Cybersecurity Executive Order Aims to Uplevel Protections Across Agencies

The Executive Order on Improving the Nation’s Cybersecurity takes aim at improving information sharing, supply chain security and tackling cyberthreats
The post Cybersecurity Executive Order Aims to Uplevel Protections Across Agencies appeared first on… Continue reading Cybersecurity Executive Order Aims to Uplevel Protections Across Agencies

Colonial Pipeline didn’t tell CISA about ransomware incident, highlighting questions about information sharing

Colonial Pipeline didn’t notify the Homeland Security Department’s Cybersecurity and Infrastructure Security Agency of its ransomware incident, and CISA still didn’t have technical details about the attack as of Tuesday morning, the agency’s top official told senators. Acting director Brandon Wales also said he didn’t think Colonial would have reached out to CISA if the FBI hadn’t alerted his agency, he said in testimony before the Homeland Security and Governmental Affairs Committee. That exchange — and others over the course of a hearing that touched on several major recent security incidents — served as yet another reminder that despite the constant drumbeat for improved cybersecurity information sharing between industry and government, it still doesn’t happen fully in even some of the most dire circumstances. “This is potentially the most substantial and damaging attack on U.S. critical infrastructure ever,” said Ohio Sen. Rob Portman, the top Republican on the panel, in […]

The post Colonial Pipeline didn’t tell CISA about ransomware incident, highlighting questions about information sharing appeared first on CyberScoop.

Continue reading Colonial Pipeline didn’t tell CISA about ransomware incident, highlighting questions about information sharing

Colonial Pipeline didn’t tell CISA about ransomware incident, highlighting questions about information sharing

Colonial Pipeline didn’t notify the Homeland Security Department’s Cybersecurity and Infrastructure Security Agency of its ransomware incident, and CISA still didn’t have technical details about the attack as of Tuesday morning, the agency’s top official told senators. Acting director Brandon Wales also said he didn’t think Colonial would have reached out to CISA if the FBI hadn’t alerted his agency, he said in testimony before the Homeland Security and Governmental Affairs Committee. That exchange — and others over the course of a hearing that touched on several major recent security incidents — served as yet another reminder that despite the constant drumbeat for improved cybersecurity information sharing between industry and government, it still doesn’t happen fully in even some of the most dire circumstances. “This is potentially the most substantial and damaging attack on U.S. critical infrastructure ever,” said Ohio Sen. Rob Portman, the top Republican on the panel, in […]

The post Colonial Pipeline didn’t tell CISA about ransomware incident, highlighting questions about information sharing appeared first on CyberScoop.

Continue reading Colonial Pipeline didn’t tell CISA about ransomware incident, highlighting questions about information sharing

Hacker team-ups pose 2021 threat to financial industry, group cautions

An information sharing group for the financial sector warned on Tuesday that banks will encounter growing danger this year from converging nation-state and criminal hackers, as well as supply chain risks and cross-border attacks. The report from the Financial Services Information Sharing and Analysis Center serves as a recap of threats the industry endured last year, as well as a forecast for 2021. Ransomware and other kinds of extortion attacks were among the biggest hazards for the financial services industry last year, FS-ISAC said. The organization said it expects further use of the increasingly common ransomware method of hackers leaking partial data to incentivize higher victim payments, and it said that more than 100 financial companies received distributed denial-of-service extortion threats last year. The organization also suggested that state-sponsored groups would leverage access or other techniques established by financially motivated scammers to boost their own operations. FS-ISAC did not point […]

The post Hacker team-ups pose 2021 threat to financial industry, group cautions appeared first on CyberScoop.

Continue reading Hacker team-ups pose 2021 threat to financial industry, group cautions

The dangers of misusing instant messaging and business collaboration tools

71% of office workers globally – including 68% in the US – admitted to sharing sensitive and business-critical company data using instant messaging (IM) and business collaboration tools, Veritas Technologies research reveals. The report, which polled 1… Continue reading The dangers of misusing instant messaging and business collaboration tools

Senate hearing on SolarWinds hack lays bare US shortcomings, remaining mysteries

A host of federal government policy failures contributed to the rippling damage of the SolarWinds hack, leaders of cyber firms told a Senate panel on Tuesday, with even lawmakers saying Congress must do more to prevent a repeat. More than two months after the hack became public, the wide-ranging Senate Select Committee on Intelligence hearing committee demonstrated that the U.S. government, the private sector and digital incident responders still are wrestling with the ramifications of an suspected Russian espionage campaign that leveraged the federal contractor SolarWinds. A number of big questions remain: SolarWinds still hasn’t determined how the hackers originally got into its systems, nobody has fully settled debates on whether the incident amount to espionage, or something worse, and suspicions abound that more victims remain unrevealed. “It has become clear that there is much more to learn about this incident, its causes, its scope and scale, and where we […]

The post Senate hearing on SolarWinds hack lays bare US shortcomings, remaining mysteries appeared first on CyberScoop.

Continue reading Senate hearing on SolarWinds hack lays bare US shortcomings, remaining mysteries

Collaboration is the key to a secure world-class sporting event

Securing any world-class event is a massive undertaking that requires teams of security professionals to coordinate with each other and constantly share information. I’ve seen this collaboration up close due to my company’s involvement in helping to se… Continue reading Collaboration is the key to a secure world-class sporting event

After years of work, Congress passes ‘internet of things’ cybersecurity bill — and it’s kind of a big deal

Congress last week did something that it rarely does: It passed a meaningful cybersecurity bill. The legislation is aimed at enhancing the safeguards of internet-connected devices — also known as the internet of things (IoT) — such as smart sensors that monitor water quality or control ships in waterway locks. The bill is also a major step toward the federal government encouraging vulnerability disclosure policies that implement programs for organizations to work with security researchers to fix software flaws. “It is arguably the most significant U.S. IoT-specific cybersecurity law to date, as well as the most significant law promoting coordinated vulnerability disclosure in the private sector to date,” said Harley Geiger, director of public policy at Rapid7, a cybersecurity company. All it took to get across the finish line was more than three years of bipartisan work, encroaching state and foreign government IoT rules, a ticking legislative clock, goodwill toward […]

The post After years of work, Congress passes ‘internet of things’ cybersecurity bill — and it’s kind of a big deal appeared first on CyberScoop.

Continue reading After years of work, Congress passes ‘internet of things’ cybersecurity bill — and it’s kind of a big deal

After a quiet election night on the cyber front, officials preach vigilance as results come in

After years of preparation from security professionals and election officials, Election Day went down without any significant publicly reported cybersecurity incidents, U.S. officials told reporters Tuesday. Federal and state officials were on watch for any unusual digital activity, but all in an all, it was just “another Tuesday on the internet,” as a senior Cybersecurity and Infrastructure Security Agency official put it. In other words, there were no reports of targeted cyberattacks from U.S. adversaries. Security experts chalked the smooth operation up to vigilance on the part of officials across the election ecosystem, and the resiliency built into the voting process. Voting machines and electronic pollbooks suffered glitches in certain counties in Georgia and Ohio, but they were technical errors that are to be expected and not caused by anything malicious. Election administrators quickly reverted to paper backups and the voting process carried on. Officials at the Election Infrastructure Information Sharing and […]

The post After a quiet election night on the cyber front, officials preach vigilance as results come in appeared first on CyberScoop.

Continue reading After a quiet election night on the cyber front, officials preach vigilance as results come in

How US security officials are watching for threats ahead of Election Day

FBI Director Christopher Wray once called the 2018 midterm elections a “dress rehearsal for the big show” of protecting the 2020 presidential election from foreign interference. The big show is finally here, and American officials say they are pulling out all the stops to keep it secure. U.S. intelligence, law enforcement and national security agencies have for weeks been in an “enhanced operational posture” to share any election-related threats with state and local officials, said Chris Krebs, director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. The week before Election Day, which is Nov. 3, those security efforts will kick into overdrive. Officials from the Department of Defense, FBI, the Election Assistance Commission, political campaigns and the private sector are scheduled to gather at CISA’s operations center outside of Washington, D.C. The U.S. Postal Service, which is playing an expanded role in this year’s election with the increase in […]

The post How US security officials are watching for threats ahead of Election Day appeared first on CyberScoop.

Continue reading How US security officials are watching for threats ahead of Election Day