maggie hassan – WindowsTechs.com

Colonial Pipeline CEO says company didn’t have plan for potential ransomware attack

Posted on June 8, 2021 by Tonya Riley

Colonial Pipeline did not have guidance in place on how to handle a ransom demand from cybercriminals who locked up its systems, its CEO testified in a hearing before the Senate Homeland Security and Governmental Affairs Committee Tuesday. The company’s failure to prepare explicitly for a ransomware attack — despite warnings from Homeland Security Department’s Cybersecurity and Infrastructure Security Agency as early as February 2020 about the risk of such attacks against the pipeline industry — underscores growing concerns from lawmakers that the critical sector needs tighter regulations when it comes to cybersecurity. “We have an emergency response process: See the threat, contain the threat, remediate the threat, and restore,” Colonial Pipeline CEO Joseph Blount said in response to a question from Sen. Maggie Hassan, D-N.H. about ransomware-specific guidance. “So in this case, you use the same process, but you use a different set of experts.” Hassan chastized Blount’s response, […]

The post Colonial Pipeline CEO says company didn’t have plan for potential ransomware attack appeared first on CyberScoop.

Continue reading Colonial Pipeline CEO says company didn’t have plan for potential ransomware attack→

DHS official briefs senators on state ransomware threats in classified meeting

Posted on December 4, 2019 by Sean Lyngaas

The head of the Department of Homeland Security’s cybersecurity division on Wednesday provided senators with a classified briefing on ransomware attacks, the latest indication of the threat the file-locking malware poses to state and local governments. Chris Krebs, director of DHS’s Cybersecurity and Infrastructure Security Agency (CISA), briefed the Senate Cybersecurity Caucus, a bipartisan group of lawmakers led by Sens. Mark Warner, D-Va., and Cory Gardner, R-Colo. The newest member of the caucus, Sen. Maggie Hassan, D-N.H., confirmed the briefing in a statement. “From ransomware attacks on local hospitals to a hack of federal government records, cyberattacks pose a serious threat to our communities and national security,” Hassan said. In the last few years, poorly secured U.S. businesses, schools, and local governments have lost millions of dollars after ransomware infections. Over 100 public-sector ransomware attacks have been reported in 2019 alone, double the amount in 2018. This classified briefing followed an unprecedented, closed-door summit held by […]

The post DHS official briefs senators on state ransomware threats in classified meeting appeared first on CyberScoop.

Continue reading DHS official briefs senators on state ransomware threats in classified meeting→

Senators question vulnerability disclosure process after Spectre and Meltdown stumbles

Posted on July 11, 2018 by Sean Lyngaas

Shortcomings in the industry-led process for disclosing software and hardware bugs could rear their heads again, U.S. senators said Wednesday at a hearing on the Spectre and Meltdown chip flaws. “While these vulnerabilities seemed to have been patched reasonably well, what about the next one? And we might not know about it until it’s too late,” Florida Democrat Bill Nelson said at the Commerce, Science and Transportation Committee hearing. Lawmakers are pondering what can be done to improve the complex vulnerabilities disclosure process, which involves spreading enough word among vendors to address a bug but not so much as to risk leaking information before patches are ready. “We need to consider additional ways to require the federal government’s equipment suppliers to promptly notify [the Department of Homeland Security] of potential breaches or vulnerabilities that could weaken our federal systems,” Sen. Maggie Hassan, D-N.H., said at the hearing. The worry is always that foreign governments […]

The post Senators question vulnerability disclosure process after Spectre and Meltdown stumbles appeared first on Cyberscoop.

Continue reading Senators question vulnerability disclosure process after Spectre and Meltdown stumbles→

Senate panel gives go-ahead to bill that would hit reset on DHS

Posted on March 8, 2018 by Zaid Shoorbajee

Congress is moving forward with a plan to reauthorize the Department of Homeland Security for the first time since its 2002 creation and establish a permanent, dedicated cyber office within the agency. The Senate Committee on Homeland Security and Government Affairs approved the legislation Wednesday. The current bill is a version of what the House passed in July. If it passes in the full Senate, it would still need to see action in the House, even though that side of Congress already passed two attempts to reauthorize DHS last year. The Senate bill would reorganize DHS’s National Protection and Programs Directorate into a dedicated cyber agency, called the Cybersecurity and Infrastructure Security Agency. NPPD was established in 2007 by DHS and therefore isn’t officially deputized by Congress. The new office would be headed by an department undersecretary. “Passing the Department of Homeland Security Authorization Act is an important step to strengthen DHS and to establish a process […]

The post Senate panel gives go-ahead to bill that would hit reset on DHS appeared first on Cyberscoop.

Continue reading Senate panel gives go-ahead to bill that would hit reset on DHS→

Hack Department of Homeland Security Act Would Bring Bug Bounty Program to DHS

Posted on May 31, 2017 by Chris Brook

Senators introduced a bill last week to establish a bug bounty pilot program within the Department of Homeland Security. Continue reading Hack Department of Homeland Security Act Would Bring Bug Bounty Program to DHS→

Bill would create bug bounty program inside DHS

Posted on May 30, 2017 by Greg Otto

A bipartisan group of senators have introduced a bill that would create a bug bounty program inside the Department of Homeland Security. Sens. Maggie Hassan, D-N.H., and Rob Portman, R-Ohio, introduced the Hack Department of Homeland Security Act, which would establish a bug bounty pilot program similar to ones in use at the Department of Defense and major tech companies around the world. “Federal agencies like DHS are under assault every day from cyberattacks. These attacks threaten the safety, security and privacy of millions of Americans and in order to protect DHS and the American people from these threats, the Department will need help,” Hassan said in a statement. Bug bounty programs have started to catch on inside the government, buoyed by the Hack the Pentagon program that saw DOD issue $71,200 in bounties to hackers who found vulnerabilities are certain agency websites and systems. Since then, various military branches have created their own […]

The post Bill would create bug bounty program inside DHS appeared first on Cyberscoop.

Continue reading Bill would create bug bounty program inside DHS→