A recent surge in cyberattacks, including SolarWinds and Colonial Pipeline, has intensified a focus on cybersecurity across industrial sectors and critical infrastructure. As a result, the U.S. government and other organizations within the nation’s defense supply chain have taken action to protect the critical assets and organizations that ensure the security and prosperity of our country.
The increase in cyber insurance adoption and premium prices coincides with a changing — and more challenging — threat landscape, this according to a new GAO report on cyber insurance. The report describes key trends in the current market for cyber insurance, and identified challenges faced by the cyber insurance market and options to address them. To conduct the study, GAO analyzed industry data on cyber insurance policies; reviewed reports on cyber risk and cyber insurance from researchers, think tanks, and the insurance industry; and interviewed Treasury officials.
U.S. President Joe Biden has signed an executive order (EO) to improve the cybersecurity of the U.S. As the U.S. faces persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately people’s security and privacy, the EO seeks to improve efforts to identify, deter, protect against, detect, and respond to these actions and actors. Specifically, the EO will:
Deepfakes –mostly falsified videos and images combining the terms “deep learning” and “fake” – weren’t limited in 2019 to the Nixon presentation and were not uncommon before that. But today they are more numerous and realistic-looking and, most important, increasingly dangerous. And there is no better example of that than the warning this month (March 2021) by the FBI that nation-states are virtually certain to use deepfakes to help propagate increasingly misleading campaigns in the U.S. in coming weeks.
Congresswoman Suzan DelBene (WA-01) introduced the Information Transparency and Personal Data Control Act, legislation that would create a national data privacy standard to protect personal information.
As the cybersecurity community slowly recovers from the SolarWinds Orion breach, we speak to Michael Bahar, a leader in cybersecurity and privacy, about the aftermath of this attack. Bahar is a partner in the Washington D.C. office of Eversheds Sutherland (U.S.) LLP, and the firm’s Litigation practice. He was Deputy Legal Advisor to the National Security Council at the White House, former Minority Staff Director and General Counsel for the U.S. House Intelligence Committee, and a former Active Duty Navy JAG.
The Cybersecurity and Infrastructure Security Agency (CISA) is tracking a known compromise involving SolarWinds Orion products that are currently being exploited by a malicious actor. An advanced persistent threat (APT) actor is responsible for compromising the SolarWinds Orion software supply chain, as well as widespread abuse of commonly used authentication mechanisms. If left unchecked, this threat actor has the resources, patience, and expertise to resist eviction from compromised networks and continue to hold affected organizations at risk, says CISA.
Lynchburg, Virginia Circuit Court Judge Patrick Yeatts has largely upheld Virginia’s new law requiring a background check on all gun sales, but has issued a limited, narrow injunction, which Attorney General Mark R. Herring intends to appeal, temporarily blocking the law from applying to handgun purchases made by 18-20 year olds.
In a Federal Information Security Modernization Act of 2014 report filed with Congress last week, the White House says the number of cybersecurity incidents recorded at US federal agencies in 2019 went down by 8 percent.