Connect with us

Cyber Security

U.S. to work with Big Tech, finance sector on new cybersecurity guidelines

Market News



WASHINGTON, Aug 25 (Reuters) – The U.S. government on Wednesday said it would work with industry to hammer out new guidelines to improve the security of the technology supply chain, as President Joe Biden appealed to private sector executives to “raise the bar on cybersecurity.”

At White House meetings with Biden and members of his Cabinet, executives from Big Tech, the finance industry and infrastructure companies said they would do more about the growing threat of cyber attacks to the U.S. economy.

“The federal government can’t meet this challenge alone,” Biden told the masked executives in the East Room, telling them, “You have the power, the capacity and the responsibility, I believe, to raise the bar on cybersecurity.”

After the meeting, the White House said the National Institute of Standards and Technology (NIST) would work with industry and other partners on new guidelines for building secure technology and assessing the security of technology, including open source software.

Microsoft (MSFT.O), Google (GOOGL.O), Travelers (TRV.N), and Coalition, a cyber insurance provider, among others, committed to participating in the new NIST-led initiative.

Cybersecurity has risen to the top of the agenda for the Biden administration after a series of high-profile attacks on network management company SolarWinds Corp (SWI.N), the Colonial Pipeline company, meat processing company JBS (JBSS3.SA) and software firm Kaseya. The attacks hurt the United States far beyond just the companies hacked, affecting fuel and food supplies. read more

“We have a lot of work to do,” Biden said, citing both ransomware attacks and his push to get Russian President Vladimir Putin to hold Russian-based cyber gangs responsible, and the need to fill nearly half a million public and private cybersecurity jobs.

The guest list included Inc (AMZN.O) CEO Andy Jassy, Apple Inc (AAPL.O) CEO Tim Cook, Microsoft CEO Satya Nadella, Google’s parent Alphabet Inc CEO Sundar Pichai and IBM (IBM.N) Chief Executive Arvind Krishna.

After the meeting, Amazon said it would make its cybersecurity training available to the public for free, and it would give multi-factor authentication devices to some cloud computing customers, starting in October.

Microsoft said it will invest $20 billion over five years, a four-fold increase from current rates, to speed up its cyber security work, and make available $150 million in technical services to help federal, state and local governments to help keep their security systems up to date.

IBM said it will train more than 150,000 people in cybersecurity skills over three years and will partner with historically black colleges and universities to create a more diverse cyber workforce.

Google said it was devoting $10 billion to cybersecurity over the next five years, but it was not immediately clear what if any of the figure represented new spending. It also said it would help 100,000 Americans earn industry-recognized digital skills certificates that could lead to high-paying jobs.

Vishaal Hariprasad, CEO of Resilience Cyber Insurance Solutions, told Reuters his company would work with the government on setting clear standards for cybersecurity, and would require policy holders to meet those standards.

“So, if a company is willing to adhere to the minimum standards, they’ll have insurance, and if not, they’ll have to identify those gaps so they can get to that baseline,” he said.

“It’s not just about getting our companies safer, but also ensuring that we’re doing something to address the bad guys.”

Congress is weighing legislation on data breach notification laws and cybersecurity insurance industry regulation, historically viewed as two of the most consequential policy areas within the field.

Executives for energy utility firm Southern Co (SO.N) and JPMorgan Chase & Co (JPM.N) also attended the event.

The event featured top cybersecurity officials from the Biden administration, including National Cybersecurity Director Chris Inglis and Secretary of Homeland Security Alejandro Mayorkas.

Reporting by Andrea Shalal and Christopher Bing; additional reporting by Jeffrey Dastin and Stephen Nellis in San Francisco; Editing by Lisa Shumaker and Grant McCool

Disclaimer: The views expressed in this article are those of the author and may not reflect those of Kitco Metals Inc. The author has made every effort to ensure accuracy of information provided; however, neither Kitco Metals Inc. nor the author can guarantee such accuracy. This article is strictly for informational purposes only. It is not a solicitation to make any exchange in commodities, securities or other financial instruments. Kitco Metals Inc. and the author of this article do not accept culpability for losses and/ or damages arising from the use of this publication.


Cyber Security

Biden cybersecurity leaders back incident reporting legislation as ‘absolutely critical’

Senior officials supported fines for companies that don’t comply with proposed cyber reporting regulations.



Senior Biden administration officials are backing congressional efforts to enact new cyber incident reporting requirements for critical infrastructure operators and other companies, as well as other efforts to further entrench the Cybersecurity and Infrastructure Security Agency at the center of the civilian executive branch’s digital security apparatus.

During a Senate Homeland Security and Governmental Affairs Committee hearing today, CISA Director Jen Easterly and National Cyber Director Chris Inglis offered support for incident reporting legislation put forth by Chairman Gary Peters (D-Mich.) and Ranking Member Rob Portman (R-Ohio). The bill would require critical infrastructure operators to report significant cyber incidents on their networks to CISA.

Easterly said incident reporting is “absolutely critical” and called CISA’s “superpower” its ability to share cyber threat information across agencies and critical infrastructure sectors.

“What we could do with this information is not only render assistance to the victim and help them remediate and recover from the attack, but we can use that information, we can analyze it, and then we could share it broadly, to see whether in fact evidence of such intrusions were found across the sector, or across other sectors or across the federal civilian executive branch,” she said.

The Peters-Portman bill would also give CISA subpoena authority in the event a company refuses to comply with the reporting requirements. But Easterly said a subpoena “is not an agile enough mechanism to allow us to get the information that we need to share it as rapidly as possible to prevent other potential victims from threat actors.”

Instead, Easterly said lawmakers should look at using fines to enforce compliance.

“I just came from four and a half years in the financial services sector, where fines are a mechanism that enable compliance and enforcement,” she said.

White House National Cyber Director Chris Inglis also backed the idea of fines, but said there should additionally be incentives for reporting incidents to the government.

“We of course don’t want to impose an unfair burden on the victims,” Inglis said. “But this information is essential for the welfare of the whole. There should be rewards for good behavior. If you’ve performed well and thoughtfully in this, the benefit should be obvious, which is that we can provide better services both in response and preventing this in the future.”

In addition to Peters and Portman’s legislation, members of the Senate Intelligence Committee have introduced a cyber incident reporting bill that would mandate a tighter 24-hour window for reporting incidents. The Peters-Portman bill would establish a 72-hour reporting timelines as a minimum.

The bill endorsed by members of the intelligence committee would also cover a broader range of both incidents and reporting entities, including critical infrastructure, federal contractors, agencies, and cybersecurity service providers.

Meanwhile, House Homeland Security Cybersecurity Subcommittee Chairwoman Yvette Clarke (D-N.Y.) has successfully attached an incident reporting bill to the defense authorization bill. Clarke’s legislation is similar to the Peters-Portman bill in that it only applies to critical infrastructure operators and offers a 72-hour timeline as a starting point.

Lawmakers are also eyeing potential updates to the Federal Information Security Modernization Act of 2014. The FISMA reforms are aimed at sorting out roles and responsibilities for cybersecurity across the federal government.

Easterly said she hopes lawmakers will formally establish CISA as the “operational lead for federal cybersecurity” as part of FISMA reform legislation. She also advocated for making agencies “accountable” for investing in cybersecurity, as well as moving beyond “box checking” compliance to what she described as “true operational risk management.”

“I think instantiating all of that in FISMA reform will be incredibly important and helpful for our role,” Easterly added.

President Joe Biden may also issue a directive to clarify the role of the National Cyber Director and other cyber officials across government, according to Inglis, whose office is only a few months old.

“We’re actually taking our time, not because we’re complacent in any way, shape, or form, but taking our time to actually let experience, a modest amount of experience, drive our efforts to then clarify in writing what we believe is the right and proper way to describe that [organizational] chart in action,” he said.

Meanwhile, agencies are continuing to implement Biden’s May executive order on cybersecurity. CISA and the Office of Management and Budget have already released a federal definition for “critical software,” as well as new requirements for storing and sharing data, according to Chris DeRusha, federal chief information security officer at OMB.

OMB and the Department of Homeland Security have also developed recommendations for “new contract clauses that will enhance how the federal government and industry work together to address cyber threats,” according to DeRusha’s written testimony.

“These clauses will streamline the sharing of threat intelligence and notification of incidents,” he added.

During the hearing, DeRusha said OMB is additionally preparing new guidance for agencies on supply chain risk management.

Agencies are also likely to request new funding from Congress to implement the new cyber mandates. After Congress flushed the Technology Modernization Fund with $1 billion as part of the American Rescue Plan, agencies submitted more than 100 project proposals worth a collective $2.3 billion, with 75% of the proposals focused specifically on cybersecurity, according to DeRusha.

“We are focused and made a lot of progress already on baseline hygiene measures,” DeRusha said regarding the executive order. “We’ve also set in place a multi-year strategy and plan. And what we’re going to need from Congress is… some new resources to implement this plan.”

The Peters-Portman bill would also give CISA subpoena authority in the event a company refuses to comply with the reporting requirements. But Easterly said a subpoena “is not an agile enough mechanism to allow us to get the information that we need to share it as rapidly as possible to prevent other potential victims from threat actors.”


Continue Reading

Cyber Security

HIMSSCast: Cybersecurity, patient experience and public health dominate HIMSS conversation

HIMSS Media editors sat down in Las Vegas to discuss key takeaways from HIMSS21.



This week the HIMSS global conference was back in person after the COVID-19 pandemic sidelined last year’s event. After a week packed with hundreds of educational sessions, scores of vendor demonstrations and new meet and greets, the HIMSS Media editors sat down for a debrief.

Cybersecurity, patient experience and public health were some of the top themes running throughout the conference.

With data breaches and ransomware attacks on the rise, health systems are looking for ways to secure their data from the get-go.

“It needs to be baked in. It can’t be an afterthought, because the stakes are just too high. It’s not just an issue of data breaches anymore. It’s not just an issue of bad press. It is an issue of patient safety, truly,” said Mike Milliard, executive editor of Healthcare IT News.

Speakers also discussed the importance of listening to patients when it comes to innovating new tools.

“What I heard again and again is that healthcare wants to know what the patient wants,” Sue Morse, managing editor of Healthcare Finance News, said. “They don’t want to give them something they don’t want, and they are trying to find out what they want through technology, and reaching them how they want to be reached.”

Discussions of the COVID-19 pandemic ran throughout the show. There were several discussions about the role of digital in public health.

“The pandemic has shown us how hugely important social media, and texting and WhatsApp are to how governments communicate with people, how people communicate with each other,” said Jonah Comstock, editor-and-chief of HIMSS Media.

Talking points:

  • The mood and feel at HIMSS21.
  • New cyberattacks require innovations in cybersecurity.
  • More attention paid to the voice of the patient.
  • Public health infrastructure gaps exposed by the pandemic.
  • More work still needed on interoperability.
  • Incorporating health equity and clinical trial diversity into the conversation.
  • AI/ML in a low-key, but foundational role.
  • Star Trek and the Jetsons – models for healthcare
  • Some keynote highlights
  • COVID lessons, positive and negative
  • The telehealth explosion and its aftermath

Show notes:

ONC, CDC want to fix the fragmented public health system COVID-19 exposed

HIMSS21 tech news: cloud, analytics and interoperability developments

Updates and lessons learned from AstraZeneca, MGH’s AMAZE platform

Govs. Chris Christie and Terry McAuliffe trade jabs at HIMSS21

COVID-19 shined light on new opportunities for public health on social media

AI is the new paradigm in forecasting infectious disease risk

Former ONC head Rucker: APIs will ‘empower totally new business models’

Rainn Wilson makes us grateful for being number two

DHA director: Information and technology drive effective pandemic response

Speakers also discussed the importance of listening to patients when it comes to innovating new tools.


Continue Reading

Cyber Security

Cybersecurity CEO recovers stolen electric scooter thanks to Apple AirTags

Cybersecurity CEO Dan Guido hid two Apple AirTags inside his black electric scooter, concealed with black tape, just in case it was stolen …



Cybersecurity CEO Dan Guido, who’s located in Brooklyn, New York, hid two Apple AirTags inside his black electric scooter, concealed with black duct tape, just in case it was stolen. Smart idea!

Dan Guido shows where he hid an Apple AirTag in his electric scooter. (Photo: @dguido via Twitter)Dan Guido shows where he hid an Apple AirTag in his electric scooter. (Photo: @dguido via Twitter)

Apple’s AirTag is a small and elegantly designed accessory that helps keep track of and find the items that matter most with Apple’s Find My app. Whether attached to a handbag, keys, backpack, or other items, AirTag taps into the vast, global Find My network and can help locate a lost item, all while keeping location data private and anonymous with end-to-end encryption.

The Washington Post bemoans that Apple's AirTags may be used for stalkingApple’s AirTag

Meara Isenberg for CNET:

Guido works at the New York City-based Trail of Bits, a cybersecurity research and consulting firm that serves clients in the defense, tech, finance and blockchain industries. He chronicled his hunt for the scooter in a series of tweets Monday, sharing both the challenges and successes of his wild journey.

“My scooter was stolen last week,” Guido tweeted. “Unknown to the thief, I hid two Airtags inside it. I was able to use the Apple Find My network and UWB direction finding to recover the scooter today.”

At the end of his thread, Guido left tips for AirTag users, so they too can be prepared in case someone decides to snatch their Bluetooth-equipped belongings.

Here are a few lessons learned if you’re using Airtags for theft recovery:
1) Use an Airtag adhesive that blends in and muffles noise. It’s clear my thief was looking for them.
2) Do not turn on Lost Mode. It immediately alerts the thief they’re being tracked.

— Dan Guido (@dguido) August 10, 2021

3) Act quickly, before the anti-stalking feature kicks in. Damage done to my handlebars was likely in response to the regular noises from the Airtag.
4) Limit your in-person interactions and always involve the police. Don’t try to retrieve your stolen goods until you have backup.

— Dan Guido (@dguido) August 10, 2021

MacDailyNews Take: Finding a stolen electric scooter is yet another success story for Apple’s AirTags!

The Washington Post bemoans that Apple's AirTags may be used for stalking


Continue Reading