facebook linkedin twitter

Bigger Government Role Expected to Protect Industry From Hackers

October 26, 2021 by Tom Ramstack

WASHINGTON — Large-scale cyberattacks continued this week in the United States and abroad as computer security experts told a congressional panel Tuesday that more government intervention is needed.

On Monday, Microsoft announced that Russia-backed hackers were trying to steal information technology to disrupt the global supply chain.

On Tuesday, cyberattackers shut down gas stations across Iran. In Germany, a major auto components supplier was hacked, possibly interfering with automobile production throughout the country.

Other attacks were reported this week at schools in Colorado and Wisconsin.

“The threat is evolving much more quickly than our defense,” said Suzanne Spaulding, a Homeland Security International Security Program senior advisor.

She testified to the House Homeland Security subcommittee on cybersecurity as it considers proposals to require transportation companies to meet minimum requirements for protecting their computer systems that operate the nation’s transit systems, airlines, pipelines and railroads.

The Transportation Security Administration is close to finalizing the requirements. They come with a huge controversy for private industry.

Corporations have traditionally relied upon voluntary guidelines to protect their businesses and customers. They argue against the heavy hand of government regulation, along with the fines and court orders that could accompany it.

Witnesses at the congressional hearing said recent events show voluntary guidelines are too weak to adequately protect the public and the nation’s economy.

Spaulding said that until recently she also favored voluntary private market compliance with cybersecurity guidelines.

“Markets are generally more efficient and, important for such a dynamic area as cyber, nimbler,” she said. “However, over the last couple of years, I have reluctantly had to conclude that we cannot rely upon markets alone to ensure the continuity of nationally critical functions upon which the American public relies.”

Lawmakers and witnesses discussed the May 2021 Colonial Pipeline ransomware attack as a prime example of the damage cyberattackers can cause.

Gasoline and jet fuel deliveries along the 5,500-mile pipeline from Houston, Texas, to the East Coast were shut down for five days while the attackers demanded a $4.4 million bitcoin ransom.

Colonial Pipeline officials paid the ransom but also generated disputes that continued this week about whether anyone should need to respond to demands of thieves who use software to extort money.

“Time is not on our side,” Spaulding said.

Rep. Yvette Clarke, D-N.Y., chairwoman of the cybersecurity subcommittee, said lawmakers were “shocked” by weaknesses in Colonial Pipeline’s cybersecurity.

She also said cyberattacks and ransomware are a special threat for her constituents in New York, which is a major hub for airports, rail systems and transit. Six months ago, Chinese hackers infiltrated computers of the New York Metropolitan Transportation Authority.

“Fortunately, they did not gain access to operational systems that control rail cars, but I remain concerned about the cybersecurity of mass transit systems generally and MTA’s network in particular,” Clarke said. “Given the degree to which middle- and low-income people rely on public transportation, a cyberattack affecting mass transit could have a disproportionate impact on these populations.”

She welcomed the Transportation Security Administration’s upcoming cybersecurity standards for transportation companies and agencies.

“They mark a pivotal transition in the federal government’s approach to cybersecurity,” Clarke said.

The new standards could not come soon enough, according to respondents in a survey released last week by Texas-based cloud computing company Rackspace Technology.

The survey of 1,420 government information technology decision-makers showed that less than half believe their personnel are prepared to mitigate or understand all cyber threats.

Tom can be reached at [email protected]

A+
a-

Cybersecurity

November 22, 2021
by Kate Michael
Klobuchar Weighs in on CAP’s New Report on Tech Regulation

WASHINGTON — Sen. Amy Klobuchar, D-Minn., has been on a crusade for swift and sweeping reform of Big Tech platforms,... Read More

WASHINGTON — Sen. Amy Klobuchar, D-Minn., has been on a crusade for swift and sweeping reform of Big Tech platforms, introducing a number of bills and even publishing a book titled “Antitrust” that looks at the history of policy toward trusts and monopolies and details how... Read More

November 13, 2021
by Victoria Turner
US Cyber Attack Defenses Assessed at Forum

WASHINGTON — The U.S. is at risk of creating a two-silo cybersecurity strategy impeding its ability to adequately address ever-evolving... Read More

WASHINGTON — The U.S. is at risk of creating a two-silo cybersecurity strategy impeding its ability to adequately address ever-evolving cyber threats from bad actors overseas, a former assistant secretary of defense said Friday. Speaking at an American Enterprise Institute event, Paul Stockton, who is now... Read More

November 9, 2021
by Dan McCue
SolarWinds Sued By Shareholders Over Epic 2020 Data Breach

GEORGETOWN, Del. — Shareholders are suing software provider SolarWinds Corp. in the Delaware Court of Chancery claiming the company directors... Read More

GEORGETOWN, Del. — Shareholders are suing software provider SolarWinds Corp. in the Delaware Court of Chancery claiming the company directors should have known of, and yet did nothing to mitigate, the risk of the massive data breach that took place in 2020. The plaintiffs, led by... Read More

October 26, 2021
by Tom Ramstack
Bigger Government Role Expected to Protect Industry From Hackers

WASHINGTON — Large-scale cyberattacks continued this week in the United States and abroad as computer security experts told a congressional... Read More

WASHINGTON — Large-scale cyberattacks continued this week in the United States and abroad as computer security experts told a congressional panel Tuesday that more government intervention is needed. On Monday, Microsoft announced that Russia-backed hackers were trying to steal information technology to disrupt the global supply... Read More

October 22, 2021
by Reece Nations
Commerce Department Tightens Export Controls on Cybersecurity Items

WASHINGTON — The Department of Commerce’s Bureau of Industry and Security announced on Wednesday it would institute new export controls... Read More

WASHINGTON — The Department of Commerce’s Bureau of Industry and Security announced on Wednesday it would institute new export controls over cybersecurity items such as cyber intrusion software that can be used maliciously. The department’s new policy also creates a new license exception for authorized cybersecurity... Read More

October 14, 2021
by Victoria Turner
Cybersecurity Experts Point to More Investment Needed in Detection, Response

WASHINGTON -- If everyone were to employ proper cyber hygiene like multi-factor authentication or not clicking on links in phishing... Read More

WASHINGTON -- If everyone were to employ proper cyber hygiene like multi-factor authentication or not clicking on links in phishing emails, more than 85% of cyberattacks would be prevented, said Sen. Angus King, I-Maine, Thursday.  “The best hack is the one that doesn’t happen,” King said... Read More

News From The Well
scroll top