Connect with us

Hi, what are you looking for?


Biden Plans an Order to Strengthen Cyberdefenses. Will It Be Enough?

Last month, top executives from Amazon, Microsoft, Cisco, FireEye and dozens of other firms joined the Justice Department in delivering an 81-page report calling for an international coalition to combat ransomware. Leading the effort inside the Justice Department are Lisa Monaco, the deputy attorney general, and John Carlin, who led the agency’s national security division during the Obama administration.

Last month the two ordered a four-month review of what Ms. Monaco called the “blended threat of nation-states and criminal enterprises, sometimes working together, to exploit our own infrastructure against us.” Until now the Justice Department has largely pursued a strategy of indicting hackers — including Russians, Chinese, Iranians and North Koreans — few of whom ever stand trial in the United States.

“We need to rethink,” Ms. Monaco said at the recent Munich Cyber Security Conference.

Among the recommendations in the report by the coalition of companies is to press ransomware safe havens, like Russia, into prosecuting cybercriminals using sanctions or travel visa restrictions. It also recommends that international law enforcement team up to hold cryptocurrency exchanges liable under money-laundering and “know thy customer” laws.

The executive order also seeks to fill in blind spots in the nation’s cyberdefenses that were exposed in the recent Russian and Chinese cyberattacks, which were staged from domestic servers inside the United States, where the National Security Agency is legally barred from operating.

“It’s not the fact we can’t connect the dots,” Gen. Paul M. Nakasone, who heads both the National Security Agency and the Pentagon’s Cyber Command, told Congress in March, reviving the indictment of American intelligence agencies after Sept. 11. “We can’t see all the dots.”

The order will set up a real-time information sharing vessel that would allow the N.S.A. to share intelligence about threats with private companies, and allow private companies to do the same. The concept has been discussed for decades and even made its way into previous “feel-good legislation” — as Senator Ron Wyden, Democrat of Oregon, described a 2015 bill that pushed voluntary threat sharing — but it has never been implemented at the speed or scale needed.

The idea is to create a vessel to allow government agencies to share classified cyberthreat data with companies, and push companies to share more data about incidents with the government. Companies have no legal obligation to disclose a breach unless hackers made off with personal information, like Social Security numbers. The order would not change that, though legislators have recently called for a stand-alone breach disclosure law.

Source link

Leave your vote



You May Also Like


Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa quae.


Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.


Quis autem vel eum iure reprehenderit qui in ea voluptate velit esse quam nihil molestiae consequatur, vel illum qui dolorem eum.


Neque porro quisquam est, qui dolorem ipsum quia dolor sit amet, consectetur, adipisci velit, sed quia non numquam eius modi tempora.

Log In

Forgot password?

Forgot password?

Enter your account data and we will send you a link to reset your password.

Your password reset link appears to be invalid or expired.

Log in

Privacy Policy

Add to Collection

No Collections

Here you'll find all collections you've created before.