This week’s Cybersecurity News in Review contains coverage of a CISA advisory on Chinese-backed cyber threats to critical infrastructure and calls by federal officials for agencies to collaborate with the private sector on cyber threats from China, an urgent directive from CISA for agencies to swiftly disconnect compromised VPN devices, an investigation into reported theft of sensitive military files, a White House promise to veto any congressional override of the SEC’s new cyber rules, and a proposed Commerce Department rule on “know your foreign customer.” There are also articles about concerns over the government’s proposed cyber incident reporting rule for federal contractors, requests by the water industry for more federal help with cybersecurity, calls for CISA to do more to support federal agencies’ cybersecurity, efforts by key government agencies to meeting OMB’s zero trust mandates, and a GAO report on what the President’s National Cybersecurity Strategy needs. Finally, there are stories on the Air Force’s new partnership between its cyber and space units, how the Pentagon needs automated tools to combat insider threats, guidance under development to protect the Pentagon’s AI systems and data, warnings about how a successful cyberattack on Guam’s critical infrastructure could impact the military, and a report that finds ransomware payments have declined.
CISA issues advisory on Chinese-backed hackers targeting critical infrastructure for future attacks
Security Week reports on a CISA advisory warning organizations to look for and remove malware from a Chinese state-backed hacking group, Volt Typhoon, that has attacked critical infrastructure targets in the U.S. and its territories, including Guam. Read more…
Federal cyber, IC leaders urge steps, collaboration to deter Chinese cyber threats
Nextgov/FCW says U.S. cyber and intelligence agency officials testifying before a congressional committee Jan. 31 warned of the need for government agencies to work with the private sector to detect and thwart Chinese-sponsored cyber threats. Read more…
CISA gives gov’t agencies quick deadline to disconnect Ivanti VPN devices
CISA issued an updated emergency directive giving federal agencies a two-day deadline to disconnect Ivanti Connect Secure VPNs because attackers continued to exploit multiple vulnerabilities in the devices, CRN reports. Read more…
DoD investigating reported theft of sensitive military electronic files
CyberScoop reports the Pentagon agency that conducts background investigations and insider threat analyses for DoD is working with federal law enforcement officials to verify claims that a ransomware group stole documents with sensitive military data. Read more…
White House promises to veto congressional effort to block SEC cyber disclosure rule
According to Nextgov/FCW, the White House issued a statement Jan. 31 confirming President Biden would veto a proposed congressional resolution seeking to overturn a 2023 Securities and Exchange Commission rule regarding disclosure of cybersecurity incidents by publicly traded firms. Read more…
Proposed Commerce Dept. rule looks to require cloud IaaS provides to “know your foreign customer”
FedScoop says the Commerce Department has issued a proposed rule to protect cloud services from foreign cyber threats by requiring cloud infrastructure as a service (IaaS) providers and foreign resellers to verify foreign users’ identities. Read more…
Contractor cyber incident reporting rule draws flak from trade groups
Nextgov/FCW reports on efforts by cybersecurity and tech trade organizations to convince GSA, DoD and NSA to reconsider a proposed rule for enhanced requirements for cyber incident reporting by federal contractors. Read more…
Water industry officials press Congress for cybersecurity funding and training
According to CyberScoop, several water industry trade association officials testified at a House hearing on the need for cyber training and additional government funding for securing their facilities from cyberattacks. Read more…
Officials say CISA could do more to support agencies
Federal News Network cites several federal cybersecurity officials as urging CISA to more quickly notify agencies about new vulnerabilities in vendor products, and possibly be more assertive in establishing certain cybersecurity standards. Read more…
Zero trust progress at OPM, GSA, SEC
FedTech reports on how the Office of Personnel Management, the General Services Administration and the Securities and Exchange Committee are moving forward with zero trust in advance of the Sept. 30 deadline to implement zero trust plans. Read more…
GAO: National cyber strategy needs performance measures, estimated costs
CyberScoop says a new GAO report concludes that the Office of the National Cyber Director needs to include performance measures and estimated costs in its implementation of President Biden’s national cybersecurity strategy. Read more…
Air Force establishes partnership for its cyber and space units
Defense Scoop reports on a new partnership between 16th Air Force and the service’s Space Operations Command designed to integrate the Air Force’s space-based capabilities into its warfighting operations in order to better understand how to protect space assets from cyber threats. Read more…
DoD insider threat detection efforts require automated tools
Defense One discusses how, in its push for zero trust, secure, automated tools are needed by the Pentagon to recognize the nuances of network behavior and thus better stop insider threats. Read more…
Pentagon CIO working on guidance to secure AI systems and data
According to Federal News Network, the Pentagon is working to develop guidance to secure DoD artificial intelligence and data, using a new Risk Management Framework control overlay to have security guidance for the whole overarching AI environment. Read more…
Gen. Nakasone warns of impacts on military of cyberattacks on Guam
Defense News quotes the outgoing head of the NSA and US Cyber Command as warning that Chinese cyber attacks on critical infrastructure on Guam or other U.S. establishments in the Indo-Pacific region could “have a very significant impact” on military options and operations. Read more…
Study looks at decline of ransomware payments, impacts on hacker tactics
Axios cites a new report that finds fewer ransomware victims are paying hackers, so as a result malicious actors are more likely to try other strategies. Read more…
