Greg Walden – WindowsTechs.com

Congress wants answers on embargo of Spectre and Meltdown information

Posted on January 24, 2018 by Greg Otto

Lawmakers on the House Committee on Energy and Commerce have sent letters to various CEOs at top tech companies asking why information about massive computer chip vulnerabilities was held under embargo for months. The letters focus on the Spectre and Meltdown bugs, deep-rooted flaws in chips produced by leading computer hardware companies that could allow hackers to access steal sensitive data from machines created as far back as 1995. Co-authored by panel Chairman Greg Walden, R-Ore., and members Marsha Blackburn, R-Tenn., Bob Latta, R-Ohio, and Gregg Harper, R-Miss., the letters request answers about why the bugs weren’t disclosed when the companies learned about them in June 2017. The committee has jurisdiction over technology issues. Information about the flaws was supposed to go public in late January, but security researchers tweeted proof-of-concept code before the companies were ready to make announcements. That tweet lead to wider public scrutiny, forcing the companies involved to […]

The post Congress wants answers on embargo of Spectre and Meltdown information appeared first on Cyberscoop.

Continue reading Congress wants answers on embargo of Spectre and Meltdown information→

New bill would transform cybersecurity at Dept. of Health and Human Services

Posted on November 3, 2017 by Patrick Howell O'Neill

A bill aimed to reorganize and sharply focus cybersecurity at the Department of Health and Human Services (HHS) was reintroduced on Wednesday by Rep. Billy Long, R-Miss., and Rep. Doris Matsui, D-Calif. The HHS Cybersecurity Modernization Act comes in response to congressional hearings on the state of cybersecurity in the health care sector. A recent federal task force report on the state of hospital cybersecurity was starkly negative in its diagnosis. “Many organizations cannot afford to retain in-house information security personnel, or designate an information technology (IT) staff member with cybersecurity as a collateral duty,” the task force reported. “These organizations often lack the infrastructure to identify and track threats, the capacity to analyze and translate the threat data they receive into actionable information, and the capability to act on that information.” Critics say the federal effort toward cybersecurity in the health care sector lacks clear leadership and focus. The new legislation would grant the chief information […]

The post New bill would transform cybersecurity at Dept. of Health and Human Services appeared first on Cyberscoop.

Continue reading New bill would transform cybersecurity at Dept. of Health and Human Services→

Congress rips ex-Equifax CEO over breach: ‘I don’t think we can pass a law that … fixes stupid’

Posted on October 3, 2017 by Zaid Shoorbajee

Lawmakers shamed former Equifax CEO Richard Smith Tuesday over the company’s humongous data breach, scolding him over everything from allowing the breach to happen to the long list of issues that stemmed from the company’s public response. Smith took questioning from the House Energy and Commerce’s Subcommittee on Digital Commerce and Consumer Protection, the first of three breach-related hearings scheduled for this week. While the panel lambasted him for the company’s actions, Smith offered little details outside of his prepared testimony. In an exchange with Rep. Greg Walden, R-Ore., Smith explained that the breach occurred because IT and security personnel at Equifax failed to find and patch the software vulnerability after being notified by the Department of Homeland Security. “It appears this breach happened because the company didn’t know it was running certain software on it’s system,” Walden said. “How does this happen when so much is at stake? I don’t think […]

The post Congress rips ex-Equifax CEO over breach: ‘I don’t think we can pass a law that … fixes stupid’ appeared first on Cyberscoop.

Continue reading Congress rips ex-Equifax CEO over breach: ‘I don’t think we can pass a law that … fixes stupid’→

Equifax CEO called to testify before Congress about breach

Posted on September 13, 2017 by Patrick Howell O'Neill

Equifax’s chief executive was formally invited Wednesday to testify Oct. 3 before Congress by top members of the House Energy and Commerce Committee. The invitation to Chairman and CEO Richard F. Smith comes less than a week after Equifax, a massive multinational credit reporting company, announced a data breach affecting up to 143 million Americans. “We look forward to hearing directly from Mr. Smith on this unprecedented breach that has raised serious questions about the security of consumers’ personal information,” full committee Chairman Greg Walden, R-Ore., and Digital Commerce and Consumer Protection Subcommittee Chairman Bob Latta, R-Ohio, said in a statement. “We know members on both sides of the aisle appreciate Mr. Smith’s willingness to come before the committee and explain how our constituents might be impacted and what steps are being taken to rectify this situation.” The committee has jurisdiction over the Federal Trade Commission and Consumer Financial Protection Bureau, two of the agencies […]

The post Equifax CEO called to testify before Congress about breach appeared first on Cyberscoop.

Continue reading Equifax CEO called to testify before Congress about breach→

WannaCry outbreak was first big test of HHS’s new cybersecurity center for health sector

Posted on June 8, 2017 by Shaun Waterman

When the WannaCry computer worms crippled the British National Health Service last month, the response at the U.S. Department of Health and Human Services was led by a new cybersecurity watch center, lawmakers heard Thursday. The Healthcare Cybersecurity and Communications Integration Center, “coordinated the response to WannaCry,” Steve Curren, director of resilience in the HHS Office of Emergency Management, told a House Energy and Commerce subcommittee. When the WannaCry worm struck, crippling dozens of British hospitals, HHS officials “took immediate action to engage [the] broader U.S. health sector and ensure that IT security specialists had the information they needed to protect against, respond to and report intrusions,” Curren said. The HCCIC, (pronounced “aitch-kick”) came online in May is modeled on the Department of Homeland Security’s National Cybersecurity and Communications Integration Center — a 24-hour watch center that pulls in real-time data from vital national industries like banking and telecommunications and distributes warnings and other information. […]

The post WannaCry outbreak was first big test of HHS’s new cybersecurity center for health sector appeared first on Cyberscoop.

Continue reading WannaCry outbreak was first big test of HHS’s new cybersecurity center for health sector→