Connect with us

Cybersecurity

DOJ Official Supports Mandatory Breach Reporting

Proposed legislation would make it mandatory for companies to report cyberattacks.

Published

on

Richard Downing from the Senate judiciary committee last week

August 2, 2021—An official from the Department of Justice urged members of the Senate judiciary committee last week to proceed with legislation requiring companies to report ransomware attacks to federal agencies.

Richard Downing, deputy assistant attorney general of the criminal division within the department, told the committee studying cybersecurity during a hearing that such mandatory breach reporting legislation would aid in its defense against cyberattacks.

There is currently no federal law requiring such disclosures, but bipartisan Senate legislation co-sponsored by Senator Angus King, I-Maine, would change that. Titled Cyber Incident Notification Act of 2021, the bill was introduced last month.

This legislation would require all contractors, federal agencies, companies, and organizations critical to U.S national security to report all breaches of data to the Department of Homeland Securities’ Cybersecurity and Infrastructure Security Agency (CISA) within 24 hours.

The bill and discussions about it come in light of high-profile cyberattacks that have targeted software company SolarWinds and oil transport company Colonial Pipeline in the last several months. And the discussion isn’t expected to slowdown as more critical infrastructure is hooked up to the internet.

The Last week, the House energy committee approved a series of cyber bills that would improve telecom network security.  

Cyber threats becoming more bold

Downing noted that threat actors are becoming bolder and more sophisticated, and that the government must hasten efforts to thwart attacks and stay ahead of such malicious acts.

“Many actors now research their victims—identifying the victim’s net worth, the cost of a business interruption, and even the value of their cyber insurance policy—to extort as much money as possible,” Downing said during the hearing.

Reporter Mike Ogunji is from Columbus, Ohio, and studied public relations and information technology at the University of Cincinnati. He has been involved in the Model United Nations and We The People. Mike enjoys books, basketball, broadband and exploring the backwoods.

Cybersecurity

Lawmakers Should Incentivize Cybersecurity in Private Sector: Cisco Executive

One weak link can threaten the entire system.

Published

on

Photo of Jeetu Patel of CISCO

WASHINGTON, May 25, 2023 – A Cisco executive urged Congress at a Semafor event Thursday to provide more incentives for companies to ensure their cybersecurity posture is up to date. 

While Jeetu Patel, general manager of security at the information technology giant, didn’t specify what types of incentives can be used, he said the incentives must push private infrastructure to have high security standards. 

Both private and public sectors have a part to play in improving the nation’s security, he noted, adding private companies must build products that are secure by design. 

There is “tremendous” need for cross-nation coordination around cyberattacks, said Patel. He urged lawmakers to democratize cybersecurity by simplifying the process, adding the nation must be united to gain traction against attackers.

The cybersecurity industry has not made conversations simple to follow or technology easy to use, he said. Simplifying cybersecurity is the only way we can democratize it and when it’s democratized, it can be made universal, said Patel. 

He warned that the country cannot let the financial constraints of a few companies put the whole system at risk. Regardless of how affluent a country is, the weakest link controls the strength of the chain, he said. 

Artificial Intelligence will change cybersecurity fundamentally, he noted. It is important to remember that AI tools are also available to attackers. Currently, the majority of attacks stem from fraudulent emails which AI can make more personalized and difficult to discern from real communication, he said.  

Cybersecurity defenses must evolve

We need to develop an idea of civic responsibility for tech innovators and students in STEM fields, added Suzanne Spaulding, senior advisor of Homeland Security at the Center for Strategic and International Studies. Civic responsibility is the antidote to disinformation and is the change central to democracy, she continued.  

Spaulding warned companies against relying on existing cybersecurity measures. Resilience is about having layers of plans and assuming they all will fail, she said.  

This comes at a time of Congressional focus on cybersecurity. In March, two bills were introduced by Senators Jacky Rosen, D-Nev., and Marsha Blackburn, R-Tenn., to establish pilot programs in the Department of Defense and Homeland Security that would hire civilian cybersecurity personnel in reserve. 

In 2021, President Joe Biden signed an executive order on improving American cybersecurity capabilities following the Colonial Pipeline ransomware attack and SolarWinds breach in 2020.   

Continue Reading

Cybersecurity

Sector Specific Agencies a Resource for Cybersecurity Concerns

Federal agencies are equipped to support sectors dealing with cybersecurity concerns.

Published

on

Photo of Puesh Kumar of Department of Energy

WASHINGTON, May 16, 2023 – Sector specific agencies, federal departments responsible for infrastructure protection activities in a designated critical infrastructure sector, are prepared to address cybersecurity concerns across various industries, said witnesses at a House Energy and Commerce Committee hearing on Tuesday. 

Malicious actors are targeting U.S. infrastructure, said witnesses. In 2021, President Biden signed an executive order on improving American cybersecurity capabilities following the Colonial Pipeline ransomware attack and SolarWinds breach in 2020. 

In March, two bills were introduced by Senators Jacky Rosen, D-Nev., and Marsha Blackburn, R-Tenn., to establish pilot programs in the Department of Defense and Homeland Security that would hire civilian cybersecurity personnel in reserve. 

The Administration for Strategic Preparedness and Response addresses increasingly sophisticated and frequent attacks on hospital and public health centers by providing each hospital with personalized and specific instruction on mitigation and disaster response best practices. 

Cyberattacks on hospitals have a negative effect on the surrounding area similar to that of a natural disaster, claimed Brain Mazanec, deputy director of the Office of Preparedness at ASPR. There have been more than double cyber-attacks on hospitals from 2016 to 2021, he said. 

The Environmental Protection Agency is responsible for addressing water system cyberattacks, said David Travers, director of Water Infrastructure and Cyber Resilience Division at EPA. The EPA’s Evaluating Cybersecurity guidance is intended to assist states with building their own secure systems for water and sewer systems.  

It is essential that sector specific agencies develop strong relationships with sectors under their jurisdiction well before disastrous incidents occur, said Puesh Kumar, director of the office of cybersecurity at the Energy Security and Emergency Response at the Department of Energy. 

The Energy and Commerce Committee also participated in a markup of the Energy Emergency Leadership Act Tuesday which would amend the Department of Energy Organization Act to elevate the leadership of the DOE’s emergency response and cybersecurity functions. 

“Establishing assistant-secretary leadership at the department will reflect the importance of managing this threat,” said Subcommittee on Energy, Climate, and Grid Security Chair Jeff Duncan. 

The Act passed on unanimous vote to report to the full committee without amendment. 

Duncan also emphasized the importance of a strong domestic supply chain, calling for a “‘Made in America’ system for nuclear fuel” in order to “give the domestic industry the market certainty they need to invest and build out the necessary infrastructure.”

On June 27, Broadband Breakfast’s Made in America Summit will examine energy infrastructure and international supply chain issues in depth.

Continue Reading

Cybersecurity

Charter Suggests Network Authentication Layer for Equipment Certification

The telecom said manufacturers are in the best position to ensure security.

Published

on

Illustration from Security Architect

WASHINGTON, April 5, 2023 – Charter Communications is recommending the Federal Communications Commission require device manufacturers seeking equipment authorization to add a layer of authentication security to protect against cyberthreats.

In a letter to the commission on Friday, the telecommunications company suggested the commission require, as a condition of certification, devices pass a security authentication step to connect to the user’s network. When an internet-connected device connects to a network, it can also access sensitive information being shared on it – leaving the door open to malicious activity.

This “baseline” security “would erect a new barrier to prevent malicious actors from exploiting unauthorized or unidentified devices connected to consumer broadband networks without consumers’ knowledge or consent,” Charter said in its letter, following a meeting with FCC officials. “It would also be a simple and efficient way to address major cybersecurity vulnerabilities without the Commission needing to prescribe detailed cybersecurity requirements.”

“The most vulnerable devices often lack strong passwords and other basic security measures, which make them susceptible to malicious actors and frequent sources of harmful traffic across networks,” Charter added. “Devices that can connect to home networks without first being authenticated are also a significant source of cyber threats. And, despite various educational efforts, many consumers still never change the default passwords that come printed on their devices.”

The company noted that this practice is accepted by industry standards bodies and the broader security community and would relieve consumers of an additional burden when they come to connect their devices.

In conjunction with a November order that halted equipment authorizations from companies on a national security blacklist, the FCC is currently contemplating a proposal that would revamp the equipment authorization program to minimize cybersecurity threats and other malicious activity of foreign agents. The proposal asks whether it should ban component parts of a problematic device, and not just the manufactured product, and if it should require certification applicants to have a U.S.-based representative to ensure compliance.

As ubiquitous 5G connectivity takes hold in the country, more and more internet-connected devices are flooding the market.

“The proliferation of cybersecurity incidents in recent years and, particularly, the growing number of cyber threats that exploit unsecured IoT devices, underscores the need for more proactive efforts to deter and combat vulnerabilities before they reach consumers,” Charter noted in the letter, adding device manufacturers are in the “best position” to address these common security vulnerabilities.

Charter added that a combination of device manufacturer action on the authentication front and user action to additional security layers – through stronger passwords, for example – “will better protect Americans and US networks from the growing harm of cyber threats.”

The company said it actively strives to enhance security measures for its devices, including some of its newer routers requiring users to provide a unique credential to manage their home network instead of a default password. It said its routers also have pre-set security settings and undergo regular software updates.

FCC Commissioner Nathan Simington had previously advocated for mandating ongoing, as-needed cybersecurity updates to mitigate risks on wireless devices already in the hands of consumers.

Continue Reading

Signup for Broadband Breakfast News



Broadband Breakfast Research Partner

Trending