back to article Russia’s invasion kicks Senate into cybersecurity law mode

Russia's invasion of Ukraine, and the possibility that the Kremlin may escalate its cyberespionage against the West after being heavily sanctioned, has convinced the US Senate to unanimously pass a bipartisan cybersecurity bill. This draft law would, among other steps, force critical infrastructure companies to report attacks …

  1. VicMortimer
    Mushroom

    Report ransomware payments? Seriously?

    It's past time to ban ransomware payments, complete with prison terms for anyone who authorizes them.

    1. DS999 Silver badge

      I agree

      But requiring reports of payments provides the government with an insight into how many ransomware events there are, how big the payments are, how they are being made, etc. which will inform the writers of a law banning them in the future.

  2. Anonymous Coward
    Anonymous Coward

    Air gaps don't work

    Sanctions will be quickly lifted and Putin obviously knows this. Tucker Carlson and his comrades at Fox may be "anti-Putin" right now, but they'll turn on a dime to be back to pumping Russian interests soon enough. Watch the "Russia as Victim" stories out of Tucker's mouth, as he seeks to get the sanctions lifted.

    "Cyber-security" is nothing, if you cannot physically protect your countries from invaders and Putin-puppets. There is no air-gapped system, if Putin controls that air.

    Canada's Trudeau says NATO must avoid war with Russia at all cost. Trudeau would say the same when Russia attacks Germany. NATO will *never* defend any NATO member's soil, there will always be nay-sayers among the group, as long as the interests of everyone in the group is not fully aligned. Here Trudeau does not feel threatened, so he does not back NATO action in Europe. The weakest link is the break point.

    Suppose Putin puts another puppet in the USA, a Trump Mk II, and attacks Canada. NATO's European partners would not help Canada. Their interests are not totally aligned with Canada's, and US would be blocked by the Trump Mk II Puppet. The lack of NATO consensus, would be used as an excuse not to help Canada by other NATO members.

    "One for all and all for one"? No, "100% consensus or 100% inaction".

    Trudeau would scream "help us help us, just some air support, something" as Canadian cities are bombed and charred Canadian bodies litter the streets, and Europe would say "well we're focussed on NATO an there isn't a NATO consensus to help you, so our hands are tied".

    A Trump Mk II would feed Putin the location of Trudeau and his family, so Putin can have them killed, and a puppet government installed. The exact thing, they keep attempting to do to Zelenskyy and Ukraine. Think of all that US intel that made its way to Russia under Trump Mk I. Trudeau and his family's GPS location would be lived streamed to Moscow.

    The more partners in NATO, the weaker it is, because the interests of each partner are not sufficiently closely aligned, the more they can find a reason to shrug their shoulders and do nothing.

    France's Macron has the right idea, there has to be a new security mechanism for Europe. One that will actually defend Europe from Russia. If there's one clear thing out of this, it's that NATO cannot defend Europe and the only thing protecting Europe is mud and poorly maintained Russian tyres.

    Oh, but air-gap your systems, that'll help right?

    1. IGotOut Silver badge

      Re: Air gaps don't work

      What an utter load of bollocks.

    2. Doctor Syntax Silver badge

      Re: Air gaps don't work

      Could you please direct me to the part of the article where air gaps are mentioned. I seem to have missed it somehow.

      1. bombastic bob Silver badge
        Trollface

        Re: Air gaps don't work

        it was air-gapped from the article

        (I guess they DO work!)

    3. Dacarlo

      Re: Air gaps don't work

      The wrongness of your post aside, the bit I can agree with is defending Europe against Russia's brand of expansionism. To do that you need to have a strong nato and stop buying Russian Energy.

      Get self sufficient and let them rot into insignificance as their economy drops *or* they participate in the world like decent people and stop playing coldwar hero.

      1. bombastic bob Silver badge
        Thumb Up

        Re: Air gaps don't work

        100% agree

        (also need to convince IDIOTS inside the USA to stop getting in the way of our domestic oil production, if for no other reason than to make sure EU and UK do not collapse economically - remember that leading up to 2020 the USA was a NET EXPORTER of oil, and gummint policies in early 2021 SHUT IT DOWN, which one could argue made Putin and his cronies RICHER and empowered his attack on Ukraine)

        1. Cav Bronze badge

          Re: Air gaps don't work

          What an idiotic comment. You think one year of oil income made Russia rich enough to invade Ukraine and withstand Western sanctions? This has been building for decades. Putin played a looong game and the West took their eyes off Russia.

          And no, those calling for reductions in domestic oil production were not idiots. It was the correct thing to do in the face of climate change and plentiful supply from Russia. Now, the world needs to cut Russia off and the US can step up production. Production was so high at one point that wells were closed off and numerous oil producers went bust. It can't be beyond the ability of the industry to reopen those existing wells, which by your own admission were only shut down a year ago.

    4. druck Silver badge
      Flame

      Re: Air gaps don't work

      There seems to be a very effective air gap - between AC's ears.

    5. DS999 Silver badge

      Re: Air gaps don't work

      What does your screed have to do with air gaps?

      I don't think the sanctions will ever be lifted so long as Putin is in power. They may be reduced somewhat if/when Russia leaves Ukraine entirely, but most will remain in place for the long haul.

      Russia is going to be forced to operate as a sanctioned state like Iran and North Korea until Putin is forced out of power or killed by his own associates.

    6. Alistair
      Headmaster

      Re: Air gaps don't work

      @AC

      I think the diesel fumes from your freedom convoy truck have left you just a wee bit confused. Are you stuck in a layby on Hwy 17 somewhere? I could come rescue you.

  3. Snake Silver badge

    Not just governmental targets

    My small office's network has been hit this week with attempts to find and log into SSH hosts, which I traceroute'd to Russian servers. Blocked the IP's and I've been considering warning both my ISP and device manufactures to made sure their systems are properly hardened (don't worry, I have no SSH / port 22 hosts on the internet).

    1. bombastic bob Silver badge
      Devil

      Re: Not just governmental targets

      Fail2ban (and things like it) help with that (but you probably knew already and may be using it). THAT and the obvious config things which no doubt you have already done. (or you could just turn it off which apparently you did but sometimes you need ssh access for various reasons)

      Still worth a mention.

      (I am seeing a bit more ativity as well, but nothing out of the ordinary, really)

      I've just seen some of this kind of activity coming from Tor exit points, though... some of the Fail2ban mails on 3/1, also showed activity that was a bit higher [as well as at least one Tor exit point being used], which suggests it may not be just compromised boxen hitting the world (the usual activity) but possibly someone with actual intent. This one in particular tried twice (2 different days) to log in as 'root' but of course root logins are just plain disabled (and as it is FreeBSD, you have to first su to a 'wheel' group user from a valid login before you can su to 'root' but I have no authorized logins for wheel group users either, so that means 2 hoops to jump through and I do not make it easy).

      I am considering making a chart of Fail2ban bans to indicate activity...

      1. Jaybus

        Re: Not just governmental targets

        My fail2ban bans haven't really changed. Most are still coming from China. As for SSH, only key-based authentication is enabled, but fail2ban still bans the failed password auth attempts.

  4. amanfromMars 1 Silver badge

    It never rains but it pours ... and if you haven’t an Ark, you drown.

    Regarding those United States and European NATO nations intentions for Ukraine, which you may not have been made aware of via all or any of those self-serving incestuous corrupt cooperative corporate main stream media management teams, here be another view with some inconvenient supporting history which makes it problematically difficult to deny are recognisable truths/honest events ....... Preparing for War with Russia Since 1992 .... although such has never stopped zealous acolytes from constantly trying such follies in the past expecting the future to forget and forgive the present its despicable sins/crimes against humanities?

    And the goal of such a role play being of course, simply more of the same to exclusively benefit just a self chosen few in an existing dynastic hierarchy of perverse private pirate clubs rather than aiding and abetting endorsements for the creation and administration of anything different in the command and control of A.N.Others best servered to remain unknown and practically anonymous.

    That is however what confronts and effortlessly torments them with an inexorable rise of increasingly disruptive and destructive 0days encouraging them to give way and cede valiant defeat in order to lead with those aforementioned unknown A.N.Others in a better direction to the greater benefit of all.

    1. Cav Bronze badge

      Re: It never rains but it pours ... and if you haven’t an Ark, you drown.

      Another ridiculous comment. No one has been preparing for war with Russia. Which is why the world finds itself in the position it does now.

      Utterly stupid: the West prepares for confrontation by basing its enconomy on dependency on Russia oil. Yeah, that makes a lot of sense.

      1. amanfromMars 1 Silver badge

        Re: It never rains but it pours ... and if you haven’t an Ark, you drown.

        Another ridiculous comment. No one has been preparing for war with Russia. Which is why the world finds itself in the position it does now.

        Utterly stupid: the West prepares for confrontation by basing its enconomy on dependency on Russia oil. Yeah, that makes a lot of sense. ..... Cav

        We can certainly agree, Cav, that all you are sharing in those two paragraphs makes no sense.

        Haven't you realised yet, some primitives somewhere in the worlds we live in, are always preparing for war with someone against something. What do you think Departments and Ministries of Defence are funded for, and what lethal and destructive weapons are designed and made for? Fun and Great Games Play?

  5. Danny 2 Silver badge

    Human nature

    The argument for not making ransomware payments illegal is that they will still happen but unreported masking the scale and nature of the attacks. I'm not arguing that, just stating the rationale.

    A British TV journalist this morning pointed out that so called humanitarian corridors aren't humanitarian because "if I'm punching you in the face and I stop for a minute that doesn't make me a humanitarian."

    A lesson not lost on Vladimir "Why are you hitting yourself?" Putin given he shelled the corridors. Only humans can be inhumane.

  6. Cliffwilliams44 Bronze badge

    Reporting will do nothing! We need pain for the penny wise and pound foolish

    Reporting won't protect anyone. This is a prime example of the fact this country (US) is run by morons!

    We need real pain for companies that fail to implement security measures, and that means user training as well, because they want to protect the "Bottom Line".

    All of us who work in this industry have experienced this argument. "That's too expensive, that's too intrusive to our users, etc"

    We all know that 99% of the entry points are a human being, why do people in some organization have access to so much information. "Least Access Protocol" is easy and cheep to implement. GDPR may not be the best solution but at least its something. At least the EU is trying instead of just window dressing legislation.

    1. MrBearington

      Re: Reporting will do nothing! We need pain for the penny wise and pound foolish

      I think you're right, the best way to mitigate this and get companies to screw the nut with good security practices. I think the best way this can be done is with insurance companies refusing to pay out when breaches do occur, and I'm surprised with the massive increase in ransomware over the last couple of years insurers haven't been more stringent on their coverage requirements.

  7. amanfromMars 1 Silver badge

    Ponzi also thought such things were a great idea ..... until they never ever were.

    How does one defend and offer insurance and guarantees against losses and setbacks whenever pimping and pumping gases and vapourware which are totally fundamentally indefensible and comprehensively protected against any and all forms of attack?

    The wisest of souls realise that is the pathway to instant sticky charges of wilful fraud, a despicably difficult crime to escape relentless persecution, sweet revenge and just dessert popular prosecution for.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like