Eric Geller

Eric Geller @ericgeller

JHC — PolitiTweet.org

Eric Geller @ericgeller

this beautiful killer is the hero we need but don't deserve https://t.co/tYMhNePuG8 https://t.co/AnUCKQR64v — PolitiTweet.org

Eric Geller @ericgeller

she was so tiny 😭 — PolitiTweet.org

Eric Geller @ericgeller

oh okay I'm sure that will work out fine https://t.co/gOHexbCHsY — PolitiTweet.org

Eric Geller @ericgeller

this is awesome and I'm all for it but I was definitely more excited when I thought we'd be arming the spacefaring tardigrades with huge lasers https://t.co/sBA7VO1EdT https://t.co/6kOGdNmNN7 — PolitiTweet.org

Eric Geller @ericgeller

Austerity is a hell of a drug. — PolitiTweet.org

Eric Geller @ericgeller

@jeffstone500 @CyberScoopNews @business congratulations Jeff! — PolitiTweet.org

Eric Geller @ericgeller

@theopenssf Goldstein on compliance with emergency directive: "We've seen extraordinary attention ... across federal agencies — frankly, the most dedicated focus that we have ever seen for a focused effort like this. Agencies have remediated 1000s of vulnerable internet-connected assets." — PolitiTweet.org

Eric Geller @ericgeller

On improving security of open-source software, Easterly notes the upcoming WH meeting with tech companies and adds that CISA is meeting with @theopenssf today "to specifically talk about what we can do to accelerate improvements in the ecosystem." — PolitiTweet.org

Eric Geller @ericgeller

However, Easterly later added, "we also think that there may be a lag between when this vulnerability is being used and when it is being actively deployed," which could explain why they're not seeing the kinds of activity that many people expect. — PolitiTweet.org

Eric Geller @ericgeller

Asked about ransomware, Goldstein says "we have no confirmed ransomware intrusions where we can authoritatively state that Log4Shell was used as the originating vulnerability for the intrusion." — PolitiTweet.org

Eric Geller @ericgeller

Goldstein: "When we have had those engagements with vendors, we are seeing very positive progress, and most vendors who are made aware of the seriousness of the issue — and the seriousness with which we ... & the broader U.S. government are taking it — have been very responsive." — PolitiTweet.org

Eric Geller @ericgeller

Asked what CISA is doing to straighten out vendors that aren't taking Log4j seriously, Goldstein says "we are taking that sort of scenario extremely seriously" and working closely with partners, especially in CI, to reach out to vendors. — PolitiTweet.org

Eric Geller @ericgeller

Goldstein: “We at this point are not seeing any confirmed compromises of federal agencies" through Log4j vulns. — PolitiTweet.org

Eric Geller @ericgeller

Easterly says that at last week's HSGAC meeting, Chairman Peters and RM Portman told her and @ncdinglis that "they were continuing to champion" the incident reporting bill, "and we're hopeful that they could move that forward this year." — PolitiTweet.org

Eric Geller @ericgeller

Easterly: “We are concerned that threat actors are going to start taking advantage of this vulnerability and having impacts, in particular on critical infrastructure, and because there is no legislation in place, we will likely not know about it.” — PolitiTweet.org

Eric Geller @ericgeller

“We were all disappointed that the cyber incident reporting bill was not included in the NDAA and was not already signed into law when this broke," Easterly says when asked how the lack of such a mandate has affected CISA's visibility into threats like Log4j. — PolitiTweet.org

Eric Geller @ericgeller

CISA Cyber Division chief Eric Goldstein says that through the agency's Bugcrowd VDP platform, "researchers helped us find 17 previously unidentified [DHS] assets that were vulnerable to Log4Shell, all of which were remediated before any intrusion could occur." — PolitiTweet.org

Eric Geller @ericgeller

CISA Cyber Division chief Eric Goldstein says that through the agency's Bugcrowd VDP platform, "researchers helped us find 17 previously unidentified [federal] assets that were vulnerable to Log4Shell, all of which were remediated before any intrusion could occur." — PolitiTweet.org

Eric Geller @ericgeller

Easterly: “At this time, we have not seen the use of Log4Shell resulting in significant intrusions.” But she stresses that CISA is focused on remediation and patching because they "expect Log4Shell to be used in intrusions well into the future." — PolitiTweet.org

Eric Geller @ericgeller

Easterly: “Several cybersecurity companies have ... reported that nation-state adversaries are developing attacks using Log4Shell [the most serious vuln affecting the Log4j library], although we cannot independently confirm these reports at the present time." — PolitiTweet.org

Eric Geller @ericgeller

CISA is doing a briefing right now on #Log4j. @CISAJen says more than 2,800 distinct products contain Log4j based on submissions to the agency's catalog. Agency estimate is still hundreds of millions of individual devices affected. — PolitiTweet.org

Eric Geller @ericgeller

@theglipper incredible — PolitiTweet.org

Eric Geller @ericgeller

I love how similar this photo of @millieratnerdog and her brother Wilbur (from their birthday party in December) is to one of the photos from their first reunion last March. https://t.co/MB76CHqpD6 — PolitiTweet.org

Eric Geller @ericgeller

@ddiamond Reminds me of this — PolitiTweet.org

Eric Geller @ericgeller

@selenalarson R2 could use a managed security solution I think — PolitiTweet.org

Eric Geller @ericgeller

@selenalarson R2 needs to learn about the benefits of zero-trust networking, maybe we should sign him up for a webinar or something — PolitiTweet.org

Eric Geller @ericgeller

Went on a wonderful but freezing walk in Rock Creek Park today with @HowellONeill, @selenalarson, and snow lover/fashion icon BenBen. https://t.co/R8A1CCVNal — PolitiTweet.org

Eric Geller @ericgeller

About to go on an incredible journey with @selenalarson and @HowellONeill — PolitiTweet.org

Eric Geller @ericgeller

@selenalarson yes — PolitiTweet.org