A CAPITOL HILL UPDATE: ENERGY ATTACKS IN FOCUS AT CYBER HEARING: Russian cyberattacks on the U.S. energy grid attracted attention Tuesday at a hearing focused on the federal government's implementation of a key cybersecurity program spearheaded by the Department of Homeland Security. Lawmakers on the House Homeland Security and Oversight Committees jointly held the hearing on Homeland Security's Continuous Diagnostics and Mitigation (CDM) program, which featured testimony from officials at agencies that have already been implementing the first phase of the program. Homeland Security launched CDM, a four-phase program, in 2012 to better monitor and secure federal government networks from cyberattack. Officials at Homeland Security and the Department of Energy faced questions on threats to energy infrastructure, after the Trump administration disclosed last week that Russian government hackers staged a multi-year cyberattack campaign against the energy sector and other critical infrastructure. Rep. Jerry Connolly (D-Va.) pressed Max Everett, the chief information officer at the Department of Energy, on how worried lawmakers should be about threats to the grid. "Obviously, we take that very seriously," Everett said. "We've had a lot of briefings over even the last week." He noted that the department works closely with Homeland Security and the FBI to engage with the energy sector on cybersecurity threats. Homeland Security has the chief responsibility of protecting critical infrastructure--most of which is owned and operated by private companies--from cyber and physical threats. Everett, who in his role is responsible for the department's internal cybersecurity, said that he is particularly concerned about threats to the department's Power Marketing Administrations, which help distribute electricity in the west and northwest United States. He said that the CDM capabilities can help the department fill any "gaps" the administrations have in terms of cybersecurity. Later, Rep. Don Bacon (R-Neb.) expressed his concern about the threat to the energy grid and pressed the officials on how CDM could potentially help protect against such attacks, despite it being a program to secure .gov networks and not those in the private sector. "We want to provide Mr. Everett and the rest of the agencies the visibility of their network, be able to get vulnerabilities quickly patched, get systems properly configured to reduce the likelihood that an adversary can get into that system," said Kevin Cox, the Homeland Security official overseeing the CDM program. "We then want to help the agencies get visibility across their network so that they can detect any attacks to their network, any threats in their network, and address them quickly." "I think it's very alarming," said Bacon. "The next December 7 won't be airplanes and torpedoes coming at Pearl Harbor, it's going to be triggered with an attack on our energy grid with rolling blackouts and chaos." "We've got to start working on resilience of our energy grid," Bacon said. A REPORT IN FOCUS: TRUMP 'MANAGEMENT AGENDA' EMPHASIZES TECH MODERNIZATION: The Office of Management and Budget (OMB) on Tuesday rolled out President's Trump's "management agenda," in which information technology modernization gets a key mention. The agenda aims to present "a long-term vision for modernizing the Federal Government in key areas that will improve the ability of agencies to deliver mission outcomes, provide excellent service, and effectively steward taxpayer dollars on behalf of the American people." It identifies IT modernization as a "key driver of transformation" within the new administration. It references the recent passage of the Modernizing Government Technology (MGT) Act, which authorizes two streams of funding for agencies to draw from in order to replace aging information systems with more efficient, secure, and less costly IT infrastructure. Congress still needs to fund the general IT modernization fund established under the law, which is valued at $500 million over two years. "Regardless of funding method, the Administration will promote opportunities to leverage Federal buying power, utilize government-wide vehicles such as the Enterprise Infrastructure Solutions contract to pivot to modern architectures, and clear obstacles agencies encounter, such as overly burdensome reporting and compliance checks, as they seek to enhance their ability to better deliver services to their customers while ensuring that these changes appropriately improve Federal cybersecurity," states Trump's management agenda. IT modernization has been a key priority of the White House's Office of American Innovation, spearheaded by Trump's son-in-law and senior adviser Jared Kushner and Chris Liddell, a former Microsoft executive who just yesterday was tapped as deputy to White House chief of staff John Kelly. A LIGHTER CLICK: James Comey might be going Hollywood. (The Hollywood Reporter) WHAT'S IN THE SPOTLIGHT: ORBITZ BREACHED: Travel website Orbitz on Tuesday disclosed a possible breach that may have resulted in hackers making away with personal information on 880,000 customer payment cards. Orbitz, which is now owned by Expedia, described the episode as a "data security incident," saying that an internal investigation revealed that hackers may have accessed card information stored on a consumer and business partner platform between October and December of last year. The company said the Orbitz website was not involved in the incident and that there is no "direct evidence" of information actually being stolen. In total, the company said hackers may have gained access to personal information on roughly 880,000 payment cards, including payment card information, names, birth dates, phone numbers, and email and billing addresses. The company said that hackers potentially compromised information on the consumer platform that was used to make purchases between January 2016 and June 2016. With respect to its business partner platform, Orbitz said the cards potentially compromised were used in payments between January 2016 and December 2017. The company said it turned up evidence earlier this month of the possible breach when investigating a "legacy" Orbitz platform. "We took immediate steps to investigate the incident and enhance security and monitoring of the affected platform," Orbitz said in a statement. "As part of our investigation and remediation work, we brought in a leading third-party forensic investigation firm and other cybersecurity experts, began working with law enforcement, and took swift action to eliminate and prevent unauthorized access to the platform." The company said it is working to notified customers and partners of the incident and plans to provide free credit monitoring and identity theft protection to those impacted. To read more from our piece, click here. IN CASE YOU MISSED IT: Links from our blog, The Hill, and around the Web. White House vents frustration with 'absurd' Mueller probe. (The Hill) Top Russia probe Republican: 'No intention' of calling Cambridge Analytica officials back. (The Hill) House Judiciary Chair expected to issue DOJ subpoena over Clinton emails as soon as this week. (The Hill) Cambridge Analytica whistleblower to speak to House Intel Dems. (The Hill) OP-ED: Why cryptocurrencies aren't going away. (The Hill) OP-ED: Mark Zuckerberg's moment of truth. (The Hill) Kaspersky Lab exposed a U.S.-led counterterrorism operation spying on ISIS in 'Slingshot' report. (Cyberscoop) Puerto Rico's PREPA power utility was hacked. (Reuters) DHS's cyber office gets a deputy undersecretary. (FCW) The CIA's 'first lady' draws some praise, some criticism. (Washington Post) If you'd like to receive our newsletter in your inbox, please sign up here. |
沒有留言:
張貼留言