Collaborate Disseminate
The CSRB needs to become more transparent regarding its membership and the cases it takes on, experts told Congress.
The post Cyber Safety Review Board needs stronger authorities, more independence, experts say appeared first on CyberScoop.
The federal government is not responding effectively to the ransomware crisis, according to a report from the Senate Homeland Security panel.
The post Senate report criticizes feds’ approach to ransomware investigations appeared first on CyberScoop.
Continue reading Senate report criticizes feds’ approach to ransomware investigations
The legislation eventually garnered widespread support on its way to becoming law, but much remains unresolved.
The post The long, bumpy road to cyber incident reporting legislation — and the one still ahead appeared first on CyberScoop.
The Senate passed legislation Tuesday evening requiring critical infrastructure owners to report to the feds when they suffer a major cyberattack or make a ransomware payment — shaking loose a bill that got stuck in the chamber last year. Under the measure, which now moves to the House for potential consideration, those critical infrastructure owners and operators as well as federal agencies would have to disclose a significant incident to the Department of Homeland Security’s Cybersecurity and Infrastructure Agency within 72 hours. The same owners and operators would have to report any ransomware payments to CISA, too, only within 24 hours. Its intent is to give CISA the information it needs to more widely share threat data to help curtail major cyberattacks rippling through key targets, such as what happened in late 2020 when federal contractor SolarWinds suffered a compromise that ended up spreading to federal agencies and major tech […]
The post Proposal for industries to report big cyberattacks, ransomware payments wins Senate approval appeared first on CyberScoop.
Legislation requiring critical infrastructure owners to report major cyber incidents to the federal government, and mandating that ransomware victims disclose when they make payments, has hit a significant snag in the Senate. A bipartisan group of senators announced a proposal in November that would require critical infrastructure owners and operators to report within 72 hours to the Department of Homeland Security’s Cybersecurity and Infrastructure Agency when they suffer major cyber incidents, as defined by CISA. It also would require reporting of ransomware payments to CISA from a broader set of organizations, excluding only individuals and some smaller businesses, within 24 hours. Advocates hope that by requiring swift reporting of major incidents, federal officials can help reduce the damage more quickly. Gathering intelligence about ransomware payments would help law enforcement and national security officials understand and act on digital extortion trends, officials say. Backers were unable to advance the proposal last […]
The post Incident reporting, ransomware payment legislation faces trouble in Senate appeared first on CyberScoop.
Continue reading Incident reporting, ransomware payment legislation faces trouble in Senate
U.S. cybersecurity officials are seeking to put their stamp on cyber incident reporting legislation, wading into debates on Capitol Hill about questions like how swiftly companies must report attacks to federal agencies — and what happens if they don’t. The head of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency testified at a Senate hearing Thursday in favor of requiring critical infrastructure owners and operators, federal contractors and agencies to report attacks to CISA within 24 hours of detection. There are three leading proposals in Congress, each with a different timeframe for reporting attacks. The leaders of the Senate Intelligence Committee favor a 24-hour deadline. A draft bill from leaders of the Senate Homeland Security and Governmental Affairs Committee would set the range at between 72 hours and seven days, as determined by CISA. And a draft from leading members of the House Homeland Security Committee proposes leaving […]
The post Biden administration officials push Congress to shape breach reporting mandates appeared first on CyberScoop.
Continue reading Biden administration officials push Congress to shape breach reporting mandates
A Senate committee graded cybersecurity as poor among eight big agency departments. Not much has changed since the last report.
The post SHOCKER: Senate Says Security Sucks—Still appeared first on Security Boulevard.
Continue reading SHOCKER: Senate Says Security Sucks—Still
Colonial Pipeline didn’t notify the Homeland Security Department’s Cybersecurity and Infrastructure Security Agency of its ransomware incident, and CISA still didn’t have technical details about the attack as of Tuesday morning, the agency’s top official told senators. Acting director Brandon Wales also said he didn’t think Colonial would have reached out to CISA if the FBI hadn’t alerted his agency, he said in testimony before the Homeland Security and Governmental Affairs Committee. That exchange — and others over the course of a hearing that touched on several major recent security incidents — served as yet another reminder that despite the constant drumbeat for improved cybersecurity information sharing between industry and government, it still doesn’t happen fully in even some of the most dire circumstances. “This is potentially the most substantial and damaging attack on U.S. critical infrastructure ever,” said Ohio Sen. Rob Portman, the top Republican on the panel, in […]
The post Colonial Pipeline didn’t tell CISA about ransomware incident, highlighting questions about information sharing appeared first on CyberScoop.
Colonial Pipeline didn’t notify the Homeland Security Department’s Cybersecurity and Infrastructure Security Agency of its ransomware incident, and CISA still didn’t have technical details about the attack as of Tuesday morning, the agency’s top official told senators. Acting director Brandon Wales also said he didn’t think Colonial would have reached out to CISA if the FBI hadn’t alerted his agency, he said in testimony before the Homeland Security and Governmental Affairs Committee. That exchange — and others over the course of a hearing that touched on several major recent security incidents — served as yet another reminder that despite the constant drumbeat for improved cybersecurity information sharing between industry and government, it still doesn’t happen fully in even some of the most dire circumstances. “This is potentially the most substantial and damaging attack on U.S. critical infrastructure ever,” said Ohio Sen. Rob Portman, the top Republican on the panel, in […]
The post Colonial Pipeline didn’t tell CISA about ransomware incident, highlighting questions about information sharing appeared first on CyberScoop.
In one of the bluntest assessments of U.S. government security shortcomings around the SolarWinds hack, a top Department of Homeland Security official told senators on Thursday that federal defenses simply aren’t aligned properly to detect advanced attackers. The testimony before the Senate Homeland Security and Governmental Affairs Committee on federal cybersecurity weaknesses points to a forthcoming reorientation of how DHS’s Cybersecurity and Infrastructure Security Agency protects agencies from threats. It’s a shift resulting from the fallout from the hack at federal contractor SolarWinds that resulted in breaches at numerous federal agencies and major technology companies. And it’s a shift that Congress is aiding with $650 million that it recently appropriated for CISA. “Part of the challenge is that you can only secure what you can see,” Brandon Wales, acting director of the agency, told committee Chairman Gary Peters, D-Mich. “Over the past decade our system of protection has largely relied […]
The post Feds aren’t well prepared to spot SolarWinds-style hacks at agencies, CISA official says appeared first on CyberScoop.