Category Archives: Jeanette Manfra

White House executive order sets path for ban on Huawei

Posted on by

President Donald Trump issued an executive order Wednesday that is intended to prevent U.S. companies from using telecommunications technology made by firms that are beholden to foreign adversaries. The goal of the order is to protect the security, economy, and critical infrastructure of the U.S., a senior administration official told reporters Wednesday. The intent is to prevent economic and industrial espionage, especially those activities that pose “undue risk of sabotage” through technologies that are “owned by, controlled by, or subject to the jurisdiction or direction” of foreign adversaries. Although the order, which invokes the International Emergency Economic Powers Act and the National Emergencies Act, does not name any country or company in particular, the order is thought to impinge on business with China-based Huawei. The order comes as tension has risen over the U.S.-China trade war. Earlier this week, the Chinese government said it will impose tariffs on $60 billion worth of U.S. […]

The post White House executive order sets path for ban on Huawei appeared first on CyberScoop.

Continue reading White House executive order sets path for ban on Huawei

NSA official: Bloomberg story created a frenzied, fruitless search for supporting evidence

Posted on by

A news report claiming a compromise of U.S. companies’ supply chains by Chinese spies has triggered a thorough search in government and industry for evidence of the breach that has so far turned up nothing, according to a senior National Security Agency official, who expressed concern that the search was a distraction and potentially a waste of resources. “I have grave concerns about where this has taken us,” Rob Joyce said Wednesday at the U.S. Chamber of Commerce. “I worry that we’re chasing shadows right now.” The story in question is an explosive, anonymously-sourced report published last week by Bloomberg Businessweek. The report alleges Chinese intelligence agents placed malicious microchips on server motherboards supplied by Super Micro Computing Inc., setting up a backdoor to some 30 companies, including Apple and Amazon Web Services. While supply-chain threats emanating from China are certainly a concern, Joyce said, “what I can’t find are any ties to […]

The post NSA official: Bloomberg story created a frenzied, fruitless search for supporting evidence appeared first on Cyberscoop.

Continue reading NSA official: Bloomberg story created a frenzied, fruitless search for supporting evidence

DHS vulnerability scanning program offline after Virginia office loses power

Posted on by

Two cybersecurity programs the Department of Homeland Security offers both states and the private sector have been temporarily knocked offline due to a power outage, while other services have been shifted to backup locations, multiple sources tell CyberScoop. The National Cybersecurity and Communications Integration Center (NCCIC), the 24/7 hub for monitoring cyberthreats across the government and critical infrastructure, has shifted operations to a backup location in Florida. The move was made after the Arlington, Virginia, building that houses NCCIC lost power last week due to heavy rains. Additionally, two other programs under NCCIC’s National Cybersecurity Assessments and Technical Services (NCATS) — Cyber Hygiene vulnerability scans and Phishing Campaign Assessment — have been offline since July 26. The Cyber Hygiene program remotely detects known vulnerabilities on internet-facing services. The Phishing Campaign Assessment program is part of a remote penetration testing service. Both programs are used by hundreds of customers across the country. Thirty-four states have received vulnerability scans through the Cyber Hygiene program, according to a DHS presentation given at […]

The post DHS vulnerability scanning program offline after Virginia office loses power appeared first on Cyberscoop.

Continue reading DHS vulnerability scanning program offline after Virginia office loses power

With White House coordinator gone, DHS official calls for U.S. leadership on cybersecurity

Posted on by

In the wake of the White House’s decision to eliminate its top cybersecurity position, a Department of Homeland Security official has called on the U.S. government to robustly engage on cyber policy issues on the world stage. The Trump administration should have a “strong voice” at internet standards bodies and other global forums, working with allies and non-allies alike, said Jeanette Manfra, assistant secretary for DHS’s Office of Cybersecurity and Communications. “We have to figure out a way to continue to work together to ensure that the stability of the global system is maintained,” Manfra said Tuesday at the Security Through Innovation Summit, presented by McAfee and produced by CyberScoop. Manfra did not mention the recently-nixed White House cybersecurity coordinator in her remarks, but that position has traditionally been key to the United States’ international cybersecurity work. At a February conference in Germany, for example, then-White House cybersecurity coordinator Rob […]

The post With White House coordinator gone, DHS official calls for U.S. leadership on cybersecurity appeared first on Cyberscoop.

Continue reading With White House coordinator gone, DHS official calls for U.S. leadership on cybersecurity

‘Aggressive posture’ defines election security work, DHS official tells senators

Posted on by

A senior Department of Homeland Security official on Tuesday defended its work to help secure voting systems before midterm elections, but a top Democratic lawmaker worried those efforts were insufficient. DHS has “adopted an aggressive posture” to help state officials secure their voting infrastructure and will do all it can ahead of Election Day, DHS’s Jeanette Manfra told the Senate Homeland Security and Governmental Affairs Committee. At the same time, she said, the department has yet to detect Russian cyber-activity on state systems this election season. DHS will use the $26 million in additional election-security funding provided by the March omnibus to increase vulnerability assessments and other services it offers states, Manfra told CyberScoop after the hearing. That money is separate from the $380 million the bill allocated directly to individual states to do things like upgrade their computer systems and train officials in cybersecurity. But Sen. Claire McCaskill, D-Mo., the committee’s […]

The post ‘Aggressive posture’ defines election security work, DHS official tells senators appeared first on Cyberscoop.

Continue reading ‘Aggressive posture’ defines election security work, DHS official tells senators

Manfra: Private sector on board with more robust DHS cyber strategy

Posted on by

Private firms won’t have any reservations about supporting the more robust cybersecurity strategy that the Department of Homeland Security will soon release, according to the department’s top cyber official. The upcoming DHS document — intended for use in and outside of government — is part of an effort to be “much more forward-leaning on using the tools that we’ve got available to us,” but it is “all still totally voluntary” for private firms, Jeanette Manfra said in an interview with CyberScoop. “A lot of the ideas and the concepts [in the strategy] have come from the private sector.” DHS’s work to make companies more resilient to cyberattacks has always been predicated on trust, without which executives would balk at trading threat data with the government. Manfra hopes that collaboration will intensify. The goal is to be “much more open and transparent in passing information about who is doing what” in cyberspace, she told CyberScoop. […]

The post Manfra: Private sector on board with more robust DHS cyber strategy appeared first on Cyberscoop.

Continue reading Manfra: Private sector on board with more robust DHS cyber strategy

Supply-chain vulnerabilities are a ‘digital public health crisis,’ says DHS’s Manfra

Posted on by

Persistent supply chain vulnerabilities such as hardware and software bugs “amount to a digital public health crisis” that the government and private sector must work together to resolve, according to Jeanette Manfra, the Department of Homeland Security’s top cybersecurity official. “We must begin to think in terms of global digital public health, where the decisions of each of us have the potential to affect us all,” Manfra said Monday at SF CyberTalks presented by CyberScoop ahead of the RSA Conference in San Francisco. Manfra, DHS’s assistant secretary for the Office of Cybersecurity and Communications, said that security tools need to be pushed further down the supply chain “to prevent unseen and unknown risk transmitting from vendors to infrastructure.” DHS earlier this year established a supply chain program that provides cyber risk assessments to critical infrastructure firms and federal agencies on products they may acquire or deploy. The supply chain is a logical […]

The post Supply-chain vulnerabilities are a ‘digital public health crisis,’ says DHS’s Manfra appeared first on Cyberscoop.

Continue reading Supply-chain vulnerabilities are a ‘digital public health crisis,’ says DHS’s Manfra

Senate hearing presses DHS for details on election security progress

Posted on by

A Senate Intelligence Committee hearing on Wednesday appraised how well the Trump administration is tackling the issue of election security, amid fears of foreign interference through cyberattacks and other means. Much of the hearing focused on the increasingly close relationship between the Department of Homeland Security and the state and local offices that run elections. Having declared election systems as part of the country’s critical infrastructure in January 2017, DHS has been offering states and localities various forms of voluntary support on election security. Many election officials initially were skeptical of the designation and feared federal overreach, a sentiment that was acknowledged at Wednesday’s hearing. “The administration of elections is the responsibility of the state and local officials and the support your agency provides is on a voluntary basis. What we’ve learned is that states will only engage with the department if they feel there’s value,” said Chairman Richard Burr, R-N.C. DHS Secretary Kirstjen Nielsen […]

The post Senate hearing presses DHS for details on election security progress appeared first on Cyberscoop.

Continue reading Senate hearing presses DHS for details on election security progress

New gov email report is a mixed bag ahead of DMARC deadline

Posted on by

The number of federal agencies adopting a security standard that stops people from impersonating their email domains surged by more than a third just before the end of 2017, according to new research out Tuesday. However, less than two weeks away from a Department of Homeland Security deadline, more than half of all agencies still don’t use Domain-based Message Authentication, Reporting and Conformance (DMARC), according to figures published by email security provider Agari. The number of .gov domains with DMARC rose from 351 on Nov. 9 to 523 on Dec. 18. But that still represents only 47 percent of the 1106 federal domains subject to the order. Known as Binding Operational Directive 18-01, the order set a Jan. 15 deadline for agencies to adopt DMARC. “DMARC has proven to be an effective solution to secure our federal domains, but more work is needed,” said Jeanette Manfra, assistant secretary for DHS’ […]

The post New gov email report is a mixed bag ahead of DMARC deadline appeared first on Cyberscoop.

Continue reading New gov email report is a mixed bag ahead of DMARC deadline

Why is it so hard to sign up for the feds’ cyberthreat information sharing program?

Posted on by

A little more than a year since the Department of Homeland Security launched the Automated Indicator Sharing program, private sector adoption of the cyberthreat information service has been sluggish. Critics have said the data has problems with quality and timeliness. But some experts say there’s another — and perhaps more important — issue: For most companies, it’s just too darn hard to sign up. One private sector executive who spoke to CyberScoop but asked for anonymity to preserve relationships at DHS, said company leaders “reared back hard” when they discovered what was involved in getting onboarded to AIS, which shares cyberthreat indicators gleaned from U.S. intelligence with the private sector. “You have to negotiate a special deal, which means lawyers’ time. You have to buy and install special equipment … You need people working on it … When you add it all up, it was a six-figure proposition with no [return on investment] you can […]

The post Why is it so hard to sign up for the feds’ cyberthreat information sharing program? appeared first on Cyberscoop.

Continue reading Why is it so hard to sign up for the feds’ cyberthreat information sharing program?