Congressional cyber heavyweights Langevin, Katko won’t seek reelection

In the span of a few days, two House members who have concentrated much of their energy on cybersecurity — and perhaps just as importantly, on working across the aisle on the issue — have announced their plans to depart Congress. Rep. Jim Langevin, D-R.I., said on Tuesday that he would not run for reelection in 2022. Rep. John Katko, R-N.Y., made his own announcement on Friday. Matt Masterson, a former election security official at the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, called the exit of Langevin and Katko “tough” and “a big loss.” “These are two members of Congress that have both employed staff and taken the time themselves to understand the technical challenges and nuances that are part of this conversation about cybersecurity,” said Masterson, now a nonresident policy fellow with the Stanford Internet Observatory. “You have a Republican and a Democrat, both who recognized […]

The post Congressional cyber heavyweights Langevin, Katko won’t seek reelection appeared first on CyberScoop.

Continue reading Congressional cyber heavyweights Langevin, Katko won’t seek reelection

CISA’s advisory panel is announced, set to make recommendations on major cyber topics

The Cybersecurity and Infrastructure Security Agency on Wednesday named members to a new cyber advisory panel that will make recommendations on subjects ranging from battling misinformation to gaining aid from the hacker community on national cyber defense. Among the 23 members selected are leaders from social media, cybersecurity companies, major technology firms and critical infrastructure sectors such as finance and energy. It includes officials from Johnson & Johnson and Walmart, as well as a longtime cybersecurity journalist and the mayor of Austin, Texas. “We’re at a pivotal moment in our history — one that demands we think anew about ensuring the security and resilience of our digital infrastructure in the face of increasingly sophisticated cyber threats,” said CISA Director Jen Easterly, whose agency is a part of the Department of Homeland Security. “I look forward to partnering with these distinguished leaders from across industry, academia, and government to tackle some […]

The post CISA’s advisory panel is announced, set to make recommendations on major cyber topics appeared first on CyberScoop.

Continue reading CISA’s advisory panel is announced, set to make recommendations on major cyber topics

CISA starts identifying targets most necessary to protect from hacking

The Cybersecurity and Infrastructure Security Agency has begun working to map out the U.S. critical infrastructure that, if hacked, could result in serious consequences for national security and economic interests, CISA Director Jen Easterly said Friday. Labeling such infrastructure is the subject of a proposal of the Cyberspace Solarium Commission, a congressional committee, which recommended identifying “systemically important critical infrastructure,” or SICI. Lawmakers have introduced SICI legislation in recent months, but Easterly said her Department of Homeland Security agency is proceeding ahead with or without a bill. “Notwithstanding whether this ends up in legislation or not, and I certainly hope it does, we are already thinking through the model,” she said at an event hosted by the Center for Strategic and International Studies. “We’re in a state now where a critical infrastructure is much more vulnerable than it should be. And frankly, that’s what I worry about most every day.” […]

The post CISA starts identifying targets most necessary to protect from hacking appeared first on CyberScoop.

Continue reading CISA starts identifying targets most necessary to protect from hacking

Rep. Katko introduces bill that would prioritize security for key US critical infrastructure

The top Republican on the House Homeland Security Committee introduced legislation Tuesday directing the Homeland Security Department’s cyber wing to identify U.S. digital infrastructure that, if attacked, would severely debilitate national security, economic security or public safety. Under the legislation from Rep. John Katko, R-N.Y., DHS’ Cybersecurity and Infrastructure Security Agency would designate the nation’s “systemically important critical infrastructure” (or “SICI”). The legislation also would make it a priority for CISA to lend its protective services, such as continuous monitoring and detection of cybersecurity risks, to the identified owners and operators. It’s an attempt, Katko said, identify which of the 16 sectors currently labeled as critical infrastructure are truly essential. “To mitigate risks to our economic and national security going forward, we need a clear process for identifying which infrastructure constitutes systemically important critical infrastructure,” Katko said in announcing the legislation. “Disruption to this infrastructure — ranging from pipelines to […]

The post Rep. Katko introduces bill that would prioritize security for key US critical infrastructure appeared first on CyberScoop.

Continue reading Rep. Katko introduces bill that would prioritize security for key US critical infrastructure

Key lawmakers to CISA: Let us send you more money, power

The Department of Homeland Security’s cyber division, a key government agency charged with helping stop and respond to cyberattacks, might be getting ready for a bigger role in the spotlight.  One key House committee advanced legislation in July to give the Cybersecurity and Infrastructure Security Agency an extra $400 million. Then, another committee on Sept. 14 separately advanced its take on legislation that would provide an additional nearly $800 million to the agency, which has a $2 billion total budget in the current fiscal year. Those proposed funds come on top of another extra $650 million that Congress and President Joe Biden already provided to CISA in March through the American Rescue Plan focused on COVID-19 relief. And the recent moves on Capitol Hill to bolster CISA, an agency formally established only three years ago, aren’t limited to cash. Both chambers of Congress are contemplating legislation that would make CISA the […]

The post Key lawmakers to CISA: Let us send you more money, power appeared first on CyberScoop.

Continue reading Key lawmakers to CISA: Let us send you more money, power

Key lawmakers to CISA: Let us send you more money, power

The Department of Homeland Security’s cyber division, a key government agency charged with helping stop and respond to cyberattacks, might be getting ready for a bigger role in the spotlight.  One key House committee advanced legislation in July to give the Cybersecurity and Infrastructure Security Agency an extra $400 million. Then, another committee on Sept. 14 separately advanced its take on legislation that would provide an additional nearly $800 million to the agency, which has a $2 billion total budget in the current fiscal year. Those proposed funds come on top of another extra $650 million that Congress and President Joe Biden already provided to CISA in March through the American Rescue Plan focused on COVID-19 relief. And the recent moves on Capitol Hill to bolster CISA, an agency formally established only three years ago, aren’t limited to cash. Both chambers of Congress are contemplating legislation that would make CISA the […]

The post Key lawmakers to CISA: Let us send you more money, power appeared first on CyberScoop.

Continue reading Key lawmakers to CISA: Let us send you more money, power

Breach notification window, accountability are focus of coming fight on cyber legislation in Congress

Battle lines are drawn in Congress over legislation that would require companies to report some cyber incidents to the federal government, with industry groups lining up to support a House of Representatives bill poised to create fewer challenges for business leaders than a similar proposal in the Senate. The debate involves questions about how quickly companies would have to report attacks, what kinds of specific intrusions would trigger notification and whether failure to comply with the rules would lead to financial penalties. The idea of breach notification legislation gained momentum following last year’s discovery of the SolarWinds hack that compromised nine federal agencies and some 100 companies, as well as the Colonial Pipeline ransomware attack in May. At issue are such questions as whether companies have 24 or 72 hours to report an incident, along with who would be on the hook outside of critical infrastructure owners and operators, if […]

The post Breach notification window, accountability are focus of coming fight on cyber legislation in Congress appeared first on CyberScoop.

Continue reading Breach notification window, accountability are focus of coming fight on cyber legislation in Congress

White House cyber summit with private sector nets impressive gains, but points to considerable work needed ahead

The White House summit Wednesday demonstrated positive momentum for both the Biden administration and private sector in terms of their approach to cybersecurity, but also laid bare what remains inadequate, cyber experts said. The high-profile meeting brought together CEOs from the education, energy, finance, insurance and tech sectors, featuring companies like Amazon, Bank of America and ConocoPhillips. Some pledged billions more in cyber investments, while others committed to providing training and smaller services in response to the administration’s “call to action.” While impressive, observers noted, those commitments will require considerable follow-up, from expansion to other sectors to policy changes that could emerge from closer-knit relationships between industry and government. Even as the nonprofit Global Cyber Alliance’s Megan Stifel commended the White House for holding the meeting and the broad commitments that the companies made, she said it illustrated the lengths to which the U.S. can improve national cybersecurity. “A couple […]

The post White House cyber summit with private sector nets impressive gains, but points to considerable work needed ahead appeared first on CyberScoop.

Continue reading White House cyber summit with private sector nets impressive gains, but points to considerable work needed ahead

A plan to label companies vulnerable to hacking is set to spark debate on Capitol Hill

The notion of writing more cybersecurity regulations is gaining traction following the Colonial Pipeline and JBS ransomware incidents, after decades of a largely hands-off approach to private sector-owned critical infrastructure. Top Biden administration team picks have testified about how voluntary standards aren’t getting the job done, and some in Congress have indicated their patience is waning with letting industry go it alone. Enter a proposal that some lawmakers and the Cyberspace Solarium Commission that they say strikes a middle ground between the new zeal for hard rules and the tradition of non-regulation in cyberspace: “systemically important critical infrastructure.” Also known as SICI, it’s an idea that involves labeling hacking targets that are most likely to cause economic, public health or national security disruptions if attacked, then offering the owners of that infrastructure a mixture of government boons in exchange for meeting baseline cybersecurity standards. But even as something of a […]

The post A plan to label companies vulnerable to hacking is set to spark debate on Capitol Hill appeared first on CyberScoop.

Continue reading A plan to label companies vulnerable to hacking is set to spark debate on Capitol Hill

Congress pummels Colonial Pipeline CEO over government coordination after disruptive ransomware incident

Lawmakers repeatedly challenged Colonial Pipeline CEO Joseph Blount on Wednesday about the steps it took to work with the government after a May ransomware attack, often suggesting the company fell short. A long string of House Homeland Security Committee members questioned Blount about his assertion that Colonial had not, as reported, refused voluntary Transportation Security Administration cybersecurity reviews. Instead, the company delayed them due to COVID-19 restrictions and a physical move to a new building, he said. “Delaying these assessments for so long amounts to declining them, sir,” said Rep. Bonnie Watson Coleman, D-N.J., citing communications that began in March of 2020. “It raises serious questions,” she said, while noting that her information says that Colonial turned down even a virtual assessment offers before the ransomware attack that led to fuel delivery slowdowns last month. Colonial has now scheduled a TSA review for late July, Blount said. Blount’s answers about government […]

The post Congress pummels Colonial Pipeline CEO over government coordination after disruptive ransomware incident appeared first on CyberScoop.

Continue reading Congress pummels Colonial Pipeline CEO over government coordination after disruptive ransomware incident