first informed Cisco in 2008 that a bug in its surveillance software could have enabled hackers to monitor video footage, delete footage and turn on or disable the systems. Government entities including the U.S. Secret Service, the Federal Emergency Management Agency and the New York Police Department had purchased the software, according to the Washington Post, which first reported the news. Cisco’s settlement appears to be the first whistleblower resolution of the False Claims Act, which prohibits defrauding the government, regarding cybersecurity issues. “The tech industry needs to fulfill its professional responsibility to protect the public from their products and services,” whistleblower James Glenn said in a statement. “There’s this culture that tends […]
The post Cisco will pay $8.6 million to settle claims it sold US flawed surveillance software appeared first on CyberScoop.
Federal agencies are “failing to implement basic cybersecurity standards” needed to protect Americans’ personal data and keep the nation’s secrets safe from hackers, a Senate investigation has concluded. The report, which drew on 10 years’ worth of inspector general reports at eight agencies, paints a picture of persistent neglect of standard network defense measures. It comes more than four years after the breach of the Office of Personnel Management, in which alleged Chinese hackers stole sensitive personal data on 22 million current and former federal employees. Lessons from that sweeping compromise of American security clearances still haven’t been heeded, according to the report from the Senate Committee on Homeland Security and Government Affairs’ Permanent Subcommittee on Investigations. “Despite major data breaches like OPM, the federal government remains unprepared to confront the dynamic cyberthreats of today,” laments the report, which covered the departments of Agriculture, Education, Health and Human Services, Homeland […]
The post Senate investigation finds agencies ‘unprepared’ to protect Americans’ data appeared first on CyberScoop.
Continue reading Senate investigation finds agencies ‘unprepared’ to protect Americans’ data
The cybersecurity proposals in the House Armed Services Committee’s draft of the national defense bill for fiscal 2020 include provisions that would create new directives on the Department of Defense’s tech acquisitions and supply chain. Chairman Adam Smith’s mark of the National Defense Authorization Act (NDAA), issued Monday, seeks to prevent the DOD from acquiring foreign telecommunications and video surveillance equipment from companies that could pose security risks to the Pentagon. The provision effectively would ban or suspend contractors and subcontractors from doing business with not just the Pentagon but also the entire U.S. government, too. Chinese-based companies Huawei and ZTE, both of which have been under intense scrutiny by the Trump administration, are not directly named in the provision. The measure appears to align with an executive order the White House issued just last month that seeks to bar U.S. companies from using telecommunications equipment made by foreign firms, with the concern that the gear […]
The post House’s defense bill looks to protect Pentagon’s tech supply chain appeared first on CyberScoop.
Continue reading House’s defense bill looks to protect Pentagon’s tech supply chain
The White House is rolling out an executive order that is intended to bolster the nation’s cybersecurity workforce, senior administration officials told reporters on a call Thursday. The officials detailed a document that includes provisions geared toward the federal government’s employees, as well as education and career development initiatives for the U.S. workforce in general. The goal is to build a “superior cybersecurity workforce,” one official said. The White House wants to create a President’s Cybersecurity Cup competition that “will identify, challenge, and reward the government’s best personnel supporting cybersecurity and cyber excellence,” the officials said. Other elements include allowing cybersecurity employees to rotate among agencies, and using new cybersecurity aptitude tests as part of efforts to reskill federal workers. The employee-rotation idea already has bipartisan support on Capitol Hill, with Senate passage earlier this week of a bill that would put it into action. The Trump administration has embraced reskilling for awhile, too: A program to […]
The post Trump emphasizes federal cybersecurity workforce, education programs in new executive order appeared first on CyberScoop.
When it comes to protecting the federal government from cyberattacks, simplicity is not that simple. That was the underlying message Monday during multiple panels at RSA Public Sector conference in San Francisco, where government cybersecurity experts and the federal contractors that carry out the government’s cybersecurity operations discussed why things are currently complicated and what it will take to make things easier. The government’s ongoing embrace of the cloud is helping move things in the right direction, but because agencies often follow a hybrid cloud model, watching over a government enterprise is still a highly complex task. Kevin Cox, the program manager for the Department of Homeland Security’s Continuous Diagnostics and Monitoring program, said Monday that it’s a challenge to ascertain exactly how each agency has its enterprise configured. “From our perspective, CDM is working with civilian agencies to have a foundation in place to have the proper visibility on […]
The post The struggle with simplifying the government’s cybersecurity efforts appeared first on CyberScoop.
Continue reading The struggle with simplifying the government’s cybersecurity efforts
The Department of Homeland Security should assess the security threat posed by foreign VPN applications to U.S. government employees, a bipartisan pair of senators says. Some popular VPN apps send a phone’s web-browsing data to servers in countries interested in targeting federal personnel, raising “the risk that user data will be surveilled by those foreign governments,” Sens. Marco Rubio, R-Fla., and Ron Wyden, D-Ore., wrote in a letter to DHS Thursday. VPN providers promise to obfuscate the physical location of a web browser, but users are generally at the mercy of those companies’ decisions to collect and log data. The senators cite government warnings about products made by Chinese telecommunications companies and Russian antivirus vendor Kaspersky Lab as examples of the surveillance that certain foreign technology can enable. (Kaspersky and Chinese companies Huawei and ZTE have denied those allegations.) “If U.S. intelligence experts believe Beijing and Moscow are leveraging Chinese and Russian-made technology to surveil Americans, […]
The post Foreign VPN apps need a close look from DHS, senators say appeared first on CyberScoop.
Continue reading Foreign VPN apps need a close look from DHS, senators say
The Department of Homeland Security should push federal agencies to implement stronger encryption practices for government websites visited by federal workers and everyday citizens alike, Sen. Ron Wyden says. Despite significant improvements to government website encryption, some metadata is still transmitted insecurely, revealing the domain names of sites visited by users, Wyden, D-Ore., wrote to DHS Undersecretary Chris Krebs. “Hackers can intercept or hijack the unprotected metadata, tricking users into visiting a malicious site or spying on their activities,” the Oct. 24 letter states. When possible, DHS should require federal agencies to encrypt the online queries employees make to domain name system (DNS) servers, Wyden suggested. He also asked DHS to work with General Services Administration to make using an encrypted protocol extension a condition of selling web content delivery services to the government. The government can usher in broad industry adoption of that encrypted extension, known as ESNI, according to Wyden. When cybersecurity […]
The post Government website encryption needs help from DHS, Sen. Wyden says appeared first on Cyberscoop.
Continue reading Government website encryption needs help from DHS, Sen. Wyden says