{% text "preview_text" label="Preview Text This will be used as the preview text that displays in some email clients", value="", no_wrapper=True %}


linkedin facebook twitter instagram
Leaders from Uber, the Department of Homeland Security and the NSA's new Cybersecurity Directorate all acknowledged that sharing threat data is more complex than many first anticipated. Atlanta's CIO worries people will forget about that ransomware attack. And a GOP rep. talks SCIF-storming. This is CyberScoop for Friday, October 25.

Sharing threat data is key for public and private sector security teams. But...

In order for that to work, decision-makers need to understand the incentives that make sharing their own threat information worth the effort. More than six years after former National Security Agency contractor Edward Snowden started leaking documents detailing government espionage on U.S.-built technology, there’s still a lingering sense of unease between Washington and Silicon Valley, Matt Olsen, chief trust and security officer at Uber, said Thursday at CyberTalks. “I think the government has made some strong steps forward in regaining the trust of the American people on around intelligence collection,” he said. “But it has not done enough. We have not gone far enough as a country in regaining that trust between Washington D.C. and the technology community where so much of this innovation takes place.” Jeff Stone has more.

A Message From AWS Educate

With over 1,500 institutions and hundreds of thousands of students who use AWS Educate, we wanted to take you on a trip around the world and highlight how students are learning and innovating with the cloud. Learn more.

Meanwhile, NSA knows it has some work to do

One of the goals at the National Security Agency’s new Cybersecurity Directorate is to change the way information on adversarial threats is transmitted to the private sector. “The process in place today is where we know we need to do some work,”  said Anne Neuberger, head of the new outfit, while speaking at CyberTalks. Inevitably, deciding who will talk with the private sector about nation-state threats — NSA or the Department of Homeland Security — will involve the DHS’ Cybersecurity and Infrastructure Security Agency given the intelligence agency’s authorities don’t pertain to critical infrastructure, CISA Director Chris Krebs told reporters at CyberTalks. For now, Krebs said he thinks DHS should take the reins on threats to critical infrastructure and elections. Shannon Vavra breaks it down.

Atlanta CIO worries city will forget that ransomware attack. (Seriously.)

It’s been more than 18 months since Atlanta suffered a crippling ransomware attack that shut down dozens of municipal functions for weeks and forced an overdue and expensive overhaul of citywide IT infrastructure. But Atlanta Chief Information Officer Gary Brantley said Thursday that even though the city has improved its security footing, he’s wary of officials losing sight of the lessons learned from the cyberattack that cost taxpayers an estimated $17 million. “People forget quickly,” Brantley said at CyberScoop’s CyberTalks event in Washington. “You would be surprised how quickly after this happens that people get complacent. We have to tell people this can happen again.” Benjamin Freed has more details at StateScoop.

GOP Rep. says bringing phones into a SCIF is a bad idea

Alabama Congressman Mike Rogers says the threat of state-sponsored hacking of lawmakers’ phones makes the introduction of those devices to secure briefing facilities all the more dangerous. Speaking to reporters after appearing at CyberTalks, Rogers stopped short of rebuking the over two dozen Republican lawmakers who stormed a SCIF on Wednesday to disrupt an impeachment inquiry deposition. But he did reflect on his own experience with mobile cyberthreats. “When I was in Eastern Europe, about three years ago, I came back and my phone had all kinds of Russian crap on it,” Rogers said. “Now I take burner phones over there.”  The congressman said he was in a SCIF last week for a mobile security tuneup, where he was told to strengthen his passwords. Sean Lyngaas asked more questions.

Mystery man arrested in Ukraine over U.S. hacks

Police in Kiev, Ukraine announced on Friday they’ve detained an unnamed 32-year-old man accused of hacking U.S. companies. The suspect is accused of stealing $6 million from accounts of U.S. financial institutions, interfering with computer systems, theft and money laundering. The man’s identity and firms he’s accused of breaching are not public, but the arrest is the result of an operation from the country’s Cyber Police Department, Criminal Investigation Department of the National Police and the Metropolitan Criminal Investigation Department and the Prosecutor General’s Office of Ukraine. The FBI and the Financial Crime Investigation Service, a unit of Lithuania’s Ministry of the Interior, also were involved in the investigation. Jeff has some more context.

Assistant AG gives an update on the hunt for Chinese spies

It’s been a year since the Justice Department launched a task force to combat Chinese economic espionage. John Demers, the assistant attorney general leading the initiative, has warned the private sector that Chinese spies are using the same tactics to target U.S. companies as they do government agencies. Intelligence agencies, companies and research institutes in China are also coordinating deeply to pinpoint the data they want, Demers said at CyberTalks Thursday. The senior Justice Department official also gave an update on China’s civilian intelligence agency’s cyber activity, but cautioned people not to sleep on the PLA’s capabilities. Sean interviewed Demers onstage.

Is something fishy going on with AWS and Capital One?

Sens. Elizabeth Warren, D-Ma., and Ron Wyden, D-Ore., want the Federal Trade Commission to probe whether Amazon Web Services failed to account for a hacking technique known as a “server side request forgery.” Capital One is one of the few major financial companies — if not the only one — to rely on AWS and its public cloud to protect its information, portraying the decision as a move to modernize its business. “Amazon knew, or should have known, that AWS was vulnerable to SSRF attacks,” the senators wrote a letter sent Thursday. “Although Amazon’s competitors addressed the threat of SSRF attacks several years ago, Amazon continues to sell defective cloud computing services to business, government agencies and to the general public.” In a statement, the company called the senators’ claims “baseless.” Jeff has the letter.

Tweet Of The Day


Want more? Catch our events for all things workforce!
{% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} Copyright (c) 2019 WorkScoop, All rights reserved.

{{ site_settings.company_name }}
{{ site_settings.company_street_address_1 }}
{{ site_settings.company_city }} {{ site_settings.company_state }} 20036

Update your email preferences
Unsubscribe {% end_widget_attribute %} {% end_widget_block %} {# {% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} You received this email because you are subscribed to {{ subscription_name }} from {{site_settings.company_name}}. If you prefer not to receive emails from {{site_settings.company_name}} you may unsubscribe or set your email preferences. {% end_widget_attribute %} {% end_widget_block %} #}