Russia may be holding cyber capabilities in reserve, so US must keep its shields up: Experts

Russia may be holding cyber capabilities in reserve, so US must keep its shields up: Experts
Russia may be holding cyber capabilities in reserve, so US must keep its shields up: Experts

“We’re still in the relatively early days even though this has been several weeks now,” Chris Painter said. “It could well be that Russia is holding those capabilities in the reserve and haven’t used them yet.”

USG Warns Of ‘Critical’ Vulnerability That Poses ‘Serious Risk’ To Defense Contractors, Others

USG Warns Of ‘Critical’ Vulnerability That Poses ‘Serious Risk’ To Defense Contractors, Others
USG Warns Of ‘Critical’ Vulnerability That Poses ‘Serious Risk’ To Defense Contractors, Others

“The FBI, CISA, and CGCYBER assess that advanced persistent threat cyber actors are likely among those exploiting the vulnerability,” the joint advisory notes.

China’s New Data Security Law Will Provide It Early Notice Of Exploitable Zero Days

China’s New Data Security Law Will Provide It Early Notice Of Exploitable Zero Days
China’s New Data Security Law Will Provide It Early Notice Of Exploitable Zero Days

The law’s vulnerability disclosure provisions will give the Chinese government a head start on remediating — and potentially exploiting — zero-day vulnerabilities, possibly to include those discovered in tech used by the Defense Department, Intelligence Community, and across the US public and private sectors more broadly.

Proposed ‘Hack-Back’ Bill Tells DHS To Study Allowing Companies To Retaliate

Proposed ‘Hack-Back’ Bill Tells DHS To Study Allowing Companies To Retaliate
Proposed ‘Hack-Back’ Bill Tells DHS To Study Allowing Companies To Retaliate

“So what will happen is you’ll be destroying your grandmother’s computer in Kansas that has been taken over,” cyber policy expert Herb Lin said. “It’s not clear to me that that’s the best way.”

US Playing Long Game To Pressure China On Cyber Ops: Experts

US Playing Long Game To Pressure China On Cyber Ops: Experts
US Playing Long Game To Pressure China On Cyber Ops: Experts

“It’s part of a larger diplomatic strategy,” cyber policy expert James Lewis said of the US attribution to China for Microsoft Exchange hacks earlier this year.

Senators Introduce Bill Requiring Notification Of Cyber Incidents Within 24 Hours

Senators Introduce Bill Requiring Notification Of Cyber Incidents Within 24 Hours
Senators Introduce Bill Requiring Notification Of Cyber Incidents Within 24 Hours

“We shouldn’t be relying on voluntary reporting to protect our critical infrastructure,” Sen. Warner said.

US, Allies, Partners Formally Attribute Exchange Hacks To China

US, Allies, Partners Formally Attribute Exchange Hacks To China
US, Allies, Partners Formally Attribute Exchange Hacks To China

“The PRC’s pattern of irresponsible behavior in cyberspace is inconsistent with its stated objective of being seen as a responsible leader in the world,” a senior administration official said on Sunday night.

CISA Warns Executive Branch Agencies To Fix Critical Windows Vulnerability

CISA Warns Executive Branch Agencies To Fix Critical Windows Vulnerability
CISA Warns Executive Branch Agencies To Fix Critical Windows Vulnerability

“CISA has validated various proofs of concept and is concerned that exploitation of this vulnerability may lead to full system compromise of agency networks if left unmitigated,” the emergency directive says.

US, UK Warn Of New Worldwide Russian Cyberespionage

US, UK Warn Of New Worldwide Russian Cyberespionage
US, UK Warn Of New Worldwide Russian Cyberespionage

“This is a good reminder that the GRU remains a looming threat, which is especially important given the upcoming Olympics, an event they may well attempt to disrupt,” observed John Hultquist, VP of Analysis at Mandiant Threat Intelligence.

US ‘Retains Clear Superiority’ In Cyber; China Rising: IISS Study

US ‘Retains Clear Superiority’ In Cyber; China Rising: IISS Study
US ‘Retains Clear Superiority’ In Cyber; China Rising: IISS Study

“China is a second-tier cyber power but, given its growing industrial base in digital technology, it is the state best placed to join the US in the first tier,” an IISS report says.

CISA Publishes Cyber ‘Bad Practices’

CISA Publishes Cyber ‘Bad Practices’
CISA Publishes Cyber ‘Bad Practices’

The bad practices are aimed especially at — though not limited to — educating critical infrastructure owners and operators. This includes, of course, the defense industrial base and many who support its supply chain — from communications equipment and high-tech capabilities to electrical and mechanical components for military hardware, such as tanks, planes, and ships.

Mandatory Cyber Reporting Within 24 Hours: Sen. Warner Bill

Mandatory Cyber Reporting Within 24 Hours: Sen. Warner Bill
Mandatory Cyber Reporting Within 24 Hours: Sen. Warner Bill

Sen. Warner’s draft legislation, long expected, marks one of the first attempts to create a federal law mandating cyber incident reporting by some entities. Notably, the bill provides reporting entities with a degree of privacy and legal protection.

‘Systematically Attack’ What Makes Cyber Attacks Possible: WH Cyber Director Nominee

‘Systematically Attack’ What Makes Cyber Attacks Possible: WH Cyber Director Nominee
‘Systematically Attack’ What Makes Cyber Attacks Possible: WH Cyber Director Nominee

“If the past year has taught us anything, it’s the obligation we have as leaders to anticipate the unimaginable,” CISA nominee Easterly said. “I believe as a nation we remain at great risk of a catastrophic cyberattack.”

Pipeline CEO Defends Company’s Cyber Info Sharing

Pipeline CEO Defends Company’s Cyber Info Sharing
Pipeline CEO Defends Company’s Cyber Info Sharing

“[Paying the ransom] was the hardest decision I’ve made in my 39 years in the energy industry… and I put the interest of the country first,” Colonial’s CEO told Congress. “I believe with all my heart [paying the ransom] was the right choice to make, but I want to respect those who see this issue differently.”