Cyber Daily: FBI Calls for Firms to Report Hacks Directly to Law Enforcement - The Wall Street Journal
Good morning. A top cyber official with the Federal Bureau of Investigation urged lawmakers to require certain businesses to disclose cyberattacks directly to law enforcement.
Bills circulating on Capitol Hill would mandate certain companies report cyberattacks to Homeland Security’s Cybersecurity and Infrastructure Security Agency, which isn’t law enforcement or a regulator.
The problem, as the FBI sees it, is that cutting the agency out of the direct line of reporting could slow federal response. Hackers could get away (presumably more often than they already do) and so could any funds they extort from businesses.
WSJ Pro’s David Uberti is following the twists and turns and has some good context, below.
The Dark Side of Innovation
It’s not just that cybercriminals have disrupted so much of 2021. A new report shows that they’re innovating and weaponizing DDoS attacks faster than ever and deploying them at record-setting numbers.
Read More
Senators have suggested requiring federal agencies and companies that operate critical infrastructure to report hacks within 72 hours to CISA. Bryan Vorndran, assistant director of the FBI’s cyber division, said Tuesday that the information should also be shared with his parent agency, the Justice Department.
“Twenty-four hours probably wouldn’t seem like a big delay to most people, but the help we can offer within that time can be the difference between a business or a piece of critical infrastructure staying afloat or being crippled,” Mr. Vorndran said.
The FBI’s Mr. Vorndran called on lawmakers to expand the DOJ’s role in a hack-reporting mandate.
This is the latest disagreement between the Biden administration and lawmakers over details that could shape first-of-their-kind requirements for businesses.
Some executives have criticized CISA as too slow to provide meaningful intelligence to counter fast-moving threats.
Read the full story.
More Cyber and Privacy News
Germany’s Basler AG battles cyberattack. Basler, which makes imaging equipment, said operations were disrupted after a cyberattack prompted it to shut down technology systems. The company expects damages and expenses from the attack will be covered by cyber insurance.
Card-skimming at Costco. Warehouse chain Costco Wholesale Corp. notified an unspecified number of customers that their payment-card data is at risk after it found a card-skimming device at one of its stores. (Bleeping Computer)
Attacks on government offices in several countries attributed to Belarus. Hackers working on behalf of the Belarusian government are responsible for incidents in Germany, Poland, Ukraine and other countries in recent months, said cybersecurity company Mandiant Inc. The European Union had previously blamed the incidents on Russia. Mandiant said it hadn’t found direct evidence of Russian involvement.
Lina Khan, the new Federal Trade Commission chairwoman with broad ambitions to take on big business, has faced early turbulence within the agency, including from career staffers she will need to build antitrust cases and write regulations. Her plans have sparked policy disagreements with Republican commissioners and produced discontent among career officials who have felt like an afterthought in her agenda, people familiar with the matter said. (WSJ)
U.S. to sell $56 million in cryptocurrency. A judge agreed to a request from U.S. authorities to liquidate roughly $56 million in proceeds seized from a U.S. promoter of offshore company BitConnect, which allegedly conducted one of the biggest scams ever involving cryptocurrencies.
The Securities and Exchange Commission in September sued BitConnect, accusing it and its founder, Satish Kumbhani, of a $2 billion fraud that misused bitcoin raised from investors world-wide. That same month, Mr. Arcaro pleaded guilty in federal criminal court over his role in fleecing U.S. investors. (WSJ Risk & Compliance Journal)
Executive pleads guilty in internet address fraud case. Amir Golestan entered a plea on behalf of himself and his company, Micfo, at the end of the second day of a trial in federal court in Charleston, S.C., according to court records. He was accused of using fraudulent means to obtain thousands of internet protocol, or IP, addresses from the American Registry for Internet Numbers.
The plea closes an obscure but potentially influential case that could shape future criminal prosecutions involving companies that provide bedrock internet services to customers. (WSJ)
17%
Percentage of 2,625 security and tech professionals who say their organization encrypts more than half of its sensitive data that resides in the cloud, according to a study from insurance provider Thales and S&P Global Market Intelligence’s 451 Research unit.
Copyright ©2021 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8
source: https://www.wsj.com/articles/cyber-daily-fbi-calls-for-firms-to-report-hacks-directly-to-law-enforcement-11637158386
Your content is great. However, if any of the content contained herein violates any rights of yours, including those of copyright, please contact us immediately by e-mail at media[@]kissrpr.com.