A LEGISLATIVE UPDATE: FEINSTEIN OFFERS NEW DHS CYBER BILL: Sen. Dianne Feinstein (D-Calif.) on Tuesday introduced a bill that aims to boost the Department of Homeland Security's (DHS) ability to protect federal computer networks from foreign attacks. Feinstein's Federal Network Protection Act clarifies that the head of the DHS has the authority to issue orders, known as binding operational directives, to remove compromised software from federal systems before notifying the "affected software company" about such changes. The Democratic senator said the move would help block a company from taking defensive actions in response to the removal because such actions could stall the DHS's removal of the software. "By clarifying what actions the Secretary of Homeland Security can take, we allow the department to act quickly in response to cyber threats," Feinstein said in a statement. Feinstein's measure builds on two previous bills that passed in 2002 and 2014. Those bills similarly gave DHS the ability to modernize federal systems as well as remove compromised or outdated software. Why Feinstein's bill is coming now: The legislation comes after the federal government last year banned software from their computer systems that was developed by the Russian-based cybersecurity firm Kaspersky Lab amid fears its products could pose security risks. Sen. Claire McCaskill (D-Mo.) criticized the DHS at the time for giving other federal agencies a 90-day time frame to remove Kaspersky Labs products from federal computer systems. To read more from our piece, click here. A REPORT IN FOCUS: NEW NORTH KOREAN CYBER ACTIVITY: A suspected North Korean hacking campaign has expanded to targets in 17 different countries, including the U.S., pilfering information on critical infrastructure, telecommunications and entertainment organizations, researchers say. Cybersecurity firm McAfee released new research on the hacking campaign this week, calling it Operation GhostSecret and describing the attackers as having "significant capabilities" to develop and use multiple cyber tools and rapidly expand operations across the globe. The findings demonstrate the growing sophistication of North Korea's army of hackers, which has been blamed for high-profile hacking operations such as the WannaCry malware outbreak last year. McAfee identified the same hackers in early March targeting Turkish financial organizations but now says that was only a portion of a spy operation that has expanded to multiple nations and a number of industries. "The campaign is extremely complicated, leveraging a number of implants to steal information from infected systems and is intricately designed to evade detection and deceive forensic investigators," McAfee wrote in a report issued Tuesday. Since researchers first publicly identified the campaign last month, McAfee wrote, "the threat actors not only continued but also increased the scope of the attack, both in types of targets and in the tools they used." The group uses hacking tools that are associated with the cyber espionage group Hidden Cobra -- the name that the U.S. government uses to describe North Korea's state-sponsored hackers. To read more from our piece, click here. A LIGHTER CLICK: You know it's 2018 when parents can now set Alexa to only respond to polite commands for their children. Please and thank you. (Technology Review) WHAT'S IN THE SPOTLIGHT: PRESIDENT TRUMP'S CELL PHONE: Democrats are demanding answers from the Trump administration on steps being taken to prevent the president from falling victim to foreign hackers, suggesting his personal cell phone use poses a national security threat. A pair of Democratic congressman sent a letter to high-level officials on Wednesday pressing them on reports that Trump frequently relies on his personal cell phone for conversations with those outside the White House. "While cybersecurity is a universal concern, the President of the United States stands alone as the single-most valuable intelligence target on the planet," Reps. Ted Lieu (D-Calif.) and Ruben Gallego (D-Ariz.) wrote. "Our national security should not depend on whether the President clicks on a malicious link on Twitter or his text application, or the fortuity of foreign agencies not knowing his personal cell number," they wrote. Why they're writing: CNN reported earlier this week that Trump has begun to more frequently use his personal mobile device to contact those advising him outside the White House. The letter was sent Wednesday to Director of National Intelligence Dan Coats and the heads of the Secret Service and the White House Communications Agency. The Democrats asked the officials to explain any steps they are taking to ensure the president's device is secure and cannot be exploited by hackers. They asked whether Trump's device has been "properly vetted" to account for spearfishing threat, and whether officials ensure that Trump's phone is not connected to unsecured networks when he travels outside of the White House. They also want to know how the White House Communications Agency is addressing the threat of surveillance devices known as "Stingrays," which the Department of Homeland Security recently acknowledged are being used in the nation's capital. To read more from our piece, click here. IN CASE YOU MISSED IT: Links from our blog, The Hill, and around the Web. Apple CEO Tim Cook visits White House for Trump meeting. (The Hill) Facebook shakes up Washington lobbying team amid scandal. (The Hill) "Cracking the crypto war." (Wired) British and Dutch police lead effort to take down cybercrime website behind millions of attacks. (AFP) Ukraine's energy ministry falls victim to ransomware. (Reuters) Russian spies expelled by the U.S. were suspected of tracking Russian defectors. (CNN) BSA The Software Alliance releases its International Cybersecurity Policy Framework. (BSA) Researchers say Alexa could be tricked into spying. (ZDNet) Amazon's traffic was mysteriously hijacked. (Ars Technica) If you'd like to receive our newsletter in your inbox, please sign up here. |