Security News
NSA director General Paul Nakasone told the Privacy and Civil Liberties Oversight Board yesterday that the loss of Section 702 of the Foreign Intelligence Surveillance Act would mean American spies would "Lose critical insights into the most significant threats to our nation" if allowed to lapse on December 31. In his speech, Nakasone said Section 702 is "Irreplaceable," and he provided several stories of the FBI and NSA cooperating using the law to stop terrorist plots and online attacks to justify his claim.
"Ransomware payments in the U.S. have totaled more than $1 billion since 2020. Most notably, this past May, a Russian ransomware attack forced Colonial Pipeline to shut down oil supplies to the eastern United States before the company paid hackers. As disruptive as this hack was, it pales in comparison to what would happen if America's critical financial infrastructure were to be taken offline," he said. "That's why I'm introducing the Ransomware and Financial Stability Act of 2021. This bill will help deter, deny and track down hackers who threaten the financial institutions that make the day-to-day economic activity possible. The legislation will also provide long-overdue clarity for financial institutions that look to Congress for rules of the road as ransomware hacks intensify."
The House Committee on Oversight and Reform has requested a briefing to understand the rationale behind the FBI's decision to delay providing the victims of the Kaseya REvil ransomware with a universal decryption key for three weeks. "To understand the FBI's decision, the lawmakers are requesting a briefing from the FBI on its legal and policy rationale for withholding the ransomware key, as well as the FBI's overall strategy for addressing, investigating, preventing, and defeating ransomware attacks," the Committee said in a press release on Wednesday.
A senior Chief Information Security Officer advisor at Cisco has penned a commentary on the state of US cybersecurity frameworks, criticizing current government infosec and advocating for more autonomy for CISOs and a better understanding of the task at hand from those creating policies. "After nearly two decades of federal cybersecurity and risk management as practiced under the rubric of the Federal Information Security Management Act of 2002 and the Federal Information Security Modernization Act of 2014, billions of dollars in appropriated federal cybersecurity funding have not appreciably improved the overall situation," wrote Bruce Brody.
announced the keynote line-up for its eleventh annual² Security Congress held in-person in Orlando, Florida and online from October 18-20, 2021. Together, these² Security Congress 2021 keynote speakers tell a story of resilience, opportunity and inspiration in the face of unprecedented global, personal and security disruption.
announced that registration is now open for its 11th annual² Security Congress taking place online and at the Hyatt Regency Orlando in Orlando, FL from October 18-20. Focused on continuing education for security professionals, the three-day Security Congress will be held as a hybrid event, with online sessions accessible around the world as well as an engaging, in-person workshops, discussions, networking events and more.
announced a global call for speakers for its 11th annual² Security Congress conference, which will take place this year from October 18-20. Submissions will be accepted until April 19 at 11:59 p.m. PST. Geared toward a global audience, the conference focuses on cybersecurity challenges across many regions and provides best-practice sharing, continuing education and networking opportunities for information security professionals.
The private sector should be legally obliged to disclose any major hacks of their systems, says Microsoft's president and top lawyer Brad Smith. While only Smith was willing to say categorically that it was Russia, FireEye's CEO Kevin Mandia noted that following an intensive investigation by his team, which included looking for clues in reams of decompiled code, they had concluded that the hack was "Not consistent with China, North Korea or Iran, and was most consistent with Russia."
The private sector should be legally obliged to disclose any major hacks of their systems, says Microsoft's president and top lawyer Brad Smith. While only Smith was willing to say categorically that it was Russia, FireEye's CEO Kevin Mandia noted that following an intensive investigation by his team, which included looking for clues in reams of decompiled code, they had concluded that the hack was "Not consistent with China, North Korea or Iran, and was most consistent with Russia."
"In 2015, Juniper revealed a security breach in which hackers modified the software the company delivered to its customers," a Wyden statement read. "Researchers subsequently discovered that Juniper had been using an NSA-designed encryption algorithm, which experts had long argued contained a backdoor, and that the hackers modified the key to this backdoor." "The American people have a right to know why NSA did not act after the Juniper hack to protect the government from the serious threat posed by supply chain hacks. A similar supply chain hack was used in the recent SolarWinds breach, in which several government agencies were compromised with malware snuck into the company's software updates," the members wrote.