Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
United States Google Microsoft Security

US Taps Amazon, Google, Microsoft, Others To Help Fight Ransomware, Cyber Threats (wsj.com) 24

The U.S. government is enlisting the help of tech companies, including Amazon, Microsoft and Google, to bolster the country's critical infrastructure defenses against cyber threats after a string of high-profile attacks. From a report: The Department of Homeland Security, on Thursday, is formally unveiling the initiative called the Joint Cyber Defense Collaborative. The effort will initially focus on combating ransomware and cyberattacks on cloud-computing providers, said Jen Easterly, director of the DHS's Cybersecurity and Infrastructure Security Agency. Ultimately, she said, it aims to improve defense planning and information sharing between government and the private sector.

"This will uniquely bring people together in peacetime, so that we can plan for how we're going to respond in wartime," she said in an interview. Ms. Easterly was sworn in as CISA's director last month. She was previously a counterterrorism official in the Obama White House, and the commander of the Army's first cyber operations unit at the National Security Agency, America's cyberspy agency. Over the past year, ransomware attacks have disrupted large parts of daily life in the U.S. They have diverted ambulances, caused long lines at gas stations in the southeast, and disrupted the production of hot dogs and other meat products.

This discussion has been archived. No new comments can be posted.

US Taps Amazon, Google, Microsoft, Others To Help Fight Ransomware, Cyber Threats

Comments Filter:
  • Right (Score:5, Funny)

    by Mikkeles ( 698461 ) on Thursday August 05, 2021 @09:05AM (#61658933)

    Because these companies have such a stellar record in securing computers, networks, and software.

    • by Merk42 ( 1906718 )
      If they are the ones being attacked, shouldn't they be the ones to do something about it?
      Alternatively, who would you recommend the US go to for help?
      • Re:Right (Score:4, Interesting)

        by Rosco P. Coltrane ( 209368 ) on Thursday August 05, 2021 @09:45AM (#61659049)

        They're not being attacked: you are. It's your data that's at risk.

        How can you tell the difference between an attack on your data hosted by those companies, and the companies' own crown jewels? Easy: in the former case, the company issues a statement saying they're sorry, they're doing all in their power to find out who the bad guys are, and they assure you that you and your data are their number one priority. In the latter case, they call the FBI rightaway and aggressively go after the bad guys for real.

        • by Merk42 ( 1906718 )

          They're not being attacked: you are. It's your data that's at risk.

          Way to be pedantic

          ...they call the FBI rightaway and aggressively go after the bad guys for real.

          Right, so might as well have the companies be PROactive in working with the US Government rather than REactive.

          • Re:Right (Score:4, Insightful)

            by Rosco P. Coltrane ( 209368 ) on Thursday August 05, 2021 @11:14AM (#61659319)

            If they really wanted to be proactive, they'd spend the money and resources necessary to bring properly engineered, secure software products to market for their customers - and not just for themselves - so malware can't happen in the first place and they don't even have to work with the feds. But no: they all prefer shiny and first to market, security riding shotgun at best.

            • by Merk42 ( 1906718 )

              If they really wanted to be proactive, they'd spend the money and resources necessary to bring properly engineered, secure software products to market for their customers

              Do you feel that any company does this? If so, who?

              • Aero companies do - by law: if they don't, people go to jail and do real, hard time. At least that's been the theory until the FAA approved Boeing's MCAS. I'm not so sure anymore.

                A little of that wouldn't go amiss in regular software companies, given that a lot of software today has become essential to people's lives.

                • by Merk42 ( 1906718 )
                  Ah, I guess I should have specified software companies.
                  If vulnerability/attack = jail time, how do you determine a company actively trying, vs one of negligence? If it doesn't matter, are you asking for 100% bug free (and therefore vulnerability free*) software?


                  *Yes could still be susceptible to social engineering.
                  • Re:Right (Score:4, Funny)

                    by Rosco P. Coltrane ( 209368 ) on Thursday August 05, 2021 @03:42PM (#61660811)

                    If a company is subjected to an attack, they should be required to produce evidence that serious considerations were given during the design phase, coding phase, reviews and such.

                    I'm not saying they should be required to implement a full DO178-style QA process: that would kill innovation and make software releases slow and really costly. Nor should they be required to certify their software. But evidence of serious care for security following well-established standards would at least kill the stupid practice of "release early, release often", whereby overworked engineers cut corners and code shit willy-nilly with impossible deadlines, throw it on the wall, see what sticks, and then worry about the consequences of the corner-cutting later.

                    Failure to provide said documention should result in jail time for the QA guy who signed off on the design documents and approved the reviews, and possibly for management if they specifically instructed the teams to cut corners, aero-industry-stylee.

                    In other words, stop the software wild-west culture.

    • by tlhIngan ( 30335 )

      Because these companies have such a stellar record in securing computers, networks, and software.

      Actually, they do.

      Other than through password guessing, Amazon, Google and Microsoft haven't suffered any major data leak attacks where the data that was supposed to be kept wasn't. LinkedIn was probably the most serious of them, though most just scrape the data that's publicly available now.

      Think of all the billing information that kept by all of them, and being big tech giants, they are probably under continuo

  • by geekmux ( 1040042 ) on Thursday August 05, 2021 @09:41AM (#61659037)

    The undying theme underlying many recent attacks, is finding an IT/Security department screaming at management for years about security problems.

    They were ignored, due to Executive Greed wanting to spend that money on bonuses instead.

    Sure hope they're ready to give their cybersecurity services away for free (as in beer and Gmail)

  • by GameboyRMH ( 1153867 ) <gameboyrmh@@@gmail...com> on Thursday August 05, 2021 @09:43AM (#61659043) Journal

    Cryptocurrency's ability to circumvent international payment regulations turned ransomware on, and applying the same rules to cryptocurrency transactions as any other payment method will turn it off.

    • Re: (Score:3, Informative)

      Believe it or not, ransomware and money laundering predate cryptocurrencies.

      • Ransomware was only tried once before cryptocurrencies, the perpetrator was immediately arrested because he tried receiving payments in cash:

        https://www.cnn.com/2021/05/16... [cnn.com]

        Money laundering predates cryptocurrencies but turning a blind eye to an incredibly obvious way of doing it in an age when we know better does not. Previous attempts to offer any less-regulated forms of international payments were squashed quickly with extreme prejudice. Cryptocurrencies were allowed to enter the mainstream because of t

    • Making 'cryptocurrency' illegal will do that better.
      • Taking away cryptocurrency's only advantage, regulatory circumvention, will have the same effect and make a useful point in the process.

        • Bothering with adding layers of beurocracy to it will just make it a more expensive nuisance that still wastes resources. Better to just do away with it. Let people who have it sell it off once and for all then it goes away.
      • by MrL0G1C ( 867445 )

        Lol, yeah because making stuff illegal is a magic bullet which stops those things dead, there are no illegal drugs, guns, brothels etc. The should ban murder.

  • products and stop out sourcing security to 3rd party remote off site security firms. Wow problem solved. And if Amazon and Googles data is all encrypted and is un accessable? Wow that is a huge security win.
  • If, instead of the news reporting, "There were three more ransomware attacks with a total ransom of $50M", they were to say, "There were three more Windows ransomware attacks..." aside from Microsoft's PR department reaching out to try to stifle it behind the scenes, would it make a difference? How about if a couple of class action lawsuits were filed against Microsoft? Or, if a Congressional inquiry were held? Okay, this last one is a stretch, because while Congress has no qualms with lawyers writing the
  • by Retired ICS ( 6159680 ) on Thursday August 05, 2021 @05:47PM (#61661293)

    Is that in the pussy or up the bum?

    Since it is the US and Joe Biden is in charge, it is probably up the bum. Kamala will like that.

Some people manage by the book, even though they don't know who wrote the book or even what book.

Working...