U.S. Cyber Command has shifted its definition of success

U.S. Cyber Command is shifting the way it measures success from solely military outcomes to how the command enables other government agencies to defend against foreign offensive cyber threats. Brig. Gen. Timothy Haugh, who is in charge of Cyber Command’s Cyber National Mission Force, said on Tuesday at an event hosted by the Atlantic Council that success is “not necessarily [about] the department’s outcome,” but is instead about “how can we enable our international partners [and] our domestic partners in industry to be able to defend those things that are critical to our nation’s success.” Haugh said Cyber Command is doing its job right if agencies are taking their own actions: State Department issuing démarches, Department of Homeland Security releasing alerts, and Treasury Department announcing sanctions “based off of information that is derived from our operations.” In the past, Haugh said he believes that these outcomes may not have been considered as wins. […]

The post U.S. Cyber Command has shifted its definition of success appeared first on CyberScoop.

Continue reading U.S. Cyber Command has shifted its definition of success

As defense bill approaches finish line, future of Chinese company ZTE hangs in the balance

When House and Senate negotiators sit down next week to iron out their differences in the annual defense bill, the fate of Chinese telecom giant ZTE will be a key issue. Select lawmakers from both chambers are headed to a conference committee to reconcile the House and Senate versions of the National Defense Authorization Act (NDAA) for fiscal 2019. One notable discrepancy is ZTE-related language: Broadly speaking, the Senate version calls for stricter rules that would curtail the Chinese company’s ability to do business in the U.S.. The House NDAA would restrict the Department of Defense and its contractors from procuring equipment from Chinese telecoms ZTE and Huawei. The Senate version, taking stock of ZTE’s continuous flouting of U.S. sanctions, would explicitly block ZTE from doing business in the country writ large. The Senate’s version of the NDAA, with the ZTE ban tucked into it, passed with broad bipartisan support, 85-10. […]

The post As defense bill approaches finish line, future of Chinese company ZTE hangs in the balance appeared first on Cyberscoop.

Continue reading As defense bill approaches finish line, future of Chinese company ZTE hangs in the balance

Lawmaker hopes to draw redline discouraging election cyberattacks

A prominent lawmaker wants to draw a line in the sand to discourage hackers from targeting U.S. election systems. On Tuesday, Sen. Mark Warner, D-Va., suggested that the United States formally declare it will respond in cyberspace to any foreign interference in American elections. Warner, who serves as vice chairman of the Senate Select Committee on Intelligence, proposed the idea in an amendment to the 2019 National Defense Authorization Act (NDAA), an annual defense policy bill. Warner’s amendment suggests that the United States alter its cyber doctrine to respond accordingly when and if a foreign adversary launches a cyberattack to undermine U.S. elections. The proposed NDAA for fiscal year 2019 is already a significant departure from former versions. For the first time, it offers clear marching orders to the newly elevated U.S. Cyber Command. The bill also directs U.S. cyber forces to go on the attack in response to cyber […]

The post Lawmaker hopes to draw redline discouraging election cyberattacks appeared first on Cyberscoop.

Continue reading Lawmaker hopes to draw redline discouraging election cyberattacks

US Lawmakers Propose ‘Hack Back’ Law to Allow Cyber Retaliation Without Permission of Third-Party Country

US legislators are proposing new legislation that would empower US cyber defenses to hack back at cyber aggressors, even if they’re using a third-party country’s infrastructure, without the explicit consent of the respective country. The Na… Continue reading US Lawmakers Propose ‘Hack Back’ Law to Allow Cyber Retaliation Without Permission of Third-Party Country

Judge dismisses Kaspersky lawsuits, U.S. government ban will stand

Two lawsuits filed by the Russian cybersecurity firm Kaspersky Lab were dismissed Wednesday, ending the Moscow-based company’s attempt to lift the U.S. government’s ban on its products. Kaspersky filed the lawsuits after its products were banned from U.S. government systems in both a Binding Operational Directive from the Department of Homeland Security and the 2018 National Defense Authorization Act. That ban goes into effect on Oct. 1, 2o18. “The NDAA does not inflict ‘punishment’ on Kaspersky Lab,” Colleen Kollar-Kotelly, U.S. District Judge for the District of Columbia, wrote in her opinion. “It eliminates a perceived risk to the nation’s cybersecurity and, in so doing, has the secondary effect of foreclosing one small source of revenue for a large multinational corporation.” The basis of Kaspersky’s lawsuit was that the bans were unconstitutional and caused undue harm to the company. The ban is constitutional, the judge concluded. “These defensive actions may very well have […]

The post Judge dismisses Kaspersky lawsuits, U.S. government ban will stand appeared first on Cyberscoop.

Continue reading Judge dismisses Kaspersky lawsuits, U.S. government ban will stand

House defense bill would usher in cybersecurity changes at DOD

The House of Representatives this week overwhelmingly passed a defense policy bill with several cybersecurity measures aimed at better securing Pentagon networks. The legislation — the fiscal 2019 National Defense Authorization Act (NDAA) — seeks closer collaboration between the departments of Defense and Homeland Security in defending against hackers, asks for quick notification of data breaches of military personnel, and continues to crack down on foreign-made telecom products that are deemed security threats. The NDAA is an annual ritual that lawmakers use to shape Pentagon policies and budget plans while throwing in some pet projects to boot. The House bill — a $717 billion behemoth — eventually will be merged with the Senate’s version, which that chamber’s Armed Services Committee also approved this week. It’s unclear when the Senate bill will have floor votes. One key provision of the House bill, according to the Rules Committee print, would set up a pilot program for […]

The post House defense bill would usher in cybersecurity changes at DOD appeared first on Cyberscoop.

Continue reading House defense bill would usher in cybersecurity changes at DOD

Lack of cooperation between contractors creates lasting vulnerabilities for DoD, official says

Competition among U.S. weapons makers keeps them from collaborating on cybersecurity problems, and it’s causing new and lasting vulnerabilities for the military, a senior U.S. official said Tuesday. Col. Tim Brooks, the mission assurance division chief in the Department of Army Management Office, said a lack of dialogue between contractors is causing headaches as the military looks to harden its systems. Broadly speaking, most weapons systems often overlay multiple different hardware and software products that are not all made by the same company. “With our weapons assessment program, there’s been a lot of time spent trying to break down organizational boundaries and to think about systems of systems,” Brooks said at the Security Through Innovation Summit presented by McAfee and produced by CyberScoop and FedScoop. “That’s compounded by the fact that all these systems of systems are produced by subprime contractors and everyones got non-disclosure agreements and no one wants to disclose their […]

The post Lack of cooperation between contractors creates lasting vulnerabilities for DoD, official says appeared first on Cyberscoop.

Continue reading Lack of cooperation between contractors creates lasting vulnerabilities for DoD, official says

Kaspersky Lab files another lawsuit in wake of NDAA ban

Kaspersky Lab has upped its legal fight with the U.S. government, filing another lawsuit related to a ban against its products tucked within the 2018 National Defense Authorization Act. Based on court documents filed Monday in U.S. District Court for the District of Columbia, the Russian company says the ban is unconstitutional. Kaspersky’s lawyers say that under the Constitution’s Bill of Attainder Clause, Congress is forbidden “from enacting laws which impose individualized deprivations of life, liberty, and property and inflict punishment on individuals and corporations without a judicial trial.” The 2018 NDAA instituted a government-wide ban on use of Kaspersky products. Signed by President Donald Trump in December, the ban would go into place on Oct. 1, 2o18. “Kaspersky Lab believes that these provisions violate the U.S. Constitution by specifically and unfairly singling out the company for legislative punishment, based on vague and unsubstantiated allegations without any basis in fact,” the […]

The post Kaspersky Lab files another lawsuit in wake of NDAA ban appeared first on Cyberscoop.

Continue reading Kaspersky Lab files another lawsuit in wake of NDAA ban

Trump signed the NDAA today. Here’s what it means for cybersecurity.

President Donald Trump signed the $700 billion National Defense Authorization Act (NDAA) on Tuesday, a law that sets policies and budget guidelines for the U.S. military for fiscal 2018, including its various cybersecurity-focused initiatives. The mammoth piece of annual legislation often includes brand-new projects and policy provisions. This year’s NDAA advances several important cybersecurity efforts while also establishing new rules and programs related to information security. Here’s a closer look at some key cybersecurity provisions: The ban on Kaspersky Lab software becomes official (SEC. 1634) While the Homeland Security Department has already taken concrete steps to push Kaspersky Lab products out of the federal government, Sec. 1634 makes the ban official across the Defense Department and sets a deadline of October 2018 for total removal. The ban specifically mentions any and all products owned by Kaspersky Lab, including both services and software produced by subsidiaries. Trump will define what “cyberwar” means (SEC. 1633) The […]

The post Trump signed the NDAA today. Here’s what it means for cybersecurity. appeared first on Cyberscoop.

Continue reading Trump signed the NDAA today. Here’s what it means for cybersecurity.

Here are the cybersecurity amendments added to the House’s defense bill

Lawmakers attached several cybersecurity-focused amendments to the fiscal 2018 National Defense Authorization Act in a last-minute effort Wednesday to change how the federal government defends itself from cyberattacks and how the military conducts offensive cyber-operations. The House was still working on the bill as of Thursday afternoon. The provisions added Wednesday joined an already lengthy list of items related to government cybersecurity initiatives. Because the NDAA is a policy bill and not a spending bill, congressional rules leave it more open to amendments. It’s common for lawmakers to use it as a vehicle for a wide range of legislative priorities. Most of the amendments added Wednesday have a military component, though. A total of five cybersecurity amendments were added Wednesday to the House’s version of the bill, which still faces a conference committee with the Senate version. Reps. Mike Johnson, R-La., Dan Lipinski, D-Ill., Gregg Harper, R-Miss., Robert Brady, D-Pa., Jose Correa, […]

The post Here are the cybersecurity amendments added to the House’s defense bill appeared first on Cyberscoop.

Continue reading Here are the cybersecurity amendments added to the House’s defense bill