Eric Geller Profile picture
Freelance cybersecurity reporter covering all things digital security. I also co-host @hothtakes. | Send me tips: https://t.co/j2VflOTeFS
Liz Profile picture Sue Strong @strong_sue@mastodon.sdf.org 🇺🇦 Profile picture BlackeyedSusan28 Is Fully Vaccinated Profile picture Daniel O'Donnell Profile picture Aviva Gabriel Profile picture 7 subscribed
Jun 28 18 tweets 3 min read
I guess I'll watch the thing. I like the detail that the candidates' positions on the left or right were determined by a coin toss. Is there a better side that both of them really wanted? #Debates2024
Jun 20 6 tweets 4 min read
NEW: Citing natsec concerns, U.S. bans Russian cyber firm @kaspersky from selling its products in the U.S. New sales end 7/20, software updates to existing customers end 9/29.

First use of Trump-era authorities. Move could jolt many businesses.

My story: wired.com/story/us-bans-…
Image @CommerceGov knows roughly how many organizations use Kaspersky and will work with DHS and DOJ to brief them on alleged national security risks and help them transition to other vendors.

@CISAgov will lead outreach to critical infrastructure orgs, some of which do use Kaspersky. Image
Jun 13 163 tweets 22 min read
The House Homeland Security Committee is beginning its hearing with Microsoft President @BradSmi about the company's "cascade of security failures":

Background reading for those catching up: homeland.house.gov/hearing/a-casc…
dhs.gov/news/2024/04/0… Chair Mark Green calls the CSRB report's findings "extremely concerning."

"It falls to this committee to do the due diligence and determine just where Microsoft sits and how it's taken this report to heart."
May 15 75 tweets 11 min read
The Senate Intelligence Committee is holding a hearing on threats to the 2024 election, with DNI Avril Haines, @CISAJen, and FBI National Security Branch chief Larissa Knapp testifying. intelligence.senate.gov/hearings/open-… SSCI Chair Mark Warner delivers an opening statement summarizing the many different kinds of foreign election interference we've seen, from Russia in 2016 to Iran in 2020 to China now. He also describes Russian interference in other countries' elections.
May 7 14 tweets 7 min read
.@ONCD has released two updates on Biden admin's efforts to implement the National Cybersecurity Strategy: a report on the U.S.'s cyber posture (including actions taken in 2023 and early 2024) and a second NCS implementation plan.



whitehouse.gov/wp-content/upl…
whitehouse.gov/wp-content/upl…

Image
Image
The cyber posture report, required by the FY21 NDAA that created ONCD, describes actions taken by agencies to further the Biden administration's cybersecurity agenda, future agenda items, the threat landscape over the past year-ish, and future challenges.

whitehouse.gov/wp-content/upl…
May 1 19 tweets 3 min read
The House Homeland Security cyber subcommittee is holding a hearing on CISA's implementation of its cyber incident reporting rule:

There are witnesses from the financial services, energy, and telecom industries, along with @AmitElazari.homeland.house.gov/hearing/survey… The U.S.'s current "confusing and reactive, rather than proactive, reporting regime increases the risk of the security of our homeland," Chair @RepGarbarino says.
May 1 14 tweets 4 min read
Scoop: @CISAgov is asking software companies to sign a pledge committing them to implementing seven key "secure-by-design" goals.

CISA plans to announce the pledge with ~50 signatories at RSA next week.

Major test of efficacy of CISA's SBD campaign.

wired.com/story/cisa-cyb…
Image The previously unreported secure-by-design pledge includes goals such as increasing the use of multi-factor authentication, eliminating default passwords, creating vulnerability disclosure programs, and providing free access to network visibility features like log data. Image
May 1 92 tweets 12 min read
The Senate Finance Committee is holding a hearing on the Change Healthcare hack, with parent company UnitedHealth Group CEO Andrew Witty testifying. finance.senate.gov/hearings/hacki… "This corporation is a health-care leviathan," Chair @RonWyden says. "I believe the bigger the company, the bigger the responsibility to protect its systems from hackers."
Apr 15 7 tweets 2 min read
Resharing my story about Microsoft.

One thing I wish I could have expanded upon in my story is how the Biden admin's secure-by-design strategy has left the USG unprepared to wield any sort of influence over Microsoft, even as the company doesn't meet SBD expectations. (cont'd) As one cyber expert told me, "There are good regulators and good enforcement mechanisms around [federal] IT procurement on security ... and the fact that CISA and the SBD team have chosen not to connect that work to those other entities has left it in a very limited position."
Apr 15 24 tweets 7 min read
The U.S. government has a Microsoft problem.

Market dominance, inertia, and savvy PR have almost completely insulated the hack-plagued company from meaningful oversight, even as Biden officials preach corporate accountability.

My new @WIRED story: wired.com/story/the-us-g…
Image I asked cyber experts, lawmakers, fmr govt officials, & employees of Microsoft's competitors why the company has struggled w/ security and why those woes haven't threatened its business.

Their comments and criticisms mirrored the recent findings of the Cyber Safety Review Board. Image
Feb 29 18 tweets 3 min read
The House Homeland maritime security subcommittee is holding a hearing on U.S. port cybersecurity:

The hearing, w/ witnesses from DHS, USCG, & Transportation Command, comes a week after a big Biden admin push on port cybersecurity: homeland.house.gov/hearing/subcom…
Subcommittee chair Carlos Gimenez says U.S. ports' use of Chinese-made equipment "introduces significant supply chain vulnerabilities into our maritime transportation system."
Oct 30, 2023 6 tweets 2 min read
Biden has signed his AI executive order. As we await its release, here's what the fact sheet says about "the most sweeping actions ever taken to protect Americans from the potential risks of AI systems"... 🧵whitehouse.gov/briefing-room/… Developers of any LLMs with the potential to pose serious risks will have to red-team them for safety and security issues—based on standards developed by NIST—and share the results with the government. Biden is using the Defense Production Act for this. Image
Sep 22, 2023 63 tweets 10 min read
This week’s #Ahsoka episode was one of the finest episodes of Disney Star Wars TV so far. Sabine emerges as the real main character, Thrawn and Ezra’s long-awaited introductions absolutely deliver, and it’s no coincidence that Ahsoka’s best ep yet barely features Rosario Dawson. Let's start with Sabine, because she continues to be far and away the best character. Natasha Liu Bordizzo must be exhausted from carrying this show on her shoulders.
Aug 9, 2023 8 tweets 2 min read
.@lilyhnewman is moderating a Black Hat keynote with @CISAJen and @VZhora. Image @lilyhnewman @CISAJen @VZhora Zhora says Ukraine has observed “a shift" in Russian cyberattacks "from disruptive and chaotic attacks to more focused activity [like] cyber espionage and data collection."
Jul 25, 2023 21 tweets 7 min read
Exclusive: While some water utilities have made important progress on cybersecurity, many others struggle to implement complex or time-consuming defenses, according to EPA data I obtained through FOIA.

Meanwhile, the EPA has stopped collecting this data.

themessenger.com/tech/exclusive… The document I obtained is an EPA dashboard summarizing inspections conducted from spring 2020 to spring 2023 — initial assessments of 249 utilities, plus 6- and 12-month follow-ups with about half of them.

You can browse the full dashboard here: https://t.co/nO4fddefLmonedrive.live.com/view.aspx?resi…
Image
May 30, 2023 6 tweets 4 min read
Old but interesting document that I recently got via FOIA: The September 2016 Intelligence Community Assessment of cyber threats to U.S. election systems, ordered by then-President Barack Obama amid Russian hacking fears.

documentcloud.org/documents/2382… Image This ICA, an unclassified version of a classified analysis that ODNI wouldn't give me, is one of the first U.S. government assessments of the country's election security posture. Its conclusions match what subsequent reports have said about likely and unlikely attacks and risks. Image
May 10, 2023 6 tweets 2 min read
At #HackTheCapitol, EPA cyber branch chief Nushat Thomas says the EPA understands complaints from states and utilities that they lack the resources to comply with a new water cyber assessment rule.

She lists a bunch of resources and services that EPA offers. Thomas: "We have training in place for those states who actually want to conduct the...assessment themselves." EPA developed a water-specific cyber checklist based on CISA's cross-sector cyber performance goals, "and we're training the states on how to utilize that checklist..."
Mar 28, 2023 52 tweets 8 min read
The House Appropriations homeland security subcommittee is holding a hearing on CISA's FY2024 budget request, with @CISAJen testifying: appropriations.house.gov/legislation/he… "We've received sustained, generous, bipartisan investment from Congress and invaluable new authorities," Easterly says.

She describes how CISA is using its funding to improve its visibility into threats, implement cyber incident reporting rules, and more.
Mar 25, 2023 6 tweets 2 min read
So this week's episode of #TheMandalorian was fine. Not great. The Grogu Order 66 flashback was the best part. Thrilled to see Ahmed Best take the spotlight like that. He deserves the world. (Also nice to see Naboo security forces doing their part ... perhaps Jar Jar sent them?) As for the stuff at the Mando covert, it was fairly boring. Especially the rescue sequence. I felt like I was supposed to care about that kid and I just ... didn't. Felt like a waste of time. Could have established Bo-Katan's team spirit more economically.
Dec 1, 2022 10 tweets 2 min read
Oh right, this show.

(I'm looking forward to it! But it has definitely — how do I put this — lost some of its luster in recent weeks.) Just to expand on this a bit…

One thing that's bothered me about the backlash to the Andor lovefest is the argument "It's wrong to say that Andor made other shows look bad, b/c not every show needs to be like Andor."

People saying that don't seem to get what Andor did right.
Nov 29, 2022 4 tweets 2 min read
Today's @MorningCybersec has more from my and @magmill95's interview with U.S. cyber ambassador Nate Fick: subscriber.politicopro.com/newsletter/202…

He talks about how the U.S. can weaken Huawei's grip on the 5G market by offering subsidies and promoting interoperable standards like Open RAN. On Open RAN, Fick says "you want to break apart the black box" of proprietary tech, and given that incumbent vendors have "the goose that's laying the golden eggs," the USG should help open standards overcome their opposition through regulatory and other obstacles in its control.