DHS grilled over uber secret cybersecurity plans

Too much confusion, senators say


The US Department of Homeland Security cybersecurity initiative may be unnecessarily shrouded in secrecy and too reliant on contractors, according to a Senate panel.

The concerns are so basic that the panel also included questions asking what, exactly, is the role of program and why a determination was even made to start it. The program was unveiled in January as the National Cyber Security Center (NCSC).

"The Department’s plan to use contractor personnel to support the initiative merits some scrutiny in light of this Committee’s past work in this area," US Senators Joseph Lieberman and Susan Collins, the chairman and ranking member respectively on the Committee on Homeland Security and Governmental Affairs, wrote. They said a recent RFP (request for proposal) issued by DHS failed to describe the roles and responsibilities of contractors or specify how they would be monitored.

"We also have concerns about how information has been shared with Congress and other stakeholders concerning this initiative and the potential impact this lack of collaboration may have on the success of the initiative," they added. The senators acknowledged that some aspects of the program need to remain confidential, but as things stand, the lack of information concerning NCSC may be creating too much confusion.

"Given the broad nature and goals of this initiative, agencies may be less likely to plan for their future information technology needs, fearing that systems they purchase might not comply with the initiative," they said.

The DHS has been accused of stinginess with basic details about what it does before. In February, the Electronic Frontier Foundation and others sued the DHS after the agency refused to turn over documents pertaining to searches of electronic data at US borders. The vacuum of information about when border agents search laptops, cell phones and other electronic devices and what they do and don't do with the data they seize, has resulted in a warning to leave customer lists and other sensitive data at home.

The DHS has requested another $83m NCSC to take funding up to nearly $200m.

The senators also voiced concern about the lack of involvement of private sector players who own substantial pieces of internet infrastructure.

"Given their expertise, and the role that private industry must necessarily play in securing government and private sector networks, we urge you to ensure that they are appropriately involved in this initiative," they state. ®


Other stories you might like

  • Moscow court fines Pinterest, Airbnb, Twitch, UPS for not storing data locally
    Data sovereignty is more important than Ukrainian sovereignty

    A Moscow court has fined Airbnb, Twitch, UPS, and Pinterest for not storing Russian user data locally, according to Russian regulator Roskomnadzor.

    The decision was handed down by the Tagansky District Court of Moscow after the four foreign companies allegedly did not provide documents confirming that the storage and processing of Russian personal data was conducted entirely in the country.

    Twitch, Pinterest and Airbnb were fined approximately $38,500 while UPS received a fine of roughly $19,200.

    Continue reading
  • Israel plans ‘Cyber-Dome’ to defeat digital attacks from Iran and others
    Already has 'Iron Dome' – does it need another hero?

    The new head of Israel's National Cyber Directorate (INCD) has announced the nation intends to build a "Cyber-Dome" – a national defense system to fend off digital attacks.

    Gaby Portnoy, director general of INCD, revealed plans for Cyber-Dome on Tuesday, delivering his first public speech since his appointment to the role in February. Portnoy is a 31-year veteran of the Israeli Defense Forces, which he exited as a brigadier general after also serving as head of operations for the Intelligence Corps, and leading visual intelligence team Unit 9900.

    "The Cyber-Dome will elevate national cyber security by implementing new mechanisms in the national cyber perimeter, reducing the harm from cyber attacks at scale," Portnoy told a conference in Tel Aviv. "The Cyber-Dome will also provide tools and services to elevate the protection of the national assets as a whole. The Dome is a new big data, AI, overall approach to proactive defense. It will synchronize nation-level real-time detection, analysis, and mitigation of threats."

    Continue reading
  • Intel to sell Massachusetts R&D site, once home to its only New England fab
    End of another era as former DEC facility faces demolition

    As Intel gets ready to build fabs in Arizona and Ohio, the x86 giant is planning to offload a 149-acre historic research and development site in Massachusetts that was once home to the company's only chip manufacturing plant in New England.

    An Intel spokesperson confirmed on Wednesday to The Register it plans to sell the property. The company expects to transfer the site to a new owner, a real-estate developer, next summer, whereupon it'll be torn down completely.

    The site is located at 75 Reed Rd in Hudson, Massachusetts, between Boston and Worcester. It has been home to more than 800 R&D employees, according to Intel. The spokesperson told us the US giant will move its Hudson employees to a facility it's leasing in Harvard, Massachusetts, about 13 miles away.

    Continue reading
  • Start using Modern Auth now for Exchange Online
    Before Microsoft shutters basic logins in a few months

    The US government is pushing federal agencies and private corporations to adopt the Modern Authentication method in Exchange Online before Microsoft starts shutting down Basic Authentication from the first day of October.

    In an advisory [PDF] this week, Uncle Sam's Cybersecurity and Infrastructure Security Agency (CISA) noted that while federal executive civilian branch (FCEB) agencies – which includes such organizations as the Federal Communications Commission, Federal Trade Commission, and such departments as Homeland Security, Justice, Treasury, and State – are required to make the change, all organizations should make the switch from Basic Authentication.

    "Federal agencies should determine their use of Basic Auth and migrate users and applications to Modern Auth," CISA wrote. "After completing the migration to Modern Auth, agencies should block Basic Auth."

    Continue reading

Biting the hand that feeds IT © 1998–2022