House Energy and Commerce Committee – Page 2

Congress wants answers on embargo of Spectre and Meltdown information

Posted on January 24, 2018 by Greg Otto

Lawmakers on the House Committee on Energy and Commerce have sent letters to various CEOs at top tech companies asking why information about massive computer chip vulnerabilities was held under embargo for months. The letters focus on the Spectre and Meltdown bugs, deep-rooted flaws in chips produced by leading computer hardware companies that could allow hackers to access steal sensitive data from machines created as far back as 1995. Co-authored by panel Chairman Greg Walden, R-Ore., and members Marsha Blackburn, R-Tenn., Bob Latta, R-Ohio, and Gregg Harper, R-Miss., the letters request answers about why the bugs weren’t disclosed when the companies learned about them in June 2017. The committee has jurisdiction over technology issues. Information about the flaws was supposed to go public in late January, but security researchers tweeted proof-of-concept code before the companies were ready to make announcements. That tweet lead to wider public scrutiny, forcing the companies involved to […]

The post Congress wants answers on embargo of Spectre and Meltdown information appeared first on Cyberscoop.

Continue reading Congress wants answers on embargo of Spectre and Meltdown information→

Lawmaker to HHS: Label software in medical devices

Posted on November 17, 2017 by Shaun Waterman

The Trump administration should convene a national effort in partnership with the private sector to ensure that the owners and operators of medical devices, hospital IT networks and electronic health records systems can find out what software and other components are in the products they buy, says the chairman of the powerful House Energy and Commerce Committee. In a letter Thursday to acting Health and Human Services Secretary Eric Hargen, committee Chairman Greg Walden, R-Ore., notes a congressionally chartered task force on health care cybersecurity earlier this year recommended such transparency requirements. The congressional report said there should be a “Bill of Materials” (BOM) for medical products because hospital IT managers and network administrators “must first understand what they have on their systems, before they can determine whether these technologies are impacted by a given threat or vulnerability.” “We write today to request that [HHS] convene a sector-wide effort to develop a plan of action for creating, deploying and leveraging BOMs […]

The post Lawmaker to HHS: Label software in medical devices appeared first on Cyberscoop.

Continue reading Lawmaker to HHS: Label software in medical devices→

Congress told ‘the market can’t fix’ poor cybersecurity at credit companies

Posted on November 1, 2017 by Shaun Waterman

The day after Halloween, lawmakers at a hearing on the Equifax breach heard scary stories of an under-regulated industry that collects and analyzes vast quantities of data about consumers without their knowledge or consent, stores it insecurely and sells it to the highest bidder. Representatives of the credit reporting industry told the House Energy and Commerce Subcommittee on Digital Commerce and Consumer Protection that those were all campfire tales to frighten children and that searching for a legislative solution would be the governmental equivalent of a snipe hunt. And Republican lawmakers sought to tamp down industry concerns by saying they were still in the information-gathering phase of their work. The hearing, said subcommittee Chairman Bob Latta, R-Ohio, “is an important step toward answering the many questions that consumers are asking.” But the overall tone of proceedings, even from the credit reporting industry’s traditional allies in the GOP, was not at all friendly. “Consumers are getting […]

The post Congress told ‘the market can’t fix’ poor cybersecurity at credit companies appeared first on Cyberscoop.

Continue reading Congress told ‘the market can’t fix’ poor cybersecurity at credit companies→

WannaCry outbreak was first big test of HHS’s new cybersecurity center for health sector

Posted on June 8, 2017 by Shaun Waterman

When the WannaCry computer worms crippled the British National Health Service last month, the response at the U.S. Department of Health and Human Services was led by a new cybersecurity watch center, lawmakers heard Thursday. The Healthcare Cybersecurity and Communications Integration Center, “coordinated the response to WannaCry,” Steve Curren, director of resilience in the HHS Office of Emergency Management, told a House Energy and Commerce subcommittee. When the WannaCry worm struck, crippling dozens of British hospitals, HHS officials “took immediate action to engage [the] broader U.S. health sector and ensure that IT security specialists had the information they needed to protect against, respond to and report intrusions,” Curren said. The HCCIC, (pronounced “aitch-kick”) came online in May is modeled on the Department of Homeland Security’s National Cybersecurity and Communications Integration Center — a 24-hour watch center that pulls in real-time data from vital national industries like banking and telecommunications and distributes warnings and other information. […]

The post WannaCry outbreak was first big test of HHS’s new cybersecurity center for health sector appeared first on Cyberscoop.

Continue reading WannaCry outbreak was first big test of HHS’s new cybersecurity center for health sector→

Apple and FBI Faceoff at House Encryption Hearing

Posted on April 19, 2016 by Tom Spring

Apple and the FBI vow to work together to find compromise solution in encryption debate. Continue reading Apple and FBI Faceoff at House Encryption Hearing→