“Foreign governments” are now the No. 1 cybersecurity concern for US public sector IT professionals, reports SolarWinds, itself rebuilding after a 2020 hack blamed on Russia.
By Sydney J. Freedberg Jr.The military focused its efforts on networked warfare and the US government responded to cyberattacks.
By Andrew EversdenVMware’s Tom Kellermann linked increasingly aggressive attacks to geopolitical tensions with Russia and Belarus.
By Brad D. Williams“There’s one line [in the notice] that should scare the hell out of everyone everywhere,” Chris Krebs said.
By Brad D. Williams“Strategic competition is alive and well in cyberspace, and we’re doing it every day with persistent engagement,” the CYBERCOM and NSA leader said.
By Brad D. WilliamsNew campaign is evidence “Russia is trying to gain long-term, systematic access to a variety of points in the technology supply chain and establish a mechanism for surveilling — now or in the future — targets of interest to the Russian government,” researchers say.
By Lee Ferran“I have a mantra of ‘I want to kill to the [Common Access Card] as the primary authentication mechanism for the department’,” Lt. Gen. Robert Skinner said. “Industry has better authentication, and it’s not just two-factor, it’s truly multi-factor authentication.”
By Brad D. Williams“We aim to convey that, ‘Hello, we are from the government, and we’re here to help’ is not a scary idea,” the general joked, alluding to a famous quote by former President Reagan.
By Brad D. Williams“Academics will sit back and say, ‘Well, if you just did that and that and that, you would have avoided it.’ But if there’s no way to impose risk or consequences for [threat actors] doing it, your day is coming,” Mandia said.
By Brad D. Williams“It’s part of a larger diplomatic strategy,” cyber policy expert James Lewis said of the US attribution to China for Microsoft Exchange hacks earlier this year.
By Brad D. WilliamsThe Exchange campaign attribution will also provide hints about the role of the first national cyber director in such incidents. NSA veteran Chris Inglis was confirmed for the position just weeks ago.
By Brad D. WilliamsSen. Warner’s draft legislation, long expected, marks one of the first attempts to create a federal law mandating cyber incident reporting by some entities. Notably, the bill provides reporting entities with a degree of privacy and legal protection.
By Brad D. WilliamsThe cyber executive order “properly emphasizes” information sharing. Sens. Peters and Portman float updating FISMA. FERC calls for mandatory pipeline cyber standards. Report says vulnerable Exchange Server “most likely culprit” at Colonial. FireEye details DarkSide’s business ops.
By Brad D. Williams“It reflects a fundamental shift in our mindset — from incident response to prevention, from talking about security to doing security,” a senior administration official says.
By Brad D. Williams