Ensuring compliance without compromising on IT modernization initiatives

Cloud providers can play a key role in modernizing how government agencies ensure compliance across their workloads, says security leader Jeanette Manfra.

The post Ensuring compliance without compromising on IT modernization initiatives appeared first on CyberScoop.

Continue reading Ensuring compliance without compromising on IT modernization initiatives

Feds likely to fall short of deadline for strengthening encryption, multifactor authentication

A winning streak of hitting deadlines under President Joe Biden’s ambitious May cybersecurity executive order is widely expected to end Monday, affecting changes that administration officials have touted most: implementing multifactor authentication and encryption at all civilian federal agencies. Multifactor authentication — which requires users to access websites and systems by entering a password and also using a second device to verify their identity — could prevent 80% to 90% of all successful cyberattacks, Deputy National Security Adviser for Cyber and Emerging Technologies Anne Neuberger said in September. Encryption is another of the handful of technologies the administration has emphasized that “dramatically reduce the risk of attack,” Neuberger has said. The executive order’s goal was to set “aggressive but achievable” deadlines, officials have repeatedly said, and “We’ve met each timeline along the way,” Neuberger said in October. As important as multifactor authentication (MFA) and encryption are, however, current and former […]

The post Feds likely to fall short of deadline for strengthening encryption, multifactor authentication appeared first on CyberScoop.

Continue reading Feds likely to fall short of deadline for strengthening encryption, multifactor authentication

Tim Maurer takes front office DHS cybersecurity job advising Mayorkas

Tim Maurer, director of the Cyber Policy Initiative at the Carnegie Endowment for International Peace, is joining the Department of Homeland Security as a senior political appointee in the role of senior counselor for cybersecurity to Secretary Alejandro Mayorkas, two sources familiar with the move told CyberScoop. It’s a job title that a number of cybersecurity luminaries to pass through the department have held over the years, including the current acting director of DHS’s Cybersecurity and Infrastructure Agency, Brandon Wales, former CISA Director Chris Krebs and CISA’s former assistant secretary for cybersecurity, Jeanette Manfra. According to his Carnegie bio, Maurer “works on the geopolitical implications of the Internet and cybersecurity, with a focus on the global financial system, influence operations, and other areas of importance as actors exploit the gray space between war and peace.” He also was a senior fellow at Carnegie’s Technology and International Affairs program. He recently […]

The post Tim Maurer takes front office DHS cybersecurity job advising Mayorkas appeared first on CyberScoop.

Continue reading Tim Maurer takes front office DHS cybersecurity job advising Mayorkas

Security transformation is about more than technology

When it comes to an effective transition away from legacy technology systems to more modern, efficient security tools, organizations stand to gain the greatest benefits if they communicate the value of digital transformation in advance and implement the right changes. Jeanette Manfra, Director of Government Security and Compliance at Google Cloud, which specializes in services ranging from data centers to backup technologies, said that a proactive mindset can help organizational leaders overcome obstacles that arise during a digital transformation. During a keynote session at CyberTalks, the annual summit of security leaders from the government and private sector hosted by Scoop News Group, Manfra explained that effective buy-in from throughout a company, or government agency, can streamline both technology and other operations. “Security practitioners in particular, whether real or perceived, can be blockers and not enablers,” she said. “And so one of the things that both working with customers and in […]

The post Security transformation is about more than technology appeared first on CyberScoop.

Continue reading Security transformation is about more than technology

DHS chooses Bryan Ware, former AI entrepreneur, as assistant director for cybersecurity

Department of Homeland Security officials have selected Bryan S. Ware, a tech-savvy entrepreneur and holder of multiple patents, to be the department’s most senior official focused exclusively on cybersecurity, according to multiple people familiar with the matter. For the last 10 months, Ware has been a DHS assistant secretary working on policies to make critical infrastructure more resilient to hacking threats. Now, pending White House approval, Ware is set to have an even more pronounced impact on DHS’s cybersecurity work. Ware would replace Jeanette Manfra, who is leaving for the private sector at the end of the year, as assistant director for cybersecurity at DHS’s Cybersecurity and Infrastructure Security Agency (CISA). It is a crucial job as CISA continues to mature as a federal agency charged with combatting cyberthreats to election systems and other critical infrastructure. Sources familiar with Ware’s selection said the White House’s approval process is underway and that nothing is final. […]

The post DHS chooses Bryan Ware, former AI entrepreneur, as assistant director for cybersecurity appeared first on CyberScoop.

Continue reading DHS chooses Bryan Ware, former AI entrepreneur, as assistant director for cybersecurity

Senior DHS cyber official Jeanette Manfra to step down

Jeanette Manfra, a senior cybersecurity official at the Department of Homeland Security, plans to step down from her position, according to multiple sources familiar with the matter. DHS officials are preparing an internal announcement about Manfra’s departure that could come as soon as this week, two sources told CyberScoop. Manfra has been a key liaison for the agency, speaking about cyberthreats to U.S. supply chains, election infrastructure, and industrial control systems to both the private sector and Congress. She has also represented DHS at top cybersecurity conferences like RSA and DEF CON. Over the course of her tenure, Manfra took on increasingly senior and cybersecurity-focused roles, culminating in her becoming assistant director at DHS’s Cybersecurity and Infrastructure Security Agency (CISA) last year. In a speech last year, she likened supply-chain vulnerabilities to a “digital public health crisis.” It was not immediately clear who would replace her. One source told CyberScoop that officials had a replacement in mind, but declined […]

The post Senior DHS cyber official Jeanette Manfra to step down appeared first on CyberScoop.

Continue reading Senior DHS cyber official Jeanette Manfra to step down

DHS asks Congress for subpoena authority to contact vulnerable asset owners

The Department of Homeland Security has asked lawmakers for subpoena authority in order to directly contact organizations vulnerable to hacking rather than having to rely on outside parties to communicate with the private sector. The move is an attempt to speed up the process by which DHS’s Cybersecurity and Infrastructure Security Agency (CISA) interacts with critical infrastructure companies on the front lines of state-sponsored hacking threats. Right now, DHS officials say, they have IP addresses of vulnerable systems in the private sector, but can’t obtain the contact information for equipment owners through internet service providers. And so DHS is seeking “administrative” subpoena authority, which would compel an ISP to turn over that information and allow the department to contact those potential hacking victims directly. “Over many years, we have tried many methods to be able to contact these entities,” said Jeanette Manfra, CISA’s assistant director for cybersecurity and communications. “The […]

The post DHS asks Congress for subpoena authority to contact vulnerable asset owners appeared first on CyberScoop.

Continue reading DHS asks Congress for subpoena authority to contact vulnerable asset owners

Cyber Storm 2020 could be DHS’s most rigorous drill for critical infrastructure yet

Every two years, the Department of Homeland Security hosts a large-scale exercise to test critical infrastructure companies’  ability to respond to a disruptive, hypothetical cyberattack. With more threat data to draw on than ever, DHS officials hope next spring’s Cyber Storm exercise will be the most rigorous test of participants’ response plans to date, driving home the interdependence of critical infrastructure sectors in new ways. Cyber Storm 2020 will focus more on collaborating with state and local officials to recover from an incident than previous drills, according to Brian Harrell, assistant director for infrastructure security at DHS’s Cybersecurity and Infrastructure Security Agency (CISA). In another twist, planners are looking to incorporate insider threats into the scenario, he said. Participants, which are expected to include representatives of the energy, financial and communications sectors, cyberthreat information-sharing organizations, and other federal agencies, will have to “bring a [hypothetical] cyber incident to resolution as quickly as possible… [to] restore some of these key services as quickly as […]

The post Cyber Storm 2020 could be DHS’s most rigorous drill for critical infrastructure yet appeared first on CyberScoop.

Continue reading Cyber Storm 2020 could be DHS’s most rigorous drill for critical infrastructure yet

House bill would boost CISA funding by $335 million

House lawmakers on Tuesday released a draft fiscal 2020 appropriations bill that would increase funding by $335 million for the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, according to a bill summary. The House Appropriations Committee bill would allot $2 billion for CISA in fiscal 2020 in recognition of the tall task CISA faces in helping civilian agencies fend off hackers, among other priorities. According to the summary, the legislation would allot $156 million for Continuous Diagnostics and Mitigation program, which agencies use to monitor their networks for threats. The bill provides “necessary funding increases…to defend our nation’s infrastructure from physical and rising cyberthreats,” House Appropriations Committee Chairwoman Nita Lowey, D-N.Y., said in a statement. The House Appropriations Subcommittee on Homeland Security will consider the bill on Wednesday. Senate appropriators have yet to release a companion bill. CISA, which was formally established in November when the agency’s name and cybersecurity […]

The post House bill would boost CISA funding by $335 million appeared first on CyberScoop.

Continue reading House bill would boost CISA funding by $335 million

Appealing for collaboration, DHS nudges ICS companies toward a more ‘proactive’ defense

With the private industrial cybersecurity market thriving, the Department of Homeland Security is continuing to push for closer coordination with experts on the front lines of defending facilities like power plants from hackers. In speeches last week to vendors, security researchers, and state officials, DHS personnel said they wanted to help put companies on a more proactive defensive posture to thwart hacking threats to industrial environments. The department has been working with ICS vendors to test security products before they go to market, but more needs to be done, Jeanette Manfra, assistant director for cybersecurity at DHS’s Cybersecurity and Infrastructure Security Agency, said last Wednesday at Hack the Capitol, an ICS security conference in Washington, D.C. “In this space, unlike really, frankly, any other, we have got to have much more capability to prevent the attacks from happening before they get in there – or at least detect them quickly so […]

The post Appealing for collaboration, DHS nudges ICS companies toward a more ‘proactive’ defense appeared first on CyberScoop.

Continue reading Appealing for collaboration, DHS nudges ICS companies toward a more ‘proactive’ defense