US Calls for Cyber Reform After Massive Hack

The White House urged Congress to come out of the "dark ages" and pass new cyber security rules, using a massive security breach to press its case for reform. President Barack Obama's allies seized on news of that data on four million government employees had been compromised to press for legislation stalled in the Republican-dominated Congress.

"The fact is, we need the United States Congress to come out of the dark ages and come into the 21st century to make sure we have the kinds of defenses that are necessary to protect a modern computer system," said White House spokesman Josh Earnest.

Senate Intelligence Committee vice chairman Dianne Feinstein, a Democrat, joined the White House drive.
"Congress must take action," to speed notifications on breaches and increase cooperation between the government and private companies.
"It's impossible to overstate this threat," she said.
"Trillions of dollars, the private data of every single American, even the security of critical infrastructure like our power grid, nuclear plants and drinking water are all at risk."
The US government last week admitted hackers accessed the personal data of current and former federal employees, in a huge cyber-attack suspected to have originated in China.

The breach of the Office of Personnel Management included records on 750,000 Department of Defense civilian personnel. The New York Times reported that the inspector general of the department had warned in November that the office's database was vulnerable to cyber-attack.

The newspaper reported that by the time the warning was published, hackers had plundered tens of thousands of files containing security clearances, laying the groundwork for the massive attack revealed on Thursday.
"The mystery here is not how they got cleaned out by the Chinese. The mystery is what took the Chinese so long," one senior former US government official was quoted by the Times as saying.

The United States has repeatedly accused China of waging cyber warfare in recent years, claims Beijing routinely denies.
In 2013, US Internet security firm Mandiant said hundreds of investigations showed that groups hacking into US newspapers, government agencies, and companies "are based primarily in China and that the Chinese government is aware of them."
One group, it said, was believed to be a branch of the People's Liberation Army called Unit 61398, and digital signatures from its cyber-attacks were traced back to a building in Shanghai.

Last year, five members of the unit were indicted by US federal prosecutors on charges of stealing information from companies, including nuclear plant manufacturer Westinghouse, SolarWorld and US Steel.
Beijing angrily hit back on Friday at claims the latest attack had originated in China, describing the allegation as "irresponsible."

"Cyber-attacks are generally anonymous and conducted across borders and their origins are hard to trace," foreign ministry spokesman Hong Lei said at a regular briefing.

"Not to carry out a deep investigation and keep using words such as 'possible' is irresponsible and unscientific," he added.

Business Insider:  

 

« Russia's Greatest Weapon May Be Its Hackers
Bigger than Heartbleed - 'Venom' Threatens Datacenters »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Perimeter 81

Perimeter 81

Perimeter 81 is a Zero Trust Network as a Service designed to simplify secure network, cloud and application access for the modern and distributed workforce.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Cylance Smart Antivirus

Cylance Smart Antivirus

An antivirus that works smarter, not harder, from BlackBerry. Lightweight, non-intrusive protection powered by artificial intelligence. BUY NOW - LIMITED DISCOUNT OFFER.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Free Access: Cyber Security Supplier Directory listing 5,000+ specialist service providers.

FREE eBook: Practical Guide To Optimizing Your Cloud Deployments

FREE eBook: Practical Guide To Optimizing Your Cloud Deployments

AWS Marketplace eBook: Optimizing your cloud deployments to accelerate cloud activities, reduce costs, and improve customer experience.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Pen Test Partners LLP

Pen Test Partners LLP

Pen Test Partners provides penetration testing, security assessment and training services.

Hortonworks

Hortonworks

Hortonworks Data Governance Initiative addresses the need for open source governance solution to manage data classification, data lineage, security and data lifecycle management.

PubNub

PubNub

PubNub enables developers to build secure realtime Mobile, Web, and IoT Apps.

Spambrella

Spambrella

Spambrella provides email security with real-time threat protection. 100% SaaS (nothing to install)

CERT-MU

CERT-MU

CERT-MU is the Mauritian National Computer Security Incident Response Team.

IT2Trust

IT2Trust

IT2Trust is one of Scandinavia’s leading value-added distributors of business-critical IT solutions within IT security and networking.

LiveVault

LiveVault

LiveVault delivers fully automated, turnkey, backup over the Internet or a private network connection for uninterrupted remote data protection.

Awake Security

Awake Security

Awake Security offer a security solution built on an AI platform that acts like the human brain to sense, detect, and respond to threats you may not even know exist.

Tecnalia Cyber-Security & Safety

Tecnalia Cyber-Security & Safety

Tecnalia’s Cyber-Security and Safety Research Group works on integrated security and safety technologies designed to protect networks, computers, devices, programs and data from attack.

DupZapper

DupZapper

DupZapper provides a simple way of detecting online fraud brought by fake and multiple accounts using device identification and machine learning algorithms.

Enzoic

Enzoic

Enzoic is an enterprise-focused cybersecurity company committed to preventing account takeover and fraud through compromised credential detection.