The US State Department is offering millions for information on illicit North Korean cyber activity. US House is investigating facial recognition software.

In one look.

  • Learn more about new US cyber incident reporting legislation.
  • The US State Department is offering millions for information on illicit North Korean cyber activity.
  • US House is investigating facial recognition software.

Learn more about new US cyber incident reporting legislation.

Mondaq offers a breakdown of the Cyber ​​Incident Reporting for Critical Infrastructure Act of 2022 recently signed by the White House, which will require critical infrastructure organizations to report cyberattacks to the Cybersecurity and Infrastructure Security Agency (CISA) within sixty -twelve hours of discovery, and ransomware payments within twenty-four hours. Highlights include:

  • Industries covered by the legislation include chemicals, commercial facilities, communications, critical manufacturing, dams, defense industrial bases, emergency services, energy, financial services, food and agriculture, government facilities, healthcare and public health, information technology, nuclear reactors, materials, and waste, transportation systems, and water supply and treatment systems worn out.
  • Incidents covered include those that result in a “substantial loss of confidentiality, integrity or availability of such information system or network, or a serious impact on the security and resilience of operational systems and processes”.
  • The CISA Director is required to issue a proposed rule within two years and must issue a final rule eighteen months after making the proposal, although he has the authority to issue future regulations to change this ruler. Once the rule is in place, public comments will be accepted for thirty to sixty days.
  • CISA will conduct an awareness and education campaign on new cybersecurity initiatives to include the Cyber ​​Incident Reporting Council, the Ransomware Vulnerability Warning Pilot Program, and a Joint Ransomware Task Force in conjunction with the Federal Bureau of Investigation (FBI) , the National Cyber ​​Director and the Attorney General.

The US State Department is offering millions for information on illicit North Korean cyber activity.

On Friday, the US State Department announcement that its Rewards for Justice program will offer rewards of up to $5 million for information on money laundering, the export of luxury goods, cyber operations, human rights violations, actions supporting the proliferation of weapons of mass destruction and other illicit activities carried out by North Korea. “RFJ is seeking information on those who seek to undermine cybersecurity, including financial institutions and cryptocurrency exchanges around the world, for the benefit of the government of North Korea.” The disc by Recorded Future Remarks The announcement comes just a day after the US Federal Bureau of Investigation accused North Korea’s state-backed threat group Lazarus of attacking the decentralized financial platform Ronin Network. The FBI said: “Through our investigation, we were able to confirm that the Lazarus Group and APT38, cyber actors associated with the DPRK [Democratic People’s Republic of Korea]are responsible for the theft of $620 million from Ethereum reported on March 29.

US House is investigating facial recognition software.

US lawmakers launch probe into government use of facial recognition software, SecurityWeek reports. The Internal Revenue Service was recently pressured to stop using such software following complaints from opponents who feared that facial recognition databases were an easy target for cyberattacks and also wondered how this data could be used by other government agencies. Two House committees on Thursday submitted a letter to facial recognition technology company ID.me requesting details of the company’s contracts with ten federal agencies and thirty state governments. House Oversight Committee Chair Carolyn Maloney said: ‘I am deeply concerned that the federal government is lacking a clear plan, leaving agencies like the IRS to do contracts worth tens of millions of dollars with questionable terms and oversight mechanisms… Without clear rules of conduct, agencies will continue to turn to companies like ID.me, increasing the risk that essential services will not be fairly provided to Americans, or they are denied outright, and their biometrics are not properly protected. A spokesperson for ID.me responded, “ID.me remains a highly effective solution available to government agencies that provides the most access to underserved Americans. ID.me adheres to federal identity and login verification guidelines while providing services to public sector agencies. These standards have proven to be remarkably effective in preventing fraud.