We'd like to hear from you.
As a valued subscriber, we would like to better understand your needs and challenges. Complete our 15 minute survey for a chance to win a $100 gift card and to allow us to learn how we can better serve you.
As a valued subscriber, we would like to better understand your needs and challenges. Complete our 15 minute survey for a chance to win a $100 gift card and to allow us to learn how we can better serve you.
Last week a senior official in the Administration floated the idea of cybersecurity grades and standards for software and devices that would allow consumers to “make a market for cybersecurity,” echoing Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger’s comments at the ICS Security Summit. The official compared the measures to restaurant health grades and Singapore’s method of classifying IoT gadgets and said executive action towards the goals was in the works. CyberScoop noted the pitch’s similarity to the 2020 Cybersecurity Solarium Commission suggestion that Congress create a National Cybersecurity Certification and Labeling Authority. Questions remain about whether the initiative will be voluntary.
The official also clarified that the increased visibility into private sector networks the Intelligence Community (IC) has been calling for will “at this time” take the form of closer collaboration with industry, not new Government authorities. (The official skipped a question regarding why the IC didn’t pick up foreign chatter about the hacks.) The New York Times observed that “there is no political appetite to reverse decades of limits on intelligence agencies” domestic monitoring, and “companies are wary of the appearance of sharing data” following the Snowden leaks.
SC Media says legislative proposals surrounding the details of this closer collaboration and attendant liability protections will face questions about “anonymity, breadth and trust.” According to one Congressman, two bills—one specific to national security and another mandating routine reporting to the Federal Trade Commission—would be necessary. Another Congressman suggested “sources and methods and company names” could be redacted, but a legal expert responded that companies’ concerns about confidentiality and contractual obligations would persist. An industry observer recommended using Information Sharing and Analysis Centers as disclosure hubs (instead of the FBI or CISA) to allay businesses’ fears and help them differentiate serious breaches from the ordinary, everyday kind of breach.
Microsoft and FireEye executives counseled exempting smaller businesses from notification requirements to ease their regulatory burden and minimize the incidence of false positives. Supply chains are too interdependent, a Cyber Readiness Institute director countered, to leave anyone out.
As we’ve seen, and as Swarajyamag reports, Indian authorities are warning of an attempted Chinese hack affecting critical infrastructure. The operation has been ongoing since mid-2020, ETTelecom adds, and “could have…crippled [power and financial] systems.”
In response, New Delhi is drafting a plan to boost collaboration across Government departments and bolster defenses for education, healthcare, water, energy, and transportation systems. Reuters notes that the country is also considering a ban on Huawei and ZTE tech.
The Diplomat calls China’s “destructive, or at least disruptive” attacks on civilian targets “a significant escalation,” one with “long-term destabilizing geopolitical consequences for the Indo-Pacific region.” The fuzziness of cyber conflict enhances the chances of misunderstandings as tensions advance towards a “national-level military conflict.”
The Hindu describes the hacks as “a wake-up call,” and says relations between the two countries will likely continue to deteriorate as India strengthens its alliance with the US and China pursues its ambitions of global dominance. The piece recommends developing “a comprehensive cyber strategy…that fully acknowledges the extent of the cyber threat from China.”
The New Indian Express details the head of the National Cyber Coordination Center’s comments on the nation’s strategic progress through efforts by the Ministry of Defense, National Critical Information Infrastructure Protection Centre, National Cyber Coordination Centre, Indian Cyber Crime Coordination Centre, and other local units.
Are Israel's elections safe from cyberattack? (The Jerusalem Post) "Some political parties have very sensitive information about people, including regarding their political affiliations."
Why Washington Is Fed Up With Beijing (Foreign Policy) Decades of failed efforts to woo China explain the Biden administration’s tough talk ahead of Alaska meeting.
Warfighting in Cyberspace (War on the Rocks) Since the Gulf War, the U.S. military has followed an operational script that exploits technological advantages to fight and win quickly. It starts with
Microsoft breach ramps up pressure on Biden to tackle cyber vulnerabilities (TheHill) The Biden administration is coming under increasing pressure to address U.S. cybersecurity vulnerabilities following the Microsoft breach that has quickly been viewed as a massive threat to the U.S.
Key Official: Defense Information Operations ‘Not Evolving Fast Enough’ (Defense One) China will soon harness AI to supplant Russia as the world leader in information warfare, a DIA leader said.
DoD plan will streamline contractor security clearance appeals (Federal Times) Department of Defense components will all be required to use the Defense Office of Hearings and Appeals for final appeals on contractor security clearance denials.
Senators show support for increasing US Southern Command intelligence assets (Defense News) SOUTHCOM wants more ISR, but does it have to come from physical platforms?
FCC Moves to Rescind Permits of More Chinese Telecom Operators (Nextgov.com) The commission is also seeking public comment on the development of Open Radio Access Networks to improve national security and prosperity.
Hikvision, Dahua deemed national security threats by FCC (Security Info Watch) Huawei, ZTE Corp. and Hytera also placed on list of companies that pose an 'unacceptable risk' to U.S.
White House Still Hashing Through Cyber Director Pick (Meritalk) The Biden administration is still hashing through its consideration of who to appoint as National Cyber Director, but is due to conclude a review of how it should proceed on the position in the next several weeks.
US Commerce Dept subpoenas Chinese companies over possible security risk (Business Standard) The US Department of Commerce on Wednesday served subpoenas on multiple Chinese companies that provide Information and Communications technology and services (ICTS) in the country
U.S. Subpoenas Chinese Companies in Security Probe (Wall Street Journal) The Commerce Department said the subpoenas seek information aimed at determining whether the companies, which it didn’t name, pose a security threat to U.S. interests.
Lawmakers press federal agencies on scope of SolarWinds attack (TheHill) The bipartisan leaders of a House panel on Wednesday drilled multiple agencies for updates on the SolarWinds hack, a mass cyber campaign that compromised at leas
The Cybersecurity 202: Senate panel delves into SolarWinds hack (Washington Post) Another Senate committee on Thursday is jumping into the investigative fray surrounding the hacking of SolarWinds, a software company providing services for government agencies, which the United States believes was targeted by Russia.
The SolarWinds Senate hearing: 5 key takeaways for security admins (CSO Online) Testimony by key security executives in the US Senate reveal how unprepared most organizations are for supply chain attacks. Here are the lessons security admins should learn from it.
IC3 Releases 2020 Internet Crime Report | Federal Bureau of Investigation (Federal Bureau of Investigation) The FBI’s Internet Crime Complaint Center released its latest annual report, which includes information from 791,790 complaints of suspected internet crime and reported losses exceeding $4.2 billion.
Internet Crime Report 2020 (FBI IC3) In 2020, while the American public was focused on protecting our families from a global pandemic and helping others in need, cyber criminals took advantage of an opportunity to profit from our dependence on technology to go on an Internet crime spree.