“CISA has validated various proofs of concept and is concerned that exploitation of this vulnerability may lead to full system compromise of agency networks if left unmitigated,” the emergency directive says.
By Brad D. Williams“This is a good reminder that the GRU remains a looming threat, which is especially important given the upcoming Olympics, an event they may well attempt to disrupt,” observed John Hultquist, VP of Analysis at Mandiant Threat Intelligence.
By Brad D. WilliamsThe bad practices are aimed especially at — though not limited to — educating critical infrastructure owners and operators. This includes, of course, the defense industrial base and many who support its supply chain — from communications equipment and high-tech capabilities to electrical and mechanical components for military hardware, such as tanks, planes, and ships.
By Brad D. WilliamsSen. Warner’s draft legislation, long expected, marks one of the first attempts to create a federal law mandating cyber incident reporting by some entities. Notably, the bill provides reporting entities with a degree of privacy and legal protection.
By Brad D. WilliamsDespite a unanimous committee voice vote, Sen. Scott announced a hold on the CISA director nominee, as well as all other DHS nominees, until President Biden visits the border with Mexico.
By Brad D. Williams“If the past year has taught us anything, it’s the obligation we have as leaders to anticipate the unimaginable,” CISA nominee Easterly said. “I believe as a nation we remain at great risk of a catastrophic cyberattack.”
By Brad D. Williams“Someone told me I was like Chicken Little, but I prefer Paul Revere,” said Sen. King, who co-chaired the commission that recommended creating the national cyber director.
By Brad D. Williams“[Paying the ransom] was the hardest decision I’ve made in my 39 years in the energy industry… and I put the interest of the country first,” Colonial’s CEO told Congress. “I believe with all my heart [paying the ransom] was the right choice to make, but I want to respect those who see this issue differently.”
By Brad D. WilliamsThe budget requests funding for four new teams for the Cyber Mission Force. Those teams will support CYBERCOM operations and provide cyber support for space operations.
By Brad D. WilliamsToday’s pipeline directive is likely just the next in a series of actions to shore up national cybersecurity across the private sector, especially those deemed critical infrastructure. “I know there are a number of discussions on the Hill… of a broader data breach notification,” Deputy National Security Advisor Anne Neuberger said today.
By Brad D. WilliamsThe cyber executive order “properly emphasizes” information sharing. Sens. Peters and Portman float updating FISMA. FERC calls for mandatory pipeline cyber standards. Report says vulnerable Exchange Server “most likely culprit” at Colonial. FireEye details DarkSide’s business ops.
By Brad D. Williams“It reflects a fundamental shift in our mindset — from incident response to prevention, from talking about security to doing security,” a senior administration official says.
By Brad D. WilliamsCISA and FBI issue a joint advisory on DarkSide ransomware. “There is no immediate mission impact” from fuel shortage on DoD, a Pentagon spokesman said. Colonial temporarily restored operations between North Carolina and Maryland last night. Russia denies involvement. DarkSide’s business model complicates attribution.
By Brad D. Williams“We are disappointed, though unsurprised, to learn of the cyberattack,” Sen. King and Rep. Gallagher said. “We can and must be better… in navigating the threats of the Age of Cyber Aggression.”
By Brad D. Williams