Improving small business cybersecurity. Reward offered for info on DarkSide. Justice cracks down on cybercrime. BOD 22-01 and legacy Federal systems.

Summary

By the CyberWire staff

At a glance.

US House bill aims to improve small business cybersecurity.
US State Department announces reward for information about leaders of the DarkSide ransomware gang.
US Justice Department discusses its ongoing crackdown on cybercrime.
BOD 22-01 will put pressure on legacy Federal computer systems.

House bill concentrates on the cybersecurity needs of small businesses.

This week the US House of Representatives passed two bills focused on improving the cybersecurity of small businesses, Security Week reports. The Small Business Administration (SBA) Cyber Awareness Act will require small businesses to regularly report to Congress about any incidents, the status of their cybersecurity infrastructure, any improvement plans, and notably, the use of any Chinese-manufactured equipment. Representative Young Kim (Republican, California 39th), who introduced the bill, explains that by increasing transparency, the bill can help the SBA better support small businesses recover from the pandemic, which exacerbated the businesses’ struggles. “We must address this issue now and secure our systems so small business owners can safely utilize SBA’s resources as they work to recover from the pandemic, hire workers and adjust to rising costs of supplies,” she explained. In keeping with this, the Small Business Development Center Cyber Training Act aims to empower small businesses to fight cyberthreats by authorizing the SBA to reimburse Small Business Development Centers (SBDCs) for employee certification costs up to $350,000 a year. “If we aren’t protecting our small businesses, then we’re not protecting our economy,” explained Representative Chrissy Houlahan (Democrat, Pennsylvania 6th), one of the bill’s proponents.

Wanted: members of the DarkSide ransomware group.

Security Week reports that the US Department of State is offering a $10 million bounty for information on members of the DarkSide threat group, the gang behind this year’s crippling ransomware attack on the Colonial Pipeline. To sweeten the pot, there’s also an award of up to $5 million for info that leads to the arrest or conviction “of any individual conspiring to participate in or attempting to participate in a DarkSide variant ransomware incident.” The rewards, offered under the Department of State’s Transnational Organized Crime Rewards Program, underline the US’s focus on being more aggressive when it comes to preventing attacks on US critical infrastructure and come on the heels of a law enforcement operation against the REvil ransomware group carried out by a foreign partner of the US that resulted in the successful seizure of the hackers’ servers.

US Justice Department cracks down on cybercrime.

AP News spoke with US Deputy Attorney General Lisa Monaco about the Justice Department’s heightened efforts to stomp out ransomware and other cyberattacks through a very straightforward method of enforcement: arrests. Monaco threatened, “If you come for us, we’re going to come for you,” but she didn’t go into detail about who might be prosecuted. The US has stepped up its war on cybercrime in recent months, notably extraditing a suspected Russian hacker to the US and seizing $2.3 million in cryptocurrency paid to cybercriminals, and Monaco’s announcement underlines these efforts: “We’re going to continue to press forward to hold accountable those who seek to go after our industries, to hold our data hostage and threaten national security, economic security and personal security.”

On a more optimistic note, during a House Homeland Security Committee hearing this week National Cyber Director Chris Inglis stated the US has seen a “discernible decrease” in Russian attacks, the Hill reports. “It’s too soon to tell whether that is because of the material efforts undertaken by the Russians or the Russian leadership,” Inglis stated, explaining that threat actors might simply be laying low because it’s clear the US is on the hunt. But, he said, if that’s the case, the government must maintain its efforts.

Ancient computer equipment plagues the US executive branch.

The Wall Street Journal unpacks the ramifications of a White House directive issued this week aimed at tackling the US executive-branch agencies’ plague of outdated computer systems, left in place due to budgetary constraints and worsened by years of neglect. The directive lists nearly three hundred security flaws identified by cybersecurity experts as carrying “significant risk to the federal enterprise,” and while many are new issues, some have been known vulnerabilities for years. The Government Accountability Office estimates that, on average, federal government software is about seven years old, with an approximately 50-year-old Education Department student loan system being one of the oldest. Daniel Castro, vice president of the think tank Information Technology and Innovation Foundation, commented, “It’s a bit shocking that this is even a directive. It’s literally telling the federal government’s cybersecurity staff that they should patch IT systems with known vulnerabilities. Of course they should.” Agencies have until November 17th to address the most serious flaws, and until May 2022 for the less severe issues.

Selected Reading

Nakasone: Cold War-style deterrence 'does not comport to cyberspace' (Breaking Defense) "Strategic competition is alive and well in cyberspace, and we're doing it every day with persistent engagement," the CYBERCOM and NSA leader said.

Cyber Official Warns ‘American Way of Life’ at Risk From Hackers (Bloomberg) CISA’s Easterly orders agencies to fix software bugs. Private sector core to national security, cyber chief says.

Biden administration teams up with Big Tech to fend off cyberattacks (The Washington Times) The Biden administration is working aggressively to enlist tech companies to help fight hackers and ransomware attackers, saying a cybersecurity public-private partnership is the best way to protect America’s critical infrastructure.

House Passes Two Bills to Improve Small Business Cybersecurity (SecurityWeek) The U.S. House of Representatives this week passed two bills whose goal is to improve the cybersecurity of small businesses.

WSJ News Exclusive | AT&T, Verizon to Delay 5G Rollout Over FAA’s Airplane Safety Concerns (Wall Street Journal) The wireless carriers agreed to postpone their planned Dec. 5 deployment of a new 5G frequency band to address FAA concerns about potential interference with cockpit safety systems.

CISA recommends vendors to fix BrakTooth issues after the release of PoC tool (Security Affairs) CISA urges vendors to address BrakTooth flaws after researchers have released public exploit code and a proof of concept tool for them. US CISA is urging vendors to address BrakTooth flaws after security researchers have released public exploit code and a proof of concept tool to test Bluetooth devices against potential Bluetooth exploits. “On November […]

Historic deployment of cyber forces with Bomber Task Force Europe (U.S. Cyber Command) In a historic deployment, a U.S. Cyber Command Cyber Protection Team defended critical data on B-1B Lancers assigned to Dyess Air Force Base’s 9th

US Offers $10 Million Bounty in Hunt for DarkSide Ransomware Operators (SecurityWeek) The U.S. Department of State is offering $10 million for information leading to the identification or location of senior members of the DarkSide ransomware gang

Reward Offers for Information to Bring DarkSide Ransomware Variant Co-Conspirators to Justice (United States Department of State) The U.S. Department of State announces a reward offer of up to $10,000,000 for information leading to the identification or location of any individual(s) who hold(s) a key leadership position in the DarkSide ransomware variant transnational organized crime group. In addition, the Department is also offering a reward offer of up to $5,000,000 for information […]

Igor Danchenko arrested, charged with lying to FBI about information in Steele dossier (Washington Post) An analyst who was a primary source for a 2016 dossier of allegations against Donald Trump has been arrested on charges that he repeatedly lied to the FBI about where and how he got his information, officials said Thursday.

Indictment of Igor Danchenko Casts New Doubts on Sourcing of Steele Dossier (Wall Street Journal) Special counsel John Durham alleges a key source lied to the FBI about how he collected information about former President Donald Trump and Russia, getting some of it from a Democratic operative.

Ukraine Names Russian FSB Officers Involved in Gamaredon Cyberattacks (SecurityWeek) Ukraine has revealed the identity of 5 Russian FSB officers who were allegedly involved in cyberattacks attributed to a threat group tracked as Gamaredon and Primitive Bear.

Greater Security Enforcement is Leading to New SEC Fines - What You Need to Know Now... (onShore Security) Notable Ransomware Attacks are Prompting Increased Accountability

It's Time to Regulate Water and Wastewater Cybersecurity--Here's How (Belfer Center) Amid a heightened threat environment in which U.S. water infrastructure is increasingly vulnerable to cyberattacks, the time to set cybersecurity regulations--and provide funding for state, local, and private organizations to meet them--is now.

Federal Cybersecurity Directive Spotlights Aging Computer Systems (Wall Street Journal) Many of the cybersecurity gaps outlined in a new White House directive that calls on agencies to patch online vulnerabilities stem from the government’s aging systems, experts say

The AP Interview: Justice Dept. conducting cyber crackdown (AP NEWS) The Justice Department is stepping up actions to combat ransomware and cybercrime through arrests and other actions, its No. 2 official told The Associated Press, as the Biden administration escalates its response to what it regards as an urgent economic and national security threat.

Top cyber official reports 'decrease' in Russian cyberattacks against US groups (TheHill) White House National Cyber Director Chris Inglis testified on Capitol Hill Wednesday that there had been a “decrease” in the number of cyberattacks against U.S.

INSA Argues for Space Systems Classification as Critical Infrastructure (MeriTalk) The Intelligence and National Security Alliance – a trade group for the intel and national security communities – is arguing in a new white paper that United States space systems should be classified by the Federal government as critical infrastructure.

Designating the U.S. Space Sector as Critical Infrastructure (INSA) It is in the national interest to designate space systems as a sector of the critical infrastructure of the United States. As commercial companies have driven significant technological innovation and growth in the space sector, space-related technologies and systems have become increasingly critical to U.S. national and economic security. Designation of space as a critical infrastructure sector would enable public-private collaboration and information-sharing regarding both the space sector’s vulnerabilities and the threats space assets face.

Thousands of intel officers refusing vaccine risk dismissal (Washington Post) Thousands of intelligence officers could soon face dismissal for failing to comply with the U.S. government’s vaccine mandate, leading some Republican lawmakers to raise concerns about removing employees from agencies critical to national security.

Secretary Blinken Announces Next Steps for Creating a Bureau of Cyberspace and Digital Policy at the Department of State (JD Supra) On October 27, 2021, Secretary of State Antony Blinken formally announced plans to modernize and reorient American diplomacy to meet the evolving...

Pentagon issues revised cyber standards for contractors (The Record by Recorded Future) The Defense Department on Thursday released a revamped framework and digital security standards for contractors that is intended to “minimize barriers” for compliance.

Pentagon strips down CMMC program to streamline industry cyber assessments | Federal News Network (Federal News Network) The Pentagon is revising its Cybersecurity Maturity Model Certification program by massively reducing the amount of companies that would require third-party assessments and providing new waiver…

Army reactivates theater artillery command amid Russian build-up near Ukraine - Breaking Defense (Breaking Defense) The European Theater Fires Command was deactivated in 1991 after the signing of the INF. Now the Army views is as critical to long-range fires in multi-domain operations.