| Welcome to The Cybersecurity 202! I'm late to the game, but just learned the Banksy artwork that was half shredded during a 2018 auction was resold for 18 times its value. Below: The Justice Department seized $2 million from another REvil-affiliated hacker, and prosecutors are going after fundraising groups run by Trump ally Sidney Powell. | Concerns over Chinese hacking could gum up bills to expand U.S. cloud computing |  Sen. Rob Portman (Ohio), the top Republican on the Senate Homeland Security Committee, leans over to speak to Committee Chairman Sen. Gary Peters (D-Mich.). (Drew Angerer/Getty Images) | | | A congressional plan to expand government cloud computing is facing head winds from lawmakers who say it leaves cloud systems too vulnerable to Chinese hacking. Sens. Rob Portman (Ohio), the top Republican on the Senate Homeland Security Committee, and Josh Hawley (R-Mo.) say the reforms don't do enough to prevent China and other U.S. adversaries from slipping malicious software into government cloud systems. "Right now, we do not have sufficient safeguards in place to identify and prevent foreign interference in our cloud systems, and I believe that must change before we codify this program," Portman said yesterday during a roundtable discussion on the effort. | | @senrobportman | "Right now, we do not have sufficient safeguards in place to identify and prevent foreign interference in our cloud systems, and I believe that must change before we codify this program." | | | | | | | | The government has spent much of the past decade scrambling to convert large portions of its clunky and outdated IT infrastructure to commercially built computer clouds, which most experts say are more secure against hacking. The move to cloud has been a key component of efforts to protect sensitive government data against a rash of cyberattacks from Russia and China. | | | | ADVERTISEMENT | | Content from Darktrace | | Cyber Security: A New Era of Threat |  | | Cyber-criminals are outsmarting human security teams. But with Darktrace, organizations can regain the upper hand, using Self-Learning AI that autonomously interrupts novel threats, without disrupting day-to-day business. | | | |  | | | | | Bipartisan bills in the House and Senate would deliver $20 million to boost that effort and require additional cyber protections such as continuously monitoring cloud systems for digital threats. The House version was included in a must-pass defense policy measure, and Senate Homeland Security Chairman Gary Peters (D-Mich.) is pushing to get the Senate version into the defense bill as well, which would nearly assure it becomes law. Let's get into the weeds for a minute: The debate centers on a decade-old program called the Federal Risk and Authorization Management Program, or FedRAMP, that vets the security and privacy of cloud-based systems for email, word processing, data storage and other uses to make sure they're up to government standards for storing unclassified data. FedRAMP allows government agencies, for example, to use Microsoft and Google email systems that are very similar to those used by the private sector. | - The general idea is that once cloud systems pass muster with one government agency, they can be safely used by other agencies that require the same level of security.
- State and local governments also use FedRAMP authorizations to guide their own cloud purchases.
- There are about 239 cloud providers with FedRAMP authorizations at this point, and various agencies have used those authorizations to buy cloud systems more than 2,700 times.
| | Systems run in computer clouds managed by third parties, such as Amazon and Microsoft, are often more secure than computer systems run directly by a government agency or other organization. That's because those cloud providers have larger and better trained security staffs and because they make it easier to set hyper-specific rules about who can access what data. One red flag: Government auditors have found agencies aren't scrupulous enough about ensuring cloud vendors are meeting government security requirements. The problem: Portman said he's concerned there aren't enough checks to ensure FedRAMP-approved systems don't include computer code written by software engineers in China and other adversary nations who might sneak in malicious code that make them more vulnerable to hacking. He wants the bill to require the government to regularly review standards governing the origin of a cloud system's computer code so agencies can assess whether those systems are worth the risk. Peters pledged to add some language to the bill responding to Portman's concerns. But it's not clear if House lawmakers will go along with their version. Portman also has some other objections to the bill, including that it might be too easy for cloud vendors to game the approval system. Government witnesses at the roundtable had mixed reactions. | - Ashley Mahan, a top official who works on FedRAMP at the General Services Administration, said she would review the language Portman suggests.
- GSA Chief Information Officer David Shive argued such requirement would be too prescriptive and burden the program with bureaucracy.
| | "We run the risk of tying our hands if we're too prescriptive," Shive said. Cybersecurity experts broadly agree that it's important to guard against adversary nations having too much control over technology systems in government and critical industry sectors. The Cybersecurity and Infrastructure Security Agency, for example, has barred government agencies from using technology provided by several Russian and Chinese firms. Experts are sometimes wary, however, about tracing foreign concerns to the level of computer code. Part of the concern is that many companies rely on coding work done in lower-wage nations such as India. Also, a lot of software incorporates open-source code that was written by people across the world and it can be extremely difficult to disaggregate what came from where. | | |  | The keys | | The Justice Department seized more than $2 million from a suspected REvil ransomware hacker in August |  The Justice Department named two other suspected REvil hackers less than a month ago. (Andrew Harnik/AP) | | | The money came from "ransomware attacks committed by" Aleksandr Sikerin, prosecutors said in a filing. The money was seized in August, but authorities are now going through the formal forfeiture process that allows them to keep it. This marks the third time in the past month that U.S. officials have taken aggressive actions against suspected member of the notorious ransomware gang. In early November, the Justice Department announced the seizure of more than $6 million extorted from Revil victims. It also charged two suspected hackers, one of whom is reportedly living a life of luxury in Barnaul, Russia. | | The efforts are a major component of the Biden administration's efforts to crack down on ransomware gangs and make their work less rewarding. Prosecutors linked Sikerin to an address in Saint Petersburg, Russia, according to the filing. Sikerin uses the hacker alias Lalartu, Bleeping Computer's Lawrence Abrams writes, citing security researchers. REvil attacks have bled than $200 million in ransoms from victims around the world since April 2019, prosecutors said. The group was behind a devastating cyberattack on IT firm Kaseya. A spokesperson for the U.S. attorney's office for the Northern District of Texas declined to comment. | Prosecutors demanded financial and other records from fundraising groups launched by Sidney Powell |  Judges dismissed Sidney Powell's lawsuits challenging the results of the 2020 election, calling them groundless. (Jacquelyn Martin/AP) | | | Powell has aired baseless claims of election fraud. Prosecutors demanded communications, fundraising and accounting records from two Powell-linked groups, Isaac Stanley-Becker, Emma Brown and Rosalind S. Helderman report. Assistant U.S. Attorney Molly Gaston, who is handling politically charged matters relating to the Jan. 6 attack on the Capitol, signed a grand jury subpoena reviewed by The Post. One of the organizations, Defending the Republic, contributed more than $500,000 to a partisan election review in Maricopa County, Ariz. That review was blasted by cybersecurity experts. "The federal investigation highlights the intensifying legal quandaries facing Trump-allied attorneys and other figures who promoted false claims that the election was rigged," my colleagues report. "Powell, a former federal prosecutor who gained prominence on the right while representing former national security adviser Michael Flynn, became a leading figure in efforts to use the courts to overturn the 2020 vote," my colleagues write, noting that "she alleged a vast scheme to manipulate voting machines to steal the election from Trump." Defending the Republic criticized the move. "We have always known the more effective we are, the more the false attacks will intensify," the group said. "Defending the Republic has and will continue to fight for #WeThePeople who make this country work." Powell did not respond to requests for comment. | A Finnish court blocked evidence obtained from an encrypted messaging service secretly run by the FBI |  Law enforcement agencies from around the world worked together on the sting operation. (Denis Poroy/AP) | | | The court decision came nearly six months after the FBI revealed that it was secretly behind the encrypted messaging service Anom, with law enforcement covertly gathering millions of seemingly secret messages. A court ruled the messages can't be used in the Finnish case because the surveillance procedure used by police was too extreme for the money laundering case they were investigating, Motherboard's Joseph Cox writes, citing Finland's Iltalehti news outlet. "The district court found that the Anom messages had been obtained illegally from the individuals in Finland and Spain, and the correct permits required for the surveillance were not applied for," he writes. Prosecutors plan to appeal the ruling. "This specific ruling centres around Finnish rapper Ville Virtanen, who allegedly planned to give 10,000 euros to a drug leader in Spain, and Kalle Kallonen, charged with money laundering," Cox writes. The ruling only applies to two cases in Finland, not the myriad other cases brought by law enforcement agencies worldwide in connection with the sting operation. However: "the ruling could have a knock-on effect on other prosecutions against other alleged criminals who used Anom phones," Cox writes. Hundreds of people were arrested in the crackdown. Users of the devices included drug organizations, contract killers and arms dealers, authorities said. | | |  | Global cyberspace | | | |  | Cyber insecurity | | | |  | Government scan | | | |  | Industry report | | | |  | Daybook | | - State Department Deputy Coordinator for Cyber Issues Michele Markoff discusses cyber norms at a Columbia University School of International and Public Affairs event on Wednesday at noon.
- The House Transportation Committee holds a cybersecurity hearing on Thursday at 10 a.m.
- The House Science Committee holds a hearing on microelectronics on Thursday at 10 a.m.
- Markoff and Amb. Andrey Krutskikh, who leads the Russian foreign ministry's international information security department, speak at a United Nations Institute for Disarmament Research conference on Friday at 11 a.m.
- Robert Cardillo, the former director of the National Geospatial-Intelligence Agency, speaks at a Center for Strategic and International Studies event on open-source intelligence on Friday at 2 p.m.
- NATO Assistant Secretary General for Emerging Security Challenges David van Weel discusses artificial intelligence cooperation at an American Enterprise Institute event on Dec. 7 at 9:30 a.m.
| | |  | Secure log off | | | Thanks for reading. See you tomorrow. | | |
No comments:
Post a Comment