Hearing on Hack Prompts Call for Review of Government’s Cloud Procurement vdb photos/Shutterstock
email February 28, 2021
A key lawmaker highlighted a profit motive for “basic” cybersecurity as problematic following an exchange with Microsoft President Brad Smith.
As federal agencies and private-sector critical infrastructure entities struggle to assess the fallout from what researchers are calling a hack of historic scale, the ability to fully track the intruders steps should come standard, not as a source of additional profit for government cloud vendors, Rep. Jim Langevin, D-R.I., said after a Congressional hearing Friday.
“I firmly believe that cybersecurity should be baked into products and services, so it concerns me when I hear that companies could view security logging as a profit center. I understand that cybersecurity isn’t free, but basics like logging shouldn’t be an ‘upcharge,’” Langevin told
By Raphael Satter on Mar 1, 2021 6:37AM
That led to sprawling series of digital intrusions. A senior Democratic lawmaker said there is a growing appetite for a new federal cybersecurity breach notification law in the wake of a sprawling series of digital intrusions blamed on the Russian government.
The comment, made by Mississippi Representative Bennie Thompson, the chairman of the .
Hi! You ve reached one of our premium articles. This is available exclusively to subscribers.
It s free to register, and only takes a few minutes.
Once you sign up you ll have unlimited access to the full catalogue of Australia s best business IT content, as well as a daily news bulletin delivered straight to your inbox.Register now
A pair of U.S. House committees held their first public hearings into the SolarWinds attack, with lawmakers and witnesses offering support for expanding federal
Microsoft’s Brad Smith Drags AWS, Google Over SolarWinds Response
‘There are other companies that. have not even alerted their customers or others that they were a victim of a SolarWinds-based attack. These are companies where their own infrastructure was used to launch the attack,’ says Microsoft’s Brad Smith. By Michael Novinson February 26, 2021, 05:53 PM EST
Microsoft President Brad Smith criticized top rivals Amazon Web Services and Google Friday for not publicly sharing what they know about the SolarWinds attack.
Smith told House of Representatives members that the Redmond, Wash.-based software giant has published 32 blogs describing whatever Microsoft has observed and seen from the SolarWinds attackers during their campaign, while Google has published just one blog and Amazon hasn’t published anything. AWS admitted Thursday the SolarWinds hackers used its Elastic Compute Cloud (EC2) in their attack.
Ranking Member Michael McCaul, R-Texas, seen here during a House Committee on Foreign Affairs hearing, confirmed that he and Rep. Jim Langevin, D-R.I., are working on legislation to require companies to notify the federal government after certain breaches. (Kevin Dietsch-Pool/Getty Images)
At a joint hearing of the House Oversight and Homeland Security Committee about the SolarWinds-related espionage campaign, Rep. Michael McCaul, R-Texas, said that he and Rep. Jim Langevin, D-R.I., are working on legislation to require companies to notify the federal government after similar breaches.
The Friday House hearing was the second hearing of the week on the topic, with the Senate Intelligence Committee holding a similar hearing on Tuesday. It was the House s first public opportunity to interrogate key figures in companies tied to the attack, which involved malicious update in SolarWinds Orion IT management platform to breach a number of federal agencies a