Agencies don’t know what sensitive data new IT systems collect on Americans, GAO report finds

A rise in breaches of federal agencies involving personally identifiable information in recent years highlights the ongoing challenge the federal government faces in protecting privacy

The post Agencies don’t know what sensitive data new IT systems collect on Americans, GAO report finds appeared first on CyberScoop.

Continue reading Agencies don’t know what sensitive data new IT systems collect on Americans, GAO report finds

The cyber insurance market has a critical infrastructure problem

Rising cybersecurity risks are reviving questions about the ability of cybersecurity insurance to cover the risks of a catastrophic attack.

The post The cyber insurance market has a critical infrastructure problem appeared first on CyberScoop.

Continue reading The cyber insurance market has a critical infrastructure problem

IRS, GAO at odds over cybersecurity requirements on tax preparers

The Internal Revenue Service hasn’t put in place a structure to issue cybersecurity dictates to paid tax preparers because it doesn’t believe it has the authority to do so — but the Government Accountability Office begs to differ. The government watchdog recommended the IRS establish a security structure in a 2019 report, but the agency contended Congress would need to take action to give the IRS more power. As of January of this year, the IRS still believes it needs statutory authority, the GAO said in a report released Monday. The GAO’s suggestion is that IRS should create a governance structure or steering committee to “to coordinate all aspects of IRS’s efforts to protect taxpayer information while at third-party providers.” Hackers have targeted tax preparation companies for years in identity theft and tax return theft schemes, as the IRS itself has repeatedly warned. In one recent case, a U.S. court […]

The post IRS, GAO at odds over cybersecurity requirements on tax preparers appeared first on CyberScoop.

Continue reading IRS, GAO at odds over cybersecurity requirements on tax preparers

Cyber insurance premiums rise as ransomware, hacks continue, GAO finds

A growing number of cybersecurity incidents has led many insurers to raise premiums and some to limit coverage in especially risky areas, such as health care and education, according to new findings from a U.S. government watchdog. “[T]he continually increasing frequency and severity of cyberattacks, especially ransomware attacks, have led insurers to reduce cyber coverage limits for certain riskier industry sectors … and for public entities and to add specific limits on ransomware coverage,” the Government Accountability Office said in a report Thursday, which cited surveys of insurance executives. More than half of the brokers surveyed by an industry group said that their clients saw premiums increase between 10% and 30% in late 2020, the report noted. The findings come amid a period of unprecedented scrutiny for the cyber insurance industry, as multimillion-dollar ransoms come to light and cybercriminals appear to target insurers for a list of their clients to […]

The post Cyber insurance premiums rise as ransomware, hacks continue, GAO finds appeared first on CyberScoop.

Continue reading Cyber insurance premiums rise as ransomware, hacks continue, GAO finds

GAO Finds Gaps in DoD Cyberdefenses, Highlights Importance of Breach and Attack Simulation Tools

AttackIQ’s Security Optimization Platform gives an agency a proactive—rather than a reactive—security posture. It enables continuous validation of security controls to definitively establish the effectiveness of key initiatives, to include zero-trust c… Continue reading GAO Finds Gaps in DoD Cyberdefenses, Highlights Importance of Breach and Attack Simulation Tools

Watchdog suggests State Department should have used ‘evidence’ to explain new cyber bureau

Government auditors concluded in a withering, deadpan report Thursday that the State Department should have used “data and evidence to justify its proposal” to establish a new cyber-focused bureau. Just before the Trump administration wound down, the State Department said it would create a Bureau of Cyberspace Security and Emerging Technologies, drawing fire from the chairman of the House Foreign Affairs Committee, Rep. Gregory Meeks, D-N.Y., who said he agreed that State needed a cyber bureau but that its last-minute proposal was “ill-suited” for the job. The Government Accountability Office reviewed the Jan. 7 proposal, and found that State “has not demonstrated that it used data and evidence to support its proposal, particularly for the bureau’s focus and organizational placement.” “Without developing evidence to support its proposal for the new bureau, State lacks needed assurance that the proposal will effectively set priorities and allocate appropriate resources for the bureau to […]

The post Watchdog suggests State Department should have used ‘evidence’ to explain new cyber bureau appeared first on CyberScoop.

Continue reading Watchdog suggests State Department should have used ‘evidence’ to explain new cyber bureau

GAO: CISA’s ‘nationwide strategy’ on election security should be enacted as soon as possible

The cybersecurity wing of the Department of Homeland Security must “urgently finalize” its plans to protect the 2020 presidential election, a government watchdog agency said in a new report released Thursday. The Cybersecurity and Infrastructure Security Agency (CISA) provides state and local election officials with federal assistance, education and information sharing about how to safeguard U.S. voting infrastructure from possible interference. Despite three years of work meant to improve security, CISA still is “not well-positioned to execute a nationwide strategy for securing election infrastructure prior to the start of the 2020 election cycle,” according to a Government Accountability Office (GAO) report published Thursday. Most notably, CISA has not created clear plans to respond to a possible Election Day security incident in which state and local response capabilities were exhausted, according to the GAO report. The audit also determined that CISA had failed to address challenges it experienced in 2018, including an […]

The post GAO: CISA’s ‘nationwide strategy’ on election security should be enacted as soon as possible appeared first on CyberScoop.

Continue reading GAO: CISA’s ‘nationwide strategy’ on election security should be enacted as soon as possible

Is the Electric Grid Ready to Respond to Increased Cyber Threats?

Reports from the U.S. Government Accountability Office (GAO) and Siemens highlight both the increasing cyber threats faced by the electric utility companies and the lack of adequate readiness to respond to these threats. According to these reports, a c… Continue reading Is the Electric Grid Ready to Respond to Increased Cyber Threats?

Army Cyber Command is trying to become an information warfare force

U.S. Army Cyber Command could soon have a new identity. Commander Lt. Gen. Stephen Fogarty said this week he wants his military outfit, dedicated to electronic warfare and information operations, to be renamed as the “Army Information Warfare Command.” The rechristening would better represent a new military mission, he said, and come at a time when Army cyber personnel increasingly deal with troll farms on social media, disrupt ISIS operations, and work to confuse international adversaries’ understanding of U.S. military units’ location. “The intent is to provide a proposal that will change us from Army Cyber Command to Army Information Warfare Command because we believe that is a more accurate descriptor of what I am being asked to do on a daily basis,” Fogarty said at the AFCEA TechNet conference in Augusta, Georgia this week. But this change, which Fogarty said he intends to push internally at the Department of Defense over the next two months, is more than just a new […]

The post Army Cyber Command is trying to become an information warfare force appeared first on CyberScoop.

Continue reading Army Cyber Command is trying to become an information warfare force

Hackers stole photos of travelers and license plates from subcontractor

Critics say if the US can’t protect such data – which was improperly stored by a subcontractor – it shouldn’t collect it. Continue reading Hackers stole photos of travelers and license plates from subcontractor