US Taps Amazon, Google, Microsoft, Others To Help Fight Ransomware, Cyber Threats (wsj.com) 24
The U.S. government is enlisting the help of tech companies, including Amazon, Microsoft and Google, to bolster the country's critical infrastructure defenses against cyber threats after a string of high-profile attacks. From a report: The Department of Homeland Security, on Thursday, is formally unveiling the initiative called the Joint Cyber Defense Collaborative. The effort will initially focus on combating ransomware and cyberattacks on cloud-computing providers, said Jen Easterly, director of the DHS's Cybersecurity and Infrastructure Security Agency. Ultimately, she said, it aims to improve defense planning and information sharing between government and the private sector.
"This will uniquely bring people together in peacetime, so that we can plan for how we're going to respond in wartime," she said in an interview. Ms. Easterly was sworn in as CISA's director last month. She was previously a counterterrorism official in the Obama White House, and the commander of the Army's first cyber operations unit at the National Security Agency, America's cyberspy agency. Over the past year, ransomware attacks have disrupted large parts of daily life in the U.S. They have diverted ambulances, caused long lines at gas stations in the southeast, and disrupted the production of hot dogs and other meat products.
"This will uniquely bring people together in peacetime, so that we can plan for how we're going to respond in wartime," she said in an interview. Ms. Easterly was sworn in as CISA's director last month. She was previously a counterterrorism official in the Obama White House, and the commander of the Army's first cyber operations unit at the National Security Agency, America's cyberspy agency. Over the past year, ransomware attacks have disrupted large parts of daily life in the U.S. They have diverted ambulances, caused long lines at gas stations in the southeast, and disrupted the production of hot dogs and other meat products.
Right (Score:5, Funny)
Because these companies have such a stellar record in securing computers, networks, and software.
Re: (Score:3)
Alternatively, who would you recommend the US go to for help?
Re:Right (Score:4, Interesting)
They're not being attacked: you are. It's your data that's at risk.
How can you tell the difference between an attack on your data hosted by those companies, and the companies' own crown jewels? Easy: in the former case, the company issues a statement saying they're sorry, they're doing all in their power to find out who the bad guys are, and they assure you that you and your data are their number one priority. In the latter case, they call the FBI rightaway and aggressively go after the bad guys for real.
Re: (Score:2)
They're not being attacked: you are. It's your data that's at risk.
Way to be pedantic
...they call the FBI rightaway and aggressively go after the bad guys for real.
Right, so might as well have the companies be PROactive in working with the US Government rather than REactive.
Re:Right (Score:4, Insightful)
If they really wanted to be proactive, they'd spend the money and resources necessary to bring properly engineered, secure software products to market for their customers - and not just for themselves - so malware can't happen in the first place and they don't even have to work with the feds. But no: they all prefer shiny and first to market, security riding shotgun at best.
Re: (Score:2)
If they really wanted to be proactive, they'd spend the money and resources necessary to bring properly engineered, secure software products to market for their customers
Do you feel that any company does this? If so, who?
Re: (Score:3)
Aero companies do - by law: if they don't, people go to jail and do real, hard time. At least that's been the theory until the FAA approved Boeing's MCAS. I'm not so sure anymore.
A little of that wouldn't go amiss in regular software companies, given that a lot of software today has become essential to people's lives.
Re: (Score:2)
If vulnerability/attack = jail time, how do you determine a company actively trying, vs one of negligence? If it doesn't matter, are you asking for 100% bug free (and therefore vulnerability free*) software?
*Yes could still be susceptible to social engineering.
Re:Right (Score:4, Funny)
If a company is subjected to an attack, they should be required to produce evidence that serious considerations were given during the design phase, coding phase, reviews and such.
I'm not saying they should be required to implement a full DO178-style QA process: that would kill innovation and make software releases slow and really costly. Nor should they be required to certify their software. But evidence of serious care for security following well-established standards would at least kill the stupid practice of "release early, release often", whereby overworked engineers cut corners and code shit willy-nilly with impossible deadlines, throw it on the wall, see what sticks, and then worry about the consequences of the corner-cutting later.
Failure to provide said documention should result in jail time for the QA guy who signed off on the design documents and approved the reviews, and possibly for management if they specifically instructed the teams to cut corners, aero-industry-stylee.
In other words, stop the software wild-west culture.
Re: (Score:2)
Actually, they do.
Other than through password guessing, Amazon, Google and Microsoft haven't suffered any major data leak attacks where the data that was supposed to be kept wasn't. LinkedIn was probably the most serious of them, though most just scrape the data that's publicly available now.
Think of all the billing information that kept by all of them, and being big tech giants, they are probably under continuo
I'm gonna write me a new minivan (Score:3)
Executive Greed (Score:3)
The undying theme underlying many recent attacks, is finding an IT/Security department screaming at management for years about security problems.
They were ignored, due to Executive Greed wanting to spend that money on bonuses instead.
Sure hope they're ready to give their cybersecurity services away for free (as in beer and Gmail)
How to turn off ransomware like a switch (Score:4, Interesting)
Cryptocurrency's ability to circumvent international payment regulations turned ransomware on, and applying the same rules to cryptocurrency transactions as any other payment method will turn it off.
Re: (Score:3, Informative)
Believe it or not, ransomware and money laundering predate cryptocurrencies.
Re: (Score:3)
Ransomware was only tried once before cryptocurrencies, the perpetrator was immediately arrested because he tried receiving payments in cash:
https://www.cnn.com/2021/05/16... [cnn.com]
Money laundering predates cryptocurrencies but turning a blind eye to an incredibly obvious way of doing it in an age when we know better does not. Previous attempts to offer any less-regulated forms of international payments were squashed quickly with extreme prejudice. Cryptocurrencies were allowed to enter the mainstream because of t
Re: (Score:2)
Re: (Score:2)
Taking away cryptocurrency's only advantage, regulatory circumvention, will have the same effect and make a useful point in the process.
Re: (Score:2)
Re: (Score:2)
Lol, yeah because making stuff illegal is a magic bullet which stops those things dead, there are no illegal drugs, guns, brothels etc. The should ban murder.
Hiring the foxes to guard the henhouse (Score:2)
Being Pro active! Stop using Microsoft (Score:2)
Someone is getting a free ride... (Score:1)
Taps? (Score:3)
Is that in the pussy or up the bum?
Since it is the US and Joe Biden is in charge, it is probably up the bum. Kamala will like that.