Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security United States

Cyber Official Warns 'American Way of Life' at Risk From Hackers (bloomberg.com) 42

A top U.S. cybersecurity official offered a dire warning to members of Congress on Wednesday, saying the "American way of life" faces serious risks amid the drumbeat of ransomware attacks and physical threats to the nation's critical infrastructure. From a report: Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, known as CISA, told the House Homeland Security Committee Wednesday that "ransomware has become a scourge on nearly every facet of our lives, and it's a prime example of the vulnerabilities that are emerging as our digital and our physical infrastructure increasingly converge." Her appearance, aside National Cyber Director Chris Inglis, comes as the private sector and governments have grappled with pervasive cyberattacks during the last 12 months. Some attacks, including the Colonial Pipeline breach in May, have led to gas shortages, disrupted supply chains and exposed federal systems to significant compromise.

Easterly's testimony came after CISA issued a binding operational directive that would create a catalog of known exploited cybersecurity vulnerabilities and would require federal agencies to fix these flaws within specific time frames. It would apply to all software and hardware on federal information systems, including those managed by an agency or hosted by third parties. While the directive would only apply to federal agencies, Easterly said in a statement she wants every organization to adopt the directive "and prioritize mitigation of vulnerabilities listed in CISA's public catalog." Representative John Katko, a Republican from New York, said, "The volume of alerts, advisories, and directives goes to show the pervasiveness of vulnerabilities affecting owners and operators of critical infrastructure, and federal networks." Inglis said that privately owned critical infrastructure, which accounts for 85% of the total, is "increasingly core to the government's imperative to protect and provide for national security."

This discussion has been archived. No new comments can be posted.

Cyber Official Warns 'American Way of Life' at Risk From Hackers

Comments Filter:
  • Take away lesson (Score:5, Insightful)

    by Geoffrey.landis ( 926948 ) on Wednesday November 03, 2021 @01:07PM (#61954779) Homepage

    Lessons:

    Back up early.

    Back up often.

    Don't erase your old backups.

  • by Joe_Dragon ( 2206452 ) on Wednesday November 03, 2021 @01:15PM (#61954807)

    software and hardware needs update not vendor lock in.
    And who can pay $500K to upgrade hardware just so that you can get off windows XP as the old hardware software control system only runs on XP and to get new software you must upgrade the 500K hardware that is still working fine.

    • The only update required is to get critical systems off the internet. And separate from any in house system that somehow needs internet access. This does not need new hardware, it needs a software update followed by cable cutting.

      Of course the biggest obstacle will be the lazy managers in charge of such systems.

      You know, Windows XP is fine and reliable if it is not exposed to the internet. Or employees that are on the internet. Wait, I think I see the problem... Most people at work do not need interne
    • If you have a system running windows XP, it should not be connected to the open internet. If it is, the person who connected it is negligent.

  • by Pinky's Brain ( 1158667 ) on Wednesday November 03, 2021 @01:28PM (#61954853)

    The US needs a FIPS VPN certification which is worth a damn and which isn't just code for "with NSA exploits included". Improve the source code validation, have them be programmed in memory safe languages (or formally verified against a memory safe specification) and make a new law which has mandatory 20+ year prison sentences for any US employee which knowingly includes or let remain an exploit in FIPS certified software or devices. VPNs are the most important part of system security and they are riddled with holes, FIPS or no.

    Also ban cryptocurrencies of course.

    • "old white man" confirmed!

      • Well this is coming from Pinky's Brain after all. I knew we should have banned gifs back before they made it onto the web.

    • So the information wants to be free and the internet routes around censorship crowd wants to ban crypto now? You're effectively banning a type of data. How does that even work? Say my crypto wallet is located on a machine in Lithuania and I live in Mexico. Might as well ban .mkv files while you're at it to stop movie piracy.

      • Sanction any financial company which trades in crypto. All the on/off-ramps will close and crypto will be dead. The US can do that, they did it to Iran.

  • Yet another example of "the old white man" not getting it. shm.

    If coders wrote secure coding, and companies were not more concerned with secure product vs just pushing a product out the door and to market, then there would not be the litany of problems that there are.

    If our physical civil infrastructure were designed, engineered and built the same way out digital infrastructure is, we'd need a lot more cemeteries.

    It is long past due for the time where legislation in required to force companies to produce

  • Told you so.

  • by Rosco P. Coltrane ( 209368 ) on Wednesday November 03, 2021 @01:34PM (#61954871)

    It's been under siege from common sense, decency and the realities of nature for quite some time now. It's more and more inadequate as the Earth's resources dwindle and the rest of the world realizes peace, cooperation and market regulation work better than hysterical individualism, violence and unbridled capitalism. This is just another nail in a fast-closing coffin. But hey, it still has a few years left in it for those who think it's a sustainable societal model. Enjoy it while it lasts...

  • by EndlessNameless ( 673105 ) on Wednesday November 03, 2021 @01:51PM (#61954933)

    All of these threats have been known and understood for decades. There are prevention and mitigation measures, which have also been around for years.

    Yet these businesses continue to engage in piss poor security practices. The have little-to-no monitoring, prevention, or resilience.

    Every single time I've read the details of a ransomware incident, there were at least three serious shortcomings in security or general IT practices. And being in a different industry is no excuse; if your business cannot prepare for a well-known threat, outsource to someone who can.

  • by shanen ( 462549 ) on Wednesday November 03, 2021 @02:19PM (#61955001) Homepage Journal

    So to adapt the generic joke to the current story:

    "A dragon and a hacker walk into a bar. The dragon complains it's too hot, so the hacker says, 'Shut your mouth.'" [Usual apologies to Jimmy Carr.]

    Oh yeah, about the actual story. I think the "American Way of Life" may have been an illusion from the early years of the Superman comics. These days the American way is to scream "Yeah? Well fsck you and the horse you rode in on." But when you look for your horse, it turns out the hackers already stole it, so you whip out your sixshooter and start blazing away.

    Whatever the "American Way of Life" is supposed to be, I'm not buying that hackers are the biggest risk to it. I'd rank dragons and selfish idiots and horse thiefs way ahead of hackers, even funny-talking foreign hackers wearing black fedoras.

    Slashdot needs to up the ante on Funny comments. I reviewed all of the most active discussions searching for wit. Minimal traces of humor detected, mostly in the Intel testing story--but some of it was obligatory. Didn't this used to be a more amusing place?

  • government involvement or regulations. Government often does not follow their own regulations CJIS, FIPS, NIST. The primary problem most organizations have is the use of Microsoft products in their IT infrastructure and their self created in house exceptions to IT best practices.
    IT Security is not that hard, but it is a PITA. Thus, best practices are often set aside for ease of use.
  • Oh, so hackers will disrupt our cycle of going deep into debt for an ultimately worthless education and then die of a preventable disease because we couldn't afford health insurance because everyone's a contractor now? Oh noes. I'm so broken up.
  • The American way of life was defined by, and dependent on, freedom.

    That's already gone.

  • In the face of the US nationalism wave of the past years this 'american way of life' slogan sounds a lot like the 'save the children' moniker used previously to convince the public of something they wouldn't otherwise accept.

    And what did people expect anyway? Security was never on the minds of the big corpo's like microsoft. They built their business on 'just enough' security to not have the house of cards collapse on itself. This is what the 'american way of life' is all about, isn't it? Profit over proper

I cannot conceive that anybody will require multiplications at the rate of 40,000 or even 4,000 per hour ... -- F. H. Wales (1936)

Working...