Eun Young Choi will be DOJ’s first National Cryptocurrency Enforcement Team director, the department announced Thursday. Choi has been a DOJ prosecutor for about 10 years and recently was senior counsel to the deputy attorney general. Assistant Attorney General Kenneth Polite cited the “rapid innovation of digital assets and distributed ledger technologies” and its connection to cyberattacks, narcotics trafficking and money laundering. Deputy Attorney General Lisa Monaco on Thursday called on crypto companies to “root out abuses. To those who do not, we will hold you accountable where we can.” The FBI’s new unit will combine crypto experts, blockchain analysis and virtual asset seizure, she said.
FCC Chairwoman Jessica Rosenworcel notified Congress Friday that providers requested $5.6 billion from an FCC program to cover the cost of ripping and replacing Huawei and ZTE gear from their networks, nearly three times the $1.9 billion allocated. The FCC received 181 applications from carriers, she said. “While we have more work to do to review these applications, I look forward to working with Congress to ensure that there is enough funding available for this program to advance Congress’s security goals and ensure that the U.S. will continue to lead the way on 5G security.” The Office of Economics and Analytics and the Wireline Bureau, meanwhile, opened an online portal Friday for providers to report the extent to which their networks contain or use gear or services on the FCC’s “covered” list. Reports are due May 5. “If a provider cannot certify that it has no covered communications equipment or services it must then provide information regarding the locations, types, suppliers, historic and replacement cost, functionality, replacement plans, and a detailed justification of why such equipment was obtained," the FCC said.
House Oversight Committee leadership introduced legislation Tuesday to streamline federal government cyber roles. Introduced by Chairwoman Carolyn Maloney, D-N.Y., and ranking member James Comer, R-Ky., the Federal Information Security Modernization Act would define operational and oversight roles for the national cyber director, OMB and the Cybersecurity and Infrastructure Security Agency. It would require agencies to “keep inventories of all internet-accessible information systems and assets, as well as all software.” The bill would advance a “risk-based cybersecurity posture,” modernize “reporting requirements to enhance security through automation” and expand “inventories and information-sharing for improved security,” they said.
Data compromises increased 68% in 2021 from 2020, the Identity Theft Resource Center said Monday in its annual data breach report. ITRC publishes data about “publicly reported U.S. compromises.” The 1,862 compromises reported in 2021 was an all-time high, 23% more than the previous record of 1,506 reported in 2017. There were 1,603 cyber-related compromises reported in 2021, the report said.
President Joe Biden signed a national security memorandum Wednesday, setting requirements for improving cybersecurity protection at NSA, DOD and intelligence community systems. Biden signed it as part of his May executive order. The memo establishes a framework for agencies to report cyber incidents to a national manager. Within six months, agencies will have to implement “multifactor authentication and encryption for NSS [national security systems] data-at-rest and data-in-transit,” the memo said. Agencies must implement zero trust architecture “as practicable.” Senate Intelligence Committee Chairman Mark Warner, D-Va., welcomed the news: “Now it’s time for Congress to act by passing our bipartisan legislation that would require critical infrastructure owners and operators to report such cyber intrusions within 72 hours.”
The federal government has failed to implement about 24% of recommendations for solving cybersecurity “shortcomings” since 2010, GAO reported Thursday about the SolarWinds and Microsoft Exchange incidents. The agency has made 3,700 recommendations since 2010, 900 of which the government hadn't fully implemented by November, GAO said. The auditor said it “will continue to monitor federal agencies' progress in fully implementing these recommendations, including those related to software supply chain management and cyber incident management and response.”
Network and information security is a Biden administration priority, said Ruth Berry, White House National Security Council digital technology policy director. The need to secure the entire network "could not be higher" due to risks from untrustworthy equipment vendors such as Huawei and the lack of competition and diversity in the telecom supply chain, she said at a Wednesday European Telecommunications Network Operators Association/USTelecom webinar. Europe sees progress on network cybersecurity issues, and many opportunities for common rules, from the EU-U.S. Trade and Technology Council (TTC), said Thibaut Kleiner, director-policy, strategy and outreach, European Commission communications networks, content and technology directorate. Another international concern is that online platforms and apps are generating increasing network costs, noted ETNO Director General Lise Fuhr. Kleiner said the COVID-19 pandemic was a "stress test" for European networks, and it showed that the regulatory framework hasn't harmed quality or reliability. It's fair to ask who should pay for network upgrades such as 5G, he said, but the EU hasn't reached the point where it needs to intervene in the relationship between telcos and platforms. The emergence of the "splinternet" is very worrying, said Kleiner: The EU continues to support ICANN and its internet governance and infrastructure, and hopes to publish Europe's vision for the internet sector's future at month's end. USTelecom President Jonathan Spalter welcomed the U.S. government push to establish an alliance for the future of the internet, which will address data privacy, data security, cybersecurity, competition policy and other issues. The original optimistic vision of the internet "is now in flux" as shown by misinformation, internet shutdowns and use of the network by autocrats, Berry said. The alliance is expected to launch in coming weeks, she noted: It will let governments recommit to original internet principles of openness, security and more, and will enable a global conversation on how to push back against challenges. The U.S. agrees with the EU that the global community should continue to manage the internet's fundamental infrastructure, without undermining the multistakeholder approach, she said. Another "burning issue" is the semiconductor supply chain, Kleiner noted: The EU Chips Act (see 2201100033) will align with a U.S. initiative.
Legislation for promoting coordination on cybersecurity between the Department of Homeland Security and state and local governments passed the Senate unanimously Wednesday. Introduced by Senate Homeland Security Committee Chairman Gary Peters, D-Mich., and ranking member Rob Portman, R-Ohio, the State and Local Government Cybersecurity Act (S-2520) encourages federal cyber experts to share with state and local officials cyber information and resources about threats and breaches. The bill awaits House consideration.
FCC Chairwoman Jessica Rosenworcel circulated an NPRM that would update commission rules on telecom carriers' data breach notification requirements, said a news release Wednesday. The proposal would "better align the commission’s rules with recent developments in federal and state data breach laws covering other sectors." The NPRM proposes to eliminate the seven business day waiting period for consumer notifications of a breach, require notification of inadvertent breaches, and require that carriers notify the FCC, FBI and Secret Service of all reportable breaches. It proposes making similar revisions to the telecom relay service data breach reporting rule and would seek comment on whether the FCC should require specific categories of information to be included in consumer breach notices. "Customers deserve to be protected against the increase in frequency, sophistication, and scale of these data leaks, and the consequences that can last years after an exposure of personal information," Rosenworcel said. The NPRM wasn't released.
A new credit card design from SmartMetric has a fingerprint reader to combat fraud, said the company Monday. Users touch a sensor on the surface of the card, which scans a fingerprint in less than a second. The print is matched with a fingerprint stored inside the card; when a match occurs, the card is turned on. The SmartMetric feature has its own internal power source, enabling the card to perform the scan before it's inserted in a reader, useful for restaurants where the card is taken away from the dining table to be processed, said the company. The company cited a 2021 LexisNexis fraud report saying every $1 of credit card fraud costs U.S. merchants $3.60; it was $3.13 before the COVID-19 pandemic. Users can enroll their fingerprint when they receive the card at home, said the company.