Tag Archive for: plans

How the Biden administration plans to protect your water systems from hackers

/in


By Sean Lyngaas, CNN

The Biden administration will help deliver cyber defense technologies and threat intelligence to US water utilities to try to bolster security for a sector that is often short of cash and personnel to deal with hacking threats, officials announced Thursday.

The “100-day” plan to increase cybersecurity resources for some of America’s 150,000 public water systems comes a year after a hacker breached a Florida water treatment facility and temporarily changed the plant’s chemical setting to a potentially dangerous level.

The incident at the Tampa-area facility did not cause any harm, but it spurred a heightened focus on the sector’s vulnerabilities among federal officials and the water industry.

“There is absolutely inadequate cyber resilience across the water sector” to criminal and state-sponsored hackers, a senior administration told reporters in previewing the announcement.

The water security initiative will first focus on defenses at the water systems that serve the most people and then expand to smaller facilities, officials said.

The Environmental Protection Agency and US Cybersecurity and Infrastructure Security Agency will invite water utilities to a pilot program to deploy more sophisticated defensive tools on their systems, officials said. Data from the pilot program — and input from water utilities already using such technology — will be the basis of training and guidance that federal officials provide the sector.

The initiative follows similar “100-day plans” that the Biden administration has done to boost cybersecurity in the electricity and natural gas sectors.

The water security initiative is voluntary. Whereas, in other cases, federal agencies can regulate pipelines and electric utilities, they have very limited authority to impose cybersecurity rules on water utilities.

The stakes are high.

“Cyberattacks represent an increasing threat to water systems and thereby the safety and security of our communities,” EPA Administrator Michael S. Regan said in a statement.

The water sector, like other critical infrastructure, has to contend with ransomware attacks and the potential for…

Source…

China’s plans for a national cybersecurity barrier. A US Federal role in the open-source software supply chain? A look at proposed reporting deadlines.

/in


CISA: Federal Agencies Taking Steps to Address Log4j Flaw (Decipher) CISA said that thousands of internet-connected assets have been mitigated by federal agencies under its Emergency Directive that addressed the Log4j flaw.

CISA Still Helping Federal Agencies Remediate Log4j Vulnerability (MeriTalk) The Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) said today that it is continuing to help Federal agencies remediate the Log4j vulnerability that CISA first warned about in December.

Lesson from Log4j: Open-source software improvements need help from feds (POLITICO) The tech industry is readying solutions to the security risks posed by the collaborative software that underpins modern-day computing — but aid from Washington could be essential to the project’s success.

The Case for Cyber-Realism (Foreign Affairs) Geopolitical problems don’t have technical solutions.

Russian troops intervene in protest-roiled Kazakhstan, where security forces have killed dozens of demonstrators (Washington Post) Russian troops landed in Kazakhstan on Thursday after the Central Asian country’s president asked for help to quell sweeping anti-government protests — a major test of a Moscow-led military alliance as the Kremlin deepened its role in the crisis.

Kazakh president gives shoot-to-kill order to put down uprising (Reuters) Kazakhstan’s president said on Friday he had ordered his forces to shoot-to-kill to deal with disturbances from those he called bandits and terrorists, a day after Russia sent troops to put down a countrywide uprising.

Kazakhstan unrest: From Russia to US, the world reacts (Al Jazeera) Bloody protests have drawn the attention of regional powers Russia and China, as well as Western capitals.

West must stand up to Russia in Kazakhstan, opposition leader says (Reuters) The West must pull Kazakhstan out of Moscow’s orbit or Russian President Vladimir Putin will draw the Central Asian state into “a structure like the Soviet Union”, a former minister who is now a Kazakh opposition leader told Reuters.

How Kazakhstan could shift Putin’s calculus on Ukraine (Atlantic Council) The unrest poses a question for Putin: Should he continue…

Source…

“You need to beat all of us to beat one of us.” The US Cyberspace Solarium transitions to a not-for-profit. US Federal Trade Commission plans 2022 rule-making.

/in


At a glance.

  • “You need to beat all of us to beat one of us.”
  • The US Cyberspace Solarium transitions to a not-for-profit.
  • US Federal Trade Commission plans 2022 rule-making.

National Cyber Director speaks at Cyber Beacon 2021.

The Cyber Beacon 2021 conference was hosted (virtually) by the National Defense University’s College of Information and Cyberspace, aka the “Cyber War College.” The US Department of Defense reports that recently confirmed National Cyber Director Chris Inglis appeared at the conference to discuss his new office’s objectives and undertakings. The goal of the office, he stated, is to “bring coherence, connectivity [and] leverage for all the parts that are already in this space, such that we propose, if you’re a transgressor in this space, you’ve got to beat all of us to beat one of us.” He went on to say that this approach indicates a shift in how the nation has been defending against cyberthreats in the past. “You need to beat all of us to beat one of us,” he stated, coining what some are calling a new motto. 

Cyberspace Solarium Commission plans transition to not-for-profit organization.

The Cyberspace Solarium Commission closed out its term on Tuesday night and, as SC Media reports the cybersecurity policy development effort accomplished what it set out to do, having codified approximately forty measures into law. With the commission’s term, agreed upon in the 2019 National Defense Authorization Act, now completed, leadership announced plans to convert the group into a nonprofit, affectionately called Cyber Solarium 2.0, in order to continue its work of pursuing recommended measures. Co-chairman Representative Mike Gallagher stated, “There’s no question it’s not going to be the same as 1.0…but I think because we’ve gotten the ball rolling with our colleagues…because we’re not starting from scratch. I’m still fairly confident that we’re going to be able to make progress next year.” That said, he admitted the group had already tackled most of the simpler measures, so future recommendations might be more difficult to codify. Future focus will be on Systemically Important Critical Infrastructure, as well as the establishment of a bureau of cyber…

Source…

White House plans 30-country meeting on cyber crime and ransomware -official

/in


By Trevor Hunnicutt and Nandita Bose

WASHINGTON (Reuters) – Top U.S. national security advisers will gather officials from 30 countries this month with plans to combat the growing threat of ransomware and other cyber crime, President Joe Biden said on Friday.

An online session hosted by the White House National Security Council will also be aimed at “improving law enforcement collaboration” on issues like “the illicit use of cryptocurrency,” Biden said in a statement.

The Biden administration has elevated the response to cybersercurity to the senior-most levels of the administration following a set of attacks this year that threatened to destabilize U.S. energy and food supplies.

The meat producer JBS SA paid https://www.reuters.com/technology/jbs-paid-11-mln-response-ransomware-attack-2021-06-09 $11 million to end an attack on its systems that halted production and was believed to have originated from a criminal group with Russian links.

Colonial Pipeline paid a hacker gang believed to be based in Eastern Europe nearly $5 million https://www.reuters.com/business/colonial-pipeline-ceo-tells-senate-cyber-defenses-were-compromised-ahead-hack-2021-06-08/#:~:text=NEW%20YORK%2C%20June%208%20(Reuters,by%20stealing%20a%20single%20password to regain access, some of which was later clawed back by U.S. law enforcement.

Both companies paid the ransoms in bitcoin.

Ransom software works by encrypting victims’ data. Typically hackers will offer the victim a key in return for cryptocurrency payments that can run into hundreds of thousands or even millions of dollars.

The Biden administration hopes that their new informal group, which they’re calling the Counter-Ransomware Initiative, will bolster their diplomatic push that has included direct talks with Russia as well as the NATO alliance and Group of Seven (G7) wealthy nations.

The administration has increasingly focused on blocking https://www.reuters.com/technology/us-allies-accuse-china-global-cyber-hacking-campaign-2021-07-19 what it calls China’s “malicious cyber activity,” charges which Beijing has denied.

It was not immediately clear which countries would participate or when exactly the meeting would take place.

One White…

Source…