(Bloomberg) — The U.S. has reassembled an election security team to safeguard the 2022 midterm vote, with officials citing fears that Russia could seek to conduct new influence operations aiming to undermine democracy.

“The band is already back together, it’s formed,” General Paul Nakasone, who leads the National Security Agency and U.S. Cyber Command, told a Vanderbilt University summit on modern conflict this week.

The election security team is comprised of military and civil personnel from both of Nakasone’s agencies, who will liaise with the FBI, the Cybersecurity and Infrastructure Security Agency and U.S. National Guard units at the local and state level, among others.

“We’re less than 200 days before our nation goes to vote for midterm elections, and I assure you that we are ready and we will be ready going forward,” he said.

The effort comes amid warnings from U.S. officials that Russia could seek to sway voters during the midterms, which are viewed as a critical referendum on the Biden administration. Pollsters predict the Democratic Party stands to lose seats in both the House, where it has a slim majority, and potentially in the Senate, where it is already neck-and-neck with the Republican Party.

Full article: https://www.bnnbloomberg.ca/u-s-brings-back-cyber-team-to-combat-possible-election-meddling-1.1762167

Cybersecurity reporting mandates could make us more vulnerable, not less

By the Editorial Board

Imagine every one of us could be located using only a photograph, or identified based on the way we walk — that our fingerprints could be scanned from afar, and our productivity assessed remotely as we work. This might sound like a dystopia, but at least one technological juggernaut thinks the vision will sell.

Read full article: https://www.washingtonpost.com/opinions/2022/05/05/clearview-ai-dystopia-congress-must-pass-federal-privacy-law/

TEL AVIV, May 2 (Reuters) – Israel’s government on Monday ordered communications firms to step up their cyber security efforts in the wake of a rise in attempted hacking attacks.

New regulations are currently being implemented in which mandatory and unified standards will have to be met, the Communications Ministry and Israel’s National Cyber Directorate said.

Under the new rules, firms must formulate plans to protect communications networks using a combination of monitoring and control mechanisms to make it possible to establish an up to date picture of cyber protection while ensuring privacy.

Read full article:

https://www.reuters.com/world/middle-east/israel-keen-set-up-cyber-iron-dome-curb-rise-attacks-2022-05-02/

The FDIC Notification rules has gone into effect this week. Banks and other covered institutions muse report cyber incidents.

Policy insights:

According to Chris Strand, Chief Risk and Compliance Officer, Cybersixgill:

“The new cyber incident reporting rules turn up the heat on U.S. Banks to up their game in terms of quantifying and qualifying a compelling ‘security incident’ or breach. Even though the changes from 72-hours to 36-hours to identify allow banks some additional flexibility in the broadness of notification and greater analysis time on determination of an incident, it could drive some positive trends on how businesses manage and analyze their digital threat surface as well as how they go about reducing the noise and intelligence associated with profiling their enterprise for security.

The shortened window to identify an incident will no doubt endeavor to speed up the identification of an attack before it can proliferate across the enterprise and its integrated partners.  It could also push banks to invest more time and possibly resources on how they measure their business process, their use of data, and find any of the gaps that could make those assets vulnerable.  If the shortened notification drives banks to develop solutions that can identify security gaps faster, this could make its way into other industries and perhaps other regulations where similar themes are developing around analyzing and understanding the threat-scape faster.

One such industry wide theme that could benefit by this new reduced notification rule is the trend towards proactive vulnerability and gap analysis.  Accelerated prioritization of security gaps can play a major role in helping to identify potential security incidents faster or even before a targeted attack happens.  Many cybersecurity regulations and compliance standards have injected vulnerability prioritization into their requirements.  The easiest way to achieve and fulfill that requirement is to proactively understand one’s enterprise assets to the point where the security hot spots or gaps stand out faster.  If that awareness can be driven by the need to demonstrate alignment with the 36-hour window, then it could have a positive effect on driving needed change across the market. “

NAMES, BIRTHDAYS, PASSPORT numbers, job titles—the personal information goes on for pages and looks like any typical data breach. But this data set is very different. It allegedly contains the personal information of 1,600 Russian troops who served in Bucha, a Ukrainian city devastated during Russia’s war and the scene of multiple potential war crimes.

The data set is not the only one. Another allegedly contains the names and contact details of 620 Russian spies who are registered to work at the Moscow office of the FSB, the country’s main security agency. Neither set of information was published by hackers. Instead they were put online by Ukraine’s intelligence services, with all the names and details freely available to anyone online. “Every European should know their names,” Ukrainian officials wrote in a Facebook post as they published the data.

Full article:

https://www.wired.com/story/russia-ukraine-data/?bxid=5be9e3713f92a40469fa2eae&cndid=53679941&esrc=growl2-regGate-1120&mbid=mbid%3DCRMWIR012019%0A%0A&source=EDT_WIR_NEWSLETTER_0_DAILY_ZZ&utm_brand=wired&utm_campaign=aud-dev&utm_content=WIR_Daily_041322&utm_mailing=WIR_Daily_041322&utm_medium=email&utm_source=nl&utm_term=P4

https://www.wsj.com/articles/in-ukraine-a-full-scale-cyberwar-emerges-11649780203