Senators, witnesses: $3B for ‘rip and replace’ a good start to preventing Salt Typhoon-style breaches

The annual defense spending bill contains money the FCC has sought to use to reimburse telecommunications carriers for removing Chinese equipment.

The post Senators, witnesses: $3B for ‘rip and replace’ a good start to preventing Salt Typhoon-style breaches appeared first on CyberScoop.

Continue reading Senators, witnesses: $3B for ‘rip and replace’ a good start to preventing Salt Typhoon-style breaches

Trio of South Dakota politicians set to have bigger roles on cybersecurity

The little-populated state is seeing its governor and two senators move into key positions to influence cyber policy.

The post Trio of South Dakota politicians set to have bigger roles on cybersecurity appeared first on CyberScoop.

Continue reading Trio of South Dakota politicians set to have bigger roles on cybersecurity

With workforce in mind, bipartisan bill proposes incentives for cybersecurity education, and more

The HACKED Act is actually about making sure people don’t get hacked. The bipartisan bill — with the full title “The Harvesting American Cybersecurity Knowledge through Education Act” — was introduced Tuesday by four senators who say it would boost cybersecurity education and expand workforce training. The legislation comes as the Trump administration, Congress and industry have all taken steps to boost the cybersecurity workforce through training, recruitment and retention. “America is facing serious cyberthreats every day in today’s increasingly connected world, yet there is a serious shortage of workers needed to confront this urgent challenge,” Sen. Maria Cantwell, D-Wash., one of the cosponsors and the Commerce Committee’s ranking member, said in a statement. “The bipartisan HACKED Act of 2019 would help address this by training cybersecurity educators and skilling American workers to do these jobs, as well as increasing coordination on these issues throughout the government.” The bill includes proposals to incentivize recruitment of […]

The post With workforce in mind, bipartisan bill proposes incentives for cybersecurity education, and more appeared first on CyberScoop.

Continue reading With workforce in mind, bipartisan bill proposes incentives for cybersecurity education, and more

Slow disclosure of Google+ flaw draws attention of senators

Republican senators have written to Google CEO Sundar Pichai demanding to know why the company was reportedly slow to disclose a software flaw in its Google+ social network partly out of fear of drawing attention from regulators. “Google must be more forthcoming with the public and lawmakers if the company is to maintain or regain the trust of the users of its services,” states the Oct. 11 letter from Sens. John Thune, S.D.,  Jerry Moran, Kan., and Roger Wicker, Miss. Thune chairs the Commerce, Science, and Transportation Committee. The software flaw, which Google announced Monday, exposed profile data such as email addresses and age, through an API. The incident affected up to 500,000 accounts, according to Google, which shut down consumer use of Google+ in response. Although the tech giant said it discovered and patched the bug in March, according to an internal company memo cited by the Wall Street […]

The post Slow disclosure of Google+ flaw draws attention of senators appeared first on Cyberscoop.

Continue reading Slow disclosure of Google+ flaw draws attention of senators

Senators question vulnerability disclosure process after Spectre and Meltdown stumbles

Shortcomings in the industry-led process for disclosing software and hardware bugs could rear their heads again, U.S. senators said Wednesday at a hearing on the Spectre and Meltdown chip flaws. “While these vulnerabilities seemed to have been patched reasonably well, what about the next one? And we might not know about it until it’s too late,” Florida Democrat Bill Nelson said at the Commerce, Science and Transportation Committee hearing. Lawmakers are pondering what can be done to improve the complex vulnerabilities disclosure process, which involves spreading enough word among vendors to address a bug but not so much as to risk leaking information before patches are ready. “We need to consider additional ways to require the federal government’s equipment suppliers to promptly notify [the Department of Homeland Security] of potential breaches or vulnerabilities that could weaken our federal systems,” Sen. Maggie Hassan, D-N.H., said at the hearing. The worry is always that foreign governments […]

The post Senators question vulnerability disclosure process after Spectre and Meltdown stumbles appeared first on Cyberscoop.

Continue reading Senators question vulnerability disclosure process after Spectre and Meltdown stumbles