At a glance.
- Russia’s Positive Technologies responds to US Treasury sanctions.
- US Government stands down its SolarWinds and Microsoft Exchange task forces.
- FCC security priorities charted.
Russia’s Positive Technologies responds to US Treasury sanctions.
As we’ve seen, the Biden Administration last week unveiled sanctions against six Russian firms suspected of assisting with espionage and election interference efforts, including cybersecurity company Positive Technologies. The fast-growing, decades-old company claims to have thousands of clients across dozens of countries, among them the Kremlin, and until last week, was a longstanding participant in Microsoft’s advanced vulnerability information sharing program, according to SecurityWeek.
Washington says Moscow’s secret services use Positive Technologies’ “Positive Hack Days” initiative as a recruitment tool. The firm responded to the sanctions by pointing to its policy of “maximum openness,” its goal of bolstering global cybersecurity irrespective of political interests, and its receptivity to cross-border collaboration, in addition to a market cap that demonstrates consumer trust.
US Government stands down its SolarWinds and Microsoft Exchange task forces.
Windows Central reports that the US Government is reverting to “standard incident management procedures” for the Hafnium and Holiday Bear attacks, phasing out the multi-agency collaborations set up in the early days of the hacks’ discoveries. Deputy National Security Advisor for Cyber Anne Neuberger said the Unified Coordination Groups are no longer necessary due to “vastly increased patching and reduction in victims.”
SC Media describes the shift as “a return to normalcy,” noting Neuberger’s praise of Microsoft and Justice Department contributions to the effort’s success. GCN highlights the FBI’s role in identifying victims, the Cybersecurity and Infrastructure Security Agency’s work to track patching, and NSA’s wide-ranging support. Amongst the “lessons learned,” MeriTalk says, is the importance of coordinating with the private sector in “executive and tactical” decisions.
FCC security priorities charted.
SecurityWeek says Acting Chair of the US Federal Communications Commission Jessica Rosenworcel revealed agency priorities last week in reinstating the Communications, Security, Reliability, and Interoperability Council (CSRIC) with a modern directive. The Council, which Law360 notes is composed of specialists from a range of public and private organizations, will turn its attention to software, cloud, and 5G risks. The global rollout of 5G is expected to greatly increase the volume of trafficked data, and equipment and vendor security remain ongoing concerns, especially where 4G, 3G, and 2G vulnerabilities persist.