Mattis: Don’t create separate military cyber service

The former defense secretary said U.S. Cyber Command needs emergency authority to be able to operate inside the United States.

The post Mattis: Don’t create separate military cyber service appeared first on CyberScoop.

Continue reading Mattis: Don’t create separate military cyber service

Langevin pushes for critical infrastructure protections in annual defense bill

Rep. Jim Langevin’s amendment reflects one of the biggest unfulfilled Cyberspace Solarium Commission recommendations.

The post Langevin pushes for critical infrastructure protections in annual defense bill appeared first on CyberScoop.

Continue reading Langevin pushes for critical infrastructure protections in annual defense bill

The Cyberspace Solarium Commission pushed some major policies into law. So what now?

A little more than a year removed from its role in advancing some of the most significant cybersecurity legislation ever enacted, the Cyberspace Solarium Commission is transforming into version 2.0 of itself. With some of its key recommendations now law — such as the creation of the Office of the National Cyber Director in the White House — the remnant of the congressionally created panel is turning its attention to tracking how those ideas are implemented, while studying some of the issues it didn’t get to fully examine before releasing its final report. Those areas of study include protecting the water, maritime transport and health care sectors, as well as strengthening the federal and private sector workforce and ensuring plans to avert disruptions to the economy caused by cyberattacks. Now housed within the Foundation for Defense of Democracies (FDD) think tank, the commission’s 2.0 work should take another two years, […]

The post The Cyberspace Solarium Commission pushed some major policies into law. So what now? appeared first on CyberScoop.

Continue reading The Cyberspace Solarium Commission pushed some major policies into law. So what now?

Cyber incident reporting mandates suffer another congressional setback

House and Senate negotiators have excluded provisions from a must-pass defense bill that would have mandated many companies to report major cyberattacks and ransomware payments to federal officials. A compromise version of the fiscal 2022 National Defense Authorization Act (NDAA) released Tuesday leaves out the language, which would set timeframes for when critical infrastructure owners and operators must report major incidents and some companies would have to report making ransomware payments. Supporters of the language ran out of time to reach an agreement on the final phrasing before NDAA sponsors moved ahead on their final compromise bill, a senior Senate aide said. It’s a big setback for backers of the reporting mandates, as attaching provisions to the annual NDAA has been the path for a number of monumental cyber ideas to become law. Still, some key disputes over the reporting mandate provisions have been resolved, and backers might be able […]

The post Cyber incident reporting mandates suffer another congressional setback appeared first on CyberScoop.

Continue reading Cyber incident reporting mandates suffer another congressional setback

Incident reporting, ransomware payment legislation faces trouble in Senate

Legislation requiring critical infrastructure owners to report major cyber incidents to the federal government, and mandating that ransomware victims disclose when they make payments, has hit a significant snag in the Senate. A bipartisan group of senators announced a proposal in November that would require critical infrastructure owners and operators to report within 72 hours to the Department of Homeland Security’s Cybersecurity and Infrastructure Agency when they suffer major cyber incidents, as defined by CISA. It also would require reporting of ransomware payments to CISA from a broader set of organizations, excluding only individuals and some smaller businesses, within 24 hours. Advocates hope that by requiring swift reporting of major incidents, federal officials can help reduce the damage more quickly. Gathering intelligence about ransomware payments would help law enforcement and national security officials understand and act on digital extortion trends, officials say. Backers were unable to advance the proposal last […]

The post Incident reporting, ransomware payment legislation faces trouble in Senate appeared first on CyberScoop.

Continue reading Incident reporting, ransomware payment legislation faces trouble in Senate

US Lawmakers Propose ‘Hack Back’ Law to Allow Cyber Retaliation Without Permission of Third-Party Country

US legislators are proposing new legislation that would empower US cyber defenses to hack back at cyber aggressors, even if they’re using a third-party country’s infrastructure, without the explicit consent of the respective country. The Na… Continue reading US Lawmakers Propose ‘Hack Back’ Law to Allow Cyber Retaliation Without Permission of Third-Party Country

NDAA pushes U.S. Cyber Command to be more aggressive

By the Senate Armed Service Committee’s estimation, the United States has held back in cyberspace. The committee is angling to change that with the latest National Defense Authorization Act, proposing to free up the military on the front lines of cyber conflict, create a new strategic cyber entity and respond to Russian aggressions in-kind. The bill’s authors wrote that lawmakers have long-standing concerns about the lack of an effective U.S. strategy to deter and counter cyber threats. To counter foreign state actors bent on stealing, striking, spying or disrupting in cyberspace, the bill suggests boosting resilience, increasing attribution capabilities, emphasizing defense and enhancing the country’s ability to respond to attacks. “We’re letting episodes define strategy. It should be the other way around, where we clearly articulate our cyber deterrence strategy and rules of engagement,” said Frank Cilluffo, director of George Washington University’s Center for Cyber and Homeland Security. By offering […]

The post NDAA pushes U.S. Cyber Command to be more aggressive appeared first on Cyberscoop.

Continue reading NDAA pushes U.S. Cyber Command to be more aggressive

Here are the cybersecurity amendments added to the House’s defense bill

Lawmakers attached several cybersecurity-focused amendments to the fiscal 2018 National Defense Authorization Act in a last-minute effort Wednesday to change how the federal government defends itself from cyberattacks and how the military conducts offensive cyber-operations. The House was still working on the bill as of Thursday afternoon. The provisions added Wednesday joined an already lengthy list of items related to government cybersecurity initiatives. Because the NDAA is a policy bill and not a spending bill, congressional rules leave it more open to amendments. It’s common for lawmakers to use it as a vehicle for a wide range of legislative priorities. Most of the amendments added Wednesday have a military component, though. A total of five cybersecurity amendments were added Wednesday to the House’s version of the bill, which still faces a conference committee with the Senate version. Reps. Mike Johnson, R-La., Dan Lipinski, D-Ill., Gregg Harper, R-Miss., Robert Brady, D-Pa., Jose Correa, […]

The post Here are the cybersecurity amendments added to the House’s defense bill appeared first on Cyberscoop.

Continue reading Here are the cybersecurity amendments added to the House’s defense bill