Connect with us

Cybersecurity

Facebook Continues to Face Intense Congressional Scrutiny at House Financial Service Committee Hearing

Masha Abarinova

Published

on

WASHINGTON, July 17, 2019 – Facebook’s digital currency platform Calibra continues to be the focus of intense congressional scrutiny. On Wednesday, it was from the House Committee on Financial Services.

Chairman Patrick McHenry, R-N.C., said the committee wanted to make sure that Libra isn’t just a “ploy” to send Facebook’s Twitter mentions “through the roof.”

David Marcus, head of Calibra at Facebook, said that the social network giant’s association with Libra aims to establish the “rules of the road” for the blockchain industry. Facebook will not interfere with the monetary policies of central banks, he said.

Calibra will not offer banking services, but wants Libra to become a globally recognized digital currency. Facebook will “take the time to get this right,” he said.

Marcus received pushback from both sides of the aisle regarding Libra’s specific role in the financial service industry and its possible exploitation for nefarious use.

“We need to get Mark Zuckerberg here,” said Rep. Brad Sherman, D-Calif. “This is an attempt to turn power from America to Facebook and its allies.”

Committee Chairwoman Maxine Waters, D-Calif., asked why Facebook should be trusted with spearheading the project. The company has allowed “malicious Russian state actors” to purchase ads in a campaign to influence the 2016 election, she said.

The creation of currency is a core government function and should be left to accountable, democratically elected members, said Rep. Carolyn Maloney, D-N.Y. Congress should “seriously consider” stopping the Calibra project from moving forward, she said, if Facebook does not at least launch a small pilot program to test the system.

Libra is a “complete overhaul” of the circulation system of America’s global economy, said Rep. Jim Himes, D-Conn.

Rep. Ann Wagner, R-Mo., said that Libra could have “significant geopolitical implications” regarding the enforcement of economic sanctions.

60 percent of the world’s population does not live in a country with stable currency, said Rep. Steve Stivers, R-Ohio. We want to encourage cryptocurrency innovation, but we need to address the application of cross-border payments, he said.

People will be able to connect bank cards with their Calibra wallets when making international payments, said Marcus, but he said he expects there to be limits on where money can be sent.

“I doubt people will be paying their rent with Libra anytime soon,” he said.

America needs to remain a leader in global financial services and innovation, said Rep. Gregory Meeks, D-N.Y. He expressed uncertainty of how Facebook should be regulated if it is acting similarly to a bank.

“Libra looks exactly like an exchange-traded fund, so why isn’t it?” said Rep. Bill Foster, D-Ill.

Neither Facebook’s white paper nor subsequent online post provided any concrete plans on how to provide safety for America’s financial system, said Rep. David Scott, D-Ga.

Rep. French Hill, R-Ark., asked Marcus whether users will be charged a fee in the Calibra system. Marcus said that Calibra is hoping to offer little to no price at all between consumers and a small fee for merchants. He also said that people will not be able to open accounts without a government issued identity document or a more traditional “know your customer” assessment.

Facebook will have a number of different payment types on the platform, said Marcus, including debit and credit cards.

Rep. Blaine Luetkemeyer, R-Mo., said he was concerned about who will share the profits of Libra’s reserve.

The value of the reserve will be proportional to the number of Libra coins in circulation, said Marcus. Returns will be used to fund operation costs and to reimburse investors in the Calibra System.

The main point that Marcus addressed was that the current banking is “not working” for most people. Going forward, Facebook needs to be “thoughtful” about Calibra’s project, as the company should not be in the business of deciding what people can do with their money, he said.

(Photo of David Marcus at Facebook F8 developer conference in 2015 by Maurizio Pesce used with permission.)

Cybersecurity

Despite Increasing Risk, Companies Are Still Not Prioritizing Cybersecurity

Tim White

Published

on

March 10, 2021 – Experts said Tuesday that cybersecurity should be one of the top priorities for every business, but many businesses still don’t consider it as such.

“I was not that surprised to see 50 percent of executives count it as a high priority,” said Chad Kliewer, the information security officer of Pioneer Telephone Cooperative, at a Tuesday webinar hosted by the Center for Strategic and International Studies.

“Let’s be honest, its not a moneymaker for most people,” he added.

Rep. James Langevin, D-R.I., who is chairman of the House Cyber, Innovative Technologies and Information Systems Subcommittee, was joined by several members of both the public and private sectors discussing cybersecurity for small and medium-sized businesses in the critical infrastructure industry. They used US Telecom’s recent 2021 Cybersecurity Survey as a backdrop for that discussion.

According to the survey, 26 percent of employees, versus 50 percent of executives, consider cybersecurity a high priority. Kliewer expressed disappointment about that gap, saying that for his company, he spends a lot of time focusing on employees and ensuring that they’re all informed on cybersecurity.

One challenge to be addressed to get businesses up to speed on cybersecurity is education and awareness.

Jeff Goldthorp of the Federal Communications Commission suggested on the webinar the possibility of federal agencies to providing “fairly robust and rich and large set of guidance and practices” to a smaller segment of the industry that “has a different set of needs or where the scale is smaller,” he said.

Ola Sage, CEO of CyberRx, expressed similar concern. There could be several reasons why employees don’t make cybersecurity as high a priority as executives, she said, including lack of mechanisms to communicate that message across the company, or employees believing that cybersecurity isn’t their personal responsibility. It comes back to the question of education and awareness, she said.

Langevin said cyber criminals often go after a broad range of targets, hoping to hit the easiest victims. “These criminals go after entities really with the weakest cybersecurity hygiene, which often unfortunately means small businesses,” he said. “Ransomware is rampant right now, and its hitting a lot of small businesses in addition to hospitals or school systems,” he said.

Langevin said cybersecurity monitoring is about “risk management,” which is an ongoing process.

The influence of foreign nation-state adversaries

The webinar came in the wake of other cybersecurity panels and congressional hearings on the recent SolarWinds cyberattack that infiltrated thousands of American companies and federal agencies. The hack is currently being blamed on Russia.

Langevin touched on the influence of foreign nation-state adversaries. “I want to make something perfectly clear: countries like Russia actively aid and abet cyber criminals,” he said.

“We’re really living in a golden age of cyber crime because there are countries, again, that allow and encourage criminals to operate within their borders,” he said. “While some of the talk of norms and the need for stronger cyber diplomacy may seem esoteric, I can really assure you that it is increasingly relevant to stopping the constant stream of intrusions targeting small businesses around the country,” he said.

Eric Goldstein, executive assistant director for cybersecurity at the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, said “adversaries of all types are targeting American businesses now.

“It is not just the case that if you are a company that has highly sensitive [intellectual property] or provides critical infrastructure that you are the only type of company at risk. We are now seeing adversaries, including criminal groups, that will launch what I call indiscriminate attacks targeting anybody in this country with a vulnerability,” he said.

“Every company in America is at risk,” he said, adding they need to “take urgent steps to manage vulnerabilities in their IT infrastructure.”

Continue Reading

Cybersecurity

Senate Looks for Answers During First Public Hearing on SolarWinds Cyber Attack

Tim White

Published

on

Screenshot of FireEye CEO Kevin Mandia from the hearing

WASHINGTON, February 24, 2021 – In the first public hearing on the topic since the SolarWinds cyberattack in December, industry leaders testified Tuesday before the Senate Intelligence Select Committee that there are still unanswered questions about the attack.

Those questions include who did it, how they did it, and what they wanted.

Although the attack colloquially assigns SolarWinds as the victim, many companies were affected, and it was the cybersecurity firm FireEye that first announced they had been infiltrated.

The hack, which occurred between March and June 2020 and targeted several companies and federal agencies, has been widely attributed to Russian intelligence. FireEye’s CEO Kevin Mandia and Microsoft President Brad Smith, both whom testified at the hearing, said the adversary was likely the Russians, but did not want to give an irrefutable affirmation.

“We all pretty much know who it is,” said Mandia.

Although there is not yet definitive proof, we are confident from the evidence that this was the Russian intelligence agency, said Smith.

As Broadband Breakfast reported Tuesday, SolarWinds’ CEO Sudhakar Ramakrishna said that the attack was very sophisticated and required extensive expertise, as it occurred in the software update supply chain environment.

The other witnesses agreed. Mandia explained that FireEye found the implanted code from thousands of hours of examining detailed assembly code that requires specialized knowledge to understand.

Although we’ve seen many cyberattacks in the past, the scale of this attack was new, said Smith. The level of expertise we saw here required at least a thousand very skilled, capable engineers, he said.

Mandia said that this attack has been in the works for a long time. “This has been a multi-decade campaign for them. They just so happen to—in 2020—create a backdoor SolarWinds implant,” he said.

“They did a dry run in October of 2019, where they put innocuous code into the SolarWinds build just to make sure the results of their intrusion made it into the SolarWinds production platform environment,” he said.

SolarWinds still does not yet know how the attacker penetrated the company’s supply chain environment, but has narrowed it down to a few possibilities, said Ramakrishna. He did not elaborate on details, emphasizing that the investigation was still under way.

The witnesses said that what the hackers wanted and everything they took is still a mystery. At this point, we still don’t know everything the attacker did—only the attacker does, said Smith.

Various senators asked what needs to be done now that the world knows about the attack. The witnesses said they need better partnerships between the public and private sectors, especially a confidential way to report cyberattacks to the government.

They also said that nations need to agree on “ground rules” for engaging in cyberwarfare. During war, we agree not to bomb ambulances or hospitals, and in the digital space there needs to be equivalent off-limit targets, said Smith. These should include software updates, because the entire world and every type of infrastructure, both digital and physical, relies on them, he said.

The House Oversight and Homeland Security Committees are scheduled to hold a similar hearing Friday.

Continue Reading

Cybersecurity

SolarWinds CEO Says Hack Shows Need for Information-Sharing Between Industry and Government

Tim White

Published

on

Photo of SolarWinds CEO Sudhakar Ramakrishna from Health iPASS

February 23, 2021 – The data breach suffered by SolarWinds in December illustrates the need for better communications between industry and government, according to the CEO of the information tech company.

CEO Sudhakar Ramakrishna said Monday that it is important that the industry shares information because cyberattacks cannot be dealt with alone.

Ramakrishna and Suzanne Spaulding from the Center for Strategic & International Studies talked Monday about what SolarWinds and the industry had learned in the two months since the malicious attack.

“I see this as an organizational commitment to the community,” Ramakrishna said. “Why would a victim of a hack be out there talking about it? It is our obligation to do so,” he added.

Improving information sharing

Ramakrishna said there are three aspects of cyberwarfare that the community can improve on. 

First, there needs to be more public and private partnerships between companies and governments to resolve these issues, which should also include protection and possible incentives for hacked victims to come forward publicly.

Second, the community needs to set better standards for itself, to reach for excellence instead of just compliance. We should do more than just check off the necessary boxes to meet requirements, he said.

Third, there needs to be better communication methods with government agencies, he noted. Ramakrishna lamented that dealing with different agencies slowed down their ability to find solutions and led to an “asymmetry of information” between the company and the government. He suggested there could be one government “clearinghouse” that communicates with companies and then disseminates the information to the necessary agencies.

The SolarWinds cyberattack, which many believe was Russian in origin, breached several prominent entities, including federal agencies, through a supply-chain software update in early 2020. Although SolarWinds initially thought up to 18,000 of its customers may have been affected, they’re learning that that number is actually much less than that, Ramakrishna said.

Neither he nor Spaulding could definitively say what the perpetrators wanted from the attack, but speculated that they had many objectives, including a few likely “prized assets,” according to Ramakrishna, and gathering details about the environments that they hacked.

They probably wanted more than just to look around—it was more than just a reconnaissance mission, Spaulding said. 

Ramakrishna stepped into the CEO position at SolarWinds on January 4, and said he wasn’t expecting a malicious cyberattack to be the first priority of his new tenure, but said that he was prepared for circumstances like this from his previous experience.

He, as well as former SolarWinds CEO Kevin Thompson, will now testify in front of the U.S. House Oversight and Homeland Security Committees on Friday about the attack. to be held on Friday.

Continue Reading

Recent

Signup for Broadband Breakfast

Get twice-weekly Breakfast Media news alerts.
* = required field

Trending