Tag Archive for: Biden

Biden Warns a ‘Real Shooting War’ Could Come From Cyber Breach

/in


President Joe Biden told U.S. intelligence officials on Tuesday that he thinks a cyber breach could lead to a “shooting war” with a major global power.

“I think it’s more likely we’re going to end up—if we end up in a war, a real shooting war, with a major power—it’s going to be as a consequence of a cyber breach of great consequence,” Biden said during a visit to the Office of the Direct of National Intelligence, according to a recording of his visit.

Biden did not clarify how the U.S. measures a breach “of great consequence,” but his remarks come after a series of Russian ransomware attacks and other cyberattacks have hit U.S. government and private sector entities. The American public has become intimately familiar with how ransomware attacks, especially those against a pipeline operator and meat supplier in recent months, can cause disruptions in Americans’ day-to-day lives.

“We’ve seen how cyberthreats including ransomware attacks increasingly are able to cause damage and disruption in the real world,” Biden told the approximately 120 ODNI staff in attendance.

The U.S. has long taken actions to retaliate against cyberattacks that have pummeled U.S. entities in recent years. It has sanctioned individuals it says are linked with attacks, indicted some, and called out different foreign government entities, such as China’s counterintelligence agency, the Ministry of State Security, for its involvement in cyberattacks. Cyber Command has worked to disrupt Russian government-linked hackers that sought to intervene in U.S. elections in recent years by sending them direct messages and interrupting their internet access.

And while Biden has said in recent months that he wouldn’t rule out a retaliatory cyberattack in response to one targeting U.S. entities, his remarks raised the specter that the U.S., or another adversary, might escalate its responses to cyberattacks in the future.

Sen. Angus King (I-ME), a member of the Senate Intelligence Committee, echoed Biden’s concerns in comments to The Daily Beast.

“I think what it means is he understands that a cyberattack can be easily as destructive if not more so than a dropping of a missile or a bomb and…

Source…

Cybersecurity Defense: Recommendations for Companies Impacted by the Biden Administration Executive Order | Lighthouse

/in


Thus, while on its face, many of the new requirements within the Order are aimed at federal agencies and government subcontractors, the ultimate goal appears to be to create a more unified national cybersecurity defense across all sectors. In this installment of our blog series, I will outline recommended steps for private sector organizations to prepare for compliance with the Order, as well as general best-practice tips for adopting a more preemptive approach to cybersecurity.

1. Conduct a Third-Party Assessment

First and foremost, organizations must understand their current cybersecurity posture. Given the severity and volume of recent cyberattacks, third-party in-depth or red-team assessments should be done that would include not only the organization’s IT assets, but also include solutions providers, vendors, and suppliers. Red teaming is the process of providing a fact-driven adversary perspective as an input to solving or addressing a problem. In the cybersecurity space, it has become a best practice wherein the cyber resilience of an organization is challenged by an adversary or a threat actor’s perspective.[1] Red-team testing is very useful to test organizational policies, procedures, and reactions against defined, intended standards.

A third-party assessment must include a comprehensive remote network scan and a comprehensive internal scan with internal access provided or gained with the intent to detect and expose potential vulnerabilities, exploits, and attack vectors for red-team testing. Internal comprehensive discovery includes scanning and running tools with the intent to detect deeper levels of vulnerabilities and areas of compromise. Physical intrusion tests during red-team testing should be conducted on the facility, networks, and systems to test readiness, defined policies, and procedures.

The assessment will evaluate the ability to preserve the confidentiality, integrity, and availability of the information maintained and used by the organization and will test the use of security controls and procedures used to secure sensitive data.

2. Integrate Solution Providers and IT Service Companies into Plans to Address Above Executive Order Steps

To…

Source…

Biden administration launches new website to combat ransomware

/in


To listen to the Federal Newscast on your phone or mobile device, subscribe in PodcastOne or Apple Podcasts. The best listening experience on desktop can be found using Chrome, Firefox or Safari

  • NATO’s first U.S.-based headquarters organization is up and running. The new Joint Force Command in Norfolk, Virginia, declared full operational capability in a ceremony yesterday. The NATO command is meant to deliver reinforcements for any potential future war in Europe. It’s not to be confused with the similarly-named Joint Forces Command — a Defense Department organization based in nearby Hampton Roads, which shut down almost exactly 10 years ago.
  • Vice Adm. James Kilby was tapped as the next leader of U.S. Fleet Forces Command. The organization provides combat-ready Navy forces to combatant commanders around the globe. The command is currently led by Adm. Christopher Grady. Kilby now serves as the deputy chief of naval operations for warfighting requirements and capabilities.
  • President Joe’s Biden’s pick to run the Census Bureau outlined steps to improve workforce morale. Robert Santos, the Urban Institute’s vice president and chief methodologist, said Census employees worked under harrowing conditions last year. In some cases  they worked seven days a week and put in 80-hour workweeks to get ahead of pandemic delays. Santos told the Senate Homeland Security and Governmental Affairs Committee he’s open to offering bonuses and raises to employees to address morale issues, but he is also looking at telework options for employees. “There are morale issues, we know that. Morale is a symptom, it’s not the root cause of a problem,” Santos said. (Federal News Network)
  • A new Pentagon policy calls for ramping up the use of 3D printing for both frontline and logistical challenges. The Defense Department released its first-ever additive manufacturing policy in early June. Tracy Frost, director of DoD’s manufacturing technology program, said the policy “will align activities to accelerate the use of AM.” DoD wants to use additive manufacturing to help combatant commands meet urgent…

Source…

Attempted Hack of R.N.C. and Russian Ransomware Attack Test Biden

/in


Last month, Mr. Biden used the summit with Mr. Putin to make the case that ransomware was emerging as an even larger threat, causing the kind of economic disruption that no state could tolerate. Mr. Biden specifically cited the halting of the flow of gasoline on the East Coast after an attack on Colonial Pipeline in June, as well as the shutdown of major meat-processing plants and earlier ransomware attacks that paralyzed hospitals.

The issue has become so urgent that it has begun shifting the negotiations between Washington and Moscow, raising the control of digital weapons to a level of urgency previously seen largely in nuclear arms control negotiations. On Tuesday, the White House press secretary, Jen Psaki, said American officials will meet with Russian officials next week to discuss ransomware attacks — a dialogue the two leaders had agreed upon at their summit in Geneva.

On Saturday, as the attacks were underway, Mr. Putin gave a speech timed to the rollout of Russia’s latest national security strategy that outlines measures to respond to foreign influence. The document claimed that Russian “traditional spiritual-moral and cultural-historical values are under active attack from the U.S. and its allies.”

While the strategy reaffirmed Moscow’s commitment to using diplomacy to resolve conflicts, it stressed that Russia “considers it legitimate to take symmetrical and asymmetric measures” to prevent “unfriendly actions” by foreign states.

The remarks, cybersecurity experts said, were Mr. Putin’s response to the summit with Mr. Biden.

“Biden did a good job laying down a marker, but when you’re a thug, the first thing you do is test that red line,” said James A. Lewis, a cybersecurity expert at the Center for Strategic and International Studies in Washington. “And that’s what we’re seeing here.”

Mr. Lewis added that “low-end penalties” like sanctions had been exhausted. “The White House will have to use more aggressive measures, whether that is something in cyberspace, or a more painful legal or financial maneuver,” he said.

Stronger measures have long been debated, and occasionally used. When Russian…

Source…