Congressional pressure builds for White House to share classified cyber authorizations

Almost one year after President Donald Trump issued a classified memorandum that has made it easier for the Pentagon to run offense cyber-operations against U.S. adversaries, lawmakers still haven’t seen the details of the memorandum, and they want the White House to change course. Thursday evening the House of Representatives added a provision to the National Defense Authorization Act that would compel the White House to turn over the memorandum as well as any others relating to the Pentagon’s cyber-operations.  The amendment was part of an “en bloc” package, meaning both sides accepted by voice vote without debate, signaling to the White House just how much interest there is — on both sides of the aisle — in allowing the legislative branch to see the memorandum. Part of the concern is that with increased authorizations to run offensive operations against adversaries, the administration runs the risk of escalating tensions with adversaries in cyberspace without proper Congressional oversight, […]

The post Congressional pressure builds for White House to share classified cyber authorizations appeared first on CyberScoop.

Continue reading Congressional pressure builds for White House to share classified cyber authorizations

House’s defense bill looks to protect Pentagon’s tech supply chain

The cybersecurity proposals in the House Armed Services Committee’s draft of the national defense bill for fiscal 2020 include provisions that would create new directives on the Department of Defense’s tech acquisitions and supply chain. Chairman Adam Smith’s mark of the National Defense Authorization Act (NDAA), issued Monday, seeks to prevent the DOD from acquiring foreign telecommunications and video surveillance equipment from companies that could pose security risks to the Pentagon. The provision effectively would ban or suspend contractors and subcontractors from doing business with not just the Pentagon but also the entire U.S. government, too. Chinese-based companies Huawei and ZTE, both of which have been under intense scrutiny by the Trump administration, are not directly named in the provision. The measure appears to align with an executive order the White House issued just last month that seeks to bar U.S. companies from using telecommunications equipment made by foreign firms, with the concern that the gear […]

The post House’s defense bill looks to protect Pentagon’s tech supply chain appeared first on CyberScoop.

Continue reading House’s defense bill looks to protect Pentagon’s tech supply chain

U.S. Cyber Command has shifted its definition of success

U.S. Cyber Command is shifting the way it measures success from solely military outcomes to how the command enables other government agencies to defend against foreign offensive cyber threats. Brig. Gen. Timothy Haugh, who is in charge of Cyber Command’s Cyber National Mission Force, said on Tuesday at an event hosted by the Atlantic Council that success is “not necessarily [about] the department’s outcome,” but is instead about “how can we enable our international partners [and] our domestic partners in industry to be able to defend those things that are critical to our nation’s success.” Haugh said Cyber Command is doing its job right if agencies are taking their own actions: State Department issuing démarches, Department of Homeland Security releasing alerts, and Treasury Department announcing sanctions “based off of information that is derived from our operations.” In the past, Haugh said he believes that these outcomes may not have been considered as wins. […]

The post U.S. Cyber Command has shifted its definition of success appeared first on CyberScoop.

Continue reading U.S. Cyber Command has shifted its definition of success

As defense bill approaches finish line, future of Chinese company ZTE hangs in the balance

When House and Senate negotiators sit down next week to iron out their differences in the annual defense bill, the fate of Chinese telecom giant ZTE will be a key issue. Select lawmakers from both chambers are headed to a conference committee to reconcile the House and Senate versions of the National Defense Authorization Act (NDAA) for fiscal 2019. One notable discrepancy is ZTE-related language: Broadly speaking, the Senate version calls for stricter rules that would curtail the Chinese company’s ability to do business in the U.S.. The House NDAA would restrict the Department of Defense and its contractors from procuring equipment from Chinese telecoms ZTE and Huawei. The Senate version, taking stock of ZTE’s continuous flouting of U.S. sanctions, would explicitly block ZTE from doing business in the country writ large. The Senate’s version of the NDAA, with the ZTE ban tucked into it, passed with broad bipartisan support, 85-10. […]

The post As defense bill approaches finish line, future of Chinese company ZTE hangs in the balance appeared first on Cyberscoop.

Continue reading As defense bill approaches finish line, future of Chinese company ZTE hangs in the balance

Lawmaker hopes to draw redline discouraging election cyberattacks

A prominent lawmaker wants to draw a line in the sand to discourage hackers from targeting U.S. election systems. On Tuesday, Sen. Mark Warner, D-Va., suggested that the United States formally declare it will respond in cyberspace to any foreign interference in American elections. Warner, who serves as vice chairman of the Senate Select Committee on Intelligence, proposed the idea in an amendment to the 2019 National Defense Authorization Act (NDAA), an annual defense policy bill. Warner’s amendment suggests that the United States alter its cyber doctrine to respond accordingly when and if a foreign adversary launches a cyberattack to undermine U.S. elections. The proposed NDAA for fiscal year 2019 is already a significant departure from former versions. For the first time, it offers clear marching orders to the newly elevated U.S. Cyber Command. The bill also directs U.S. cyber forces to go on the attack in response to cyber […]

The post Lawmaker hopes to draw redline discouraging election cyberattacks appeared first on Cyberscoop.

Continue reading Lawmaker hopes to draw redline discouraging election cyberattacks

US Lawmakers Propose ‘Hack Back’ Law to Allow Cyber Retaliation Without Permission of Third-Party Country

US legislators are proposing new legislation that would empower US cyber defenses to hack back at cyber aggressors, even if they’re using a third-party country’s infrastructure, without the explicit consent of the respective country. The Na… Continue reading US Lawmakers Propose ‘Hack Back’ Law to Allow Cyber Retaliation Without Permission of Third-Party Country

Judge dismisses Kaspersky lawsuits, U.S. government ban will stand

Two lawsuits filed by the Russian cybersecurity firm Kaspersky Lab were dismissed Wednesday, ending the Moscow-based company’s attempt to lift the U.S. government’s ban on its products. Kaspersky filed the lawsuits after its products were banned from U.S. government systems in both a Binding Operational Directive from the Department of Homeland Security and the 2018 National Defense Authorization Act. That ban goes into effect on Oct. 1, 2o18. “The NDAA does not inflict ‘punishment’ on Kaspersky Lab,” Colleen Kollar-Kotelly, U.S. District Judge for the District of Columbia, wrote in her opinion. “It eliminates a perceived risk to the nation’s cybersecurity and, in so doing, has the secondary effect of foreclosing one small source of revenue for a large multinational corporation.” The basis of Kaspersky’s lawsuit was that the bans were unconstitutional and caused undue harm to the company. The ban is constitutional, the judge concluded. “These defensive actions may very well have […]

The post Judge dismisses Kaspersky lawsuits, U.S. government ban will stand appeared first on Cyberscoop.

Continue reading Judge dismisses Kaspersky lawsuits, U.S. government ban will stand

House defense bill would usher in cybersecurity changes at DOD

The House of Representatives this week overwhelmingly passed a defense policy bill with several cybersecurity measures aimed at better securing Pentagon networks. The legislation — the fiscal 2019 National Defense Authorization Act (NDAA) — seeks closer collaboration between the departments of Defense and Homeland Security in defending against hackers, asks for quick notification of data breaches of military personnel, and continues to crack down on foreign-made telecom products that are deemed security threats. The NDAA is an annual ritual that lawmakers use to shape Pentagon policies and budget plans while throwing in some pet projects to boot. The House bill — a $717 billion behemoth — eventually will be merged with the Senate’s version, which that chamber’s Armed Services Committee also approved this week. It’s unclear when the Senate bill will have floor votes. One key provision of the House bill, according to the Rules Committee print, would set up a pilot program for […]

The post House defense bill would usher in cybersecurity changes at DOD appeared first on Cyberscoop.

Continue reading House defense bill would usher in cybersecurity changes at DOD

Lack of cooperation between contractors creates lasting vulnerabilities for DoD, official says

Competition among U.S. weapons makers keeps them from collaborating on cybersecurity problems, and it’s causing new and lasting vulnerabilities for the military, a senior U.S. official said Tuesday. Col. Tim Brooks, the mission assurance division chief in the Department of Army Management Office, said a lack of dialogue between contractors is causing headaches as the military looks to harden its systems. Broadly speaking, most weapons systems often overlay multiple different hardware and software products that are not all made by the same company. “With our weapons assessment program, there’s been a lot of time spent trying to break down organizational boundaries and to think about systems of systems,” Brooks said at the Security Through Innovation Summit presented by McAfee and produced by CyberScoop and FedScoop. “That’s compounded by the fact that all these systems of systems are produced by subprime contractors and everyones got non-disclosure agreements and no one wants to disclose their […]

The post Lack of cooperation between contractors creates lasting vulnerabilities for DoD, official says appeared first on Cyberscoop.

Continue reading Lack of cooperation between contractors creates lasting vulnerabilities for DoD, official says

Kaspersky Lab files another lawsuit in wake of NDAA ban

Kaspersky Lab has upped its legal fight with the U.S. government, filing another lawsuit related to a ban against its products tucked within the 2018 National Defense Authorization Act. Based on court documents filed Monday in U.S. District Court for the District of Columbia, the Russian company says the ban is unconstitutional. Kaspersky’s lawyers say that under the Constitution’s Bill of Attainder Clause, Congress is forbidden “from enacting laws which impose individualized deprivations of life, liberty, and property and inflict punishment on individuals and corporations without a judicial trial.” The 2018 NDAA instituted a government-wide ban on use of Kaspersky products. Signed by President Donald Trump in December, the ban would go into place on Oct. 1, 2o18. “Kaspersky Lab believes that these provisions violate the U.S. Constitution by specifically and unfairly singling out the company for legislative punishment, based on vague and unsubstantiated allegations without any basis in fact,” the […]

The post Kaspersky Lab files another lawsuit in wake of NDAA ban appeared first on Cyberscoop.

Continue reading Kaspersky Lab files another lawsuit in wake of NDAA ban