Collaborate Disseminate
Rep. Jim Langevin’s amendment reflects one of the biggest unfulfilled Cyberspace Solarium Commission recommendations.
The post Langevin pushes for critical infrastructure protections in annual defense bill appeared first on CyberScoop.
Continue reading Langevin pushes for critical infrastructure protections in annual defense bill
In the span of a few days, two House members who have concentrated much of their energy on cybersecurity — and perhaps just as importantly, on working across the aisle on the issue — have announced their plans to depart Congress. Rep. Jim Langevin, D-R.I., said on Tuesday that he would not run for reelection in 2022. Rep. John Katko, R-N.Y., made his own announcement on Friday. Matt Masterson, a former election security official at the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, called the exit of Langevin and Katko “tough” and “a big loss.” “These are two members of Congress that have both employed staff and taken the time themselves to understand the technical challenges and nuances that are part of this conversation about cybersecurity,” said Masterson, now a nonresident policy fellow with the Stanford Internet Observatory. “You have a Republican and a Democrat, both who recognized […]
The post Congressional cyber heavyweights Langevin, Katko won’t seek reelection appeared first on CyberScoop.
Continue reading Congressional cyber heavyweights Langevin, Katko won’t seek reelection
The Department of Homeland Security’s cyber division, a key government agency charged with helping stop and respond to cyberattacks, might be getting ready for a bigger role in the spotlight. One key House committee advanced legislation in July to give the Cybersecurity and Infrastructure Security Agency an extra $400 million. Then, another committee on Sept. 14 separately advanced its take on legislation that would provide an additional nearly $800 million to the agency, which has a $2 billion total budget in the current fiscal year. Those proposed funds come on top of another extra $650 million that Congress and President Joe Biden already provided to CISA in March through the American Rescue Plan focused on COVID-19 relief. And the recent moves on Capitol Hill to bolster CISA, an agency formally established only three years ago, aren’t limited to cash. Both chambers of Congress are contemplating legislation that would make CISA the […]
The post Key lawmakers to CISA: Let us send you more money, power appeared first on CyberScoop.
Continue reading Key lawmakers to CISA: Let us send you more money, power
The Department of Homeland Security’s cyber division, a key government agency charged with helping stop and respond to cyberattacks, might be getting ready for a bigger role in the spotlight. One key House committee advanced legislation in July to give the Cybersecurity and Infrastructure Security Agency an extra $400 million. Then, another committee on Sept. 14 separately advanced its take on legislation that would provide an additional nearly $800 million to the agency, which has a $2 billion total budget in the current fiscal year. Those proposed funds come on top of another extra $650 million that Congress and President Joe Biden already provided to CISA in March through the American Rescue Plan focused on COVID-19 relief. And the recent moves on Capitol Hill to bolster CISA, an agency formally established only three years ago, aren’t limited to cash. Both chambers of Congress are contemplating legislation that would make CISA the […]
The post Key lawmakers to CISA: Let us send you more money, power appeared first on CyberScoop.
Continue reading Key lawmakers to CISA: Let us send you more money, power
Battle lines are drawn in Congress over legislation that would require companies to report some cyber incidents to the federal government, with industry groups lining up to support a House of Representatives bill poised to create fewer challenges for business leaders than a similar proposal in the Senate. The debate involves questions about how quickly companies would have to report attacks, what kinds of specific intrusions would trigger notification and whether failure to comply with the rules would lead to financial penalties. The idea of breach notification legislation gained momentum following last year’s discovery of the SolarWinds hack that compromised nine federal agencies and some 100 companies, as well as the Colonial Pipeline ransomware attack in May. At issue are such questions as whether companies have 24 or 72 hours to report an incident, along with who would be on the hook outside of critical infrastructure owners and operators, if […]
The post Breach notification window, accountability are focus of coming fight on cyber legislation in Congress appeared first on CyberScoop.
The notion of writing more cybersecurity regulations is gaining traction following the Colonial Pipeline and JBS ransomware incidents, after decades of a largely hands-off approach to private sector-owned critical infrastructure. Top Biden administration team picks have testified about how voluntary standards aren’t getting the job done, and some in Congress have indicated their patience is waning with letting industry go it alone. Enter a proposal that some lawmakers and the Cyberspace Solarium Commission that they say strikes a middle ground between the new zeal for hard rules and the tradition of non-regulation in cyberspace: “systemically important critical infrastructure.” Also known as SICI, it’s an idea that involves labeling hacking targets that are most likely to cause economic, public health or national security disruptions if attacked, then offering the owners of that infrastructure a mixture of government boons in exchange for meeting baseline cybersecurity standards. But even as something of a […]
The post A plan to label companies vulnerable to hacking is set to spark debate on Capitol Hill appeared first on CyberScoop.
Lawmakers repeatedly challenged Colonial Pipeline CEO Joseph Blount on Wednesday about the steps it took to work with the government after a May ransomware attack, often suggesting the company fell short. A long string of House Homeland Security Committee members questioned Blount about his assertion that Colonial had not, as reported, refused voluntary Transportation Security Administration cybersecurity reviews. Instead, the company delayed them due to COVID-19 restrictions and a physical move to a new building, he said. “Delaying these assessments for so long amounts to declining them, sir,” said Rep. Bonnie Watson Coleman, D-N.J., citing communications that began in March of 2020. “It raises serious questions,” she said, while noting that her information says that Colonial turned down even a virtual assessment offers before the ransomware attack that led to fuel delivery slowdowns last month. Colonial has now scheduled a TSA review for late July, Blount said. Blount’s answers about government […]
The post Congress pummels Colonial Pipeline CEO over government coordination after disruptive ransomware incident appeared first on CyberScoop.
After Colonial Pipeline CEO Joseph Blount confirmed Wednesday that his company had paid hackers $4.4 million to recover its data, lawmakers said they would press Blount for more information at a congressional hearing next month. “I’ll have some questions about Blount’s judgement when he appears before [the committee] in a couple weeks,” tweeted Rep. Jim Langevin, D-RI., an influential member of the House Homeland Security Committee. The FBI has advised companies for years not to pay a ransom, and cybersecurity experts warn that doing so fuels yet more ransomware hacks that have already cost U.S. companies hundreds of millions of dollars.But the breach of Colonial Pipeline’s IT systems, which caused a multi-day shutdown of the pipeline system and indirectly resulted in shortages at gas stations in multiple states, has thrust the issue of ransomware payments into the national limelight. Blount defended the decision in an interview with The Wall Street […]
The post Colonial Pipeline CEO to face questions from Congress on $4.4 million ransom payment appeared first on CyberScoop.
As a major fuel delivery operator gradually returns to service five days after suffering a ransomware attack, U.S. lawmakers are pressing federal agencies on what more they can do to secure the nation’s pipelines from hackers. The disruption at Colonial Pipeline, which operates 5,500 miles of pipelines and provides 45% of the fuel consumed on the East Coast, has renewed longstanding concerns that the lead agency for pipeline cybersecurity, the Transportation Security Administration, is ill-equipped to deal with the scale of security challenges in the sector. A multi-agency initiative to bolster pipeline cybersecurity begun in 2018 is a good start, but more can be done, critics say. “I have raised significant concerns with TSA’s focus on surface transportation, including pipelines, for years,” Rep. Jim Langevin, D-R.I., told CyberScoop. He pointed to a 2018 audit from the Government Accountability Office that found that TSA’s pipeline cybersecurity work was inadequate and lacked […]
The post After Colonial Pipeline hack, lawmakers want more action on pipeline security appeared first on CyberScoop.
Continue reading After Colonial Pipeline hack, lawmakers want more action on pipeline security
The House of Representatives passed a bill Tuesday that would carve out a top cyber diplomacy office at the State Department to help the U.S. better influence global cyberspace norms. The so-called Cyber Diplomacy Act would require the State Department to develop a strategy for promoting norms in cyberspace around what behavior is acceptable in cyberspace. The proposal would also create an ambassador role for cyber diplomacy as well as a centralized bureau, the Bureau of International Cyberspace Policy, to push democratic norms in cyberspace and advise the Secretary of State on cyber issues. “In an increasingly connected world, we must have the proper structures in place to promote our values and interests in cyberspace,” Wisconsin Republican Rep. Mike Gallagher, who co-led the bill’s introduction, said in a statement. Added co-sponsor Jim Langevin, D-R.I.: “As the United States confronts increasingly bold challenges from adversaries in cyberspace, designing and implementing a […]
The post House green lights new State Department cyber bureau appeared first on CyberScoop.
Continue reading House green lights new State Department cyber bureau