Joint Statement by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI) (CISA) Over the course of the past several days, the FBI, CISA, and ODNI have become aware of a significant and ongoing cybersecurity campaign. Pursuant to Presidential Policy Directive (PPD) 41, the FBI, CISA, and ODNI have formed a Cyber Unified Coordination Group (UCG) to coordinate a whole-of-government response to this significant cyber incident.
White House activates cyber emergency response under Obama-era directive (CyberScoop) The National Security Council has activated an emergency council to help the government plan its response to a nation-state hacking incident.
White House Holds Urgent Daily Talks on Hacking Linked to Russia (Bloomberg) The White House has convened urgent meetings of officials across multiple agencies to address a breach of U.S. government computer systems attributed to Russia, according to a person familiar with the matter.
Senators want answers regarding SolarWinds cyber attack (Federal News Network) A bipartisan group of senators want the FBI and CISA to submit a report to Congress about the impact of the SolarWinds cyber attack on agencies.
Opinion | I Was the Homeland Security Adviser to Trump. We’re Being Hacked. (New York Times) The magnitude of this national security breach is hard to overstate.
3 lessons from Russia’s cyberhack into U.S. agencies (Washington Post) Cyberspying may be inevitable. Governments can prepare.
The US Federal Government Needs a VP of Engineering, not a CTO (LinkedIn) If you look at the roster of the Biden-Harris transition team, it’s quickly apparent that the incoming administration is tech-forward. Given the systematic dismantlement of the federal government over the last four years, and the significant logistical and scientific needs underpinning a large-scale
Huawei Gets Conditional Green Light in Germany as Government Approves Security Bill (Wall Street Journal) Germany edged closer to allowing the use of Huawei’s technology in 5G mobile networks, giving the Chinese company a victory on a European continent increasingly aligned with the Trump administration’s anti-Huawei views.
Focus of OT and IoT Cybersecurity in Australia’s Critical Infrastructure (Security Boulevard) The Australian Government’s approach to OT/IoT security is a significant step forward, but great challenges still exist for critical infrastructure. The post Focus of OT and IoT Cybersecurity in Australia’s Critical Infrastructure appeared first on Nozomi Networks.
Huawei’s Role in the China-Russia Technological Partnership (Council on Foreign Relations) While Huawei clearly benefits from the China-Russia science and technology partnership, it also helps facilitate it.
German Government Backs Bill Requiring 5G Security Pledge (SecurityWeek) German officials approved a bill that would require companies involved in setting up critical infrastructure such as high-speed 5G networks to guarantee that their equipment can't be used for sabotage, espionage or terrorism.
Telecom Equipment: Citing national security, govt set to bar Chinese telecom gear (The Times of India) India Business News: In a first, the government on Wednesday decided to issue a National Security Directive for the telecommunication sector to mandate scrutiny of telecom
India Trusted Source: Centre likely to blacklist some telecom equipment vendors (One India) The Centre today said that it may blacklist certain telecom equipment vendors and also designate companies as India Trusted Source.
Swedish court allows telecoms regulator to go ahead with Huawei exclusion (Reuters) A Swedish appeals court on Wednesday said telecoms regulator PTS would be able to conduct 5G spectrum auctions, setting aside an earlier ruling, though it remained an option for Chinese telecom equipment maker Huawei to appeal the decision.
Canada likely to become the next 'Five Eyes' nation to ban Huawei 5G (Zee News) There have also been several allegations made against Huawei that the Chinese company has illicitly obtained intellectual property rights of other companies.
Huawei comms chief resigns over 'Uighur alarms' report; UK counterpart also steps down (PR Week) Huawei comms chief resigns over 'Uighur alarms' report; UK counterpart also steps down. From PR Week
EU unveils revamp of cybersecurity rules days after hack (AP NEWS) The European Union unveiled Wednesday plans to revamp the 27-nation bloc’s dated cybersecurity rules, just days after data on a new coronavirus vaccine was unlawfully accessed in a...
New EU Cybersecurity Strategy and new rules to make physical and digital critical entities more resilient (European Commission) Today, the Commission and the High Representative of the Union for Foreign Affairs and Security Policy are presenting a new EU Cybersecurity Strategy.
UK and EU unveil new rules to regulate big tech (Computing) The proposals are expected to create a 'level playing field' for everyone
EU, Britain to Toughen Rules, Fines for Tech Giants (SecurityWeek) Big tech companies face hefty fines in the European Union and Britain if they treat rivals unfairly or fail to protect users on their platforms.
Tech Giants Face New Rules in Europe, Backed by Huge Fines (Wall Street Journal) European officials want new powers to oversee internal workings at large tech companies such as Facebook, backed by threats of multibillion-dollar fines, in a bid to expand their role as global tech enforcers.
Biden Faces Early Test on Digital Trade With EU Privacy Talks (Wall Street Journal) Striking a new deal to allow U.S. companies to transfer data from the EU will be a key test for the Biden administration, as such a privacy agreement could play a central role in strengthening trans-Atlantic trade.
The Cybersecurity 202: Democrats and Republicans are ending 2020 as far apart as ever on election security (Washington Post) Any chance of Congress burying old gripes and working together on election security took a serious blow during 2020’s final hearing on the topic.
DoD announces cybersecurity certification pilots (C4ISRNET) The tiered cybersecurity framework grades companies on their cyber hygiene.
Facebook Is a Doomsday Machine (The Atlantic) The architecture of the modern web poses grave threats to humanity. It’s not too late to save ourselves.
Trump Spy Chief Stirs Dispute Over China Election-Meddling Views (Bloomberg) Ratcliffe’s office says report to Congress will be delayed. Disagreement is over the extent of interference by China.
Rounding Up Your IoT Security Requirements: Draft NIST Guidance for Federal Agencies (NIST) IoT devices are becoming integral elements of federal information systems, which is why NIST has released for
Summation and Average Queries: Detecting Trends in Your Data (NIST) This post is part of a series on differential privacy.
SunBurst: the next level of stealth (ReversingLabs) SolarWinds compromise exploited through sophistication and patience
SolarWinds: The Hunt to Figure Out Who Was Breached (Bank Info Security) A mighty effort is underway to figure out which organizations may have been deeply infiltrated by a suspected Russian hacking group. The hunt is difficult for many
Hack May Have Exposed Deep US Secrets; Damage Yet Unknown (SecurityWeek) It could take years to get answers on what may have been accessed in a widespread cyber espionage campaign uncovered in December 2020 that used SolarWinds software
How suspected Russian hackers outed their massive cyberattack (POLITICO) A cybersecurity firm says a suspicious log-in prompted it to investigate what turned out to be a gaping security hole for the U.S. government and many large companies.
Analysis | The Cybersecurity 202: Russian hack reveals weaknesses in government cybersecurity protections (Washington Post) The government needs better protections and faster recovery plans, lawmakers and experts say.
Malicious Domain in SolarWinds Hack Turned into ‘Killswitch’ (KrebsOnSecurity) A key malicious domain name used to control potentially thousands of computer systems compromised via the months-long breach at network monitoring software vendor SolarWinds was commandeered by security experts and used as a "killswitch" designed to turn the sprawling cybercrime operation against itself, KrebsOnSecurity has learned.
FireEye, Microsoft create kill switch for SolarWinds backdoor (BleepingComputer) Microsoft, FireEye, and GoDaddy have collaborated to create a kill switch for the SolarWinds Sunburst backdoor that forces the malware to terminate itself.
Billions Spent on U.S. Defenses Failed to Detect Giant Russian Hack (New York Times) The broad Russian espionage attack on the U.S. government and private companies, underway since spring and detected only a few weeks ago, is among the greatest intelligence failures of modern times.
Lithuania Suffers "Most Complex" Cyber-attack in Years (Infosecurity Magazine) Cyber-attack during government’s transition is the most complex to hit Lithuania in years
Pawn Storm’s Lack of Sophistication as a Strategy (Trend Micro) In this entry we share Pawn Storm's recent activities, focusing on their use of some simple methods that typically won't get associated with APT groups.