Biden’s cybersecurity legacy: ‘a big shift’ to private sector responsibility

Over the course of his term, Joe Biden has presided over an ambitious agenda on regulation and more, to both praise and criticism.

The post Biden’s cybersecurity legacy: ‘a big shift’ to private sector responsibility appeared first on CyberScoop.

Continue reading Biden’s cybersecurity legacy: ‘a big shift’ to private sector responsibility

CISA needs better workforce planning to handle operational technology risks, GAO says

The watchdog report finds that CISA has “insufficient” staff to handle simultaneous attacks that impact OT systems.

The post CISA needs better workforce planning to handle operational technology risks, GAO says appeared first on CyberScoop.

Continue reading CISA needs better workforce planning to handle operational technology risks, GAO says

GAO: Federal agencies lack insight on ransomware protections for critical infrastructure

The Government Accountability Office finds that agencies overseeing key critical infrastructure sectors don’t know whether protections against ransomware have been implemented.

The post GAO: Federal agencies lack insight on ransomware protections for critical infrastructure appeared first on CyberScoop.

Continue reading GAO: Federal agencies lack insight on ransomware protections for critical infrastructure

Feds to hackers in Vegas: help us, you’re our only hope

Spot the fed was an easy game this year at hacker summer camp as White House and administration officials descended on the conferences.

The post Feds to hackers in Vegas: help us, you’re our only hope appeared first on CyberScoop.

Continue reading Feds to hackers in Vegas: help us, you’re our only hope

TSA issues aviation regulations for airlines, airports facing ‘persistent cybersecurity threat’

The agency’s new cybersecurity rules issued on Tuesday followed the Biden administration’s national cybersecurity strategy.

The post TSA issues aviation regulations for airlines, airports facing ‘persistent cybersecurity threat’ appeared first on CyberScoop.

Continue reading TSA issues aviation regulations for airlines, airports facing ‘persistent cybersecurity threat’

Rail industry gets new cyber directives from TSA

U.S. rail companies must commit more attention and resources to cybersecurity under Transportation Security Administration directives announced Thursday by the Department of Homeland Security. The new requirements include that surface rail owner and operators designate a cybersecurity coordinator; report a cybersecurity incident to DHS’s cybersecurity agency within 24 hours; complete a vulnerability assessment; and create a plan to respond to cybersecurity incidents. The directives will cover approximately 80 percent of freight rail and 90 percent of passenger rail, according to a DHS official. DHS Secretary Alejandro Mayorkas announced that TSA would be  rolling out directives for surface transportation in an October speech at the Billington cybersecurity summit. Early plans for the directives, which would have required companies to report incidents within 12 hours, received criticism from industry and Republicans. In October, Republicans led by Sen. Rob Portman of Ohio called for DHS’s OIG to investigate the directives, citing industry complaints that […]

The post Rail industry gets new cyber directives from TSA appeared first on CyberScoop.

Continue reading Rail industry gets new cyber directives from TSA

National Cyber Director Chris Inglis, new cyber kid on the federal block, begins to stake a claim

National Cyber Director Chris Inglis is fleshing out what, exactly, his new office plans to do with itself. With a “strategic intent statement,” a personnel move, a pair of interviews and a newspaper op-ed, Inglis and his office on Thursday provided their most concrete objectives to date for a White House post that sprung into existence in January, and that Inglis won confirmation for in June. He joined a crowded field of feds focused on cyber, from other offices within the White House to departments and agencies like the FBI, the Department of Homeland Security’s Cybersecurity and Infrastructure Agency and the National Security Agency. Inglis said Thursday that it’s a natural, when looking at the disparate organizations in the federal government with cybersecurity responsibilities, to wonder who’s in charge. But he said there were “more appropriate” questions. “How do we bring coherence, how do drive public-private collaboration, how do we have […]

The post National Cyber Director Chris Inglis, new cyber kid on the federal block, begins to stake a claim appeared first on CyberScoop.

Continue reading National Cyber Director Chris Inglis, new cyber kid on the federal block, begins to stake a claim

US to increase scrutiny on cryptocurrency, federal contractors in effort to slow hacking

U.S. officials unveiled a suite of cybersecurity initiatives Wednesday, from cracking down on illicit cryptocurrency usages to increasing transparency about data breaches, as part of an ongoing White House effort to slow rampant cybercrime. The Justice Department signaled it will increase its focus on illicit use of virtual money, which is frequently used in ransomware attacks, and move to punish federal contractors that hide security incidents. In a separate plan, the Transportation Security Administration this year will require top air and rail transportation companies to report cyberattacks to the government, name an internal cyber chief capable of corresponding about cyber incidents and develop a plan for recovering from attacks. Deputy Attorney General Lisa Monaco unveiled two initiatives: a national cryptocurrency enforcement team and a civil cyber fraud initiative. Ransomware and cryptocurrency are “inexorably linked” because of the anonymity that cryptocurrency payments help afford, Monaco said at the Aspen Cyber Summit. […]

The post US to increase scrutiny on cryptocurrency, federal contractors in effort to slow hacking appeared first on CyberScoop.

Continue reading US to increase scrutiny on cryptocurrency, federal contractors in effort to slow hacking

TSA pushes more cybersecurity mandates on critical pipeline owners, emphasizing ransomware

The Transportation Security Administration on Tuesday handed down additional cybersecurity requirements for owners of major pipelines, this time focused on ransomware. It’s the second time the Department of Homeland Security’s TSA has issued a security directive to critical pipeline owners since ransomware attackers struck Colonial Pipeline in May, an incident that spurred panic-buying amid fears of a gas shortage. The specific requirements of the directive were not immediately clear. “This Security Directive requires owners and operators of TSA-designated critical pipelines to implement specific mitigation measures to protect against ransomware attacks and other known threats to information technology and operational technology systems, develop and implement a cybersecurity contingency and recovery plan, and conduct a cybersecurity architecture design review,” a DHS statement reads. The same month of the Colonial Pipeline attack, TSA threatened to fine certain pipeline owners — an estimated 100 companies — if they failed to meet cybersecurity guidelines. TSA […]

The post TSA pushes more cybersecurity mandates on critical pipeline owners, emphasizing ransomware appeared first on CyberScoop.

Continue reading TSA pushes more cybersecurity mandates on critical pipeline owners, emphasizing ransomware

Congress pummels Colonial Pipeline CEO over government coordination after disruptive ransomware incident

Lawmakers repeatedly challenged Colonial Pipeline CEO Joseph Blount on Wednesday about the steps it took to work with the government after a May ransomware attack, often suggesting the company fell short. A long string of House Homeland Security Committee members questioned Blount about his assertion that Colonial had not, as reported, refused voluntary Transportation Security Administration cybersecurity reviews. Instead, the company delayed them due to COVID-19 restrictions and a physical move to a new building, he said. “Delaying these assessments for so long amounts to declining them, sir,” said Rep. Bonnie Watson Coleman, D-N.J., citing communications that began in March of 2020. “It raises serious questions,” she said, while noting that her information says that Colonial turned down even a virtual assessment offers before the ransomware attack that led to fuel delivery slowdowns last month. Colonial has now scheduled a TSA review for late July, Blount said. Blount’s answers about government […]

The post Congress pummels Colonial Pipeline CEO over government coordination after disruptive ransomware incident appeared first on CyberScoop.

Continue reading Congress pummels Colonial Pipeline CEO over government coordination after disruptive ransomware incident