Congresswoman Nanette Diaz Barragán (D-California), who serves on the House Committee on Homeland Security and the House Committee on Energy and Commerce, is concerned about the potential harm of cyberattacks in her 44th district, which includes of the Port of Los Angeles. Congressman Jay Obernolte (R-California), among his other assignments, is a member of the Committee of Science, Space and Technology and two caucuses, one on 5G and another on AI.  What they both have in common are concerns about cybersecurity, topics that were addressed during a panel at CES 2022. Continue reading CES: Members of Congress Discuss Cybersecurity Concerns

During a panel at CES 2022, CTA specialist in government affairs Quentin Scholtz queried panelists from government and technology on their priorities and plans for stepping up effective enforcement against cyberattacks, especially those originating from nation states. Jamie Susskind, tech policy advisor for Senator Marsha Blackburn (R-Tennessee); former U.S. representative Will Hurd (R-Texas); and Samsung Electronics senior manager and counsel of public policy Eric Tamarkin offered complementary priorities on how to act in 2022 and going forward. Continue reading CES: Government, Tech Firms Partner to Curtail Cyberattacks

Human rights are center stage in a Congressional request to the U.S. Treasury Department for sanctions against Israeli spyware firm NSO Group and three additional foreign surveillance companies that allegedly aided authoritarian governments in committing criminal moral abuses. In a letter signed by Senate Finance Committee chairman Ron Wyden (D-Oregon), House Intelligence Committee chairman Adam Schiff (D-California) and 16 other Democratic lawmakers, Treasury was also asked to slap down UAE cybersecurity firm DarkMatter, European bulk surveillance mills Nexa Technologies and Trovicor, and top executives at those firms. Continue reading Lawmakers Urge Treasury Sanctions Against Spyware Firms

The Log4j code vulnerability has the media declaring the Internet in a state of crisis. Log4j is a Java-based logging framework developers use to track user activity within applications on the popular Apache web server. Security experts are rushing to patch the bug, which is being exploited to remotely assume control of vulnerable systems, stealing credentials, installing malware and launching other attacks that permeate consumer devices. Last week, the U.S. Cybersecurity and Infrastructure Security Agency issued a Log4j alert, as did Australia’s CERT emergency response team. Continue reading Major Security Vulnerability Triggers Worldwide Internet Crisis

The U.S. government has announced its plans to work with other nations to put restrictions on the export of surveillance tools to authoritarian countries such as China. The Biden administration says it would gather allies and start an initiative to regulate the export of surveillance tools. The initiative is planned to be discussed during a virtual gathering, Summit for Democracy, on December 9-10. Representatives from more than 100 democratic nations will be participating. The primary objective of the summit is to crack down on authoritarian governments from using cyber tools to violate fundamental human rights. Continue reading U.S. to Limit Exporting Surveillance Tech to Certain Countries

Nvidia is fast-tracking its cybersecurity efforts, emphasizing zero trust through new product integrations designed to protect enterprise customers from attack while supporting artificial intelligence, machine learning and server workloads that scale. Earlier this month Nvidia promoted its full-stack data center security solution: DOCA 1.2 accelerated software, running on BlueField-3 DPUs using the Morpheus AI framework — a configuration that can “secure a data center at every touchpoint,” including users, devices and the data itself, Nvidia founder and CEO Jensen Huang explained at Nvidia’s GTC 2021 event earlier this month. Continue reading Nvidia Introduces a Full-Stack Solution for Zero Trust Security

The Biden administration ordered federal agencies to patch roughly 300 cybersecurity vulnerabilities believed to expose government computer systems to potentially damaging intrusions. About 200 of the threats were discovered by cybersecurity experts between 2017 and 2020, while another 90 flaws were found in 2021. All are known to be used by malicious cyber actors, said Cybersecurity and Infrastructure Security Agency director Jen Easterly in a statement accompanying the directive. The agencies have been given two weeks to patch the 2021 threats and six months to fix the older defects. Continue reading Biden Administration Orders Agencies to Repair Cyber Flaws

Sundar Pichai, CEO of Google and its parent Alphabet, is urging the U.S. government to step up innovation and more actively police cyberthreats. In a year beset with security breaches attributed to Russian and Chinese hackers, Pichai says it’s time to draft a Geneva Convention for technology, outlining international legal standards, safeguards and behavioral norms for the connected age. Pichai also made an appeal for state-sponsored innovation in the face of competition from China, where the Communist Party under President Xi Jinping has outlined plans to advance artificial intelligence and develop a proprietary semiconductor sector. Continue reading Alphabet CEO Calls for Government Action in Tech Innovation

Payments flagged by U.S. banks as suspected ransomware in 2021 are on pace to nearly double those of 2020, according to reports filed with the Treasury Department. Almost $600 million in potential ransomware payments have been filed with the federal government from January through June, which is more than 40 percent more than the tally for full-year 2020. Reflecting the fact that governments worldwide describe cybercrime as a critical national security threat, the first International Cybersecurity Challenge is scheduled for Greece in June 2022, where 25 Americans aged 18 to 26 are set to compete. Continue reading U.S. Advances Cybersecurity Steps as Ransomware Doubles

By the end of 2021, cybercrime will cost the world an estimated $6 trillion through 2021, a figure that will swell to $10.5 trillion by 2025, according to Cybersecurity Ventures. To deal with that threat, Google has created the Cybersecurity Action Team (GCAT) and the Work Safer security bundle to help protect organizations, small businesses, enterprises and public sector institutions against cyberattacks. At Google Cloud Next ’21, the company said the Google Cybersecurity Action Team will draw on expertise from across the company to help protect entities from data breaches and help meet new government compliance rules. Continue reading Google Action Team Is Ready for Its Cybersecurity Close-Up

The “zero trust” policy envisioned by President Biden in May when he signed an executive order to improve cybersecurity has begun taking shape with the release last week of a draft blueprint by the White House Office of Management and Budget (OMB). While Biden’s order covers the public and private sectors “and ultimately the American people’s security and privacy,” zero trust focuses on identifying and implementing best practices for the federal government’s digital platforms and processes. Deployment will take years of investment and effort. To help jump-start the initiative, some primers have hit the news feeds. Continue reading Government Pursues ‘Zero Trust’ Approach to Cybersecurity

European Union nations are voicing discontent over delays in enforcement of the General Data Protection Regulation (GDPR) implemented in May 2018. Earlier this month Ireland announced a $266 million fine against WhatsApp, after haggling to boost the original sanction of up to $59 million by the Irish Data Protection Commission (WhatsApp parent Facebook has European headquarters in Ireland). The situation has prompted calls to revise how the 27 EU member countries participate in overlapping cases, with expanded pan-EU rules also under consideration. Continue reading European Union Members Are Concerned Over GDPR Delays

A Securities and Exchange Commission investigation into the 2020 Russian cyberattack of SolarWinds has corporate executives concerned over the possibility that information unearthed in the probe will expose them to liability. Companies suspected of or known to have been downloading compromised software updates from SolarWinds have received letters requesting records of all breaches since October 2019, raising fears that sensitive cyber incidents previously unreported and unrelated to SolarWinds may be revealed, providing the SEC with details that many companies may never have wanted to disclose. Continue reading SEC Probe of SolarWinds Attack Concerns Corporate Execs

In the security world, “bug bounty” programs are becoming more common, from Facebook to the Department of Defense. Hackers who can reveal the hidden vulnerabilities of a device, system or corporation can reap significant financial rewards. Apple launched its program in 2016 and offers payouts of up to $1 million for the most elusive flaws. The tech giant reportedly spent $3.7 million on such exercises in the 12-month period ending in July 2021, during which time Google shelled out $6.7 million and Microsoft spent $13.6 million. Such programs have become a valuable tool in security maintenance, putting hackers’ inquisitive natures to productive use.  Continue reading Tech Firms Raid Security Flaws with ‘Bug Bounty’ Programs

Strider Technologies has debuted its Strider Shield platform that helps businesses better understand potential threats to intellectual property — including nation-state directed IP theft and supply chain threats — by combining online tracking tools often used by advertising agencies with data ingestion tools, natural language processing and various algorithms. Strider co-founder and chief strategy officer Eric Levesque said that Strider Shield allows an enterprise to collect thousands of data points such as email addresses, domain names and keywords to correlate against systems where the IP resides, in order to surface potential risks. Continue reading Strider Shield Technology Aims to Protect Intellectual Property