Some of Our Sources
- Mashable
- Just Creative
- Joshua Blankenship
- Vandelay Design
- Crazy Leaf Design
- Fudge Graphics
- Android Dissected
- Android Headlines
- Hashedout
- The Verge
Help Webnuz
Referal links:
March 15, 2021 01:22 am
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/rYQ409D89Ps/after-failure-to-detect-major-breaches-us-mulls-real-time-threat-sharing-with-private-sect
After Failure to Detect Major Breaches, US Mulls Real-Time Threat Sharing with Private Sector
America is contemplating how to respond to breaches "pulled off by Russia and China against a broad array of government and industrial targets," reports the New York Times:Both hacks exploited the same gaping vulnerability in the existing system: They were launched from inside the United States — on servers run by Amazon, GoDaddy and smaller domestic providers — putting them out of reach of the early warning system run by the National Security Agency. The agency, like the C.I.A. and other American intelligence agencies, is prohibited by law from conducting surveillance inside the United States, to protect the privacy of American citizens. But the F.B.I. and Department of Homeland Security — the two agencies that can legally operate inside the United States — were also blind to what happened, raising additional concerns about the nation's capacity to defend itself from both rival governments and nonstate attackers like criminal and terrorist groups. In the end, the hacks were detected long after they had begun not by any government agency but by private computer security firms... Biden administration officials said they would seek a deeper partnership with the private sector, tapping the knowledge of emerging hacking threats gathered by technology companies and cybersecurity firms. The hope, current and former officials say, is to set up a real-time threat sharing arrangement, whereby private companies would send threat data to a central repository where the government could pair it with intelligence from the National Security Agency, the C.I.A. and other spy shops, to provide a far earlier warning than is possible today. A U.S. representative who co-chairs a cyberspace commission colorfully characterized both breaches to the TImes. "When not one but two cyberhacks have gone undetected by the federal government in such a short period of time, it's hard to say that we don't have a problem. The system is blinking red." But then there's this:Last month, in the days before Microsoft released an emergency patch for vulnerable Exchange Servers, multiple state-backed Chinese groups were apparently tipped off that the company was testing a patch. They began gorging on vulnerable systems with a speed and aggression that some security experts said they had never seen before. It is unclear how exactly these Chinese groups learned of Microsoft's patch, but the timing suggests they caught wind of the moves when Microsoft rolled out a test version of its patch to its security partners at cybersecurity firms in late February. Eighty companies participate in a longstanding partnership with Microsoft, known as the Microsoft Active Protections Program, including 10 Chinese firms. Microsoft confidentially alerts these companies to emerging cyberthreats and vulnerabilities ahead of its official patch cycle. The company is investigating whether one of its partners may have leaked to Chinese hackers or was itself hacked.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/rYQ409D89Ps/after-failure-to-detect-major-breaches-us-mulls-real-time-threat-sharing-with-private-sect
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot