Politics Lawmakers, security experts call for beefing up cybersecurity
Hillicon Valley — Presented by American Edge Project — TSA to issue cybersecurity directives to secure rail, aviation sectors
Today is Wednesday. Welcome to Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Subscribe here: thehill.com/newsletter-signup. Cybersecurity Awareness Month heated up Wednesday, with the announcement by Homeland Security Secretary Alejandro Mayorkas that new security directives were on the way to bolster the cybersecurity of the rail and aviation sectors after a year of increasing threats.
Lawmakers and national security experts said Tuesday that the U.S. needs to take bigger steps at the government level and in the private sector to guard against ransomware attacks.
Rep. Yvette Clarke (D-N.Y.), speaking at The Hill's Cybersecurity Summit, said the attacks are "happening each and every day."
"Not only in the private sector but in our government sector, whether it's state and local governments, our adversaries are never sleeping," Clarke said. "We've been able to avoid the worst possible outcomes - the things that keep us up at night. But at the end of the day, it's extremely costly."
Top officials turn over Twitter accounts to 'share the mic' with Black cybersecurity experts
Top federal officials and cybersecurity experts participated Friday in an online campaign to "share the mic" in cyber, giving control of their Twitter accounts to Black cybersecurity officials and experts in an effort to combat systemic racism. The event, billed online as #ShareTheMicInCyber, featured the accounts of dozens of individuals used to promote diversity in cybersecurity throughout Friday. Twitter Security hosted live audio conversations through Twitter Spaces as part of the all-day event.
Clarke described how legislation that she introduced - the State and Local Cybersecurity Act - has been included in Democrats' wide-ranging social spending package. Her measure would provide $500 million in cybersecurity funding for state and local governments via Department of Homeland Security (DHS) grants.
As President Biden and Democratic leaders in Congress attempt to unite their party before the spending bill gets a floor vote, Clarke acknowledged that like so many other provisions in the package, funding for her bill could be reduced.
"Unfortunately, there's some give and take with respect to the amount of funding that may be made available. We really believe we've got to start somewhere," said Clarke, who heads the House Homeland Security Subcommittee on Cybersecurity, Infrastructure, Protection and Innovation.
TSA to issue regulations to secure rail, aviation groups against cyber threats
The Transportation Security Administration (TSA) will soon issue regulations to further secure rail transit and airline companies against cyber threats, Homeland Security Secretary Alejandro Mayorkas announced Wednesday."To strengthen the cybersecurity of our railroads and rail transit, TSA will issue a new security directive this year that will cover higher-risk railroad and rail transit entities," Mayorkas, whose agency includes TSA, said during a virtual address at the Billington Cybersecurity Summit.
.- The Hill Events (@TheHillEvents) : "There are ransomware attacks happening each and every day...that is an indication of the fact that our adversaries are never sleeping, and we've got to do everything we can to improve our cybersecurity posture"
Clarke also voiced support for mandatory cybersecurity reporting, saying the Cybersecurity and Infrastructure Security Agency needs to "build trust" with the private sector through reporting so that it has the "forensic ability to get a sense of what it is our adversaries are really up to."
Former Rep. Mike Rogers (R-Mich.), who chaired the House Intelligence Committee from 2011-2015, expressed concerns at Tuesday's event that the United States isn't doing enough to combat ransomware attacks from abroad.
"Our adversaries are starting to understand that you don't have to attack the National Security Agency or the CIA or even the Pentagon," Rogers said. "They want to prep the battlefield. If they ever want to engage the United States anywhere in the world, how do you do that? You cause us a lot of problems in cyberspace with private sector companies."
Hillicon Valley — Presented by American Edge Project — Facebook experiences widespread outage
Today is Monday. Welcome to Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Subscribe here: thehill.com/newsletter-signup.Ahead of tomorrow's hearing with a Facebook whistleblower - who came forward publicly in a "60 Minutes" interview that aired Sunday night - Facebook and its subsidiaries Instagram and WhatsApp experienced widespread outages that stretched into Monday evening. Meanwhile, top lawmakers on the Senate Homeland Security and Governmental Affairs Committee introduced a new bill to overhaul federal cybersecurity policies.
Rogers, now a CNN national security commentator and board member at cybersecurity firm IronNet, said he doesn't believe the private sector would be supportive of mandatory reporting for cybersecurity incidents.
Rogers said companies are "very concerned" about sharing information with DHS, but that they shouldn't have to choose between protection and privacy.
"This notion that you either have to have privacy or security is wrong," he said. "You can have both. I argue that you can't have privacy until you have security."
Former Homeland Security Secretary Janet Napolitano, who also spoke at Tuesday's summit, said that there are "real demerits" to paying ransom, but sometimes it's the most simple strategy for a company to recover digital property as soon as possible.
"It would be easy to say, 'Never pay ransom,'" she said at the summit sponsored by LookingGlass Cyber Solutions. "If you're attacked and the amount of ransom is a million or 2 million dollars and in the meantime your systems are totally down ... you're gonna weight it. It's gonna be very situational."
Congress looks to strengthen government's aging cyber infrastructure
Congress is working to funnel resources to beef up state and local government cyber infrastructure after the COVID-19 pandemic forced municipalities to move many essential operations to aging and vulnerable online sources.Included in the bipartisan infrastructure bill passed by the Senate in August is $1 billion to shore up government cybersecurity after a year in which hackers took full advantage of targeting systems. Officials say lessons have been learned. "Cybersecurity has been the No.
Hon.- The Hill Events (@TheHillEvents) on his concerns with U.S. adversaries and improving our cybersecurity efforts: "if they ever have to engage the United States anywhere in the world -how do you do that? You cause us a lot of problems in cyberspace"
Napolitano, now the director of the University at California at Berkeley's Center for Security in Politics, said the government needs to play a more active role in identifying perpetrators of cyber attacks.
"Where I think the government needs to step in is on attribution," she said. "Attribution on who is the party demanding ransom, whether they are a state-sponsored actor or a state actor or simply a state-supported actor. And then be prepared at the government level to make an appropriate response."
Fmr.- The Hill Events (@TheHillEvents) Sec. Janet Napolitano on government involvement in cyberattacks on private companies: "how do you balance the customer's requirement for privacy versus the government's legitimate need for intelligence and information?"
Supply chain risk matters when it comes to cybersecurity for next-gen 911 .
911 is vulnerable to cyber attacks, and municipalities and organizations have been compromised by low-end ransomware and other attacks.Importantly, the bill includes funds and policies to address cybersecurity as part of modernizing public safety communications. 911 is vulnerable to cyber attacks, and municipalities and organizations have been compromised by low-end ransomware, denial of service attacks and other vectors. Senate Bill 2754 provides $10 billion to help facilitate the transition from legacy public safety networks to the NG911 standard by distributing grants to local agencies responsible for 911.