Trouble viewing this email?  View in web browser ›

The Wall Street Journal ProThe Wall Street Journal Pro

CybersecurityCybersecurity

Sponsored by NetscoutNetscout

Cyber Daily: U.S. Cyber Agency Hopes to Avoid ‘Regulator’ Label | Ransomware Attack Map

By Kim S. Nash

 

Hello. WSJ Pro's David Uberti looks at how momentum behind cyber legislation and federal mandates is pushing the Cybersecurity and Infrastructure Security Agency to become an enforcer. It's a role that CISA Director Jen Easterly says she doesn't want, while at the same time advocating for more leverage to get businesses to reveal details about cyberattacks they suffer.

The balancing act previews longer-term questions for the agency as the Biden administration and some lawmakers press to expand cyber requirements across the U.S. economy.

This and other news below.

CONTENT FROM OUR SPONSOR: Netscout

New Threats To Our New Normal

Recent years have shown us that the future is unpredictable, and cybercriminals have capitalized on it. Being prepared requires developing both short and long-term strategies that put security first.

Read More

 

Partner or Watchdog?

Jen Easterly, head of the Cybersecurity and Infrastructure Security Agency, at a Senate committee hearing last month. PHOTO: ROD LAMKEY/ZUMA PRESS

Building trust: The U.S. cyber agency wants to avoid the R-word.

“We’re not a regulator,” Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, said last week at a conference hosted by security company Mandiant Inc. “We don’t want to be a regulator.”

Legislation in Congress could push CISA into such a role by giving the agency power to write rules forcing companies to report hacks, subpoena them for information and potentially fine noncompliant firms, businesses say.

And that, some companies say, could impair any trust that has been built between public and private organizations. 

Read the full story. 

 
Share this email with a friend.
Forward ›
Forwarded this email by a friend?
Sign Up Here ›
 

More Cyber and Privacy News

PHOTO: JIM LO SCALZO

/SHUTTERSTOCK

Doing less with more: Cyber insurers are raising prices and lowering coverage limits after fielding a barrage of claims for ransom payments. Premiums in some sectors have jumped more than 300% at renewal time, according to a report from Risk Placement Services, a wholesale broker. Some insurers are scrutinizing customers' cyber protections, requiring such security basics as multifactor authentication. (InfoSecurity Magazine)

Creamy or crunchy? A Navy engineer with national security clearance and his wife were arrested after allegedly trying to sell nuclear secrets to an undercover FBI agent. Information was encrypted—including a memory card wrapped in plastic and hidden in half of a peanut butter sandwich—and communications during 2020 and 2021 were made using encrypted email, according to the Justice Department. The engineer asked to be paid in the Monero, saying that bitcoin and other cryptocurrencies were risky, a federal complaint says. (Bleeping Computer)

PHOTO: PARESH DAVE

/REUTERS

Giveaway: Google is giving out 10,000 USB security keys to politicians, activists and other high-risk hacking targets world-wide. The Titan keys enable two-factor authentication on user accounts. (BBC)

 
Advertisement
‏‏‎ ‎
 

Ransomware Map

SOURCE: COMPARITECH

Comparitech, a tech research group, made an interactive U.S. map showing ransomware attacks by year, size, industry and strain. Where possible, it includes whether the victim paid a ransom. Check it out here.

PHOTO: KEVIN LAMARQUE/REUTERS

M&A targeting: Consulting firm Booz Allen Hamilton Holding Corp. plans to step up its spending on acquisitions over the next few years, targeting companies that would expand its capabilities in areas such as healthcare tech and cybersecurity services. The company is one of the largest U.S. security contractors, with deep ties to the intelligence and defense sectors. (WSJ)

  • Booz Allen is looking to strike more tuck-in deals than in previous years to accelerate its growth rate, Chief Financial Officer Lloyd Howell said. Tuck-ins involve a company buying a smaller business and integrating it into its operations.
  • The firm plans to spend about $4 billion between April 2022 and March 2025, largely on acquisitions, executives said at last week's investor day. That is up from the $1.3 billion it spent in total during the past four fiscal years, the most recent ending in March.
1,291

Number of data breaches reported in the U.S. so far this year, outpacing 2020's total of 1,108, according to the Identity Theft Resource Center, a nonprofit group that tracks breaches.

 

About Us

Write to the WSJ Pro Cybersecurity Team: Kim S. Nash, James Rundle, Catherine Stupp and David Uberti.

Follow us on Twitter: @knash99, @catstupp and @DavidUberti. 

Contact Enterprise Technology Editor Steve Rosenbush at steven.rosenbush@wsj.com or follow him on Twitter: @Steve_Rosenbush.

 
Desktop, tablet and mobile. Desktop, tablet and mobile.
Access WSJ‌.com and our mobile apps. Subscribe
Apple app store icon. Google app store icon.
Unsubscribe   |    Newsletters & Alerts   |    Contact Us   |    Privacy Notice   |    Cookie Notice
Dow Jones & Company, Inc. 4300 U.S. Ro‌ute 1 No‌rth Monm‌outh Junc‌tion, N‌J 088‌52
You are currently subscribed as [email address suppressed]. For further assistance, please contact Customer Service at pro‌newsletter@dowjones.com or 1-87‌7-975-6246.
Copyright 2021 Dow Jones & Company, Inc.   |   All Rights Reserved.
Unsubscribe