Congress

now browsing by tag

 
 

#cyberbullying | #cyberbully | Congress demands criminal investigation into Facebook and WhatsAapp-BJP collision | #parenting | #parenting | #kids

Referring to the latest report published by WSJ, Chowdhury said Facebook’s India policy head, Ankhi Das, referring to Modi’s victory in 2014 elections had written an internal email to her […] View full post on National Cyber Security

#schoolsafety | As colleges reopen, Congress remains deadlocked on liability limits, safety measures | #parenting | #parenting | #kids

One education expert proposes contractual agreements over federal intervention Even though some students are already back on campus, Congress remains deadlocked on the federal policies needed to ensure schools, including […] View full post on National Cyber Security

#nationalcybersecuritymonth | Trump administration officials brief Congress on election security

Source: National Cyber Security – Produced By Gregory Evans

Top law enforcement and intelligence community officials briefed members of Congress on election security in a pair of panels Tuesday afternoon, telling lawmakers they had “nothing to support” the notion that Russian President Vladimir Putin favored one candidate or another or had ordered actions on any given candidate’s behalf. They said the Russian government’s objective was to sow discord in U.S. political processes, sources said. 

Three sources familiar with Tuesday’s briefing said there were inconsistencies between the election security assessment delivered Tuesday and the one given to the House Intelligence Committee last month.

It appeared to two sources familiar with both February’s and Tuesday’s briefings that the assessment delivered Tuesday was crafted to avoid saying the Russian government had established a preference for Mr. Trump, a conclusion that had been expressed by representatives from multiple intelligence agencies before that panel in February. 

Lawmakers were also briefed last month on Russia’s efforts to boost Democratic candidate Bernie Sanders’ campaign

Separately, three sources also said the intelligence community has not yet furnished intelligence that members of both parties had requested in the February closed-door session that supported the assessment that the Russian government had developed a preference for President Trump. 

Richard Grenell, the acting director of national intelligence, was not among the officials briefing members of the House and Senate. President Trump made the controversial decision to tap Grenell as acting DNI last month. Grenell, the U.S. ambassador to Germany, has virtually no national intelligence experience.

Members heard from FBI Director Christopher Wray, Acting Homeland Security Secretary Chad Wolf, Cybersecurity and Infrastructure Security Agency Director Chris Krebs, and Assistant Attorney General John Demers, among other officials. Instead of Grenell, Bill Evanina, the director of the National Counterintelligence and Security Center, represented the Office of the Director of National Intelligence (ODNI).

An ODNI spokesperson said that the FBI and DHS are in charge of securing the U.S. elections, and the intelligence community was participating in the briefings “in support of that mission.” The intelligence community’s efforts are focused on “detecting and countering foreign election-related threats,” the spokesperson said. 

Shelby Pierson, the election security threats executive at ODNI, also did not appear at the briefing. Pierson’s position at ODNI appeared to be in jeopardy after the president learned she had delivered a February 13 assessment on, among other things, Russian election interference before lawmakers on the House Intelligence Committee. The assessment, which was based on intelligence collected by multiple agencies, indicated that Russia had established a preference for Mr. Trump, multiple sources familiar with the briefing told CBS News. 

The president was infuriated that Democrats on the committee, including Chairman Adam Schiff, who served as lead House manager during last month’s impeachment proceedings, were briefed on information that Mr. Trump feared could be used as a political weapon against him. He was informed of the briefing by House Republicans, though it is not clear how the substance of the briefing was characterized.

After learning of the briefing, Mr. Trump summoned Joseph Maguire, who had been serving as acting director since August, to explain why it had taken place. Days later, the president named Grenell to the role, and Maguire resigned from government. Administration sources have contended that Maguire’s ouster was unrelated to the president’s displeasure with the House briefing.

However, Pierson said in February that she would not be dismissed from her position and that she had the support of Grenell.

“Ambassador Grenell has not asked me to leave,” Pierson said. “In fact, he has encouraged and affirmed his support for my position here in the organization. I have not asked to depart nor discussed resignation in any way.”

Grace Segers contributed to this report.

Source link

The post #nationalcybersecuritymonth | Trump administration officials brief Congress on election security appeared first on National Cyber Security.

View full post on National Cyber Security

#nationalcybersecuritymonth | Cyber Risks Cloud Census With Resources, Congress Seats at Stake

Source: National Cyber Security – Produced By Gregory Evans The U.S. Census Bureau’s decennial count is raising concerns that its new digital systems are vulnerable to attacks or malfunctions that could unfairly rejigger congressional seats or shuffle federal resources. The 2020 headcount, for the first time conducted primarily online, kicked off in remote parts of […] View full post on AmIHackerProof.com

#nationalcybersecuritymonth | Is Congress Finally Ready to Take On Cybersecurity? | Tech Law

Source: National Cyber Security – Produced By Gregory Evans

The United States Congress made some significant progress this session when it comes to data privacy, but cybersecurity remains a blind spot for lawmakers.

Congress currently is considering a
national privacy law that mirrors legislation enacted in the European Union. It would allow people to access, correct and request the deletion of the personal information collected from them. Though there are several ideas as to the final form the bill should take, a path became clear during the Senate Commerce Committee’s
privacy hearing last month.

Congress also seems willing to address the consequences of new technologies. Last month it passed the National Quantum Initiative Act, which is expected to disperse US$1.275 billion for quantum research over the next four years. Some have argued that this newfound enthusiasm for tech might be used
to fix the impeachment process.

When it comes to cybersecurity, though, Congress is still in the dark ages. Efforts to pass a privacy law often are seen as addressing both data privacy and cybersecurity, but in reality, they do not. Companies and consumers have been forced to take matters into their own hands, reflected in the recent announcement that Facebook
has banned deepfakes, and the rising use of VPNs among the general population.

Privacy Means Nothing Without Security

This oversight with respect to security could have huge consequences for the efficacy of data privacy legislation. Though data privacy and data security are separate concerns, there is an inherent link between them. Security has been overlooked in the current proposed law, as well as in similar legislation — like Europe’s GDPR and the Australian privacy bill
passed two years ago.

To understand how privacy and security are linked, consider an app that collects location data from its users. The types of data privacy law proposed (or already in force) would impose strict requirements on the company behind this app, such as telling its users what it is collecting, and what it does with the data. If the app is not properly secured, however, and the information is stolen or leaked, strong privacy policies will be of little comfort to users.

This oversight is apparent in almost all the legislation on data privacy in the U.S. The
Information Transparency & Personal Data Control Act, which was introduced in the House last spring, contains a passage that requires lawmakers and tech companies “to protect consumers from bad actors in the privacy and security space,” but it doesn’t include any further details. The
Consumer Online Privacy Rights Act goes a little further, but only two of its 59 pages give vague cybersecurity requirements for private companies.

Even the
United States Consumer Data Privacy Act of 2019 provides only the broad instruction that companies should “maintain reasonable administrative, technical, and physical data security policies and practices to protect against risks to the confidentiality, security, and integrity of sensitive covered data.”

A Lack of Leadership

At best, the failure of Congress to tackle cybersecurity has left the data of millions of Americans unprotected. At worst, it represents a lack of leadership that has left responsible companies completely confused as to what their legal, moral and ethical responsibilities are when it comes to protecting user data.

In this context, there has grown a huge and unregulated market for cybersecurity tools and services, each claiming to offer class-leading protection against cybercrime. For companies, website security is now a major component of
website maintenance costs. This is because CEOs are acutely aware of the risks of cybercrime, a form of criminality that
will cost the global economy $6 trillion a year by 2021, according to Cybersecurity Ventures’ annual report.

Even the National Security Agency
has warned that cybercriminals are “becoming more sophisticated and capable every day in their ability to use the Internet for nefarious purposes.” Yet many companies
fail to take basic precautions, such as deleting expired accounts.

The Future

To be fair to Congress, crafting a data security law that covers every private company is complex. Today, data is unlikely to be held by one company in one place, and assigning responsibility for protecting it has become a difficult issue. Any such law, therefore, would have to take into account the widespread adoption of cloud storage,
SaaS business models, and other forms of distributed data storage and processing. In this context, it’s understandable that most
state-level laws on data security require companies only to take “reasonable” security practices, without specifying what those are.

On the other hand, there finally does appear to be an appetite in Congress to address these issues. An increasing number of data protection laws cover individual industries, such as
healthcare and
financial institutions, and the FTC has brought some data breach-related
enforcement actions under its relatively weak and vague
consumer protection powers.

Looking to the future, these industry-specific laws could form an excellent model for a national data protection law, as could state-level legislation. The state most mentioned in this regard is New York, which arguably has the most comprehensive requirements. Financial services companies in the state must meet more than 10
specific requirements, which include encryption of nonpublic information, penetration testing, vulnerability assessments, and oversight of service providers’ cybersecurity.

New York also offers another lesson for Congress. In order to draft and enact the new law, the state convened an expert panel that brought together lawmakers, cybersecurity professionals, and the CEOs of major companies.

The development of an effective data protection law at a national level is going to require the same level of expertise and consultation. This is why some have suggested that a
federal Department of Cybersecurity is the way forward. Such a department could bring together responsibilities that currently are fragmented across a huge number of departments.

Lacking even a basic indication from the government as to what constitutes adequate cybersecurity, many people are taking cybersecurity into their own hands. VPNs — security tools that encrypt user data in transit — are experiencing explosive growth. Just a few years ago, they were regarded as semi-legal tools that enabled consumers
to get around Netflix geo-blocks or
avoid cryptocurrency bans. Now, they are used by a significant proportion of the populace.

Whatever the outcome of these new legislative initiatives, data protection is no longer an issue that Congress can ignore. Protecting consumer data is important for the economy. At the broadest level, ensuring data security is also critical to the efficacy of data privacy legislation that already has been passed. That is to say nothing of the reputation of Congress, which would be severely damaged if it should fail to take leadership on one of the most important issues facing the U.S. today.


Sam Bocetta has been an ECT News Network columnist since 2019. A freelance journalist specializing in U.S. diplomacy and national security, Bocetta’s emphases are technology trends in cyberwarfare, cyberdefense and cryptography.

Source link

The post #nationalcybersecuritymonth | Is Congress Finally Ready to Take On Cybersecurity? | Tech Law appeared first on National Cyber Security.

View full post on National Cyber Security

#nationalcybersecuritymonth | Congress struggles on rules for cyber warfare with Iran

Source: National Cyber Security – Produced By Gregory Evans The U.S. and Iran may have walked back from the brink of war, but the potential for a cyber battle looms with no clear rules of engagement. Lawmakers and military officials say there’s no agreed-upon definition of what constitutes cyber warfare, leaving them to decide on a […] View full post on AmIHackerProof.com

Congress Still Doesn’t Have an Answer for Ransomware

Source: National Cyber Security – Produced By Gregory Evans

Ransomware has steadily become one of the most pervasive cyberattacks in the world. And while high-profile global meltdowns like 2017’s NotPetya strain garner the most attention, localized attacks have devastating consequences as well. Look no further than the cities of Atlanta and Baltimore, whose online operations ground to a halt after ransomware takeovers. Or more recently, Alabama’s DCH Health Systems, which had to turn away all but the most critical patients from its three hospitals after hackers seized control of their networks.

The attacks affect communities both large and small. In fact, victims often aren’t even specifically targeted. Hackers have increasingly focused on so-called managed service providers, companies that remotely handle IT infrastructure for a wide range of customers, to get the highest return on their investment. Successfully compromise one MSP, and you can hit nearly two-dozen local Texas governments, as one recent example proved.

It’s the kind of large-scale problem that would benefit from a large-scale solution. Yet despite the clear and pervasive danger, Congress seems stumped.

“There’s a gap between the focus and resources here in Washington and what happens in a town of 200,000 people,” representative Jim Himes (D-Connecticut) tells WIRED.

While Himes, a member of the House Intelligence Committee, is concerned about the rise in these brazen attacks, he also sees fundamental limitations in the federal government’s ability to help stop hyper-local attacks.

“There’s only so much the federal government can do to encourage municipalities to patch their software and update their equipment, that sort of thing,” Himes says.

“There’s an urgency and an immediacy.”

Senator Richard Blumenthal

Last month the Senate passed a bill that would force the Department of Homeland Security to set up “cyber hunt” and “cyber incident response” units, including bringing in experts from the private sector, to help ward off attacks or to help respond after an entity is hit. But even one of that bill’s main sponsors, senator Maggie Hassan (D-New Hampshire), is now calling for the Government Accountability Office to conduct a top-to-bottom review of the federal government’s programs aimed at helping localities and entities crippled by these ransomware attacks.

“The federal government must do more to help state and local governments prevent and respond to cyberattacks, and this report will give us a key tool to identify how the federal government is doing in this task, and what more can be done,” Hassan said in a statement accompanying the release of her letter to the GAO.

The letter itself reveals the mysterious depth of this growing problem: Congress and the agencies tasked with protecting American’s security are basically clueless when it comes to even understanding the scope of the problem.

While Congress still lacks a tangible plan to help mitigate the impact, some members at least seem to be increasingly aware of the issue.

When WIRED broached the topic of recent ransomware attacks against Connecticut school districts back on July 16, neither of that state’s senators really knew about the problem that had gripped their own constituents. But when asked again recently, senator Richard Blumenthal (D-Connecticut) acknowledged the stakes of the growing problem.

“I’m beginning to hear it very loudly and clearly from officials that they are feeling isolated, alone, [and] incapable of responding,” Blumenthal said last month.

The senator’s newly acquired knowledge on the topic may stem from the spike in high-profile ransomware attacks that have struck communities in Arizona, Oklahoma, Virginia, New York and Texas, just to name a few.

“Ransomware is one of the growing threats to cybersecurity, and the federal government ought to be doing everything possible to assist towns and cities,” Blumenthal said. “There’s an urgency and an immediacy.”

Blumenthal’s now calling for the federal government to provide states with technical expertise on ways to defensively combat these attacks, outlines of a potential strategy to respond to such an attack. (Even seemingly straightforward questions like whether to pay the ransom or hold out remain divisive.) Blumenthal has also called for moving taxpayer dollars from Washington to localities so they can secure and harden their systems. The Pentagon may be fortified against foreign cyberintrusion, but local school districts and municipalities now face sophisticated attacks from hackers or foreign entities that many policymakers view as an attack on America itself.

The Original Source For This Story: Source link

The post Congress Still Doesn’t Have an Answer for Ransomware appeared first on National Cyber Security.

View full post on National Cyber Security

Congress #gets ‘Russia #election #hacking’ #briefing, still no #evidence

With political primaries already underway and the November midterm elections fast approaching, top national security officials briefed members of Congress on Tuesday about gaps in election security.

The Trump administration has been under pressure to take stronger steps to deter Russian attempts to meddle in U.S. campaigns. Officials say election systems remain vulnerable to cyberattacks.

Intelligence agencies say Russian operatives attempted to hack 21 electoral systems in states during the 2016 campaign, breaching one system. There’s no evidence any votes were affected.

“This is an issue that the administration takes seriously and is addressing with urgency,” Homeland Security Secretary Kirstjen M. Nielsen, FBI Director Christopher Wray and Director of National Intelligence Daniel Coats said in a joint statement.

After the briefing, Nielsen was asked about intelligence agencies’ conclusions that Moscow used social media, leaks of hacked emails and other tactics in 2016 in an attempt to help Trump beat Hillary Clinton.

“That the specific intent was to help President Trump win, I’m not aware of that, but I do generally have no reason to doubt any intelligence assessment.”

Moscow “aspired to help” Trump’s campaign, according to a public report issued by intelligence agencies in January 2017. The Senate Intelligence Committee reported this month that after a 14-month investigation, it agreed with that assessment.

The committee also issued a detailed report on Russian targeting of election infrastructure during the 2016 campaign.

Chris Megerian (c)2018 Los Angeles Times, Distributed by Tribune Content Agency, LLC.

advertisement:

The post Congress #gets ‘Russia #election #hacking’ #briefing, still no #evidence appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

National Privacy & Data Governance Congress

Source: National Cyber Security – Produced By Gregory Evans

General Cybersecurity Conference

 March 6 – 8, 2018 | Calgary, Canada

Cybersecurity Conference Description

The 2018 Congress is your opportunity to explore leading issues at the crossroads of privacy, access, security, law, data governance. The National Privacy and Data Governance Congress brings together professionals from industry, government and academia who are concerned about privacy, access, security, compliance and data governance within their organizations.

Read More….

The post National Privacy & Data Governance Congress appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

16th annual e-Crime & Cybersecurity Congress

Source: National Cyber Security – Produced By Gregory Evans

General Cybersecurity Conference

 March 6 – 8, 2018 | London, United Kingdom

Cybersecurity Conference Description

The 16th e-Crime and Cybersecurity Congress will reflect this new and challenging world.

Can the industry deliver? Can you deliver? What happens if you can’t?

Read More….

The post 16th annual e-Crime & Cybersecurity Congress appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures