Top cyber feds working toward fresh models of an old mantra: cyber collaboration

They cited progress with structures like the Joint Cyber Defense Collaborative.

The post Top cyber feds working toward fresh models of an old mantra: cyber collaboration appeared first on CyberScoop.

Continue reading Top cyber feds working toward fresh models of an old mantra: cyber collaboration

The long, bumpy road to cyber incident reporting legislation — and the one still ahead

The legislation eventually garnered widespread support on its way to becoming law, but much remains unresolved.

The post The long, bumpy road to cyber incident reporting legislation — and the one still ahead appeared first on CyberScoop.

Continue reading The long, bumpy road to cyber incident reporting legislation — and the one still ahead

National Cyber Director Chris Inglis calls for ‘new social contract’ to redistribute risk

Cyberspace needs a “new social contract” where “isolated individuals, small businesses and local governments” no longer shoulder “absurd levels of risk,” says a top U.S. cyber official. National Cyber Director Chris Inglis, writing in Foreign Affairs over the weekend with a senior adviser, said that the tech sector should make deeper investments in hardware and software security and the U.S. government should take a greater role in fostering digital defenses. “Those more capable of carrying the load — such as governments and large firms — must take on some of the burden, and collective, collaborative defense needs to replace atomized and divided efforts,” write Inglis and Harry Krejsa, the acting assistant national cyber director for strategy and research. “Until then, the problem will always look like someone else’s to solve.” Their overarching message about the need to improve private-public cooperation has been a refrain of cyber experts for decades. The […]

The post National Cyber Director Chris Inglis calls for ‘new social contract’ to redistribute risk appeared first on CyberScoop.

Continue reading National Cyber Director Chris Inglis calls for ‘new social contract’ to redistribute risk

Voluntary Biden administration control system security initiative coming to water sector

The Biden administration announced Thursday it is extending a voluntary cybersecurity initiative for essential control systems in the electricity sector and pipelines to facilities that supply water across the U.S. Under the initiative, the administration is pushing participating water sector facilities to adopt detection technologies that would monitor cyber threats to industrial control systems (ICS), which automate processes such as the treatment, storage and distribution of water. It’s also urging them to more rapidly share threat data with the U.S. government. The 100-day plan will first aim to bring in larger facilities. The water sector, which includes what a senior administration official estimated at over 150,000 facilities that provide water to approximately 300 million Americans, has long been considered one of the most vulnerable in the U.S. to cyberattacks. A hack last February on a facility in Florida temporarily altered the plant’s sodium hydroxide setting to a level harmful to […]

The post Voluntary Biden administration control system security initiative coming to water sector appeared first on CyberScoop.

Continue reading Voluntary Biden administration control system security initiative coming to water sector

National cyber resilience requires closer integration of public and private efforts

We live in a world where we are united in fear against digital enemies who threaten our very subsistence: our food and water supply, the electric grid, even the delivery of essential healthcare. Cyberattacks have disrupted commercial organizations, exposed our data and put our national security at risk. And although we can clearly see the escalation of this very clear and present threat, we still struggle to overcome the hurdles that stand between our public and private organizations and true collaborative efforts to strengthen our nation’s cybersecurity and resilience. There are many reasons for this. Private companies have historically been reticent to share information with government stakeholders, and vice versa. We have also lacked clear processes to share data at scale or to allow government assistance in our efforts to protect privately-owned infrastructure. This isn’t the fault of any past administrations, and we have made progress in each of these […]

The post National cyber resilience requires closer integration of public and private efforts appeared first on CyberScoop.

Continue reading National cyber resilience requires closer integration of public and private efforts

Android data sharing remains significant, no opt-out available to users

An in-depth analysis of a range of popular Android mobile phones has revealed significant data collection and sharing, including with third parties, with no opt-out available to users. Prof. Doug Leith at Trinity College Dublin along with Dr Paul Patra… Continue reading Android data sharing remains significant, no opt-out available to users

US, allies pledge to combat money laundering as part of efforts to slow ransomware

Nations must better clamp down on money laundering in order to disrupt ransomware gangs’ illicit financial transactions, according to a statement Thursday from 32 countries that participated in two days of White House meetings focused on slowing hackers and digital extortion. The joint statement also included commitments to other methods of countering ransomware, such as encouraging cyber hygiene practices to the private sector, collaborating across law enforcement and national security agencies and using diplomatic pressure against nations that harbor cybercriminals. The initiative comes after a White House summit that included presentations and intelligence sharing between countries including Australia, Brazil, Bulgaria, Canada, the Czech Republic, Estonia, France and Germany, among others. The two days of meetings were the latest steps the Biden administration has taken to battle ransomware, a frequent focus of the White House since major attacks this summer on Colonial Pipeline, JBS and Kaseya. However, the meetings excluded Russia, […]

The post US, allies pledge to combat money laundering as part of efforts to slow ransomware appeared first on CyberScoop.

Continue reading US, allies pledge to combat money laundering as part of efforts to slow ransomware

New CISA director wants to spend less time cleaning up after big hacks, more time preparing for them

U.S. cybersecurity officials have scrambled to respond to one major hacking incident after another over the past nine months, from the alleged Russian intrusions into federal networks using bugged SolarWinds software, to the extortion of Colonial Pipeline, which controls the East Coast’s biggest fuel artery. Jen Easterly, the new director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), wants to break that cycle, and spend less time putting out fires and more time preparing for incidents in an attempt to reduce their impact. It’s a goal that will draw on Easterly’s experience working on cyber operations for the military, and her time trying to safeguard one of the largest U.S. investment banks from hackers. To date, actions taken by federal and private sector organizations “to protect us from threats are just not keeping pace,” she said in a recent interview. This month, Easterly set up the Joint Cyber Defense […]

The post New CISA director wants to spend less time cleaning up after big hacks, more time preparing for them appeared first on CyberScoop.

Continue reading New CISA director wants to spend less time cleaning up after big hacks, more time preparing for them

CISA director unveils cyber defense collaborative center for pre-attack planning

Cybersecurity and Infrastructure Security Director Jen Easterly announced the launch of a cyber defense center Thursday that will seek to foster collaboration before cyberattacks, rather than afterward, between federal agencies, the private sector and state and local governments. Speaking at the Black Hat security conference in Las Vegas in one of her first public appearances since the Senate confirmed her last month to lead the Department of Homeland Security’s cyber wing, Easterly said the Joint Cyber Defense Collaborative (JCDC) would try to enhance teamwork that often happens only after a major incident, such as the past year’s high-profile attacks on companies like SolarWinds or Kaseya. “While some of this work is happening in pockets, most of it is reactive,” Easterly said in prepared remarks. “The unique value add of the JCDC is to create a proactive capability for government and private sector to work together closely before an incident occurs […]

The post CISA director unveils cyber defense collaborative center for pre-attack planning appeared first on CyberScoop.

Continue reading CISA director unveils cyber defense collaborative center for pre-attack planning

Why grassroots efforts like #ShareTheMicInCyber play a vital role in a whole-of-society approach to cyber

Amid increasingly sophisticated ransomware and supply chain attacks, the cybersecurity community needs a cultural shift and novel ideas to help new executive branch leadership operationalize President Biden’s recent Executive Order. The insight and authority of the government — coupled with the agility and innovation of the private sector — will create a powerful force multiplier capable of painting a clearer picture of the threat landscape, timelier coordination of defensive activities, and quicker recovery. Unfortunately, for many reasons, like fear of legal or regulatory liability, lack of regulations and incentives, and uncertainty in where to turn, strong collaboration is largely unrealized today and is limiting US’s ability to get ahead of cyber threats. The lack of trust between the public and private sectors must be overcome at the grassroots level by creating strong communities and humanizing practitioners. But the onus of creating partnerships across sectors cannot rest with the government or the private sector alone. The entire […]

The post Why grassroots efforts like #ShareTheMicInCyber play a vital role in a whole-of-society approach to cyber appeared first on CyberScoop.

Continue reading Why grassroots efforts like #ShareTheMicInCyber play a vital role in a whole-of-society approach to cyber