Hearing on Hack Prompts Call for Review of Government’s Cloud Procurement vdb photos/Shutterstock
email February 28, 2021
A key lawmaker highlighted a profit motive for “basic” cybersecurity as problematic following an exchange with Microsoft President Brad Smith.
As federal agencies and private-sector critical infrastructure entities struggle to assess the fallout from what researchers are calling a hack of historic scale, the ability to fully track the intruders steps should come standard, not as a source of additional profit for government cloud vendors, Rep. Jim Langevin, D-R.I., said after a Congressional hearing Friday.
“I firmly believe that cybersecurity should be baked into products and services, so it concerns me when I hear that companies could view security logging as a profit center. I understand that cybersecurity isn’t free, but basics like logging shouldn’t be an ‘upcharge,’” Langevin told
02/26/2021
Microsoft s Active Directory authentication solution got notably skewered during a Feb. 23 U.S. Senate hearing on the SolarWinds Orion software hack.
The hearing by the Senate Select Committee on Intelligence focused on how a software implant and other methods went undetected, enabling an espionage campaign that affected nine federal agencies and 100 companies, per a White House estimate. The hearing included testimony from four software company heads, who also answered senators questions about the attack.
A common theme associated with the comments was whether software security breaches should be legally mandatory for organizations.
A video recording of the hearing is available on demand at this page.
Skip to main content
Currently Reading
Big Russian hack used a technique experts had warned about for years. Why wasn t the U.S. government ready?
Craig Timberg, The Washington Post
Feb. 9, 2021
FacebookTwitterEmail
WASHINGTON - The disastrous Russian hack of federal government networks last year relied on a powerful new trick: Digital spies penetrated so deeply they were able to impersonate any user they wanted. It was the computer network equivalent of sneaking into the State Department and printing perfectly forged U.S. passports.
Cybersecurity researchers had warned for years that such an attack was possible. Those from one firm, FireEye, even released hacking tools in 2019 showing exactly how to do it - in hopes the revelation would spur the widespread deployment of better defenses.
Microsoft today released a pair of cumulative updates for older versions of Windows 10, including versions 1909 and 1809. As you'd expect for a mid-stream update, these are optional.