Senate Intelligence Committee – Page 2

CIA ‘secret bulk collection program’ picked up some Americans’ data, senators reveal

Posted on February 11, 2022 by Joe Warminsky

Some data belonging to Americans was swept up in a secret CIA mass surveillance program that operated under atypical legal authority for such an operation, according to a letter released Thursday night by two Democratic members of the Senate Intelligence Committee. The unnamed program operates “entirely outside the statutory framework that Congress and the public believe govern this collection, and without any of the judicial, congressional or even executive branch oversight” that otherwise would apply, according to the letter from Sens. Ron Wyden, D-Ore., and Martin Heinrich, D-N.M. The senators said the “secret bulk collection program” was authorized under presidential Executive Order 12333 from the early 1980s, which covers some activities of U.S. intelligence agencies. Many of the intelligence community’s surveillance programs are covered under the Foreign Intelligence Surveillance Act (FISA), which involves a special court that secretly reviews requests for spying. The information released by the senators does not […]

The post CIA ‘secret bulk collection program’ picked up some Americans’ data, senators reveal appeared first on CyberScoop.

Continue reading CIA ‘secret bulk collection program’ picked up some Americans’ data, senators reveal→

Biden administration officials push Congress to shape breach reporting mandates

Posted on September 23, 2021 by Tim Starks

U.S. cybersecurity officials are seeking to put their stamp on cyber incident reporting legislation, wading into debates on Capitol Hill about questions like how swiftly companies must report attacks to federal agencies — and what happens if they don’t. The head of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency testified at a Senate hearing Thursday in favor of requiring critical infrastructure owners and operators, federal contractors and agencies to report attacks to CISA within 24 hours of detection. There are three leading proposals in Congress, each with a different timeframe for reporting attacks. The leaders of the Senate Intelligence Committee favor a 24-hour deadline. A draft bill from leaders of the Senate Homeland Security and Governmental Affairs Committee would set the range at between 72 hours and seven days, as determined by CISA. And a draft from leading members of the House Homeland Security Committee proposes leaving […]

The post Biden administration officials push Congress to shape breach reporting mandates appeared first on CyberScoop.

Continue reading Biden administration officials push Congress to shape breach reporting mandates→

Breach notification window, accountability are focus of coming fight on cyber legislation in Congress

Posted on September 1, 2021 by Tim Starks

Battle lines are drawn in Congress over legislation that would require companies to report some cyber incidents to the federal government, with industry groups lining up to support a House of Representatives bill poised to create fewer challenges for business leaders than a similar proposal in the Senate. The debate involves questions about how quickly companies would have to report attacks, what kinds of specific intrusions would trigger notification and whether failure to comply with the rules would lead to financial penalties. The idea of breach notification legislation gained momentum following last year’s discovery of the SolarWinds hack that compromised nine federal agencies and some 100 companies, as well as the Colonial Pipeline ransomware attack in May. At issue are such questions as whether companies have 24 or 72 hours to report an incident, along with who would be on the hook outside of critical infrastructure owners and operators, if […]

The post Breach notification window, accountability are focus of coming fight on cyber legislation in Congress appeared first on CyberScoop.

Continue reading Breach notification window, accountability are focus of coming fight on cyber legislation in Congress→

Senate bill proposes requiring cyber incident notification to feds within 24 hours

Posted on June 17, 2021 by Tim Starks

Senate Intelligence Chairman Mark Warner is sharing draft bipartisan legislation that would require critical infrastructure owners, cybersecurity incident response firms and federal contractors to report cyber intrusions to the Homeland Security Department within 24 hours. It’s one of the earliest bills to respond a spate of attacks that began with the SolarWinds breach and continued on through the Microsoft Exchange hack and ransomware incidents at Colonial Pipeline and meat supplier JBS. It won’t be the last, either in the House or Senate. Warner has been pushing the idea for months. At a February hearing of Warner’s committee the Virginia Democrat, other senators and witnesses from SolarWinds, Microsoft and FireEye discussed the thought Warner had been floating. The fear was that if FireEye hadn’t voluntarily disclosed that it was a victim of the SolarWinds supply chain hack that compromised nine federal agencies and many technology companies, the damage would’ve been more severe. […]

The post Senate bill proposes requiring cyber incident notification to feds within 24 hours appeared first on CyberScoop.

Continue reading Senate bill proposes requiring cyber incident notification to feds within 24 hours→

Lawmakers press spy leaders on lagging efforts to block foreign hackers, deterrence

Posted on April 14, 2021 by Shannon Vavra

When companies become aware they have been targeted by criminal or nation-state hackers, they need to fess up and come to the U.S. government with information to help feds get a better handle on foreign nation-state hacking, FBI Director Chris Wray emphasized during testimony on Capitol Hill Wednesday. Wray noted that companies coming forward when they are impacted in cyberattacks is a crucial part of developing a sort of early-warning system for foreign hackers working to conduct sweeping cyber-operations against multiple American companies and government entities. “We need that first company [impacted]. Someday you’re going to be the first company, if you’re the CEO and someday you’re going to be the second, third or fourth company,” Wray told the Senate Intelligence Committee during the intelligence community’s global threats briefing. “We need in every instance those companies to be stepping forward promptly and reaching out to government so that we can […]

The post Lawmakers press spy leaders on lagging efforts to block foreign hackers, deterrence appeared first on CyberScoop.

Continue reading Lawmakers press spy leaders on lagging efforts to block foreign hackers, deterrence→

Biden signs executive order demanding supply chain security review

Posted on February 24, 2021 by Tim Starks

President Joe Biden signed an executive order on Wednesday directing federal agencies to conduct a review of supply chain security risks in industries including information technology. While a significant goal of the order is to address shortages of a wide assortment of critical imported components such as electric batteries and pharmaceuticals, it does include a mandated review of the information and communications technology sector. A prominent justification for the review is a desire to rely less on semiconductors manufactured overseas. Biden, at a news conference to herald his signing of the executive order, said “we need to make sure these supply chains are secure and reliable.” It’s an issue, he said, “of both concern for economic security as well as our national security.” Espionage remains a significant concern, as well, after hackers leveraged access in a federal contractor to gather sensitive from throughout the U.S. government. The supply chain danger […]

The post Biden signs executive order demanding supply chain security review appeared first on CyberScoop.

Continue reading Biden signs executive order demanding supply chain security review→

SolarWinds CEO talks hack, remaining questions before Capitol Hill hearings

Posted on February 22, 2021 by Tim Starks

The chief executive of SolarWinds on Monday said his company is still seeking a fuller understanding of the scope of the hack on its Orion software — and laying the groundwork for what SolarWinds, as well as the federal government, should be doing next. “What we are… still learning is the breadth and depth of the sophistication of the attackers, number one,” Sudhakar Ramakrishna said at a Center for Strategic and International Studies online event where he noted that the company’s investigation into what happened is ongoing. “Number two is the patience with which they carried out these attacks, and obviously the persistence,” he said, citing as an example that the hackers appeared to use earlier versions of Orion code as a test bed for their eventual attack. Ramakrishna took over as CEO weeks after news about the hack of SolarWinds’ updates to its Orion software had become public. The […]

The post SolarWinds CEO talks hack, remaining questions before Capitol Hill hearings appeared first on CyberScoop.

Continue reading SolarWinds CEO talks hack, remaining questions before Capitol Hill hearings→

As FireEye grapples with breach investigation, questions remain

Posted on December 10, 2020 by Tim Starks

FireEye’s announcement this week that hackers breached its systems has sent shockwaves through the cybersecurity community, raising new questions about how one of the most influential security firms in the U.S. grappled with an apparently state-sponsored attack. It also has triggered policy discussions about whether the U.S. government should do more to protect cyber industry titans like FireEye, one of the top cybersecurity firms in the world with customers that counts Fortune 500 companies among its clients. The hack adds FireEye to the list of cybersecurity companies that have experienced their own breaches, a roster stretching back to at least the beginning of the last decade. “This news has rocked the cybersecurity industry to our core, unlike anything since the RSA hack” from 2011, said Tom Bossert, president of Trinity Cyber and the former homeland security adviser to President Donald Trump. “It’s a pretty big deal.” FireEye revealed on Tuesday […]

The post As FireEye grapples with breach investigation, questions remain appeared first on CyberScoop.

Continue reading As FireEye grapples with breach investigation, questions remain→

Senate Intelligence Committee wants DNI to investigate commercial spyware threats

Posted on June 11, 2020 by Shannon Vavra

The Senate Intelligence Committee quietly approved a measure last week that would require the Director of National Intelligence to submit a report to Congress on the threats posed by foreign governments’ and entities’ use of commercially available surveillance software. The DNI’s report, which would be sent to Congress 180 days after the Intelligence Authorization Act for 2021 passes, would include information on how the U.S. — and other countries — can work to reduce the threats of commercial spyware, including through export controls, diplomatic pressure, trade agreements, and work with the technology and telecommunications sectors to better secure consumers’ software. The committee wants the DNI to specifically address the threat posed to U.S. citizens, in addition to those living abroad or employed by the U.S. government. The report request comes nearly one year after the United Nations Special Rapporteur David Kaye called for a moratorium on the creation and sale of […]

The post Senate Intelligence Committee wants DNI to investigate commercial spyware threats appeared first on CyberScoop.

Continue reading Senate Intelligence Committee wants DNI to investigate commercial spyware threats→

Obama administration ‘not well-postured’ to counter Russian election interference, Senate committee finds

Posted on February 6, 2020 by Shannon Vavra

The Senate Intelligence Committee has concluded that the Obama administration’s response to Russian election interference during the 2016 presidential election campaign was largely hamstrung by partisan concerns and a difficulty understanding the true scope of Russian capabilities and intentions, according to a new bipartisan report issued Thursday. The report broadly addresses information-sharing issues, why a delay in definitive attribution to Russia took place and fears about undermining Americans’ trust in election processes. It’s the latest installment of the Senate Intelligence Committee’s findings from its probe into Russia’s efforts, and comes after two prior reports on election security and Russia’s information operations. Siloed understanding of cyber issues The administration was caught off-guard by the concept of Russian cyber-operations pivoting from espionage to more disruptive measures, the report found. “Witnesses interviewed by the committee consistently said that Russian cyber activity was a well-known issue within the administration, however hardly any administration officials had […]

The post Obama administration ‘not well-postured’ to counter Russian election interference, Senate committee finds appeared first on CyberScoop.

Continue reading Obama administration ‘not well-postured’ to counter Russian election interference, Senate committee finds→