Category Archives: Information Sharing

National Cyber Director Chris Inglis calls for ‘new social contract’ to redistribute risk

Posted on by

Cyberspace needs a “new social contract” where “isolated individuals, small businesses and local governments” no longer shoulder “absurd levels of risk,” says a top U.S. cyber official. National Cyber Director Chris Inglis, writing in Foreign Affairs over the weekend with a senior adviser, said that the tech sector should make deeper investments in hardware and software security and the U.S. government should take a greater role in fostering digital defenses. “Those more capable of carrying the load — such as governments and large firms — must take on some of the burden, and collective, collaborative defense needs to replace atomized and divided efforts,” write Inglis and Harry Krejsa, the acting assistant national cyber director for strategy and research. “Until then, the problem will always look like someone else’s to solve.” Their overarching message about the need to improve private-public cooperation has been a refrain of cyber experts for decades. The […]

The post National Cyber Director Chris Inglis calls for ‘new social contract’ to redistribute risk appeared first on CyberScoop.

Continue reading National Cyber Director Chris Inglis calls for ‘new social contract’ to redistribute risk

Voluntary Biden administration control system security initiative coming to water sector

Posted on by

The Biden administration announced Thursday it is extending a voluntary cybersecurity initiative for essential control systems in the electricity sector and pipelines to facilities that supply water across the U.S. Under the initiative, the administration is pushing participating water sector facilities to adopt detection technologies that would monitor cyber threats to industrial control systems (ICS), which automate processes such as the treatment, storage and distribution of water. It’s also urging them to more rapidly share threat data with the U.S. government. The 100-day plan will first aim to bring in larger facilities. The water sector, which includes what a senior administration official estimated at over 150,000 facilities that provide water to approximately 300 million Americans, has long been considered one of the most vulnerable in the U.S. to cyberattacks. A hack last February on a facility in Florida temporarily altered the plant’s sodium hydroxide setting to a level harmful to […]

The post Voluntary Biden administration control system security initiative coming to water sector appeared first on CyberScoop.

Continue reading Voluntary Biden administration control system security initiative coming to water sector

National cyber resilience requires closer integration of public and private efforts

Posted on by

We live in a world where we are united in fear against digital enemies who threaten our very subsistence: our food and water supply, the electric grid, even the delivery of essential healthcare. Cyberattacks have disrupted commercial organizations, exposed our data and put our national security at risk. And although we can clearly see the escalation of this very clear and present threat, we still struggle to overcome the hurdles that stand between our public and private organizations and true collaborative efforts to strengthen our nation’s cybersecurity and resilience. There are many reasons for this. Private companies have historically been reticent to share information with government stakeholders, and vice versa. We have also lacked clear processes to share data at scale or to allow government assistance in our efforts to protect privately-owned infrastructure. This isn’t the fault of any past administrations, and we have made progress in each of these […]

The post National cyber resilience requires closer integration of public and private efforts appeared first on CyberScoop.

Continue reading National cyber resilience requires closer integration of public and private efforts

Android data sharing remains significant, no opt-out available to users

Posted on by

An in-depth analysis of a range of popular Android mobile phones has revealed significant data collection and sharing, including with third parties, with no opt-out available to users. Prof. Doug Leith at Trinity College Dublin along with Dr Paul Patra… Continue reading Android data sharing remains significant, no opt-out available to users

US, allies pledge to combat money laundering as part of efforts to slow ransomware

Posted on by

Nations must better clamp down on money laundering in order to disrupt ransomware gangs’ illicit financial transactions, according to a statement Thursday from 32 countries that participated in two days of White House meetings focused on slowing hackers and digital extortion. The joint statement also included commitments to other methods of countering ransomware, such as encouraging cyber hygiene practices to the private sector, collaborating across law enforcement and national security agencies and using diplomatic pressure against nations that harbor cybercriminals. The initiative comes after a White House summit that included presentations and intelligence sharing between countries including Australia, Brazil, Bulgaria, Canada, the Czech Republic, Estonia, France and Germany, among others. The two days of meetings were the latest steps the Biden administration has taken to battle ransomware, a frequent focus of the White House since major attacks this summer on Colonial Pipeline, JBS and Kaseya. However, the meetings excluded Russia, […]

The post US, allies pledge to combat money laundering as part of efforts to slow ransomware appeared first on CyberScoop.

Continue reading US, allies pledge to combat money laundering as part of efforts to slow ransomware

New CISA director wants to spend less time cleaning up after big hacks, more time preparing for them

Posted on by

U.S. cybersecurity officials have scrambled to respond to one major hacking incident after another over the past nine months, from the alleged Russian intrusions into federal networks using bugged SolarWinds software, to the extortion of Colonial Pipeline, which controls the East Coast’s biggest fuel artery. Jen Easterly, the new director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), wants to break that cycle, and spend less time putting out fires and more time preparing for incidents in an attempt to reduce their impact. It’s a goal that will draw on Easterly’s experience working on cyber operations for the military, and her time trying to safeguard one of the largest U.S. investment banks from hackers. To date, actions taken by federal and private sector organizations “to protect us from threats are just not keeping pace,” she said in a recent interview. This month, Easterly set up the Joint Cyber Defense […]

The post New CISA director wants to spend less time cleaning up after big hacks, more time preparing for them appeared first on CyberScoop.

Continue reading New CISA director wants to spend less time cleaning up after big hacks, more time preparing for them

CISA director unveils cyber defense collaborative center for pre-attack planning

Posted on by

Cybersecurity and Infrastructure Security Director Jen Easterly announced the launch of a cyber defense center Thursday that will seek to foster collaboration before cyberattacks, rather than afterward, between federal agencies, the private sector and state and local governments. Speaking at the Black Hat security conference in Las Vegas in one of her first public appearances since the Senate confirmed her last month to lead the Department of Homeland Security’s cyber wing, Easterly said the Joint Cyber Defense Collaborative (JCDC) would try to enhance teamwork that often happens only after a major incident, such as the past year’s high-profile attacks on companies like SolarWinds or Kaseya. “While some of this work is happening in pockets, most of it is reactive,” Easterly said in prepared remarks. “The unique value add of the JCDC is to create a proactive capability for government and private sector to work together closely before an incident occurs […]

The post CISA director unveils cyber defense collaborative center for pre-attack planning appeared first on CyberScoop.

Continue reading CISA director unveils cyber defense collaborative center for pre-attack planning

Why grassroots efforts like #ShareTheMicInCyber play a vital role in a whole-of-society approach to cyber

Posted on by

Amid increasingly sophisticated ransomware and supply chain attacks, the cybersecurity community needs a cultural shift and novel ideas to help new executive branch leadership operationalize President Biden’s recent Executive Order. The insight and authority of the government — coupled with the agility and innovation of the private sector — will create a powerful force multiplier capable of painting a clearer picture of the threat landscape, timelier coordination of defensive activities, and quicker recovery. Unfortunately, for many reasons, like fear of legal or regulatory liability, lack of regulations and incentives, and uncertainty in where to turn, strong collaboration is largely unrealized today and is limiting US’s ability to get ahead of cyber threats. The lack of trust between the public and private sectors must be overcome at the grassroots level by creating strong communities and humanizing practitioners. But the onus of creating partnerships across sectors cannot rest with the government or the private sector alone. The entire […]

The post Why grassroots efforts like #ShareTheMicInCyber play a vital role in a whole-of-society approach to cyber appeared first on CyberScoop.

Continue reading Why grassroots efforts like #ShareTheMicInCyber play a vital role in a whole-of-society approach to cyber

Cybersecurity Executive Order Aims to Uplevel Protections Across Agencies

Posted on by

The Executive Order on Improving the Nation’s Cybersecurity takes aim at improving information sharing, supply chain security and tackling cyberthreats
The post Cybersecurity Executive Order Aims to Uplevel Protections Across Agencies appeared first on… Continue reading Cybersecurity Executive Order Aims to Uplevel Protections Across Agencies

Colonial Pipeline didn’t tell CISA about ransomware incident, highlighting questions about information sharing

Posted on by

Colonial Pipeline didn’t notify the Homeland Security Department’s Cybersecurity and Infrastructure Security Agency of its ransomware incident, and CISA still didn’t have technical details about the attack as of Tuesday morning, the agency’s top official told senators. Acting director Brandon Wales also said he didn’t think Colonial would have reached out to CISA if the FBI hadn’t alerted his agency, he said in testimony before the Homeland Security and Governmental Affairs Committee. That exchange — and others over the course of a hearing that touched on several major recent security incidents — served as yet another reminder that despite the constant drumbeat for improved cybersecurity information sharing between industry and government, it still doesn’t happen fully in even some of the most dire circumstances. “This is potentially the most substantial and damaging attack on U.S. critical infrastructure ever,” said Ohio Sen. Rob Portman, the top Republican on the panel, in […]

The post Colonial Pipeline didn’t tell CISA about ransomware incident, highlighting questions about information sharing appeared first on CyberScoop.

Continue reading Colonial Pipeline didn’t tell CISA about ransomware incident, highlighting questions about information sharing