Linux Foundation Intros Post-Quantum Cryptography Alliance

The Linux Foundation has launched the Post-Quantum Cryptography Alliance, a collaborative approach to research and development aimed at taming the data security threats posed by quantum computing. The PQCA is presenting itself as turn-key source for companies and projects looking for production-ready libraries and service packages that support compliance with the National Security Agency’s new cybersecurity standards for government contractors or would like to provide themselves and their clients with safety precautions equal to “top secret” NSA classification. Founding members include Amazon Web Services, Cisco, Google, IBM and Nvidia. Continue reading Linux Foundation Intros Post-Quantum Cryptography Alliance

CES: Conversation with Cybersecurity Expert Anne Neuberger

CTA Vice President of Regulatory Affairs David Grossman spoke on a range of security topics with Deputy National Security Advisor for Cyber and Emerging Tech Anne Neuberger, principal adviser to President Biden on cyber affairs. During CES 2024, the two discussed the debut of the U.S. Cyber Trust Mark and its just-announced international reach, as well as spectrum policy and the reauthorization of the spectrum auction. Neuberger expressed her appreciation for partnerships in the private sector — and especially the Consumer Technology Association — in helping the government bring the Cyber Trust Mark program into being. Continue reading CES: Conversation with Cybersecurity Expert Anne Neuberger

U.S. Senate Aims to Add Cyber Amendments to Defense Bill

Hundreds of amendments are queued up for possible addition to the vast annual defense policy bill. Among those that senators are considering include regulations that address artificial intelligence, cybersecurity and proposals to test election systems for vulnerabilities. Adding cyber measures to the National Defense Authorization Act (NDAA) has become a tradition in recent years because it is “must-pass” legislation and renewed annually. Senate Majority Leader Chuck Schumer (D-New York) hopes to have the Senate’s version of the bill prior to the August recess that commences at the end of this week. Continue reading U.S. Senate Aims to Add Cyber Amendments to Defense Bill

U.S. Agencies Join Global Coalition in Secure Software Push

The U.S. and a coalition of international government agencies have issued joint guidance that aims to get software companies to heighten security for their products. “Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and -Default” takes the position that today’s software is insecure by default and it is the customer’s burden to take steps to make it safe. Manufacturers should make their products safe before they ship by taking steps including deprecating the “default password,” writing their programs using only secure coding languages, providing free patches and setting up vulnerability reporting programs. Continue reading U.S. Agencies Join Global Coalition in Secure Software Push

Senate Group Wants CISA to Protect Open-Source Software

Senate Homeland Security Committee leaders Gary Peters (D-Michigan) and Rob Portman (R-Ohio) have introduced a bill requiring a risk framework for open-source code. The proposed legislation would require the Cybersecurity and Infrastructure Security Agency to develop the risk evaluation process for open-source software being used by federal agencies and critical infrastructure. The move follows the discovery in December of a vulnerability in the Apache Software Foundation’s popular Log4j Java logging utility. Peters said the Log4j incident presented a serious threat to banks, hospitals, and utility companies, among other national security operations. Continue reading Senate Group Wants CISA to Protect Open-Source Software

Agencies Warn That Hackers Are Targeting Control Systems

The White House has issued a warning about hackers attempting to disrupt the energy grid and other industrial control systems with “a Swiss Army knife” of custom-coded malicious software. A joint bulletin issued by the FBI, NSA, DHS and Energy Department cautioned businesses to be on the lookout for “advanced persistent threat actors,” or APTAs, a commonly used way to describe state-backed hackers. Specific reference was made to devices from Japanese electronics firm Omron and the French firm Schneider Electric, suppliers of industrial automation equipment. Continue reading Agencies Warn That Hackers Are Targeting Control Systems

U.S. Cybersecurity Agency Enlists Amazon, Google, Microsoft

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), part of the Department of Homeland Security, debuted the Joint Cyber Defense Collaborative (JCDC), which will leverage the expertise of Big Tech companies including Amazon, Google and Microsoft. According to CISA director Jen Easterly, the initiative’s aim is first to combat ransomware and cyberattacks on cloud-computing providers and ultimately to improve defense planning and information sharing between the government and private sectors. Continue reading U.S. Cybersecurity Agency Enlists Amazon, Google, Microsoft

Senators Press Ad-Auctioneers for Personal Data Sales Info

Senate Finance Committee chair Ron Wyden (D-Oregon) heads a bipartisan group of U.S. senators attempting to understand more about digital advertising auctions and their relationship to personalized ads. The group sent a letter to the largest companies that run these auctions, including AT&T, Index Exchange, Google, Magnite, OpenX Software, PubMatic, Twitter and Verizon Communications. The senators want the names of all foreign clients gaining access to user data through the auctions, citing concerns of national security. Continue reading Senators Press Ad-Auctioneers for Personal Data Sales Info

Cybersecurity: White House Pursues Public-Private Alliances

Russia and China recently ran sophisticated hacks from servers inside the United States, going undetected by the National Security Agency, which is prohibited from conducting surveillance in the U.S., as well as the FBI and Department of Homeland Security. Private computer security firms were the first to raise the alarm on these foreign attacks, and Microsoft reported that its patches are being reverse-engineered by criminal groups to launch ransomware attacks on corporations. The White House is paying attention. Continue reading Cybersecurity: White House Pursues Public-Private Alliances

White House Names Official to Lead Probe of Expansive Hack

In December, suspected Russian hackers compromised SolarWinds Corp., a small software vendor, leveraging it to infiltrate the U.S. departments of Commerce, State and Treasury, as well as numerous private companies. An in-depth investigation revealed that the hack’s scope was larger than first known, with about one-third of those hacked having no direct connection with SolarWinds. Now, the Biden administration has selected White House National Security Council senior official Anne Neuberger to lead the response. Continue reading White House Names Official to Lead Probe of Expansive Hack

Oracle-TikTok Deal Is Under Review by Federal Government

In an effort to avoid a ban in the U.S., popular social video platform TikTok aims to partner with cloud services company Oracle. TikTok parent ByteDance proposed a deal in which Oracle would serve as tech provider in the U.S., although details have not been revealed regarding any potential changes to TikTok’s ownership structure. ByteDance submitted the proposal to the U.S. Treasury Department and Secretary Steve Mnuchin announced plans to review it this week with a particular emphasis on security issues. If approved, the deal could make Oracle a major advertising player that is more relevant to younger audiences. Continue reading Oracle-TikTok Deal Is Under Review by Federal Government

Commission Finds U.S. Is Unprepared for Major Cyberattacks

The Cyberspace Solarium Commission released a report based on a months-long study that showed the U.S. government’s lack of ability to block cyber threats. The Commission lists 75 recommendations for major structural changes, including the creation of Congressional committees dedicated to cybersecurity and a White House-based national cybersecurity director to be confirmed by the Senate. The report is blunt in its assessment that the U.S. government’s current approach to cyberattacks is “fundamentally flawed.” Continue reading Commission Finds U.S. Is Unprepared for Major Cyberattacks

NSA Discovers Windows Vulnerability — and Tells Microsoft

The National Security Agency (NSA) discovered a vulnerability in versions of Windows and, instead of retaining it, reported it to Microsoft, which is now patching the flaw in its handling of certificate and cryptographic messaging functions. The vulnerability could have enabled attackers to use malicious code that would pretend to be legitimate software. Microsoft also warned all current users of Windows 7 Home Basic, Home Premium, Professional or Ultimate to upgrade immediately. Continue reading NSA Discovers Windows Vulnerability — and Tells Microsoft

Chinese, Iranian, Russian Hackers Honing Their Attack Skills

The National Security Agency and security firm FireEye recently detected extensive attacks by Iran on U.S. banks, businesses and government agencies, prompting the Department of Homeland Security to declare an emergency during the government shutdown. The attacks from Iran took place at the same time that China renewed its efforts to steal trade and military secrets, from Boeing, General Electric Aviation and T-Mobile. Meanwhile, Microsoft detected a Russian government operation targeting think tanks critical of Russia. Continue reading Chinese, Iranian, Russian Hackers Honing Their Attack Skills

Federal Government Takes Additional Steps to Block Huawei

The U.S. government is reportedly pushing for foreign allies to stop using hardware from China-based Huawei Technologies Co. According to people familiar with the initiative, the government is aiming to convince wireless and Internet service providers to avoid telecom equipment that comes from Huawei in an effort to increase security. Washington officials are particularly concerned about countries that host military bases. The U.S. and Australia already have bans in place to curb the risk of cyberattacks. Huawei is the world’s largest telecommunications provider. Continue reading Federal Government Takes Additional Steps to Block Huawei