Category Archives: Rob Joyce

While U.S. ponders response to Russia, agencies’ hands are tied in cyberspace, intelligence chief says

Posted on by

After senators repeatedly criticized him for the weak U.S. response to Russian cyberattacks and propaganda, the head of the intelligence community complained Tuesday that a lack of policy had stifled his agencies from taking action. The White House is currently involved in various policy discussions with intelligence agencies, the Pentagon and the Homeland Security Department about how to best counter Russian operations, said Director of National Intelligence Dan Coats. But there’s still no timetable for when any of these policies will be either introduced or codified into law. In the meantime, “Russia is likely to continue to pursue even more aggressive cyberattacks with the intent of degrading our democratic values and weakening our alliances,” Coats said Tuesday at a hearing by the Senate Armed Services Committee. The National Security Council, White House Homeland Security Adviser Thomas Bossert and White House Cybersecurity Coordinator Rob Joyce are discussing the appropriate policy and legal framework necessary […]

The post While U.S. ponders response to Russia, agencies’ hands are tied in cyberspace, intelligence chief says appeared first on Cyberscoop.

Continue reading While U.S. ponders response to Russia, agencies’ hands are tied in cyberspace, intelligence chief says

Watchdog questions DoD about Cyber Command’s work with private sector, civilian agencies

Posted on by

The Defense Department needs to clarify and further define how certain U.S. defense agencies and combatant commands — including the nation’s top cyberwarfare unit, U.S. Cyber Command — should interact with private sector companies and civilian agencies, according to a recent report by the Government Accountability Office (GAO). The GAO outlined deficiencies in a report by the Pentagon that sought to establish roles and responsibilities for some of these defense organizations when they respond to data breaches. GAO contends that the Defense Department’s “Section 1648 report” leaves out several key details that would sufficiently answer questions about collaboration with businesses as well as training requirements for operators. DOD has reportedly agreed with some of GAO’s criticism. Recent major data breaches affecting U.S. corporations, including Deloitte and Equifax, have spurred questions about whether the Pentagon should take on a greater role in defending the private sector from intrusions. “DOD was supposed to develop [a] comprehensive plan for CYBERCOM […]

The post Watchdog questions DoD about Cyber Command’s work with private sector, civilian agencies appeared first on Cyberscoop.

Continue reading Watchdog questions DoD about Cyber Command’s work with private sector, civilian agencies

Experts ask: Why does the VEP cut out health care agencies?

Posted on by

The U.S. government’s policy for disclosing freshly discovered software vulnerabilities effectively sidelines a small but vital slice of the global IT ecosystem, critics charge — flaws in the computer programs that run medical devices, hospital equipment and digital health records systems. The Vulnerabilities Equities Process (VEP) sets out how the government decides whether to secretly retain a new vulnerability — called a zero day — for use in spying operations, or disclose it to the manufacturer so the software can be fixed or patched. The process’s details were released Wednesday by the White House. The Equities Review Board, the body which discusses vulnerabilities and makes decisions under the VEP, is made up of representatives from 10 federal agencies and departments, including the Department of Defense, Department of Homeland Security and the Office of the Director of National Intelligence. But there’s no representative from the Department of Health and Human Services. When asked […]

The post Experts ask: Why does the VEP cut out health care agencies? appeared first on Cyberscoop.

Continue reading Experts ask: Why does the VEP cut out health care agencies?

White House Releases VEP Disclosure Rules

Posted on by

The White House released a charter document on Wednesday outlining how the U.S. government will disclose cyber security flaws and when it will keep them secret. Continue reading White House Releases VEP Disclosure Rules

White House unveils process behind disclosing software vulnerabilities

Posted on by

The White House has released a charter that will give more clarity and bring more transparency to the vulnerabilities equities process, the course by which the U.S. government determines to either withhold or disclose information to tech companies about flaws in their software. The charter lays out the core considerations taken into account by the U.S. government when a vulnerability is in its possession, weighing “the benefit to national security and the national interest when deciding whether to disclose or restrict knowledge of a vulnerability.” “Vulnerability management requires sophisticated engagement to ensure protection of our people, the safeguarding of critical infrastructure, and the defense of important commercial and national security interests,” reads the charter, which was released Wednesday. “The new VEP Charter balances those interests in a way that is repeatable and defensible, and its publication will bolster the confidence of the American people as we continue to carry out […]

The post White House unveils process behind disclosing software vulnerabilities appeared first on Cyberscoop.

Continue reading White House unveils process behind disclosing software vulnerabilities

Senate mulls subpoena to force White House cyber czar to testify on cybersecurity

Posted on by

Sen. John McCain and the Senate Armed Services Committee railed against the Trump administration on Thursday when White House cybersecurity coordinator Rob Joyce failed to show up to a hearing focused on defending against cyberattacks. Thursday’s hearing quickly became contentious when the White House only offered up an empty chair despite Joyce being invited to appear alongside senior officials from the Department of Defense, Department of Homeland Security and the FBI. McCain, R-Arizona, led a chorus of sharp attacks against the White House culminating in the suggestion of using a subpoena to force Joyce to testify and the promise of a full committee meeting to evaluate the committee’s options and the excuse cited by the White House because of “executive privilege” and “precedent against having nonconfirmed [National Security Council] staff testifying before Congress.” As the White House cyber czar, Joyce’s power and responsibilities lay at the heart of the topic of today’s senate hearing which […]

The post Senate mulls subpoena to force White House cyber czar to testify on cybersecurity appeared first on Cyberscoop.

Continue reading Senate mulls subpoena to force White House cyber czar to testify on cybersecurity

White House Cybersecurity Coordinator takes on additional role in Trump administration

Posted on by

Rob Joyce, the White House’s Cybersecurity Coordinator, is ascending through the ranks at 1600 Pennsylvania Avenue. CyberScoop has learned that Joyce will take on a new position starting Monday as Acting Deputy Homeland Security Adviser to the President, a position that was vacated by John Daly in recent days and Amy Pope before him in January. Joyce is a well respected intelligence professional and one of the leading cybersecurity experts in the federal government. Prior to the White House, he worked in the National Security Agency, leading the spy agency’s elite hacking unit known as Tailored Access Operations. The March appointment of Joyce as White House cybersecurity coordinator was heralded by both Republican and Democratic lawmakers. Joyce will continue in his role as the nation’s cybersecurity czar in addition to the new position. His current duties include coordinating, communicating with and effectively leading the individual cybersecurity efforts of each federal agency, […]

The post White House Cybersecurity Coordinator takes on additional role in Trump administration appeared first on Cyberscoop.

Continue reading White House Cybersecurity Coordinator takes on additional role in Trump administration

US Top Law Enforcement Calls Strong Encryption a ‘Serious Problem’

Posted on by

U.S. Deputy Attorney General and other top cyber policy makers warn the use of strong encryption hobbles law enforcement’s ability to protect the public and solve crimes and is a serious problem. Continue reading US Top Law Enforcement Calls Strong Encryption a ‘Serious Problem’

Trump administration will shine light on VEP with public charter

Posted on by

The Trump administration plans to launch a “public charter” to add transparency and clarity to the Vulnerabilities Equities Process (VEP), a policy that guides when and if the U.S. government will tell a software vendor about digital flaws they’ve discovered in their products that could be otherwise used for espionage or intelligence operations. “We are in the process of a policy decision-making group that’s reviewing it, endorsing it, and then we will be able to push it out,” Joyce said Wednesday at the Cambridge Cyber Summit about the charter. “What we’re trying to carefully weigh is having those capabilities, to be able to use them for national security, while at the same time making sure that it’s not a major liability for our economy, for the international community, for our national security.” In an interview with CyberScoop, Joyce said the public charter would provide some new information concerning the number […]

The post Trump administration will shine light on VEP with public charter appeared first on Cyberscoop.

Continue reading Trump administration will shine light on VEP with public charter