DHS chief lays out a cybersecurity vision with a focus on ransomware and infrastructure
The top official at the Department of Homeland Security announced today a series of 60-day cybersecurity-focused “sprints” aimed at focusing the department’s efforts on ransomware, industrial control systems, and other priorities. Alejandro Mayorkas, who was sworn in as DHS Secretary last month, said during a virtual talk hosted by the RSA Conference that his department is working on a proposal for a “Cyber Response and Recovery Fund” to provide assistance to state, local, tribal and territorial governments dealing with cyberattacks….
‘We’re responding in election cycles:’ Niloofar Razi Howe on the big changes needed to prevent the next SolarWinds attack
In a hearing held by the House Committee on Appropriations last week, Niloofar Razi Howe described 2021 as “one of the most consequential years in cybersecurity—and it’s only March.” Between the fallout from the SolarWinds supply chain attack, Microsoft Exchange vulnerabilities, and a surge in ransomware incidents, cybersecurity experts in both the private and public sectors have a lot to worry about. The Biden administration and lawmakers across party lines have made the incidents a top priority, with many calling on the U.S. to harden defenses and aggressively respond to nation state intrusions….
A Verizon security expert on why 5G is raising the bar for cyber defenders
Much has been written about how 5G and the proliferation of internet-connected devices might make us more secure or more vulnerable in the coming years, depending on how you look at the next-generation wireless standard. For people like Alexander Schlager, executive director of security services at Verizon, 5G isn’t so much about tallying the risks and benefits as it is about adopting a new approach to cybersecurity. Defenders will need to accelerate their detection and response capabilities, he said, but will also need to prioritize and devote more attention to worst-case scenarios….
NSA director says U.S. has a ‘blind spot’ for detecting attacks like SolarWinds, Microsoft Exchange
The top official at the U.S. National Security Agency and U.S. Cyber Command told lawmakers on Thursday that the common failing with recent high-profile cyber attacks boils down to U.S. government agencies having a gap in visibility of foreign hackers using domestic infrastructure to launch attacks. At a hearing held by the U.S. Senate Committee on Armed Services, General Paul Nakasone repeatedly emphasized that nation state adversaries are aware of this gap and are actively exploiting it in part because it allows them to better evade the eye of intelligence agencies like the NSA that are focused on activity conducted outside the U.S….
CrowdStrike co-founder Dmitri Alperovitch on his new policy accelerator that’s all about action
Over the last ten years, Dmitri Alperovitch had a front-row seat to some of the biggest cybersecurity incidents and investigations, including the 2014 Sony Pictures hack attributed to North Korea and the 2015 and 2016 data breach involving the Democratic National Committee, which was carried out by Russian government hackers. It was a little surprising, then, when Alperovitch left his position last year as chief technology officer of CrowdStrike—a company he co-founded in 2011 and now has a market capitalization of more than $42 billion—to launch a type of organization that normally sits on the sidelines: a think tank….
France’s lead cybercrime investigator on the Egregor arrests, cybercrime
The Record sat down for an email interview with François Beauvois, the Head of the Computer Security Incident Response Team for the French Judicial Police (CSIRT-PJ) and his role in the Egregor arrests.
Cybersecurity guru Dan Geer on quantum computing, the future of security, and running a farm
For someone who thinks deeply about the future of technology, Dr. Dan Geer lives a surprisingly traditional life. In addition to working as a senior fellow at In-Q-Tel, the nonprofit venture arm of the CIA, Geer runs a small farm in a “pretty rural” part of Tennessee and his only phone is a landline. When I caught up with Geer towards the end of last year, he was in the middle of tweaking his farming plans due to disruptions from COVID-19—more of a focus on farmers’ markets, less emphasis on selling to restaurants. But our conversation quickly turned to his long career in cybersecurity, and how much has changed since he entered the field…
Cyber Command: ‘No evidence’ that SolarWinds attackers compromised DoD networks
As the Biden administration assesses the fallout from the Russia-linked hacking campaign that has been called “the largest and most sophisticated attack the world has ever seen,” the key military command involved in the response said Wednesday that attackers did not seem to compromise Defense networks. On Wednesday, the executive director of U.S. Cyber Command, which is tasked with defending DoD networks and has also been involved in offensive cyber operations, said that while the attackers had a grasp on department infrastructure, they did not seem to successfully compromise it….
How a push to remote work could help fix cybersecurity’s diversity problem
Women are underrepresented in technology jobs, and the discrepancy is even worse for cybersecurity roles specifically. Although there’s no definitive statistics on the subject, recent studies have pegged that women account for somewhere between 11% and 20% of the cybersecurity industry. At Monday’s panel, which was hosted by seed-stage cybersecurity fund YL Ventures and held to coincide with International Women’s Day, cybersecurity executives said they had some hope that changes brought by the COVID-19 pandemic could make it easier for cybersecurity teams to diversify their ranks…
Healthcare Providers Were Warned of a Ransomware Surge Last Fall. Some Still Aren’t Sure How Serious the Threat Was
Late last October, when the U.S. government warned of an imminent ransomware threat to the country’s hospitals and healthcare providers, many in the industry had a similar reaction: they paused, took a deep breath, and braced for impact. But one of the organizations tasked with distributing critical threat information across the healthcare sector was not among them, instead turning a skeptical eye on the government’s alert…