DHS cyber unit wants to subpoena ISPs to identify vulnerable systems

[InfoSec News <alerts () infosecnews org>]

https://techcrunch.com/2019/10/09/cisa-subpoena-powers-isp-vulnerable-systems/

By Zack Whittaker
TechCrunch
October 9, 2019

Homeland Security’s cybersecurity division is pushing to change the law that 
would allow it to demand information from internet providers that would 
identify the owners of vulnerable systems, TechCrunch has learned.

Sources familiar with the proposal say the Cybersecurity and Infrastructure 
Security Agency (CISA), founded just less than a year ago, wants the new 
administrative subpoena powers to lawfully obtain the contact information of 
the owners of vulnerable devices or systems from internet providers.

CISA, which warns both government and private-sector businesses of security 
vulnerabilities, privately complained of being unable to warn businesses about 
security threats because it can’t always identify who owns a vulnerable system.

The new proposal would allow CISA to use its new powers to directly warn 
businesses of threats to critical devices, such as industrial control systems — 
typically used in critical infrastructure. These systems are highly sensitive 
and are increasingly the target of hackers to disrupt real-world 
infrastructure, like the power grid and water supply.

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_