Tag Archive for: tells

Kapil Sibal Tells Supreme Court

/in


In the Pegasus issue, the petitioners on Monday did not take kindly to the Centre telling the Supreme Court that it has nothing more to say than what has been said in its first and only affidavit (described as “limited” by the court)- that it does not deem it appropriate to state whether any particular software was employed or not, that there has been no illegal interception, and that it is willing to quell the concerns of the petitioners by constituting an expert inquiry committee.

The following are the arguments by the battery of senior advocates for the petitioners before the bench of Chief Justice N. V. Ramana and Justices Surya Kant and Hima Kohli.

The CJ had told the senior advocates to keep in mind that the proceedings are at an interim stage at present- “You have placed some material before us. We have given enough opportunity to the government to make some statement. They are saying- for whatever reason, I don’t want to make any comment on that- that they don’t want to file an affidavit. We have no option now but to pass whatever order we have to pass. We thought if the government will file some counter-affidavit, how to go further would depend on that. Now we will consider what are the interim orders that we will have to pass”

Senior Advocate Kapil Sibal, for N. Ram, former Editor of The Hindu, and Sashi Kumar, Chairperson of the Asian College of Journalism

Beginning, Mr. Sibal indicated the observations of the Supreme Court in the 2011 case of Ram Jethmalani v. UOI, where the court had noted that the burden of protection of fundamental rights is primarily the duty of the State, and hence, withholding of information from the petitioners, or seeking to cast the relevant events and facts in a light favourable to the State in the context of judicial proceedings, would be destructive to the guarantee in Article 32, and the State has the duty to reveal all the facts and information in its possession to the Court, and also provide the same to the petitioners.

“This is their duty, My Lords. They cannot say that I will not tell anything! What is happening today is that the government and the State are now telling you that we will not tell you the facts. It is its bounden duty! All…

Source…

Proposed ‘Hack-Back’ Bill Tells DHS To Study Allowing Companies To Retaliate – Breaking Defense Breaking Defense

/in


A new bill could be the first step in companies being able to “hack back” at bad actors – but doing so could come with major risks, experts say. (File)

WASHINGTON: Two members of the Senate Finance Committee have introduced a bipartisan bill that instructs the Department of Homeland Security to study the “potential consequences and benefits” of allowing private companies to hack back following cyberattacks.

Sens. Steve Daines, R- Mont., and Sheldon Whitehouse, D-R.I., have introduced the legislation as frustration over repeated cyberattacks against US companies has led to growing calls across the national security community and the private sector for retaliatory actions. Some, including military legal advisors, are now calling for the US to revisit its policy on military offensive cyber operations, especially in response to increasing ransomware attacks targeting the public and private sectors.

The draft Study on Cyber-Attack Response Options Act tells DHS to study “amend[ing] section 1030 of title 18, United States Code (commonly known as the Computer Fraud and Abuse Act), to allow private entities to take proportional actions in response to an unlawful network breach, subject to oversight and regulation by a designated Federal agency.”

DHS’s report would provide recommendations to Congress on the “potential impact to national security and foreign affairs.” Specifically, the report would address the following issues:

  • Which federal agency or agencies would authorize “proportional actions by private entities;”
  • Level of certainty in attribution needed to authorize such acts;
  • Who would be allowed to conduct such operations and under what circumstances;
  • Which types of actions would be permissible; and
  • Required safeguards to be in place.

“The Colonial Pipeline ransomware attack shows why we should explore a regulated process for companies to respond when they’re targets,” Whitehouse said in a statement to Breaking Defense. “This bill will help us determine whether that process could deter and respond to future attacks, and what guidelines American businesses should follow.” (A request for comment to Daines’s office was not returned by…

Source…

The White House isn’t kidding when it tells companies to button up against ransomware

/in


Best listening experience is on Chrome, Firefox or Safari. Subscribe to Federal Drive’s daily audio interviews on Apple Podcasts or PodcastOne.

Alarmed by ransomware, the White House has been telling the private sector to get serious about cybersecurity. Just this month, a letter to corporate executives and business leaders, urged companies to do what amounts to basic cybersecurity. It told companies they have a key and distinct responsibility. For what it all could mean, Federal Drive with Tom Temin talked to partner and information security group practice leader at the law firm Davis Wright Tremaine, Michael Borgia.

Tom Temin: Mr. Borgia, good to have you one.

Michael Borgia: Thank you for having me. I appreciate the opportunity.

Tom Temin: First of all, this letter from the White House, specifically from Anne Neuberger, the deputy assistant to the president, and the deputy national security advisor for cyber, who did go to exactly?

Michael Borgia: Well, it is addressed to the private sector. So, it’s got a broad audience. And I think it looks like the intention was to really get the word out broadly to companies all over the private sector, and let them know what the White House thinks they should be doing and perhaps set some kind of baseline around cyber hygiene. As you said, I would think of this as pretty basic hygiene, people who have been in the industry for a while I think nothing in here is going to be shocking or surprising to them.

Tom Temin: Right. It said you should have two-factor authentication, you should have backups that are stored offline, and all these other good things in place, again, basic stuff, but coming from the White House, that’s kind of open-letter, telling people you have a distinct and key responsibility almost implies like there could be some sort of regulatory push here, not just for federal contractors, but for industry in general, coming. It has that ‘Dear Colleague,’ tone.

Michael Borgia: Exactly. It’s funny. On the one hand, you think, well, what does this mean that this doesn’t really do anything? On the other hand, here we are talking about it. And there has been quite a bit of discussion around this. It’s generated a lot…

Source…

Colonial Pipeline CEO tells Senate decision to pay hackers was made quickly

/in


Colonial Pipeline CEO Joseph Blount said Tuesday that his company paid hackers a $4.4 million ransom a day after discovering malware on its systems in early May. The company also hired outside consultants to handle negotiations with the hackers, who were paid in the bitcoin cryptocurrency.



a close up of a sign: Colonial Pipeline was the target of a ransomware attack that forced it to shut down operations. Jim Watson/Getty Images

© Provided by CNET
Colonial Pipeline was the target of a ransomware attack that forced it to shut down operations. Jim Watson/Getty Images

Blount, who was testifying before the Senate Committee on Homeland Security and Governmental Affairs, said the decision to pay the ransom on May 8 was made by the company itself. Federal authorities, however, were notified of the hack within hours of its discovery. 

Loading...

Load Error

“I made the decision to pay, and I made the decision to keep the information about the payment as confidential as possible,” Blount said. “I kept the information closely held because we were concerned about operational safety and security, and we wanted to stay focused on getting the pipeline back up and running.”

The testimony comes a day after the FBI said it had recovered millions of dollars in bitcoin paid to the DarkSide ransomware gang, which attacked the pipeline last month, prompting a shutdown of the East Coast’s main fuel-supply artery. The stoppage led to gasoline hoarding and soaring prices as motorists filled tanks amid uncertainty about supplies.

On Monday, the DOJ said it seized 63.7 bitcoins valued at a total of about $2.3 million, part of the ransom demanded by DarkSide. The criminal enterprise, which has since said it disbanded, is thought to be based in Russia.

The hack promoted the government to issue new cybersecurity regulations for operators of pipelines. The new security directive, issued by the DHS Transportation Security Administration, requires critical pipeline companies to report confirmed and potential cyberattacks to the US Cybersecurity and Infrastructure Security Agency. The directive also requires pipeline companies to undertake a review of their current security practices to identify any risks or gaps. Companies must report results of these reviews to the TSA and CISA within 30 days.

America’s energy crisis: How the…

Source…