Tag Archive for: Senators

Senators Cite Colonial Pipeline Hack in Calling for Cyber Response and Recovery Fund

/in


The cyberattack that has shut down a major supply line for energy to much of the East Coast is the kind of event that would have triggered a release of funding outlined in legislation to help the government respond to such incidents, key senators said in a hearing Wednesday.

“I know we’re here today to focus on federal cybersecurity. But I think it’s important to discuss the attack that we have just recently seen on Colonial Pipeline, one of the largest attacks on critical infrastructure in our history,” Sen. Gary Peters, D-Mich., said. “Last month, Ranking Member, [Rob] Portman [R-Ohio] and I introduced the Cyber Response and Recovery Act which would give the Secretary of Homeland Security the authority to declare a significant incident and use [the] Cyber Response and Recovery Fund after events like this.”

Peters, chairman of the Senate Homeland Security and Government Affairs Committee, was leading a hearing on the federal government’s efforts to improve its cybersecurity following the SolarWinds hack, which was part of a campaign that compromised scores of organizations, including nine federal agencies.

The chair and ranking member touted their legislation while drawing attention to what they said were lapses in both public and private entities’ communications with the government.

The Cyber Response and Recovery Fund that the legislation creates would keep $20 million available for DHS’ Cybersecurity and Infrastructure Security Agency to reimburse other departments they need to call in to help respond to cyberattacks and to get information out to related entities to mitigate the impact of such events.

But in Colonial’s case, Brandon Wales, CISA’s acting director, told Portman that the company did not contact CISA after they were targeted by ransomware criminals. CISA was engaged only after the FBI brought them in and still does not possess the technical details that would help them to advise other critical infrastructure entities, Wales said.

Wales said this is understandable since it’s still early in the response, and that CISA has a good relationship with Colonial, but Portman did not accept that argument.  

“It seems to me we also have to worry about these…

Source…

US senators question Apple and Google on mobile app store dominance

/in


A panel of U.S. senators questioned officials from Apple Inc and Alphabet Inc’s Google on Wednesday about the dominance of their mobile app stores and whether the companies abuse their power at the expense of smaller competitors.

Amy Klobuchar, the top Senate Democrat on antitrust issues, said Apple and Google can use their power to “exclude or suppress apps that compete with their own products” and “charge excessive fees that affect competition.”

App makers like music streaming service Spotify Technology SA and dating services giant Match Group, which owns the Tinder app, have long complained that mandatory revenue sharing for sales of digital goods and strict inclusion rules set by Apple’s App Store for iPhones and iPads, along with Google’s Play store for Android devices, amount to anticompetitive behavior.

Representatives for Apple and Google told senators that the companies’ tight control over their stores and the associated revenue-sharing requirements are needed to enforce and pay for security measures to protect consumers from harmful apps and practices.

But when asked by Senator Josh Hawley, Apple’s Chief Compliance Officer Kyle Andeer would not commit to spending all of the mandatory fees on security.

Explanations from Andeer and Google’s Wilson White, senior director for government affairs, about why the companies’ fees do not apply to Uber Technologies Inc and apps that sell physical goods also failed to satisfy senators.

“I feel like unfrozen caveman lawyer,” Senator Mike Lee said. “I’m not grasping it.”

Senator Richard Blumenthal expressed concern about a call Match said it received late on Tuesday from its business counterpart at Google.

Match’s Chief Legal Officer Jared Sine said Google wanted to know why Sine’s planned testimony, which had just been released, deviated from previous comments the dating company had made.

“It looks like a threat, it talks like a threat, it’s a threat,” Blumenthal said of the call, vowing to investigate Google’s action further.

In his testimony, Match’s Sine argued that Google and Apple both exact an onerous 30% of any…

Source…

Senators want federal government to take accountability for SolarWinds hack

/in


The leadership of the Senate Homeland Security and Governmental Affairs Committee wants the Biden administration to take accountability and provide more information on the SolarWinds hack of computer network management software afflicting the government.

The federal government has said the hack — publicly disclosed last year — compromised nine federal agencies, but the Democratic and Republican leaders of the homeland security committee want more details about whose accounts and systems were compromised.

Sens. Gary Peters, Michigan Democrat, and Rob Portman, Ohio Republican, wrote to the Office of Management and Budget expressing concern that the federal government has not properly taken accountability for the SolarWinds hack. 

“It is important that there be a single point of accountability for leading response efforts to prevent confusion and duplication. We are concerned this level of accountability is currently lacking,” wrote Mr. Peters and Mr. Portman to OMB’s federal chief information security officer Christopher DeRusha.

The duo requested OMB provide a list of roles and responsibilities for cybersecurity across the federal government so the senators can understand who has responsibility for…

Source…

‘Critical’ that Pompeo brief senators on SolarWinds hack at State Dept.

/in


The top Democrat on the Senate Foreign Relations Committee is calling on Secretary of State Mike Pompeo to brief senators on the massive SolarWinds hack by suspected Russian hackers and its effect on the State Department.



a man wearing a suit and tie: Top Democrat: 'Critical' that Pompeo brief senators on SolarWinds hack at State Dept.

© Getty Images
Top Democrat: ‘Critical’ that Pompeo brief senators on SolarWinds hack at State Dept.

“It is critical that the Senate Foreign Relations Committee receive a briefing on the extent of the security breach and the efforts that the Department is taking to mitigate its impacts and defend against future attacks,” Sen. Bob Menendez (N.J.) wrote to Pompeo in a letter Wednesday.

“Furthermore, it is essential that critical sectors within private industry and the American public more broadly understand the nature of the threat that our nation faces from the Kremlin, and their persistent exploitation of cyberspace, the Internet, and social media for their malign ends,” he added.

The State Department is one of several federal agencies breached by a cyberattack into third-party software developer SolarWinds that was revealed last week. Officials have called the hack, which is believed to have originated as far back as March, a “grave” risk to U.S. national security.

The State Department has yet to provide any specifics on the hack, and Menendez criticized Pompeo for his silence on the matter.

“While several other cabinet agencies that are victims of this cybersecurity breach have publicly acknowledged having been attacked, to date the Department of State has been silent on whether its computer, communication and information technology systems were compromised,” Menendez said in Wednesday’s letter.

A State Department spokesperson said the agency is working with the Cyber Unified Coordination Group (UCG), the administration’s coordinated effort between the FBI, Cybersecurity and Infrastructure Security Agency (CISA) and the Office of the Director for National Intelligence.

“We are working with the Cyber Unified Coordination Group (UCG) lead agencies and appropriate partners to determine the full scope and impact of these incidents,” the spokesperson said, and referred all other questions to UCG.

CISA did not immediately return a request for comment about…

Source…