Tag Archive for: white

The White House cyber czar is laying groundwork for big changes

/in


Below: Israeli officials found no evidence police misused Pegasus spyware, and cyber experts blast a D.C. mobile voting bill. 

Chris Inglis wants a new “social contract” on cybersecurity

The Biden administration’s cyber czar is pushing a swing-for-the-fences effort to transform the Internet from an unruly Wild West to a peaceful land of law and order. 

The plan, dubbed “a new social contract” for cybersecurity is laid out in a Foreign Affairs article by Chris Inglis, the nation’s first-ever national cyber director, and Harry Krejsa, a senior adviser in Inglis’s office. It’s the most expansive argument yet from the administration for why the nation must completely revamp how it manages cybersecurity. 

The article paints a bleak picture of the modern Internet — one in which cyber protections are hit or miss, citizens’ personal information is easy to steal, and major technological advances — such as widespread autonomous vehicles — are essentially impossible because they can’t be secured against hacking. 

“Contemporary cyberthreats represent a tragic betrayal of what leading technology advocates promised at the dawn of the digital revolution,” they write. 

The fundamental insecurity of the Internet has also fractured national security, Inglis and Krejsa write — making it easier for China to steal its way to dominance in key industries and for Russia to threaten economy-rattling cyberattacks.

Those concerns have jumped into hyperdrive recently amid fears of Russian cyberattacks hitting U.S. targets as part of the fallout from an invasion of Ukraine that officials have said appears imminent

The article is short on specifics, but the general idea is a “new social contract” in which government and companies both take on “a new set of obligations” to make computer systems secure against hacking from the beginning rather than scurrying after they’re compromised. 

Inglis and Krejsa also urges shifting more responsibility for cybersecurity away from the most common hacking victims — small and medium-sized companies, schools and local governments…

Source…

White House orders federal agencies to raise cybersecurity bar for national security systems

/in


New guidance will bring standards into line with federal civilian networks

White House orders federal agencies to raise cybersecurity bar for national security systems

President Biden has granted the National Security Agency (NSA) new powers to bolster the cybersecurity of US federal government computer systems related to national security.

A memorandum issued by the White House yesterday (January 19) also sets out new obligations for federal agencies and timelines for meeting them.

As prescribed by an executive order signed by Biden in May 2021, the measures will, “at minimum”, ensure that national security, Department of Defense (DoJ), and intelligence community systems adhere to the more stringent cybersecurity measures already in place for federal civilian networks.

DON’T FORGET TO READ US government launches ‘Hack the DHS’ bug bounty program

Federal agencies have been instructed to identify their national security systems and report security incidents affecting them to the NSA, the DoJ’s intelligence agency.

Mark Warner, Democrat senator for Virginia and chairman of the Senate Select Committee on Intelligence, urged Congress to build on this measure by passing pending bipartisan legislation requiring critical infrastructure operators to report cyber-attacks within 72 hours.

The legislation was drafted in the wake of the SolarWinds and Colonial Pipeline hacks.

The directive also includes guidance on the use of multi-factor authentication (MFA), encryption, zero-trust architecture, and endpoint detection services.

Binding operational directives

The memo authorizes the NSA to issue ‘binding operational directives’ that oblige operators of national security systems “to take specific actions against known or suspected cybersecurity threats and vulnerabilities”, reads a fact sheet.

These powers are modeled on those already wielded by the Department of Homeland Security (DHS) in relation to civilian government networks, with one recent DHS directive ordering agencies to mitigate the far-reaching Log4j vulnerability.

The memorandum also requires that federal agencies inventory and bolster the security of ‘cross-domain solutions’, which transfer data between classified and unclassified systems.

Read more of the latest…

Source…

White House to discuss software development with tech executives, calling it ‘key national security concern’

/in


The January discussion between tech executives and White House officials is needed because open-source software is widely used but is maintained by volunteers, making it “a key national security concern,” Sullivan said in a letter to tech firms, excerpts of which the White House shared with reporters.

Invitees include software development firms and cloud service providers, according to the White House. A National Security Council spokesperson declined to say which companies had been invited.

The letter follows the discovery this month of a vulnerability in software known as Log4j that organizations around the world use to log data in their applications.

Ransomware gangs and hackers linked with the governments of China, Iran, North Korea and Turkey have moved to exploit the flaw as tech firms and government agencies have raced to apply software patches.
The US Cybersecurity and Infrastructure Security Agency, which has said that hundreds of millions of devices could be exposed to the vulnerability, issued an “emergency directive” on December 17 ordering federal civilian agencies to update their systems.

An agency spokesperson told CNN on Thursday that there is no indication that any agency has been hacked using the vulnerability in Log4j.

While no US agencies have confirmed a breach via the vulnerability, the Belgian Defense Ministry told local media outlets this week that it had shut down parts of its computer network in response to a hack using the flaw.

Cybersecurity executives have called the vulnerability one of the most critical software bugs in years and warned that it could take weeks or months to fully assess the impact.

While the world’s richest companies rely on it, the Log4j software is maintained by a group of volunteers at the nonprofit Apache Software Foundation, who have worked long hours to address the flaw.

The vulnerability in Log4j “will define computing as we know it, separating those that put in the effort to protect themselves and those comfortable being negligent,” said Amit Yoran, the CEO of the Maryland-based security firm Tenable.

It’s precisely that dearth of investment in critical software that the White House wants to address.

President Joe Biden in May…

Source…

Learn White Hat Hacking For Less with This Pre-Black Friday Sale

/in


Partner content by StackCommerce

We all think of hackers as mischievous troublemakers who wear hoodies and chug mountain dew, but despite what television shows you, these computer geniuses can work for good guys too. White hat hacking is one of the most well-known and lucrative sectors of the cybersecurity industry, and anyone who knows their way around it can set themselves up for a high-earning career. If this interests you, then you need to start with some education.

Check out The Ultimate 2021 White Hacker Certification Bundle, which is on sale for just $33.99 (reg. $1,345) with code SAVE15NOV during our Pre-Black Friday Sale. Once you’ve taken the 10 courses and near 1,000 lessons available in the bundle, you will have what it takes to defend any system from digital attacks. Immerse yourself in content on cybersecurity, ethical hacking, and more with leadership from top instructors Joe Parys and Nathan House.

House is a leading cyber security expert with nearly a quarter-century of experience and a 4.5/5 star instructor rating. His course The Complete Cyber Security Course, Vol. 1 Hackers Exposed has earned 25,373 positive ratings from nearly 150,000 students enrolled. It will show you how to stop hackers, prevent tracking, and counter government surveillance. There are 4 volumes of this course.

This bundle also features important certification preparation like the CompTIA CySA+ Cybersecurity Analyst (CS0-001) Prep Course, which helps students ace the high-stakes security analyst certification exams and become trusted professionals in the field. This class teaches students everything they need to know when responding to cybersecurity threats and attacks, and it will leave you ready to pass the pivotal CompTIA exam.

Check out The Ultimate 2021 White Hacker Certification Bundle, which is on sale for just $33.99 (reg. $1,345) with code SAVE15NOV during our Pre-Black Friday Sale.

Source…