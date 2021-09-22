The mandates, if passed, would be among the most significant new cyber requirements for industry in years.
“If a company that suffers a cyber incident provides that information to us in the federal government, we can ensure that a replica of that harm isn’t suffered elsewhere in the country,” Mayorkas said at yesterday's Senate Homeland Security Committee hearing.
Chairman Gary Peters (D-Mich.) spent the hearing pressing the case for requiring companies in critical sectors to alert the government when they're hacked. He and the panel's top Republican Rob Portman (Ohio) have been working on legislation toward that end, saying it's a key step in trying to prevent future attacks like the one against Colonial Pipeline earlier this year.
Their push came during the first of two annual hearings on “worldwide threats to the homeland.” These panels have become a yearly pressure check for the Senate and House homeland security committees on how the United States is tackling cyber threats. Today, the House Homeland Security Committee is scheduled to convene at 9 a.m.
Critical time
The hearings come amid a wave of ransomware attacks that have threatened the U.S. economy and national security and robbed companies of hundreds of millions of dollars in ransom payments and cleanup costs.
Rep. John Katko (R-N.Y.) plans to similarly push cyber incident reporting during today’s House version of the threats hearing, according to an opening statement shared with me in advance. Katko is the committee’s top Republican.
The committees have held these annual hearings for more than a decade. During that time, a succession of Homeland Security secretaries and FBI directors have repeatedly described cyber threats as a grave danger to U.S. government and industry.
But to review the hearing transcripts is to watch the conversation about cybersecurity rapidly ascend in urgency.
“Originally cyber was seen as a more niche threat affecting a limited scope of actors. The hearings were very counterterrorism focused,” a former Senate Homeland Security Committee aide told me. “Now cyber is so pervasive that it’s all encompassing.”
Cyber threats weren't even mentioned during the first official annual threats hearing held in 2007. During those early years, the hearing, which was timed around the anniversary of the 9/11 attacks, focused almost exclusively on terrorism.
Things changed fast
By 2012, then-chairman Sen. Joseph Lieberman (D-Conn.) was warning ominously that the nation was “very vulnerable to … perhaps a catastrophic cyberattack, well beyond in its impact what we suffered on September 11.”
By 2014, Robert Anderson, an FBI official, was warning that every single agency of the federal government had probably been hacked at some point — whether officials had found evidence of such breaches or not.
The hearings began because committee leaders feared public discussion about threats to the nation was waning as more time passed since the 9/11 attacks, the former committee aide told me. He requested anonymity because he wasn’t authorized to discuss the issue by his current employer.
“We knew a lot of stuff was going on, but it wasn’t being discussed as publicly as the leaders of the committee wanted,” he said. “This was a forum for getting as much as you could talk about that was unclassified out into the public forum for debate.”
The annual hearings also reveal the often-plodding pace of government efforts to combat cyber threats.
In 2012, then-Homeland Security Secretary Janet Napolitano urged legislation to allow the government to impose minimum cybersecurity standards throughout critical infrastructure sectors, such as energy, finance and transportation.
Nine years later, the government just imposed such standards on pipelines after the Colonial Pipeline ransomware attack, which threatened gas supplies across the East Coast. The White House has warned it may ask Congress for authority to impose such standards in other critical sectors if companies don’t get their cybersecurity up to snuff.
FBI Director Chris Wray warned about the dangers of ransomware as far back as 2017. Yet the government is only now launching an all-hands-on deck effort to prevent such attacks.
“It is no longer just ransomware to a big Fortune 500 company. It is hospitals. It is schools,” Wray told lawmakers back then. “Make no mistake, it is a very serious threat, and it is growing.”
The Treasury Department has, for the first time, sanctioned a cryptocurrency exchange for aiding ransomware groups
The Biden administration accused the Suex exchange of facilitating transactions involving the proceeds of at least eight ransomware variants, Gerrit De Vynck reports. As much as 40 percent of the known transactions on Suex were criminal, the government said.
The government's planning similar actions against other exchanges, which have helped facilitate a surge in costly ransomware attacks.
“We are going to continue to look at the ecosystem and look for actors that are taking similar actions,” said deputy national security adviser Anne Neuberger. The Treasury Department also issued new guidance for organizations thinking about paying ransoms. It discourages them from doing so and tells them to cooperate with U.S. government agencies.
The Trump campaign knew claims of voting machine hacking were baseless before their allies made them
An internal Trump campaign memo suggests the campaign sat on the findings as Trump allies prepared lawsuits and held news conferences filled with baseless claims, the New York Times’s Alan Feuer reports. The claims included baseless allegations that Dominion Voting Systems worked with George Soros, Venezuela and others to steal the election from Trump.
The memo was released as part of a motion in a defamation suit against the Trump campaign and others by former Dominion employee Eric Coomer.
It’s not clear if former president Donald Trump knew about the memo, which largely relied on news and fact-checking sites. Trump’s lawyers who boosted the claims did not respond to requests for comment from the Times. Trump spokespeople also did not respond. Trump continues to baselessly claim that the election was stolen.
A U.S. government panel is reviewing Zoom’s ties to China
The Justice Department says an interagency committee has to review whether the company’s $15 billion deal to buy cloud call-center firm Five9 would pose a national security risk, the Wall Street Journal’s Kate O’Keeffe, Aaron Tilley and Dawn Lim report. It comes as Zoom continues to be under federal investigation for its relationship with China’s government, according to its latest regulatory filings.
A Zoom spokeswoman said the company expects the deal to be approved by regulators in the first half of 2022. Five9, the Justice Department and FCC declined to comment.
President Biden touted the government’s response to ransomware in his U.N. speech
The U.S. government is “hardening our critical infrastructure against cyberattacks, disrupting ransomware networks and working to establish clear rules of the road for all nations as it relates to cyberspace,” Biden said in his first address as president before the United Nations General Assembly.
He also issued a stark warning to U.S. cyber adversaries: “We reserve the right to respond decisively to cyberattacks that threaten our people, our allies or our interests.” The Biden administration plans to hold an October meeting with international allies to discuss counter ransomware efforts.
The Iowa grain seller New Cooperative is still reeling from a ransomware attack
The Fort Dodge, Iowa, cooperative is working without computers and has shuttered its soil mapping software, which optimizes irrigation and fertilization, Jacob Bogage reports. Farmers are using paper scale tickets to log their grain hauls as they drop them off at the cooperative.
The attack by the ransomware gang BlackMatter is unlikely to affect grain prices because the cooperative limited its impact quickly, Tim Luginsland, Wells Fargo’s food and agribusiness sector manager, told Jacob. But the cost of security upgrades may be passed onto consumers.
This is the second major ransomware attack against the food sector in recent months. The Russia-base group REvil attacked the meat processor JBS in May, leading to an $11 million ransom payment.
