Share this page!

Eric Geller Profile picture
Twitter logo
2 Sep, 13 tweets, 2 min read
Anne Neuberger, the deputy national security adviser for cyber and emerging technology, is about to speak at the White House press briefing.
Neuberger: "We want to take a moment to encourage organizations to be on guard for malicious cyber activity in advance of the holiday weekend. To be clear, we have no specific threat information or information regarding attacks this weekend, but what we do have is history."
Neuberger notes that history shows that hackers often target companies over holiday weekends, when security operations centers may be understaffed or otherwise unprepared.
Neuberger cites the recent CISA/FBI advisory: cisa.gov/news/2021/08/3…
Neuberger: “Organizations and individuals should be on alert now, because criminals sometimes lay their steps in advance and begin their planning.”
Neuberger asks corporate executives to "bring together your leadership teams" and conduct several mitigations before the holiday weekend, including applying patches, checking backups, encouraging key personnel to change their passwords, enabling MFA, and reviewing response plans.
Neuberger encourages security teams to proactively hunt across their networks for "initial signs of compromise or anything unusual on your network."

She also says everyone should be "extra vigilant" right now about phishing emails and malicious links.
Q: Has Russia cracked down on ransomware gangs?

Neuberger: “The discussions with the Russians continue. As President Biden noted, he's looking for action with regard to addressing cyber activity, and we continue to look for that.”
Q: Attribution of recently reported State Department hack?

Neuberger: No comment.
Q: Given recent Bloomberg story about DOD pressuring Juniper to use backdoored encryption, what is the administration's policy on backdoors?

Neuberger: “That’s been an old story that’s been reported, and I think we’ve continuously noted that there isn’t substantiation for it.”
Q: To what do you attribute the recent decrease in ransomware attacks?

Neuberger: “We've noted the decrease in ransomware ... [There] could be a host of reasons for it. So we're noting that trend and we hope that that trend continues.”
Q: What are you doing inside the government to prepare for potential incidents this weekend?

Neuberger: IC is on alert tracking threats, other agencies including CISA and FBI are "fully postured" to respond to incidents.
🙃

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Eric Geller

Eric Geller Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @ericgeller

Eric Geller Profile picture
2 Sep
Scoop: Senate HSGAC is working on a bill that combines the House's industry-friendly cyber incident reporting legislation w/ a bunch of programs to tackle ransomware.

Raises Qs about what happens to Warner/Rubio/Collins bill, which industry doesn't like.

subscriber.politicopro.com/article/2021/0…
The big stuff in the HSGAC bill:

* The House Homeland incident reporting legislation, with some tweaks and additions
* "Due diligence requirement" for companies facing ransom demands
* Ransomware task force
* "Ransomware vulnerability warning pilot program"
Due diligence req:

Before paying a ransom, a company would have to determine whether it could recover from the attack “through other means,” including by seeing if experts have published a decryption tool that works for them.

It would have to report to CISA on this process.
Read 17 tweets
Eric Geller Profile picture
1 Sep
The House Homeland Security Committee is about to start a hearing with industry representatives testifying about its draft cyber incident reporting bill.

homeland.house.gov/activities/hea…
As I've noted, the latest draft of the House bill pares back some of the language to accommodate industry concerns. For example, it now says CISA can't require reporting any sooner than 72 hours after an incident.
Industry witnesses will implicitly criticize the Senate bill.

BPI: 24-hr reporting deadline "would distract from critical work" & lead to "premature and likely erroneous" reports homeland.house.gov/imo/media/doc/…

ITI: Limit requirement to "verified" breaches homeland.house.gov/imo/media/doc/…
Read 26 tweets
Eric Geller Profile picture
25 Aug
Embargo has lifted on WH cyber meeting announcements.

* Microsoft: offering $150m worth of security help to govt agencies

* Google: donating $100m to help orgs that secure open-source software

* Amazon: free security tokens for AWS users

* IBM: cyber training for 150k people ImageImageImageImage
Other announcements from these companies:

* Google promising to connect 100k Americans w/ its free IT certificate programs & boost 10m Americans' digital literacy

* Amazon publishing its employee cyber training curricula

* IBM partnering w/ HBCUs on career development
IBM's CEO also called for public companies to formally report on their cybersecurity practices in the same way that many of them currently report on their environmental footprints and social responsibility programs.
Read 8 tweets
Eric Geller Profile picture
25 Aug
"Pool spray" photo op before Biden's cyber meeting with corporate and education leaders is about to start:
Here's what to expect from the meeting, which is really a series of meetings:
Biden: “We've seen time and again how the technologies we rely on, from our cell phones to pipelines to the electric grid, can become targets of hackers and criminals. But at the same time, our skilled cybersecurity workforce is not growing fast enough keep pace.”
Read 6 tweets
Eric Geller Profile picture
25 Aug
Two dozen CEOs and education leaders are meeting with Biden and his natsec team today to discuss ways to improve U.S. cybersecurity.

Expect announcements on critical infrastructure security and workforce development.

We've got a preview here: subscriber.politicopro.com/newsletter/202…
Meeting will start at 2pm and have three phases:

1. Opening discussion with POTUS
2. Three breakout sessions led by senior officials (see next tweet)
3. Concluding discussion led by National Cyber Director Chris Inglis and NSC's Anne Neuberger
Breakouts:

1. Critical infrastructure resilience, led by @SecMayorkas & @SecGranholm, w/ energy, water & financial cos.

2. Building "enduring" cybersecurity, led by @SecRaimondo & @SBAIsabel, w/ tech & insurance cos.

3. Cyber workforce, led by Inglis, w/ education leaders.
Read 4 tweets
Eric Geller Profile picture
19 Aug
sounds like a real scumbag!
aNaLyTiCs
💩💩💩💩💩💩💩💩💩💩💩💩💩💩💩💩💩💩💩💩💩💩💩💩💩💩💩💩💩💩💩💩💩💩💩💩💩💩💩💩💩💩💩💩💩💩💩💩💩💩 ImageImage
Read 6 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @ericgeller has new unrolls!

Check out other threads from @ericgeller!

Read all threads by @ericgeller

:(