Tag Archive for: proposals

Ethical hackers urged to respond to Computer Misuse Act reform proposals

/in


Ethical hackers, security researchers and consultants, and the community at large are being urged to step up and make their voices heard as the government explores a series of proposed changes to the Computer Misuse Act (CMA) of 1990.

The long-awaited consultation, which has been running since February, is seeking views on a number of legislative changes, including giving new powers to law enforcement agencies and closing existing loopholes that make it easier for malicious actors to get away with misusing purloined data.

However, when the consultation was launched, campaigners who want to see the law reformed to better protect cyber security professionals from prosecution under outdated sections of the 33-year-old CMA were left disappointed because rather than lay out concrete proposals for the community to consider, the government merely said more work was needed on this point.

Among other things, Westminster wants to consider questions such as how to safeguard the UK’s ability to act against cyber criminals if legal defences for hacking are implemented; how to ensure any defences do not provide cover for offensive actions; and what levels of training, standards and certifications need to be in place for security professionals.

Nevertheless, Casey Ellis, founder and CEO of crowdsourced security platform Bugcrowd, is calling on the community to have its say on the basis that interested parties need to contribute to ensure the government is as well-informed as possible.

“It’s still important that as many as possible individuals and organisations have their say on this,” he said. “The UK needs a revised act that not only better defines the difference between the activities of malicious attackers who have no intent to obey the law in the first place, and those who hack in good faith, discovering and disclosing vulnerabilities so they can be addressed before they are exploited.

Bugcrowd, which is contributing to the consultation through the Cybersecurity Policy Working Group (CPWG) and the Hacker Policy Coalition, said that the most significant way in which community members could help would be to comment on the potential of a statutory legal defence for hacking if…

Source…

The Cybersecurity 202: White House weighs new cybersecurity proposals after two major hacking campaigns

/in


We still believe that public-private partnership is foundational in cybersecurity and we want to ensure we’re taking every opportunity to include key private-sector participants early and directly in our remediation efforts, a senior administration official said.

It’s a major step towards transparency for the Biden administration, which is stressing strengthening relations between the private and public sector in the fallout from the Russian SolarWinds hacking campaign that infiltrated at least nine government agencies and about 100 companies.

The more recent Microsoft hack has added urgency to fixing those relations. Microsoft announced earlier this month a group of hackers tied to China exploited a vulnerability in its Microsoft Exchange product. Other cybercriminals have since swooped in to take advantage of servers that have not yet been updated to fix the vulnerability. 

The situation escalated last week when Microsoft reported that hackers were targeting vulnerable servers with ransomware, a software loaded with a program allowing hackers to lock up computer systems and data for money.  Vulnerable Microsoft users include hundreds of banks, health-care and government servers, researchers at the cybersecurity firm RiskIQ found. Pulling off a successful ransomware attack against any one of them could create major chaos.

A White House team is examining how to address concerns from the private sector over information-sharing with the government, the official said. Congress also is slated to roll out proposals regarding cybersecurity incident sharing in the coming weeks.

The White House is also readying a slew of proposals to strengthen cybersecurity.

The Biden administration is weighing a number of potential solutions, including a ratings system for software, the official said. The grading system would be similar to that used by local health departments for restaurants. The idea of a cybersecurity rating has been pushed by Congress’s bipartisan Cyberspace Solarium Commission as well as some industry groups.

The administration also is mulling a law such as the one introduced in Singapore requiring home devices to come with security labels. 

Executive orders addressing the two…

Source…

News Release: DHS Seeks Proposals to Secure Mobile Network Infrastructure for Government Communications – Newswise

/in

News Release: DHS Seeks Proposals to Secure Mobile Network Infrastructure for Government Communications  Newswise

CISA and S&T are seeking development of new standards to improve the security and resilience of critical mobile communications networks through a new BAA …

“mobile security news” – read more