Sealing a Senate Cyber Deal and Battening Down DHS Hatches
Happy Friday, Cybersecurity News readers. While the work week may be coming to an end, make no mistake that cybersecurity legislation will be doing the same.
According to Reuters, Senate staffers are working on an all-encompassing cybersecurity bill with the leadership needed to put it on the “short list” for passage.
Apparently Senate Majority Leader Harry Reid (D-NV) has also added the cyber bill to his list of top-priority measures to get through the Senate this year, sources told Reuters.
But sealing a Senate cyber deal won’t come without a struggle…
And while Cybersecurity News reported last week on Senator Tom Carper’s reservations about passing a measure after the changes that the midterm elections may bring, Reuters also noted potential opposition.
Citing industry resistance, the article mentions, “The legislation would require companies who sell the government $80 billion in hardware and software each year to bake in a certain level of security — a potentially expensive prospect.”
On the other hand, “The bill is a priority because leaps in technology have increased industrial productivity, but also left businesses and the US government vulnerable to foreign spies, such as the 2008 breach of US military computers using a single compromised thumb drive and identity thieves who have stolen untold numbers of consumer credit card numbers,” Reuters reported.
But regardless of whether or not the bill gets through, be advised: “The Internet is fragile.” That’s according to US Cyber Command commander General Keith Alexander, head of the National Security Agency.
Speaking at the Gov 2.0 Summit in Washington this week, Gen. Alexander warned of the nation’s potential cyber threats, vulnerabilities and network security issues, The Hill reported.
“It is critical we improve our security posture. The threats are real. Malicious actors a continent away can exploit our networks. They’re becoming better organized and sophisticated at exploiting weaknesses in our technologies,” Alexander said.
Also covering the summit, InformationWeek reported that Gen. Alexander didn’t hesitate to layout cyber specifics: “There are 250,000 probes trying to find their way into Department of Defense networks every hour, and cyber attacks on federal agencies have increased 150% since 2008.”
Alexander went on to add that “teamwork, global leadership and a respect for citizens’ privacy are necessary to secure US critical infrastructure against cyber attacks.”
But before determining definite cyber defenses, it seems that the General must first tend to some cyber issues of his own. According to an article published by Wired, an audit released Wednesday revealed another set of fairly frightening cyber blunders over at the Department of Homeland Security.
“The federal agency in charge of protecting other agencies from computer intruders was found riddled with hundreds of high-risk security holes on its own systems,” Wired reported of the audit’s results.
Running through DHS United States Computer Emergency Readiness Team (US-CERT) network systems, auditors found “1,085 instances of 202 high-risk security holes” (pdf), with 202 holes considered as “high-risk vulnerabilities.”
The article goes on to mention that, in a statement, DHS spokesperson Amy Kudwa said that the Department is working to fix the issue and has installed “a software management tool that will automatically deploy operating-system and application-security patches and updates to mitigate current and future vulnerabilities.”
Additional cybersecurity news follows:
Cyber task force passes mission to cyber command (American Forces Press Service)
Global computer virus attacks through e-mail (ABC News, Los Angeles)
Sen. Carper: 2008 Cyber attack underscores US vulnerabilities (National Journal)
Will your agency’s cybersecurity mandate change? (Federal News Radio)
Cyber costs climb (NextGov)
Lockheed interested in cybersecurity M&A (Reuters UK)
New report gauges emotional impact of cybercrime (Security Week)
Cybersecurity: It’s more than worms, hacking and phishing (Sys-Con Media)
Is infosec worker need underestimated? (GovInfo Security)
Federal Council reaffirms cyber strategy (World Radio Switzerland)