Google tells senator that nation-state hackers probed his old campaign email accounts

Google has informed Sen. Pat Toomey, R-Pa., that nation-state hackers may have tried to breach old email accounts associated with his campaign, according to Toomey spokesman Steve Kelly. The probing involved phishing emails to accounts over a year old, and there is no evidence of a breach, according to Kelly. Based on scans of the emails, they did not appear to contain malware, he added. Toomey, who won re-election in 2016, is not up for re-election again until 2022. “This underscores the cybersecurity threats our government, campaigns, and elections are currently facing,” Kelly said in a statement Friday. “It is essential that Congress impose tough penalties on any entity that undermines our institutions.” Kelly’s statement did not say whether the hackers have been tied to a particular country. Google did not respond to a request for comment by press time. Toomey is the latest politician to draw the attention of […]

The post Google tells senator that nation-state hackers probed his old campaign email accounts appeared first on Cyberscoop.

Continue reading Google tells senator that nation-state hackers probed his old campaign email accounts

DHS to unveil National Risk Management Center

The Department of Homeland Security will on Tuesday unveil a new interagency center to help critical-infrastructure firms assess the risk that a ceaseless stream of cyberthreats pose to their networks. The National Risk Management Center is meant to be a one-stop shop for helping private companies manage their cybersecurity risk – and develop ways to mitigate it. Officials are expected to announce the center at a conference in New York City on Tuesday that will feature Vice President Mike Pence, Homeland Security Secretary Kirstjen Nielsen and other cabinet officials. The new initiative follows months of public statements from DHS officials about the need to better understand cyber risk spread across sectors.  Effectively assessing risk requires “visibility into an often-opaque supply-chain process and a clear understanding of the threat,” Jeanette Manfra, DHS’s top cybersecurity official, said in April. With the private sector telling DHS it needs more actionable threat data, the department has […]

The post DHS to unveil National Risk Management Center appeared first on Cyberscoop.

Continue reading DHS to unveil National Risk Management Center

McCaul: U.S. should go on the cyber offensive if Russia hacks midterms

The United States should respond with offensive cyber operations if the Russian government tries to meddle in the 2018 U.S. midterm elections like it did in the 2016 presidential election, according to an influential Republican lawmaker. “Personally, if [the Russians] attempt to do that again in the 2018 midterms, I think there should be an offensive response to it,” Texas Rep. Michael McCaul, chairman of the House Homeland Security Committee, told reporters Wednesday. In January 2017, the U.S. intelligence community concluded that Russian government-linked hackers meddled in the 2016 presidential election as part of a broad Kremlin-backed effort to help elect U.S. President Donald Trump. Over the last several months, senior U.S. intelligence officials have repeatedly warned of the possibility of renewed Russian information operations ahead of midterm elections this fall. While nothing on the scale of the 2016 meddling has been detected yet for the 2018 cycle, a public […]

The post McCaul: U.S. should go on the cyber offensive if Russia hacks midterms appeared first on Cyberscoop.

Continue reading McCaul: U.S. should go on the cyber offensive if Russia hacks midterms

Krebs: Companies need ‘military-grade’ investments to defend against foreign government hackers

Last year was a “seminal year” for nation-state-backed cyberattacks from American adversaries, a top Department of Homeland Security official said Wednesday, adding that companies may need U.S. government support to cope with such advanced threats. “We’ve known for years that there are primarily four nation-state actors that are most active in the cybersecurity space, but push really came to shove” in 2017, Christopher Krebs said Wednesday, referring to China, Iran, North Korea, and Russia. American companies can handle most cyberthreats through their own security investments, but a “military-grade level of investment” is needed to cope with nation-state hackers, Krebs, DHS’s top infrastructure security official, said at a conference in Washington, D.C. Experts say it is very difficult for a company of any size to cope with advanced and well-resourced hackers, but DHS is trying to make the fight less lopsided by providing companies with threat intelligence and risk assessments. Further, basic practices like […]

The post Krebs: Companies need ‘military-grade’ investments to defend against foreign government hackers appeared first on Cyberscoop.

Continue reading Krebs: Companies need ‘military-grade’ investments to defend against foreign government hackers

DHS chief: We’re cracking down on hackers more than Obama did

The U.S. government is trying to more effectively deter cyberattacks by imposing clear consequences on nation-state-linked hackers, Homeland Security Secretary Kirstjen Nielsen said Thursday, casting the Trump administration as tougher on the issue than the Obama administration. “This is one of those areas where deterrence has to be clear,” Nielsen said Thursday at a Capitol Hill security event. “We will no longer stand by while nation-states attack the government or our private sector entities.” “For so long, we’ve had these attacks, it’s taken us over a year to attribute it in some cases,” she said. “Then you attribute it, nothing happens.” Under both presidential administrations, the U.S. has clamped down on hackers linked with the Chinese, Russian, and Iranian governments through indictments and sanctions. In 2014, Obama’s Department of Justice brought the first U.S. charges of cyber-espionage against a nation-state with the indictment of five Chinese military officers. In March, Trump’s DOJ indicted nine Iranian […]

The post DHS chief: We’re cracking down on hackers more than Obama did appeared first on Cyberscoop.

Continue reading DHS chief: We’re cracking down on hackers more than Obama did

Lawmakers advance bill to codify DHS cyber center for industrial plants

The House Homeland Security Committee on Wednesday advanced legislation that would establish a Department of Homeland Security cybersecurity center as the lead agency for handling threats to industrial control systems, like those underpinning the energy sector. The bill would make clear that DHS’s National Cybersecurity and Communications Integration Center (NCCIC) is the hub for mitigating ICS vulnerabilities and provide the private sector with a “permanent place for assistance to address cybersecurity risk,” Rep. Don Bacon, R-N.E., who introduced the bill, said at a markup. “We know we are vulnerable…to these cyberattacks on our energy grid, and the time is now to start building that resiliency in our energy grid,” Bacon stated. With DHS and the Department of Energy both concerning themselves with ICS, “there’s some ambiguity [on] who does what” on the issue, Bacon told CyberScoop after the hearing. “The NCCIC has been doing a lot of this,” he explained. […]

The post Lawmakers advance bill to codify DHS cyber center for industrial plants appeared first on Cyberscoop.

Continue reading Lawmakers advance bill to codify DHS cyber center for industrial plants

Rick Perry: U.S. must use technology prowess to defend power grid

The United States must harness its technical know-how to defend energy infrastructure from advanced hacking, Energy Secretary Rick Perry said Monday, touting his department’s investments in cybersecurity research and development. Cyberattacks have gotten easier to carry out and their sophistication, scale and frequency have increased, Perry said in a speech at a Department of Energy conference in Austin. “The sustained and growing threat of cyberattacks to our energy infrastructure requires us to think differently, to act proactively,” the former Texas governor said. That means investing in new technologies to fortify the grid against hackers whose toolkits are only expanding, according to Perry. DOE in April announced $25 million in funding for research and development to boost cybersecurity in energy delivery systems. Last September, the department awarded $50 million through its national laboratories to improve energy-sector resiliency, including about $20 million in cybersecurity projects. With the unveiling of a new cybersecurity strategy […]

The post Rick Perry: U.S. must use technology prowess to defend power grid appeared first on Cyberscoop.

Continue reading Rick Perry: U.S. must use technology prowess to defend power grid

Rick Perry: U.S. must use technology prowess to defend power grid

The United States must harness its technical know-how to defend energy infrastructure from advanced hacking, Energy Secretary Rick Perry said Monday, touting his department’s investments in cybersecurity research and development. Cyberattacks have gotten easier to carry out and their sophistication, scale and frequency have increased, Perry said in a speech at a Department of Energy conference in Austin. “The sustained and growing threat of cyberattacks to our energy infrastructure requires us to think differently, to act proactively,” the former Texas governor said. That means investing in new technologies to fortify the grid against hackers whose toolkits are only expanding, according to Perry. DOE in April announced $25 million in funding for research and development to boost cybersecurity in energy delivery systems. Last September, the department awarded $50 million through its national laboratories to improve energy-sector resiliency, including about $20 million in cybersecurity projects. With the unveiling of a new cybersecurity strategy […]

The post Rick Perry: U.S. must use technology prowess to defend power grid appeared first on Cyberscoop.

Continue reading Rick Perry: U.S. must use technology prowess to defend power grid

House of Representatives to boost info-sharing program with Five Eyes allies

The U.S. House of Representatives is looking to ramp up a cyberthreat information-sharing program with the parliaments of allies Australia, Canada, New Zealand, and Britain, according to House CISO Randy Vickers. The information traded could be unclassified threat intelligence used to bolster the legislative bodies’ security. Vickers said there were already strong information-sharing relationships with the allied parliaments, the goal was simply to leverage them more. “We’re looking at ways to better share information on a more routine basis,” Vickers told CyberScoop Thursday. “It really is just about ensuring that we all have a common knowledge across our environments.” In practice, the program could be as simple as notifying the group of a new cybersecurity advisory from the Department of Homeland Security, Vickers said on the sidelines of the Cyberthreat Intelligence Forum presented by FireEye and produced by CyberScoop and FedScoop. The U.S. and the four other countries comprise the Five Eyes […]

The post House of Representatives to boost info-sharing program with Five Eyes allies appeared first on Cyberscoop.

Continue reading House of Representatives to boost info-sharing program with Five Eyes allies

The uphill battle to relaunch State Department’s cybersecurity policy office

Be it through legislation or some internal decree, restoring the State Department’s cybersecurity policy office to a prominent place in the agency can’t come soon enough for advocates of U.S. digital diplomacy. Analysts and former government officials say U.S. leadership in shaping international behavior in cyberspace has stalled at a time when nation-state hacking groups are flexing their muscles. “I worry about a gap that leaves allies wondering and adversaries savoring the chance to take advantage of the perceived lack of U.S. leadership,” Christopher Painter, State’s former cybersecurity coordinator, told CyberScoop. “When you have diminished resources [and] when you have uncertainty, inevitably that causes some loss of momentum.” In the eight months since former Secretary of State Rex Tillerson said he would downgrade the department’s cybersecurity office, the United States has blamed North Korea for the destructive WannaCry ransomware attack, indicted Iranian hackers for terabytes worth of intellectual property theft, and […]

The post The uphill battle to relaunch State Department’s cybersecurity policy office appeared first on Cyberscoop.

Continue reading The uphill battle to relaunch State Department’s cybersecurity policy office