Tag Archive for: Congressional

The Cybersecurity 202: Congressional scrutiny heats up of government response to the SolarWinds hack

/in


Russian actors were able to exploit a vulnerability in SolarWinds products and other software to infiltrate the networks of at least eight government agencies and potentially thousands of other companies and governments around the world.

Testifying before the panel will be former cybersecurity officials Chris Krebs, Sue Gordon and Michael Daniel as well as cybersecurity expert Dmitri Alperovitch.

Lawmakers will be looking for answers as to why, despite significant investments in federal network security, Russians managed to lurk unnoticed in government systems for months. Lawmakers are working with other key committees to learn more about the campaign, Thompson says.

Also likely to come up is a recent hack of a Florida town’s water supply, a committee spokesperson said. The attempted poisoning of the water supply by a hacker has raised alarm about serious vulnerabilities in U.S. critical infrastructure.

“Today we will be discussing what I hope will be a bipartisan endeavor making cyberspace more secure and networks more resilient, Thompson said in a statement to The Cybersecurity 202. Thankfully, after four years, Congress now has a willing and able cybersecurity partner in the White House. I am optimistic about the progress we can make but we must work quickly to make up for lost time.

Other cybersecurity leaders in Congress are cranking up pressure on Biden to better coordinate investigative efforts.

Leaders of the Senate Intelligence Committee say President Biden’s intelligence leaders need to get their act together when it comes to coordinating a response to the attack.

The briefings we have received convey a disjointed and disorganized response to confronting the breach, Sen. Mark R. Warner (D-Va.), chairman of the Senate Select Committee on Intelligence and vice chair Sen. Marco Rubio (R-Fla.) wrote to agency leaders. Taking a federated rather than a unified approach means that critical tasks that are outside the central roles of your respective agencies are likely to fall through the cracks.

The pair urged the agencies to pick a leader who has the authority to coordinate the response, set priorities, and direct resources to where they are…

Source…

Congressional hopeful appears at cybersecurity conference – Hornell Evening Tribune

/in

Congressional hopeful appears at cybersecurity conference  Hornell Evening Tribune

Denver, Colo. — Declaring that “Technology alone will not fix the challenge of cyberwarfare,” policy expert Tracy Mitrano called for diplomatic solutions in a …

“cyber warfare news” – read more

Microsoft exec: We stopped Russia from hacking 3 congressional campaigns

/in

Microsoft’s Tom Burt talks about phishing attacks detected by Microsoft against political campaigns at the Aspen Security Summit.

In a panel discussion at the Aspen Institute’s Security Summit yesterday, Microsoft Corporate Vice President for Customer Security and Trust Tim Burt said that in the course of hunting for phishing domains targeting Microsoft customers, members of Microsoft’s security team detected a site set up by Russian actors that was being used in an attempt to target congressional candidates.

“Earlier this year,” said Burt, “we did discover that a fake Microsoft domain had been established as the landing page for phishing attacks, and we saw metadata that suggested those phishing attacks were being directed at three candidates who are all standing for election in the midterm elections.” While Burt would not disclose who the candidates were, he did say that they “were all people who, because of their positions, might have been interesting from an espionage standpoint as well as an election disruption standpoint.”

Microsoft alerted US law enforcement and worked with the government to take down the sites. “We took down that domain and, working with the government, were able to prevent anyone from being infected by that particular attack,” Burt said. “They did not get in, they tried, they were not successful, and the government security teams get a lot of credit for that.”

Read 4 remaining paragraphs | Comments

Biz & IT – Ars Technica