I’ve said for a long time that companies will only ensure that their cyber defences are as strong as they possibly can be if they’re forced to by law. That’s why this news is really good news as far as I am concerned:
Companies critical to U.S. national interests will now have to report when they’re hacked or they pay ransomware, according to new rules approved by Congress.
The rules are part of a broader effort by the Biden administration and Congress to shore up the nation’s cyberdefenses after a series of high-profile digital espionage campaigns and disruptive ransomware attacks. The reporting will give the federal government much greater visibility into hacking efforts that target private companies, which often have skipped going to the FBI or other agencies for help.
“It’s clear we must take bold action to improve our online defenses,” Sen. Gary Peters, a Michigan Democrat who leads the Senate Homeland Security and Government Affairs Committee and wrote the legislation, said in a statement on Friday.
The reporting requirement legislation was approved by the House and the Senate on Thursday and is expected to be signed into law by President Joe Biden soon. It requires any entity that’s considered part of the nation’s critical infrastructure, which includes the finance, transportation and energy sectors, to report any “substantial cyber incident” to the government within three days and any ransomware payment made within 24 hours.
What I hope this does is make companies think long and hard if they want to be on the wrong end of getting pwned, and having to report it to the US Government. Which will make them invest time, effort, money, and more time, effort, and money into people, training and products that will keep their companies from getting pwned. That in turn will hopefully make cybercrimes like ransomware less attractive to cybercriminals, and we will see less of this as a result.
Oh. In case you’re wondering what happens if a company doesn’t report a cyber incident? Here’s your answer:
The new rules also empower CISA to subpoena companies that fail to report hacks or ransomware payments, and those that fail to comply with a subpoena could be referred to the Justice Department for investigation.
The CISA is the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. This is the lead agency for the US Government for this sort of thing. And I am pretty sure that no company wants the Justice Department knocking on their door. Thus this is great news as far as I am concerned.
Samsung Appears To Be Rolling Out A Fix For Their Throttling Issues…. But It May Already Be Too Late
Posted in Commentary on March 13, 2022 by itnerdYou might recall that Samsung was caught throttling everything but benchmark apps by users of their phones. They ultimately kind of, sort of admitted to it without actually admitting to it. And they promised a fix.
XDA Developers spotted reports from Galaxy S22 series users in South Korea who received an update that adds a “Game Performance Management Mode” to the Game Booster app. That’s the piece of software responsible for the throttling. But the damage may be done as Geekbench last week delisted a whole whack of Samsung phones:
Geekbench told us it plans to delist the entire Galaxy S22 series from the Geekbench Browser effective today, along with all S21, S20, and S10 devices. Galaxy Note and A-series devices will remain unchanged, as they do not appear to be impacted in testing. This move comes after reports that One UI 4’s GOS software throttles thousands of apps to maintain performance and improve battery life. In our independent testing, we confirmed a significant reduction in performance when spoofing Genshin Impact.
The lesson that Samsung should take from this is that screwing with benchmarking tests, and getting caught doing so will always end badly for you 100% of the time. As is the case here as Samsung’s claims about performance are going to be treated with suspicion going forward because of this whole episode.
Leave a comment »