with Aaron Schaffer

Leading voices in Congress say the nation's top cybersecurity agency needs better resources to handle growing threats to critical services like water and power.

One step: centralizing the Cybersecurity and Infrastructure Security Agency's authority to track vulnerabilities in industrial control systems that power the nation's critical infrastructure, Rep. John Katko (R-N.Y.) said yesterday. The top Republican on the House Homeland Security Committee touted legislation he helped introduce earlier this year that would grant CISA leadership the authority to coordinate federal response to such vulnerabilities.

Concerns about cybersecurity threats to the systems powering America's critical infrastructure have escalated after a cybercriminal attempted to poison a water plant on Oldsmar, Florida earlier this year. A series of foreign attacks on popular software used by critical systems, including SolarWinds and Microsoft exchange, have also underscored the need for better protective efforts.

Katko and other leaders stressed the agency will need significant additional resources to expand its mission.

Katko has urged Congress to give CISA a $5 billion budget, a number more than double its current budget. In the interim, a bipartisan group of lawmakers is urging Congress to infuse $400 million into the agency on top of the $650 million it received in the March coronavirus relief package.

That funding is key to supporting the agency's expanded missions, including the protection of critical infrastructure, said Rep. Jim Langevin (D-R.I.).

CISA needs investments in its nonfederal missions to work with critical infrastructure owners and operators and coordinate risk assessments related to and the protection of national critical functions,” said Langevin, who chairs the House Armed Services cyber subcommittee.

This summer, the Biden administration is expected to designate more industries as critical if an attack on them could have debilitating effects on national security, the economy or public health. An expanded budget could give CISA the capacity to bring in resident security researchers for these new designated industries, Langevin suggested.

CISA has already started to show what it can do with additional powers, lawmakers say.

Langevin noted that CISA – for the first time last week – used a new power to subpoena information from Internet service providers to notify companies with vulnerabilities the agency believes hackers might strike.

The agency has issued two such subpoenas in the past week, CISA acting director Brandon Wales said in a statement yesterday. 

The information sought will allow CISA to identify and contact critical infrastructure entities with specific security vulnerabilities exposed on the open Internet, Wales said. This is a critical step forward for our nation’s cybersecurity.”

CISA declined to provide additional details on the nature of the incidents that prompted the subpoenas, or their outcomes. 

I’m thrilled to see the agency using its new authority to identify vulnerabilities, secure our country, and harden our nation’s critical infrastructure, said Langevin (D-R.I.), who introduced the legislation granting the powers.

Last year, Congress also granted CISA powers to hunt for threats on federal networks, a power it has been able to use in response to recent hacking campaigns by Russia and China.

The keys

Websites collecting worker credentials could run afoul of U.S. laws.

A set of websites have been incentivizing workers at well-known U.S. companies to hand over their employee credentials for money, Motherboard’s Joseph Cox reports. The sites are linked to Argyle, a data broker that recently raised $20 million, and could run afoul of laws that ban unauthorized access to computer networks.

Kevin Beaumont, who worked as a security researcher at Microsoft, tweeted that screenshots of the websites were a “really crazy bit of phishing targeting companies across the U.S.” After Beaumont tweeted about the sites, they went offline. Argyle did not respond to requests for comment from Motherboard.

Amazon, JPMorgan Chase and T-Mobile whose workers appeared to have been targeted did not respond to questions about whether their employees participated in the programs. 

The U.S. government needs to look beyond “nightmarish game of whack-a-mole” to protect small businesses, the Cyber Readiness Institute says.

The group recommended a wide-reaching set of steps for the Biden administration to take to protect small businesses from hackers as Biden moves past his hundredth day in office.

“What we constantly hear is that small businesses don’t have the resources, they don’t have the ability to invest in cybersecurity, they’re not convinced of the return on investment,” Kiersten Todt, the organization’s managing director, told The Cybersecurity 202, arguing that education and awareness are necessary to help small and medium-size businesses.

 In a white paper, the group said the Biden administration should: 

  • launch a public awareness campaign to promote cyber readiness for small and medium-sized businesses;
  • set up a clearinghouse for cybersecurity resources in the Cybersecurity and Infrastructure Security Agency; 
  • offer cybersecurity tax credits; 
  • establish risk-based minimum cybersecurity standards; and 
  • create cybersecurity internship programs that would send college students into communities to boost businesses’ cybersecurity.
A Florida teen accused of hacking her homecoming election is being charged as an adult.

Emily Rose Grover, who turned 18 in the months since she was arrested, faces multiple felony charges along with her mother, Laura Rose Carroll, the Associated Press reports. Each face a maximum 16-year sentence if they are convicted on charges of illegally accessing student data.

The charges stem from an October homecoming vote at Tate High School in Pensacola, Fla. Authorities say Carroll, an assistant principal at a county elementary school, accessed internal school systems to cast fraudulent votes for her daughter. Investigators found that 117 votes were cast from a single Internet Protocol address in a short amount of time.

Carroll has been suspended for her job, officials said, but it is not clear whether she has been fired. Grover was expelled from the high school. Both are free on bond.

Global cyberspace

A cyberattack on Finland’s largest private mental health network devastated the country.

In September, hackers demanded 40 bitcoin from Vastaamo and began leaking patient records, Wired’s William Ralston reports. The hacker then turned to extorting victims, whose therapists’ notes were exposed in the breach. In response, Vastaamo offered its patients a free counseling session.

“Being honest about my mental health turned out to be a bad idea,” one victim, Jere, said. 

Critics say Vastaamo didn’t anonymize or encrypt user records, leaving private data vulnerable. A full patient database has reappeared online in the months since the hack. Vastaamo has filed for bankruptcy.

Government scan

Chat room

Cybersecurity researchers and incident responders discussed hacks-for-ransom as Congress prepared to hold a hearing on ransomware. TrustedSec’s Tyler Hudak:

Dragos’ Lesley Carhart:

Daybook

  • Cybersecurity officials speak at a Department of Commerce and Department of Homeland Security symposium on space cybersecurity today.
  • Former Cybersecurity and Infrastructure Security Agency director Chris Krebs speaks at an event hosted by the U.S. Agency for Global Media and Aspen Digital on disinformation today at 9 a.m.
  • Secretary of Homeland Security Alejandro Mayorkas discusses ransomware at a U.S. Chamber of Commerce event today at 1:30 p.m.
  • Cybersecurity officials from the U.S. government speak at an Advanced Technology Academic Research Center event on cyberattacks today at 1:30 p.m.
  • The House Homeland Security Committee’s cyber subcommittee holds a hearing on ransomware today at 2:30 p.m.
  • Kenneth Bible, the Department of Homeland Security’s chief information security officer, speaks at an event hosted by the American Council for Technology and Industry Advisory Council on Thursday at 10 a.m.
  • The Cyber Threat Alliance hosts a webinar on ransomware on Thursday at 11 a.m.
  • The Intelligence and National Security Alliance holds an event on zero trust implementation on Thursday at 2:30 p.m.

Secure log off