Back to Top

Government’s finally getting its own cybersecurity in order

Government’s finally getting its own cybersecurity in order

Placeholder while loading article actions

Welcome to The Cybersecurity 202! “The Kids in the Hall” was very formative for my teenage years, so I was wary of the reboot. But I’m happy, and a little surprised, to say they’ve made it. I highly recommend it.

Below: All eyes are on the trial of a cybersecurity lawyer in a key case over allegations by former President Donald Trump that he was unfairly directed by the FBI, and another service shared data that could identify women who have had abortions.

The leading cyber agency is proposing big steps forward

The federal government’s top cyber agency is finally getting the tools it needs to detect and thwart real-time hacking threats.

Over the past year, the Agency for Cybersecurity and Infrastructure Security (CISA) has deployed or updated a set of monitoring tools that, essentially for the first time, give the agency broad visibility into the threats of piracy. computer science in most civilian government.

CISA says it has also expanded its authority to force agencies to address digital vulnerabilities before hackers in Russia and elsewhere can exploit them.

“This is really the first time that CISA and federal agencies have this level of visibility and we are very excited about how we can use it both operationally and … to understand and measure federal cybersecurity risk.” Eric GoldsteinCISA’s deputy director of cybersecurity told lawmakers at a hearing yesterday.

The hearing of the chamber’s cyber panel of the House National Security Committee was tied to the first anniversary of an executive order by President Biden that drove many of the advances.

The updates mark an important turning point for the federal governmentwhich has always struggled with cybersecurity, even though it is a major target for some of the world’s most sophisticated hackers with the support of Moscow and Beijing.

Advances have been being worked on – in one way or another – for years. But about 18 months ago they received a big kick in the pants, when the government was caught in the act by the massive Russian spy hacking called SolarWinds, which compromised lots of data from numerous federal agencies.

  • Since Biden’s order, CISA has installed tools to detect hacking threats on computers and servers of 15 federal agencies. This is called “endpoint detection and response” (EDR) and is widely considered to be much more effective than simply tracking threats when they enter an organization’s network.
  • CISA is in the process of installing these endpoint detection tools at 11 more agencies. It expects to have them installed or in the process of being installed in a total of 53 agencies by the end of September. That’s a little over half of all federal government agencies.
  • “In implementing its EDR initiative, CISA has prioritized those agencies affected by the SolarWinds commitment and most have or are in the process of setting up EDR on their networks,” Goldstein told me after the hearing.
  • The agency has also signed or updated agreements with all federal agencies to collect a separate set of cyber threat data from their computers, a system called continuous diagnostics and mitigation, and is sending this data to most large agencies to help. -to detect them and deal with problems. the biggest threats.

This is a breakthrough for about half a decade, when CISA’s predecessor agency had a limited view of the most dangerous mistakes directed at government agencies and did not have the authority to force them to protect themselves from the mistakes it knew. .

But there is anxiety that solutions will not keep pace with the growing cyber threat – or that government agencies will focus less on cyber protections if the threats stay out of the news for a while.

The government has taken previous sprints to improve its cybersecurity, but it still stayed behind the curve, especially after discovering a huge 2015 breach in the Office of Personnel Management that compromised the personal information of more than 20 million of current and former federal employees.

“We have to make sure that this time we do not lose focus and momentum,” he said. Yvette D. Clarke (DN.Y.), said the chairman of the cyber panel of the National Security Committee during yesterday’s hearing.

There are also major cyber challenges that are government-exclusive.

  • First, the large size of the government makes it difficult to guarantee. It is much bigger and more diverse than any large corporation.
  • Government agencies also generally developed their technology infrastructure randomly over decades and, at least in the early days, without thinking about cybersecurity.
  • Agencies are also affected by obsolete inherited technology systems that are often too old to adequately address cyber vulnerabilities.

The cybersecurity lawyer’s trial in the Trump-Russia case begins

The case is important evidence for a Trump-era investigation into whether the FBI unfairly investigated the 2016 Trump campaign on alleged Russian connections. This is the first case filed by a special lawyer John Durham as part of this ongoing investigation.

Details: Prosecutors call cybersecurity lawyer Michael Sussmann he told the FBI he was not working for a particular client when he brought agents computer data showing possible communications between Trump’s company and a Russian bank. The FBI ruled that the data was not suspicious, but prosecutors have accused Sussmann of lying by not telling them he was working for Hillary Clintonpresidential and executive technology campaign Rodney Joffeinforms Devlin Barrett.

“Sussmann has denied the allegations,” Devlin wrote. “His lawyers insist he never wanted to fool the FBI. And they say a lie about who his clients were would be irrelevant, because the FBI already knew he was working for Democrats.”

Lawyers made initial statements in the case yesterday. The trial is set to last two weeks.

Another vendor is selling data that raises alarms about the follow-up of aborting women

The Narrative data market sells lists that could identify mobile devices that have installed popular applications during tracking periods. MotherboardJoseph Cox reports. This data, while anonymous, could be combined with other data to help law enforcement identify users of applications if abortion becomes illegal in some circumstances.

Context: The applications and services that collect this data are raising alarms following reports that the Supreme Court may be willing to overturn Roe against Wadepaving the way for some states to outlaw abortion.

“Narrative is not the company that collects this data from mobile phones,” Cox writes. “Narrative, on the other hand, acts as an intermediary and makes buying data much easier and is based on the ‘suppliers’ who get the information.”

Narrative withdrew data from the Planned Parenthood Direct app, which allows people to order birth control and period tracking apps after the motherboard came in contact with it..

“No data has ever been purchased on the installation of menstruation or pregnancy tracking apps through the Narrative platform,” the company told Motherboard. “However, in light of possible changes to women’s reproductive rights laws, we have updated our policy to remove these data sets from the Market to prevent any possible misuse of the data.”

The company’s terms of service prohibit its customers from using their data to monitor, investigate or track the subjects of their data, Marketplace told Motherboard.

Lawmakers are preparing to vote on cybersecurity bills

The House could vote on two cybersecurity bills as soon as today Registerinforms Martin Matishak.

  • One, which has already been approved by the Senate, would expand cybersecurity cooperation between the federal government and state and local governments.
  • Another seeks to get the federal government to distribute grant money to schools for cybersecurity education.

It’s been a busy week for cybersecurity legislation on Capitol Hill.

  • On Monday, the House passed two cybersecurity laws, one that would enshrine the CISA President’s Cup Cybersecurity Competition in law and another that requires the Department of Homeland Security to write a report outlining cybersecurity functions across the board. federal government.

Georgia Election Board Rejects Ballot Charge Charges (Matthew Brown and Amy Gardner)

Did hackers call for surveillance robots at a Russian airport? (The daily point)

  • Cybersecurity firm CrowdStrike has joined BSA The Software Alliance as a global member.

Cyber ​​insurers raise rates amid rising costly hacks (Wall Street Journal)

  • The Senate Committee on Health, Education, Work and Pensions is holding a hearing on cybersecurity in the health and education sectors at 10 am today
  • Rep. Michael McCaul (R-Tex.), Rep. Elissa Slotkin (D-Mich.) I Bob KolaskyExiger’s senior vice president of critical infrastructure, who previously led CISA’s National Risk Management Center, discusses cybersecurity at a live Washington Post event today at 2:30 p.m.
  • The Senate Rules Committee is holding a hearing on the election administration on Thursday at 11 a.m.
  • U.S. Chamber of Commerce hosts briefing on Russian cyber threats with FBI and CISA officials Thursday at 2 p.m.
  • Deputy Attorney General Lisa MonacoNational Director of Cybernetics Chris Inglis and director of CISA This is Easterly talk at a Security and Technology Institute event about the first year of the ransomware working group on Friday at 10:30 am

Thanks for reading. See you tomorrow.

Source link

Related post

NEP looks beyond academics to envisage character building in students, says Minister

NEP looks beyond academics to envisage character building in…

It aims to impart moral and ethical values ​​to every learner, says Dharmendra Pradhan It aims to impart moral and ethical…
Emirates News Agency – WGS report addresses how governments can create a more systematic and rigorous approach to skills trainings

Emirates News Agency – WGS report addresses how governments…

DUBAI, 2nd October 2022 (WAM) – A report published by the World Government Summit Organization identifies how today’s employers are failing…
Try one of the easiest Python 3 beginner courses for $40

Try one of the easiest Python 3 beginner courses…

Offer price and availability subject to change after publication. TL;DR: Starting October 2, you can sign up for the Premium Python…

Leave a Reply

Your email address will not be published.