US Calls for Cyber Reform After Massive Hack

The White House urged Congress to come out of the "dark ages" and pass new cyber security rules, using a massive security breach to press its case for reform. President Barack Obama's allies seized on news of that data on four million government employees had been compromised to press for legislation stalled in the Republican-dominated Congress.

"The fact is, we need the United States Congress to come out of the dark ages and come into the 21st century to make sure we have the kinds of defenses that are necessary to protect a modern computer system," said White House spokesman Josh Earnest.

Senate Intelligence Committee vice chairman Dianne Feinstein, a Democrat, joined the White House drive.
"Congress must take action," to speed notifications on breaches and increase cooperation between the government and private companies.
"It's impossible to overstate this threat," she said.
"Trillions of dollars, the private data of every single American, even the security of critical infrastructure like our power grid, nuclear plants and drinking water are all at risk."
The US government last week admitted hackers accessed the personal data of current and former federal employees, in a huge cyber-attack suspected to have originated in China.

The breach of the Office of Personnel Management included records on 750,000 Department of Defense civilian personnel. The New York Times reported that the inspector general of the department had warned in November that the office's database was vulnerable to cyber-attack.

The newspaper reported that by the time the warning was published, hackers had plundered tens of thousands of files containing security clearances, laying the groundwork for the massive attack revealed on Thursday.
"The mystery here is not how they got cleaned out by the Chinese. The mystery is what took the Chinese so long," one senior former US government official was quoted by the Times as saying.

The United States has repeatedly accused China of waging cyber warfare in recent years, claims Beijing routinely denies.
In 2013, US Internet security firm Mandiant said hundreds of investigations showed that groups hacking into US newspapers, government agencies, and companies "are based primarily in China and that the Chinese government is aware of them."
One group, it said, was believed to be a branch of the People's Liberation Army called Unit 61398, and digital signatures from its cyber-attacks were traced back to a building in Shanghai.

Last year, five members of the unit were indicted by US federal prosecutors on charges of stealing information from companies, including nuclear plant manufacturer Westinghouse, SolarWorld and US Steel.
Beijing angrily hit back on Friday at claims the latest attack had originated in China, describing the allegation as "irresponsible."

"Cyber-attacks are generally anonymous and conducted across borders and their origins are hard to trace," foreign ministry spokesman Hong Lei said at a regular briefing.

"Not to carry out a deep investigation and keep using words such as 'possible' is irresponsible and unscientific," he added.

Business Insider:  

 

« Russia's Greatest Weapon May Be Its Hackers
Bigger than Heartbleed - 'Venom' Threatens Datacenters »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

INCIBE-CERT

INCIBE-CERT

INCIBE-CERT is the reference security incident response center for citizens and private law entities in Spain

Critical Infrastructures for Information and Cybersecurity (ICIC)

Critical Infrastructures for Information and Cybersecurity (ICIC)

ICIC addresses the demand for cybersecurity for National Public Sector organizations and civil and private sector organizations in Argentina.

CyberTrap

CyberTrap

CyberTrap is an advanced highly-interactive deception technology allowing real-time analysis and control of security breaches.

Centurion Information Security

Centurion Information Security

Centurion Information Security is a consulting firm based in Singapore that specialises in penetration testing and security assessment services.

VKANSEE

VKANSEE

VKANSEE offer the world's thinnest optical fingerprint sensor for mobile device protection.

Conviso

Conviso

Conviso is a consulting company specialized in Application Security and Security Research.

OffSec

OffSec

OffSec have defined the standard of excellence in penetration testing training. Elite security instructors teach our intense training scenarios and exceptional course material.

Centraleyes

Centraleyes

Centraleyes (formerly CyGov) is a cutting-edge integrated cyber risk management platform that gives organizations unparalleled understanding of their cyber risk and compliance.

PNGCERT

PNGCERT

PNGCERT is the national Computer Emergency Response Team (CERT) for Papua New Guinea.

Cyber Security Cooperative Research Centre (CSCRC)

Cyber Security Cooperative Research Centre (CSCRC)

The CSCRC provides frank and fearless research and in-depth analysis of cyber security systems, the cyber ecosystem and cyber threats.

Skyhawk Security

Skyhawk Security

Skyhawk Security is the originator of Cloud threat Detection and Response (CDR), helping hundreds of users map and remediate sophisticated threats to cloud infrastructure in minutes.

Data Defenders

Data Defenders

Data Defenders provide information security technology solutions that empower consumers, businesses and governments with safe and secure IT and cybersecurity infrastructures.

NeuroID

NeuroID

NeuroID combines the power of industry-leading behavioral analytics with advanced device and network intelligence to create your first line of defense against malicious bots, bad actors, and fraud.

Morrow Global Network

Morrow Global Network

Morrow is the global venture network for venture accelerators, studios, hubs, and their visionary leaders.

ThingsRecon

ThingsRecon

ThingsRecon empowers organisations to continuously map and manage their attack surface, uncover hidden vulnerabilities, and assess supplier cyber hygiene.

SGNL

SGNL

SGNL redefines identity-first security by integrating business context, closing critical gaps, and transforming how enterprises manage privileged access for a secure, adaptive future.