National Security Council (NSC) – Page 2

The Cyberspace Solarium Commission pushed some major policies into law. So what now?

Posted on March 8, 2022 by Tim Starks

A little more than a year removed from its role in advancing some of the most significant cybersecurity legislation ever enacted, the Cyberspace Solarium Commission is transforming into version 2.0 of itself. With some of its key recommendations now law — such as the creation of the Office of the National Cyber Director in the White House — the remnant of the congressionally created panel is turning its attention to tracking how those ideas are implemented, while studying some of the issues it didn’t get to fully examine before releasing its final report. Those areas of study include protecting the water, maritime transport and health care sectors, as well as strengthening the federal and private sector workforce and ensuring plans to avert disruptions to the economy caused by cyberattacks. Now housed within the Foundation for Defense of Democracies (FDD) think tank, the commission’s 2.0 work should take another two years, […]

The post The Cyberspace Solarium Commission pushed some major policies into law. So what now? appeared first on CyberScoop.

Continue reading The Cyberspace Solarium Commission pushed some major policies into law. So what now?→

Website disruptions were attempt to sow discord and cause panic, Ukraine officials say

Posted on February 16, 2022 by AJ Vicens

Tuesday’s disruption of multiple Ukrainian government websites and web services for several state-owned banks — along with spam text messages falsely claiming ATMs didn’t work — were part of a coordinated operation designed to sow panic, Ukrainian government officials claimed Wednesday. The officials said it was “too early to talk about specific actors” associated with the distributed denial-of-service (DDoS) attacks, but that the targeting of multiple websites, along with the text messages, suggested an extensive effort beyond the range of an individual or even a group of hackers. The remarks, from some of Ukraine’s cybersecurity and law enforcement leaders, came at a joint briefing Wednesday that the government translated into English on Twitter. The cyber incidents came as the threat of Russian military assault on Ukraine looms large, even as the Russians and NATO governments continue talks in search of a diplomatic resolution. President Joe Biden said Tuesday that 150,000 […]

The post Website disruptions were attempt to sow discord and cause panic, Ukraine officials say appeared first on CyberScoop.

Continue reading Website disruptions were attempt to sow discord and cause panic, Ukraine officials say→

DHS assembles Cyber Safety Review Board to imitate fed agency that studies aviation accidents

Posted on February 2, 2022 by Tim Starks

The Homeland Security Department is establishing a Cyber Safety Review Board that will convene after major cyber events to review and act on them, according to a Federal Register notice scheduled for publication Thursday. The Federal Register notice brings to fruition an idea long circulated among cybersecurity policymakers and thinkers, one set in motion by an executive order President Joe Biden signed in May 2021. The idea is to mimic the National Transportation Safety Board that reviews civil aviation accidents. The board (CSRB) will have no more than 20 members, with one each required from DHS, its Cybersecurity and Infrastructure Protection Agency, the Department of Justice, the National Security Agency and the FBI. The DHS undersecretary for strategy, policy and plans — a post held by Rob Silvers — will serve as the inaugural two-year chair. It will kick into effect when an incident prompts formation of a Cyber Unified […]

The post DHS assembles Cyber Safety Review Board to imitate fed agency that studies aviation accidents appeared first on CyberScoop.

Continue reading DHS assembles Cyber Safety Review Board to imitate fed agency that studies aviation accidents→

Top White House cyber adviser Anne Neuberger makes the rounds in Europe

Posted on February 1, 2022 by AJ Vicens

A top U.S. cyber official is in Europe this week to “elevate cybersecurity as a top-tier priority at NATO and with international partners,” a senior Biden administration official told reporters Tuesday morning. Anne Neuberger, the deputy national security adviser for cyber and emerging technology, starts her trip in Brussels to meet with counterparts at NATO and the European Union to discuss “deterring, disrupting, and responding to further Russian aggression against Ukraine, neighboring states, and in our respective countries,” the official said. Neuberger also will make a stop in Warsaw to meet with Polish and other Baltic region officials. The week also will include “virtual meetings” with German and French officials. The trip comes as Russian military buildup along its border with Ukraine continues, and cyberattacks against Ukrainian government and nongovernmental organizations continue unabated. The U.S. and other NATO governments say military escalation could happen at any time and that the […]

The post Top White House cyber adviser Anne Neuberger makes the rounds in Europe appeared first on CyberScoop.

Continue reading Top White House cyber adviser Anne Neuberger makes the rounds in Europe→

Ukrainian government websites hacked amid rising regional security anxiety

Posted on January 14, 2022 by AJ Vicens

A series of Ukrainian government websites were temporarily unavailable Friday in what appeared to be a coordinated cyberattack against the backdrop of rising tensions between Russia and Ukraine. As a result of the massive hacking attack, the websites of the Ministry of Foreign Affairs and a number of other government agencies are temporarily down,” Foreign Ministry spokesperson Oleg Nikolenko tweeted. “Our specialists are already working on restoring the work of IT systems. We apologize for any inconvenience.” Nikolenko told The Associated Press that it was too early to say who was behind the attacks, “but there is a long record of Russian cyber assaults against Ukraine in the past.” The websites for Ukraine’s Cabinet, seven ministries, treasury, National Emergency Service and the states services website were temporarily unavailable, the AP reported. A message was posted to the sites in Ukrainian, Russian and Polish warning that personal data had been leaked—a […]

The post Ukrainian government websites hacked amid rising regional security anxiety appeared first on CyberScoop.

Continue reading Ukrainian government websites hacked amid rising regional security anxiety→

White House hosts open-source software security summit in light of expansive Log4j flaw

Posted on January 13, 2022 by Tim Starks

Tech giants and federal agencies will meet at the White House on Thursday to discuss open-source software security, a response to the widespread Log4j vulnerability that’s worrying industry and cyber leaders. Among the attendees are companies like Apple, Facebook and Google, as well as the Apache Software Foundation, which builds Log4j, a ubiquitous open-source logging framework for websites. “Building on the Log4j incident, the objective of this meeting is to facilitate an important discussion to improve the security of open source software — and to brainstorm how new collaboration could rapidly drive improvements,” a senior administration official said in advance of the meeting. The huddle convenes in light of a vulnerability discovered last month known as Log4Shell that could affect up to hundreds of millions of devices, and as federal officials, businesses and security researchers race to contain the potential fallout. It’s the latest of several Biden White House summits […]

The post White House hosts open-source software security summit in light of expansive Log4j flaw appeared first on CyberScoop.

Continue reading White House hosts open-source software security summit in light of expansive Log4j flaw→

Feds likely to fall short of deadline for strengthening encryption, multifactor authentication

Posted on November 5, 2021 by Tim Starks

A winning streak of hitting deadlines under President Joe Biden’s ambitious May cybersecurity executive order is widely expected to end Monday, affecting changes that administration officials have touted most: implementing multifactor authentication and encryption at all civilian federal agencies. Multifactor authentication — which requires users to access websites and systems by entering a password and also using a second device to verify their identity — could prevent 80% to 90% of all successful cyberattacks, Deputy National Security Adviser for Cyber and Emerging Technologies Anne Neuberger said in September. Encryption is another of the handful of technologies the administration has emphasized that “dramatically reduce the risk of attack,” Neuberger has said. The executive order’s goal was to set “aggressive but achievable” deadlines, officials have repeatedly said, and “We’ve met each timeline along the way,” Neuberger said in October. As important as multifactor authentication (MFA) and encryption are, however, current and former […]

The post Feds likely to fall short of deadline for strengthening encryption, multifactor authentication appeared first on CyberScoop.

Continue reading Feds likely to fall short of deadline for strengthening encryption, multifactor authentication→

National Cyber Director Chris Inglis, new cyber kid on the federal block, begins to stake a claim

Posted on October 28, 2021 by Tim Starks

National Cyber Director Chris Inglis is fleshing out what, exactly, his new office plans to do with itself. With a “strategic intent statement,” a personnel move, a pair of interviews and a newspaper op-ed, Inglis and his office on Thursday provided their most concrete objectives to date for a White House post that sprung into existence in January, and that Inglis won confirmation for in June. He joined a crowded field of feds focused on cyber, from other offices within the White House to departments and agencies like the FBI, the Department of Homeland Security’s Cybersecurity and Infrastructure Agency and the National Security Agency. Inglis said Thursday that it’s a natural, when looking at the disparate organizations in the federal government with cybersecurity responsibilities, to wonder who’s in charge. But he said there were “more appropriate” questions. “How do we bring coherence, how do drive public-private collaboration, how do we have […]

The post National Cyber Director Chris Inglis, new cyber kid on the federal block, begins to stake a claim appeared first on CyberScoop.

Continue reading National Cyber Director Chris Inglis, new cyber kid on the federal block, begins to stake a claim→

Treasury sanctions cryptocurrency platform for working with ransomware payments

Posted on September 21, 2021 by Tonya Riley

The Treasury Department on Tuesday announced sanctions against a cryptocurrency exchange for facilitating transactions involving money illegally gained via ransomware hacking, the first action of its kind. The sanctions against Russia-based exchange Suex are a significant step by the Biden administration in making it harder for cybercriminals to access payments, with the ultimate goal of disrupting the rapid rise of ransomware attacks. (The government did not disclose which hacking groups allegedly laundered their funds through the service.) “Exchanges like Suex are critical to attackers’ ability to extract profits from ransomware attacks. This action is a signal of our intention to expose and disrupt illicit infrastructure using these attacks,” said Wally Adeyemo, deputy secretary of the Treasury Department. Over 40% of Suex’s transactions are associated with illegal activity, according to the Treasury Department. The new sanctions block all of Suex’s property and business interests in the U.S. and threaten additional sanctions […]

The post Treasury sanctions cryptocurrency platform for working with ransomware payments appeared first on CyberScoop.

Continue reading Treasury sanctions cryptocurrency platform for working with ransomware payments→