‘Shields Up’: the new normal in cyberspace

The director of CISA and the national cyber director co-wrote this op-ed on what comes next for “Shields Up.”

The post ‘Shields Up’: the new normal in cyberspace appeared first on CyberScoop.

Continue reading ‘Shields Up’: the new normal in cyberspace

National Cyber Director Chris Inglis calls for ‘new social contract’ to redistribute risk

Cyberspace needs a “new social contract” where “isolated individuals, small businesses and local governments” no longer shoulder “absurd levels of risk,” says a top U.S. cyber official. National Cyber Director Chris Inglis, writing in Foreign Affairs over the weekend with a senior adviser, said that the tech sector should make deeper investments in hardware and software security and the U.S. government should take a greater role in fostering digital defenses. “Those more capable of carrying the load — such as governments and large firms — must take on some of the burden, and collective, collaborative defense needs to replace atomized and divided efforts,” write Inglis and Harry Krejsa, the acting assistant national cyber director for strategy and research. “Until then, the problem will always look like someone else’s to solve.” Their overarching message about the need to improve private-public cooperation has been a refrain of cyber experts for decades. The […]

The post National Cyber Director Chris Inglis calls for ‘new social contract’ to redistribute risk appeared first on CyberScoop.

Continue reading National Cyber Director Chris Inglis calls for ‘new social contract’ to redistribute risk

White House hosts open-source software security summit in light of expansive Log4j flaw

Tech giants and federal agencies will meet at the White House on Thursday to discuss open-source software security, a response to the widespread Log4j vulnerability that’s worrying industry and cyber leaders. Among the attendees are companies like Apple, Facebook and Google, as well as the Apache Software Foundation, which builds Log4j, a ubiquitous open-source logging framework for websites. “Building on the Log4j incident, the objective of this meeting is to facilitate an important discussion to improve the security of open source software — and to brainstorm how new collaboration could rapidly drive improvements,” a senior administration official said in advance of the meeting. The huddle convenes in light of a vulnerability discovered last month known as Log4Shell that could affect up to hundreds of millions of devices, and as federal officials, businesses and security researchers race to contain the potential fallout. It’s the latest of several Biden White House summits […]

The post White House hosts open-source software security summit in light of expansive Log4j flaw appeared first on CyberScoop.

Continue reading White House hosts open-source software security summit in light of expansive Log4j flaw

White House preps order to clarify top cyber roles in federal government

The Biden administration is working on an executive order that spells out the responsibilities of myriad top cybersecurity officials in the federal government, National Cyber Director Chris Inglis said Wednesday. Specifically, the idea would be to solidify the position of his office, only established by law in January, Inglis told the House Homeland Security Committee. “The statute has gone a long way, and the policies that we have described, have gone a a further distance in describing the what the roles and responsibilities are of the various layers in this space,” Inglis told the panel. “We are in discussion within the White House about when and how to effect an executive order that would bring additional clarity to these roles and responsibilities.” It would be the second major cybersecurity executive order of the administration, following on May’s sweeping directive for federal agencies and contractors to improve their digital defenses. The […]

The post White House preps order to clarify top cyber roles in federal government appeared first on CyberScoop.

Continue reading White House preps order to clarify top cyber roles in federal government

National Cyber Director Chris Inglis, new cyber kid on the federal block, begins to stake a claim

National Cyber Director Chris Inglis is fleshing out what, exactly, his new office plans to do with itself. With a “strategic intent statement,” a personnel move, a pair of interviews and a newspaper op-ed, Inglis and his office on Thursday provided their most concrete objectives to date for a White House post that sprung into existence in January, and that Inglis won confirmation for in June. He joined a crowded field of feds focused on cyber, from other offices within the White House to departments and agencies like the FBI, the Department of Homeland Security’s Cybersecurity and Infrastructure Agency and the National Security Agency. Inglis said Thursday that it’s a natural, when looking at the disparate organizations in the federal government with cybersecurity responsibilities, to wonder who’s in charge. But he said there were “more appropriate” questions. “How do we bring coherence, how do drive public-private collaboration, how do we have […]

The post National Cyber Director Chris Inglis, new cyber kid on the federal block, begins to stake a claim appeared first on CyberScoop.

Continue reading National Cyber Director Chris Inglis, new cyber kid on the federal block, begins to stake a claim

Federal CISO Chris DeRusha appointed deputy national cyber director, will serve both roles

Federal Chief Information Security Officer Chris DeRusha, who has played an integral part in responding to the SolarWinds hack, is getting a second gig as deputy national cyber director for federal cybersecurity. National Cyber Director Chris Inglis hailed DeRusha’s appointment on Twitter Thursday. “Personally announcing Federal CISO Chris DeRusha as the new Deputy National Cyber Director for Federal Cybersecurity,” Inglis tweeted. “We are excited to see how Chris’s dual designation as Federal CISO at @OMBPress will improve federal coherence in the cyber domain.” DeRusha steps into his additional role at a time when questions persist on Capitol Hill about the breakdown of cyber roles within the federal bureaucracy. The national cyber director’s office is the newest addition to that bureaucracy, established only this year. The office is coming into being as the Department of Homeland Security’s Cybersecurity Infrastructure and Security Agency is increasingly focused on incident response and information sharing in […]

The post Federal CISO Chris DeRusha appointed deputy national cyber director, will serve both roles appeared first on CyberScoop.

Continue reading Federal CISO Chris DeRusha appointed deputy national cyber director, will serve both roles

Biden administration officials push Congress to shape breach reporting mandates

U.S. cybersecurity officials are seeking to put their stamp on cyber incident reporting legislation, wading into debates on Capitol Hill about questions like how swiftly companies must report attacks to federal agencies — and what happens if they don’t. The head of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency testified at a Senate hearing Thursday in favor of requiring critical infrastructure owners and operators, federal contractors and agencies to report attacks to CISA within 24 hours of detection. There are three leading proposals in Congress, each with a different timeframe for reporting attacks. The leaders of the Senate Intelligence Committee favor a 24-hour deadline. A draft bill from leaders of the Senate Homeland Security and Governmental Affairs Committee would set the range at between 72 hours and seven days, as determined by CISA. And a draft from leading members of the House Homeland Security Committee proposes leaving […]

The post Biden administration officials push Congress to shape breach reporting mandates appeared first on CyberScoop.

Continue reading Biden administration officials push Congress to shape breach reporting mandates

National cyber director declares ‘too soon to say we’re out of the woods,’ as US enjoys dip in ransomware

After a summer marked by big ransomware attacks from suspected Russian gangs, some of those same groups went quiet. National Cyber Director Chris Inglis said Thursday that it’s too early to tell if the trend will hold. “Those attacks have fallen off. Those syndicates have to some degree deconstructed,” Inglis said at an event hosted by the Ronald Reagan Presidential Foundation and Institute. “I think it’s a fair bet they have self-deconstructed and essentially gone cold and quiet to see whether the storm will blow over and whether they can then come back.” Whether they do so will depend largely on whether Russian President Vladimir Putin takes steps to undo the “permissive” atmosphere after U.S. President Joe Biden warned him repeatedly about ransomware attacks originating from his country. “It’s too soon to say we’re out of the woods on this,” Inglis said. The FBI blamed Russian ransomware gang REvil for […]

The post National cyber director declares ‘too soon to say we’re out of the woods,’ as US enjoys dip in ransomware appeared first on CyberScoop.

Continue reading National cyber director declares ‘too soon to say we’re out of the woods,’ as US enjoys dip in ransomware

White House cyber summit with private sector nets impressive gains, but points to considerable work needed ahead

The White House summit Wednesday demonstrated positive momentum for both the Biden administration and private sector in terms of their approach to cybersecurity, but also laid bare what remains inadequate, cyber experts said. The high-profile meeting brought together CEOs from the education, energy, finance, insurance and tech sectors, featuring companies like Amazon, Bank of America and ConocoPhillips. Some pledged billions more in cyber investments, while others committed to providing training and smaller services in response to the administration’s “call to action.” While impressive, observers noted, those commitments will require considerable follow-up, from expansion to other sectors to policy changes that could emerge from closer-knit relationships between industry and government. Even as the nonprofit Global Cyber Alliance’s Megan Stifel commended the White House for holding the meeting and the broad commitments that the companies made, she said it illustrated the lengths to which the U.S. can improve national cybersecurity. “A couple […]

The post White House cyber summit with private sector nets impressive gains, but points to considerable work needed ahead appeared first on CyberScoop.

Continue reading White House cyber summit with private sector nets impressive gains, but points to considerable work needed ahead

US makes progress on improving cyber but key issues remain, congressional committee finds

A congressional commission dedicated to shoring up America’s cyber defenses has made significant progress in the wake of multiple recent cybersecurity crises, according to a new report. Nearly 75% of the 82 recommendations made in the Cyberspace Solarium Commission’s March 2020 report, which set out to assess ways the U.S. can improve its digital resilience, have been implemented or are on track to be implemented, according to an evaluation released Thursday by the Commission. The report notes that some of this movement has been spurred by a wave of high profile cybersecurity incidents within the past year, starting with the revelation in December 2020 that Russian hackers had infiltated at least nine federal agencies using network management software SolarWinds. In March, apparent Chinese hackers exploited a vulnerability in Microsoft’s Exchange Server technology, affecting thousands of users. Multiple ransomware attacks have followed, including one against fuel provider Colonial Pipeline that forced […]

The post US makes progress on improving cyber but key issues remain, congressional committee finds appeared first on CyberScoop.

Continue reading US makes progress on improving cyber but key issues remain, congressional committee finds