Collaborate Disseminate
The White House has reached consensus between State and Defense on how to pare back NSPM-13’s precedent-setting delegation of authority to the DOD.
The post State to gain more ability to monitor DOD cyber ops under White House agreement appeared first on CyberScoop.
Continue reading State to gain more ability to monitor DOD cyber ops under White House agreement
The Biden administration is considering revising the Trump-era policy which gave broad cyber authorities to the Department of Defense and Cyber Command.
The post Biden administration is studying whether to strip DOD of Trump-era cyber authorities appeared first on CyberScoop.
A winning streak of hitting deadlines under President Joe Biden’s ambitious May cybersecurity executive order is widely expected to end Monday, affecting changes that administration officials have touted most: implementing multifactor authentication and encryption at all civilian federal agencies. Multifactor authentication — which requires users to access websites and systems by entering a password and also using a second device to verify their identity — could prevent 80% to 90% of all successful cyberattacks, Deputy National Security Adviser for Cyber and Emerging Technologies Anne Neuberger said in September. Encryption is another of the handful of technologies the administration has emphasized that “dramatically reduce the risk of attack,” Neuberger has said. The executive order’s goal was to set “aggressive but achievable” deadlines, officials have repeatedly said, and “We’ve met each timeline along the way,” Neuberger said in October. As important as multifactor authentication (MFA) and encryption are, however, current and former […]
The post Feds likely to fall short of deadline for strengthening encryption, multifactor authentication appeared first on CyberScoop.
The U.S. government requires dramatic updates to its current approach toward cybersecurity if Americans want to avoid the kind of cyber-espionage campaigns that have recently rocked the national security establishment, a panel of security practitioners told Congress Wednesday. During testimony in front of the House Homeland Security Committee, Gordon likened the state of data protection in the U.S. to the stock market crash of 1929, which triggered the Great Depression. The government responded to reckless behavior on Wall Street by creating oversight in the form of the U.S. Securities and Exchange Commission and requiring regular financial filings from publicly-listed companies. Recent events in cyberspace — such as an alleged Russian espionage campaign involving the federal contractor SolarWinds and a Feb. 5 hack at a Florida water treatment facility — are proof that the U.S. faces a similar moment of reckoning in 2021, Gordon said. “We need to stop pretending like […]
The post Ex-government officials urge US to take action to avoid another SolarWinds-style hack appeared first on CyberScoop.
In the wake of the SolarWinds breach, the National Security Council has activated an emergency cybersecurity process that is intended to help the government plan its response and recovery efforts, according to White House officials and other sources. The activation of the process is a sign of just how seriously the Trump administration is taking the foreign espionage operation, former NSC officials told CyberScoop. The process, which is rooted in a presidential directive issued during the Obama administration known as PPD-41, establishes a Cyber Unified Coordination Group (UCG) that is intended to help the U.S. government coordinate multiple agencies’ responses to the significant hacking incident. The UCG is generally led by the Department of Justice — through the FBI and the National Cyber Investigative Joint Task Force — as well as the Office of the Director of National Intelligence and the Department of Homeland Security. “This cyberattack is the exact type […]
The post White House quietly activates cyber emergency response appeared first on CyberScoop.
Continue reading White House quietly activates cyber emergency response
Security experts are poring over thousands of new Coronavirus-themed domain names registered each day, but this often manual effort struggles to keep pace with the flood of domains invoking the virus to promote malware and phishing sites, as well as non-existent healthcare products and charities. As a result, domain name registrars are under increasing pressure to do more to combat scams and misinformation during the COVID-19 pandemic. Continue reading Sipping from the Coronavirus Domain Firehose
The Coronavirus has prompted thousands of information security professionals to volunteer their skills in upstart collaborative efforts aimed at frustrating cybercriminals who are seeking to exploit the crisis for financial gain. Whether it’s helping hospitals avoid becoming the next ransomware victim or kneecapping new COVID-19-themed scam websites, these nascent partnerships may well end up saving lives. But can this unprecedented level of collaboration survive the pandemic? Continue reading COVID-19 Has United Cybersecurity Experts, But Will That Unity Survive the Pandemic?
Microsoft and the Hewlett Foundation are preparing to launch a nonprofit organization dedicated to exposing the details of harmful cyberattacks and providing assistance to victims in an effort to highlight their costs, CyberScoop has learned. Known to its organizers as the “Cyber Peace Institute,” the nonprofit is expected to debut in the coming weeks, according to multiple sources who have discussed it with the organizers. The institute aims to investigate and provide analytical information on large-scale attacks against civilian targets, assess the costs of these attacks and give security tools to both individuals and organizations that will help them become more resilient, according to a description of the nonprofit provided during a session at the 2019 B-Sides Las Vegas cybersecurity conference. “We have a shared global responsibility to prevent the Internet from becoming ‘weaponized’ by increasing attacks by criminal groups and state actors alike,” the description reads. “We already have global organizations to tackle […]
The post Microsoft, Hewlett Foundation preparing to launch nonprofit that calls out cyberattacks appeared first on CyberScoop.
Nearly a dozen former U.S. officials with cybersecurity and intelligence backgrounds are calling on the Census Bureau to be open about how it plans to protect the troves of sensitive information it will collect in the 2020 Census. In a letter released Monday by the Georgetown University Law Center, 11 officials write that Americans deserve to know that the systems and technical protocols the bureau is using will not put collected information at risk. “This is especially important in an age in which new types and sources of cybersecurity threats seem to emerge almost weekly,” the officials say, addressing Commerce Secretary Wilbur Ross and acting Census Bureau Director Ron Jarmin. Signatories on the letter include former White House Cybersecurity Coordinator Michael Daniel, former National Counterterrorism Center Director Matthew Olsen and other Obama administration officials. Cybersecurity is especially pertinent for the upcoming census because it will be the first to allow […]
The post Former U.S. officials call for transparency in cybersecurity of 2020 Census appeared first on Cyberscoop.
Continue reading Former U.S. officials call for transparency in cybersecurity of 2020 Census
A former senior U.S. official blocked Moscow-based cybersecurity firm Kaspersky Lab from joining a prominent trade group made up of U.S.-based cybersecurity companies earlier this year, multiple people with knowledge of the proposed deal tell CyberScoop. When Kaspersky representatives approached the Cyber Threat Alliance (CTA) — a U.S.-based not-for-profit membership organization largely made up of American technology firms who voluntarily share threat intelligence with one another — in early 2017, the group’s leader and former White House Cybersecurity Coordinator Michael Daniel quietly turned the company away, the sources said. “It didn’t really go anywhere because they got Heisman-ed from the get go,” one source described, referencing the college football trophy that represents a player forcefully pushing someone out of their way. Daniel spoke with CyberScoop and acknowledged that Kaspersky had shown interest in joining the CTA. Kaspersky is not currently a member. The choice to exclude Kaspersky alludes to knowledge of […]
The post Kaspersky Lab was blocked from joining this U.S.-based cyberthreat information sharing group appeared first on Cyberscoop.