Sony hackers linked to breaches in 4 other countries, report finds

SAN FRANCISCO (Reuters) – The perpetrators of the 2014 cyber attack on Sony Pictures Entertainment were not activists or disgruntled employees, and likely had attacked other targets in China, India, Japan and Taiwan, according to a coalition of security companies that jointly investigated the Sony case for more than a year.

The coalition, organized by security analytics company Novetta, concluded in a report released on Wednesday that the hackers were government-backed but it stopped short of endorsing the official U.S. view that North Korea was to blame.

The Obama administration has tied the attack on Sony Corp’s film studio to its release of “The Interview,” a comedy that depicted the fictional assassination of North Korean leader Kim Jong Un.

Novetta said the breach “was not the work of insiders or hacktivists.”

“This is very much supportive of the theory that this is nation-state,” Novetta Chief Executive Peter LaMontagne told Reuters. “This group was more active, going farther back, and had greater capabilities and reach than we thought.”

Novetta worked with the largest U.S. security software vendor Symantec Corp, top Russian security firm Kaspersky Lab and at least 10 other institutions on the investigation, a rare collaboration involving so many companies.

They determined that the unidentified hackers had been at work since at least 2009, five years before the Sony breach. The hackers were able to achieve many of their goals despite modest skills because of the inherent difficulty in establishing an inclusive cyber security defense, the Novetta group said.

LaMontagne said the report was the first to tie the Sony hack to breaches at South Korean facilities including a power plant. The FBI and others had previously said the Sony attackers reused code that had been used in destructive attacks on South Korean targets in 2013.

The Novetta group said the hackers were likely also responsible for denial-of-service attacks that disrupted U.S. and South Korean websites on July 24, 2009. The group said it found overlaps in code, tactics and infrastructure between the attacks.

Symantec researcher Val Saengphaibul said his company connected the hackers to attacks late last year, suggesting the exposure of the Sony breach and the threat of retaliation by the United States had not silenced the gang.

The coalition of security companies distributed technical indicators to help others determine if they had been targeted by the same hackers, which Novetta dubbed the Lazarus Group.

(Reporting by Joseph Menn; Editing by Tiffany Wu)

Cyber security startups face funding drought

SAN FRANCISCO/BOSTON (Reuters) – The U.S. cyber security industry, once one of the hottest targets for venture capitalists, is now grappling with a funding slump that has forced some startups to sell themselves or cut spending.

Amid widespread concerns about cyber attacks and data breaches, hundreds of security startups have sprung up in recent years, promising “next-generation” technologies to fight cyber criminals, government spies and hacker activists.

But many of the new ventures have struggled to gain traction, finding it difficult to stand out from the crowd and provide customers with sophisticated enough security solutions to match the increasingly advanced cyber attacks they face.

“Investors are looking at balance sheets and saying, ‘You raised $100 million and you have nothing to show for it?'” said Promod Haque, senior managing partner at Norwest Venture Partners, which manages about $6 billion in capital.

Private investors pumped a record $3.3 billion into 229 cyber security deals last year, according to data from CB Insights. Venture capitalists, dealmakers and entrepreneurs said funding is drying up for all but the most mature cyber startups with substantial sales.

“Almost every other company I knew who was on the road raising money at the same time had to pull their rounds back and were not able to close,” said Michael DeCesare, chief executive of ForeScout Technologies Inc, a network security firm.

ForeScout reported more than $125 million in 2015 revenue and finalized a $76 million financing round last month. Other deals this year include $96 million in funding for risk analytics firm Skybox Security Inc, and Fidelity Investments’ $50 million investment in anti-virus software maker Malwarebytes.

It now takes six to eight months to close deals, up from about three to four months a couple years ago, said Sean Cunningham, managing director at Trident Capital Cybersecurity.

The founder of a cyber startup that raised money two years ago said he sought additional financing for several months but then gave up. The firm, which did not want to be identified, cut spending and plans to seek financing again in about six months.

Other startups are looking for buyers. A dealmaker at a large security company, who declined to be identified, said the number of incoming inquiries from businesses looking to sell themselves is up 40 percent this year, compared to the same time in 2015.

Last month, iSight Partners – which has uncovered major cyber campaigns from Iran, Russia and other nations – sold itself to FireEye Inc for $200 million in cash plus another $75 million in cash and stock if it meets certain sales targets. Last August, iSight Chief Executive John Watters told Reuters he planned to take the company public in 2016 at a valuation of at least $1 billion. After the FireEye deal was announced, Watters said his plan changed because market conditions shifted, making it more difficult to raise capital to remain independent. FireEye CEO Dave DeWalt said the tough funding environment would spawn more deals. FireEye also bought tiny security software maker Invotas for $30 million last month.

The value of cyber M&A activity more than doubled last year to $26.8 billion from $10.3 billion in 2014, according to data from consulting firm EY. The number of deals increased 46 percent to 287.

‘INDISCRIMINATE CAPITAL’

Cyber stocks had rallied in 2013 and 2014 on expectations the industry would benefit from a seemingly endless streak of headline-grabbing cyber attacks. Private investors, seeing the opportunity, piled onto startups. “You had a lot of indiscriminate capital that came into the space,” said Bob Ackerman, founder of Allegis Capital and a longtime security expert. The boom in cyber investing showed signs of faltering last year as earnings of publicly traded cyber companies missed expectations.

Too many startups copied technology already on the market, or products that hackers had figured out how to circumvent. Some highly touted products sold by private companies were found to be “obsolete from the moment they were launched,” said David Cowan, a partner at Bessemer Venture Partners.

Cyber stocks have since underperformed the broader market. FireEye, which this month warned that growth in cyber spending could slow this year, has fallen 35 percent over the past three months, compared to a 12 percent decline in the Nasdaq Composite Index. Qualys Inc tumbled 38 percent over the same period, while Palo Alto Networks Inc dropped 26 percent and the Pure Funds ISE CyberSecurity ETF fell 21 percent.

Robert Thomas, CEO of cloud security firm CloudPassage, which raised $36 million last July, said he expects the funding crunch for startups to last. “I feel fortunate that we got in under the wire and were able to raise (money) for the next two years to carry us through,” he said.

(Reporting by Heather Somerville in San Francisco and Jim Finkle in Boston; Editing by Jonathan Weber and Tiffany Wu)

California hospital makes rare admission of hack, ransom payment

LOS ANGELES/BOSTON (Reuters) – While it was not the first hacked organization to acquiesce to attackers’ demands, the California hospital that paid $17,000 in ransom to hackers to regain control of its computer system was unusual in one notable way: It went public with the news.

Hollywood Presbyterian Medical Center relented to the demands, President Allen Stefanek said, because he believed it was the “quickest and most efficient way” to free the Los Angeles hospital’s network, which was paralyzed for about 10 days.

That announcement sparked fears Thursday among hospitals and security experts that it would embolden hackers to launch more “ransomware” attacks and calls in California for tougher laws.

“It’s no different than if they took all the patients and held them in one room at gunpoint,” said California State Senator Robert Hertzberg, who on Thursday introduced legislation to make a ransomware attack equivalent to extortion and punishable by up to four years in prison.

Usually embarrassment and a desire to discourage hackers keep attacked companies quiet. Hollywood Presbyterian did not say why it made the disclosure, but its hand may have been forced by spreading rumors a week after the hack. Stefanek confirmed the cyber attack after at least one doctor appeared to have told local media.

In addition, he disputed media reports the 434-bed hospital had faced a ransom demand of $3.4 million, far more than the amount paid in the hard-to-trace cyber-currency bitcoin.

In a ransomware attack, hackers infect PCs with malicious software that encrypts valuable files so they are inaccessible, then offer to unlock the data only if the victim pays a ransom.

The hack at Hollywood Presbyterian forced doctors to use pen and paper in an age of computerization. News reports said its fax lines were jammed because normal e-mail communication was unavailable, and some emergency patients had to be diverted to other hospitals.

Investigators said administrators were so alarmed that they may have paid ransom first and called police later.

Medical facilities in the area plan to consult cyber security experts on how to protect themselves, the Hospital Association of Southern California said. “Hospitals are certainly now aware of ransomware more than they ever were before, and this has become a very real threat,” said spokeswoman Jennifer Bayer.

Some experts said ransomware encryption can be so hard to crack that victims feel they have little choice but to pay if they want their systems back. The hackers’ success could also prompt other hospitals to make quick payments to avoid the disruption and bad publicity Hollywood Presbyterian faced.

“Our number one fear is that this now pretty much opens the door for other people to pay,” said Bob Shaker, a manager at cyber security firm Symantec Corp.

‘CAT AND MOUSE’

He knew of at least 20 other attacks on healthcare facilities in the past year and hundreds more in other industries that had been kept secret.

Some of those put patients at risk and affected infusion pumps that deliver chemotherapy drugs, risking patient overdoses, he said.

Because hackers hide their identities and demand payment in bitcoin, authorities may have to work harder to find them than if they used old-fashioned methods.

But cyber-crime experts say that they can still be traced.

“The public nature of the network does give law enforcement an angle to help defeat them,” said Jonathan Levin, co-founder of Chainalysis, a New York company working with bitcoin users. “But it’s a game of cat and mouse.”

Ransomware is big business for cyber criminals and security professionals. Although ransoms typically are less than the hospital paid, $200 to $10,000, victims of a ransomware known as CryptoWall reported losses over $18 million from April 2014 to June 2015, the FBI said.

Ransomware attacks climbed sharply in 2014, when Symantec observed some 8.8 million cases, more than double the previous year. IBM said that last year more than half of all customer calls reporting cyber attacks involved ransomware.

(Editing by Sharon Bernstein and Cynthia Osterman)

Privacy versus security at heart of Apple phone decrypt order

(Reuters) – A court order demanding that Apple Inc help the U.S. government unlock the encrypted iPhone of one of the San Bernardino shooters opens a new chapter in the legal, political and technological fight pitting law enforcement against civil liberties advocates and major tech companies.

The government argues that the phone is a crucial piece of evidence in investigating one of the worst attacks in the United States by people who sympathized with Islamist militants. But privacy groups warn that forcing companies to crack their own encryption endangers the technical integrity of the Internet and threatens not just the privacy of customers but potentially citizens of any country.

A federal judge in Los Angeles on Tuesday ordered Apple to provide “reasonable technical assistance” to investigators seeking to read the data on an iPhone 5C that had been used by Rizwan Farook, who along with his wife, Tashfeen Malik, killed 14 people and wounded 22 others on Dec. 2 in San Bernardino, California.

Both were killed in a shootout with police. The Federal Bureau of Investigation has been investigating the couple’s potential communications with Islamic State and other militant groups, and argued that it needs access to the iPhone to find out more.

White House spokesman Josh Earnest said the Department of Justice was asking Apple for access to just one device, a central part of the government’s argument, which Apple Chief Executive Officer Tim Cook has said was “simply not true.”

“They are not asking Apple to redesign its product or to create a new backdoor to one of their products,” Earnest told reporters at a daily briefing.

Most technology security experts, including many who have served in government, say technical efforts to provide government access to encrypted devices inevitably brings in law enforcement. The argument has been made on and off since the 1990s, when the government tried and failed to force tech companies to incorporate a special chip into their products for surveillance purposes.

“The government suggests this tool could only be used once, on one phone,” Cook said in a statement on Tuesday. “But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices.”

Representatives of several other tech companies did not respond to requests for comment on the ruling. Not surprisingly, however, trade groups that count thousands of software companies, smartphone makers and network security firms as members decried the government position, while law enforcement groups backed the Justice Department.

The industry was “committed to working with law enforcement to keep Americans safe” the Software & Information Industry Association said, but in the Apple case, “the government’s position is overbroad and unwise.”

The Computing Technology Industry Association said that if the order was carried out, “it could give the FBI the power to call for some sort of back end to encryption whenever they see fit.”

If the federal judge, Magistrate Sheri Pym, rejects Apple’s arguments, the Cupertino, California-based company can appeal her order to the district court, and then up the chain to the 9th U.S. Circuit Court of Appeals in San Francisco and ultimately the U.S. Supreme Court.

The 9th Circuit is known to be pro-privacy. “The government ultimately will have an uphill fight,” said Robert Cattanach, a former Justice Department lawyer who advises companies on cyber security issues.

Farook was assigned the phone by the county health department he worked for, prosecutors said in a court filing on Tuesday. The health department had “given its consent” to authorities to search the device and to Apple to assist investigators in that search, the document said.

San Bernardino County’s top prosecutor, District Attorney Mike Ramos, said Apple’s refusal to unlock the phone was a slap in the face to the victims of the shooting and their families.

“They’d like to know details like any of us in America would like to know. Were there other threats? Were there other individuals involved?” Ramos said in a phone interview.

‘MASTER KEY’

Dan Guido, an expert in hacking operating systems, said that to unlock the phone, the FBI would need to install an update to Apple’s iOS operating system so that investigators could circumvent the security protections, including one that wipes data if an incorrect password is entered too many times.

He said that only Apple can provide that software because the phones will only install updates that are digitally signed with a secret cryptographic key.

“That key is one of the most valuable pieces of data the entire company owns,” he said. “Someone with that key can change all the data on all the iPhones.”

The notion of opening that key is anathema to the Electronic Frontier Foundation, an online rights group. “Once this master key is created, governments around the world will surely demand that Apple undermine the security of their citizens as well,” the foundation said in a statement.

Lance James, an expert in forensics who is chief scientist with cyber intelligence firm Flashpoint, said Apple could respond to the order without providing crypto keys or specialized tools that could be used to unlock other phones.

Apple technicians could create software that would unlock the phone, allowing the company to create a backup file with all of its contents that they could provide to law enforcement, James said.

American Civil Liberties Union staff attorney Alex Abdo said the government’s request risked a “dangerous” precedent. “The Constitution does not permit the government to force companies to hack into their customers’ devices,” he said.

Apple was a topic of discussion on the presidential campaign trail on Wednesday.

Donald Trump, the front-runner for the Republican Party’s nomination to run in the Nov. 8 election, appearing on Fox News Channel’s “Fox & Friends,” said, “I agree 100 percent with the courts – in that case, we should open it (the iPhone) up. … We have to use common sense.”

Another Republican candidate, U.S. Senator Marco Rubio of Florida, called it a “tough issue” that would require government to work closely with the tech industry to find a solution. Rubio said he hoped Apple would voluntarily comply with the court order.

(Additional reporting by Megan Cassella, Doina Chiacu and Susan Heavey in Washington, Steve Holland and Joseph Menn in San Francisco, Sharon Bernstein in Los Angeles; Writing by Grant McCool; Editing by Jonathan Oatis)

Cyber attack snarls Los Angeles hospital’s patient database

LOS ANGELES (Reuters) – The FBI is investigating a cyber attack that has crippled the electronic database at Hollywood Presbyterian Medical Center for days, forcing doctors at the Los Angeles hospital to rely on telephones and fax machines to relay patient information.

The origin of the computer network intrusion was unknown but since it began late last week has bogged down communications between physicians and medical staff newly dependent on paper records and doctors’ notoriously messy handwriting, doctors and a Federal Bureau of Investigation spokeswoman said on Tuesday.

“It’s right there on paper, but it may not be legible,” Dr. Rangasamy Ramanathan, a neonatal-perinatal specialist affiliated with the 434-bed facility, said. “The only problem is doctors’ writing.”

Although the cyber attack has snarled the hospital’s patient database, doctors have managed to relay necessary medical records the old-fashioned way through phone lines and fax machines, Ramanathan said.

The FBI is seeking to pinpoint hackers responsible for the intrusion, FBI spokeswoman Ari Dekofsky said. She declined to release further details.

Allen Stefanek, the hospital’s president and CEO, told Los Angeles television station KNBC-TV the hospital declared an internal emergency on Friday, after encountering significant information technology problems due to the hack.

A spokeswoman for the hospital could not be reached for comment.

(Reporting by Alex Dobuzinskis; Editing by Lisa Shumaker)

Apple opposes order to help unlock California shooter’s phone

WASHINGTON (Reuters) – Apple Inc opposed a court ruling on Tuesday that ordered it to help the FBI break into an iPhone recovered from a San Bernardino shooter, heightening a dispute between tech companies and law enforcement over the limits of encryption.

Chief Executive Tim Cook said the court’s demand threatened the security of Apple’s customers and had “implications far beyond the legal case at hand.”

Earlier on Tuesday, Judge Sheri Pym of U.S. District Court in Los Angeles said that Apple must provide “reasonable technical assistance” to investigators seeking to unlock the data on an iPhone 5C that had been owned by Syed Rizwan Farook.

That assistance includes disabling the phone’s auto-erase function, which activates after 10 consecutive unsuccessful passcode attempts, and helping investigators to submit passcode guesses electronically.

Federal prosecutors requested the court order to compel Apple to assist the investigation into the Dec. 2 shooting rampage by Farook and his wife, killing 14 and injuring 22 others. The two were killed in a shootout with police.

The FBI has been investigating the couple’s potential communications with Islamic State and other militant groups.

“Apple has the exclusive technical means which would assist the government in completing its search, but has declined to provide that assistance voluntarily,” prosecutors said.

U.S. government officials have warned that the expanded use of strong encryption is hindering national security and criminal investigations.

Technology experts and privacy advocates counter that forcing U.S. companies to weaken their encryption would make private data vulnerable to hackers, undermine the security of the Internet and give a competitive advantage to companies in other countries.

In a letter to customers posted on Apple’s website, Cook said the FBI wanted the company “to build a backdoor to the iPhone” by making a new version of the iPhone operating system that would circumvent several security features.

“The government is asking Apple to hack our own users and undermine decades of security advancements that protect our customers – including tens of millions of American citizens – from sophisticated hackers and cybercriminals,” Cook said.

He said Apple was “challenging the FBI’s demands” and that it would be “in the best interest of everyone to step back and consider the implications.”

In a similar case last year, Apple told a federal judge in New York that it was “impossible” for the company to unlock its devices that run an operating system of iOS 8 or higher.

According to prosecutors, the phone belonging to Farook ran on iOS 9.

Prosecutors said Apple could still help investigators by disabling “non-encrypted barriers that Apple has coded into its operating system.”

Apple and Google both adopted strong default encryption in late 2014, amid growing digital privacy concerns spurred in part by the leaks from former National Security Agency contractor Edward Snowden.

Forensics expert Jonathan Zdziarski said on Tuesday that Apple might have to write custom code to comply with the order, presenting a novel question to the court about whether the government could order a private company to hack its own device.

Zdziarski said that, because the San Bernardino shooting was being investigated as a terrorism case, investigators would be able to work with the NSA and the CIA on cracking the phone.

Those U.S. intelligence agencies could likely break the iPhone’s encryption without Apple’s involvement, he said.

(Reporting by Dustin Volz; Additional reporting by Joseph Menn, Dan Levine and Shivam Srivastava; Editing by Cynthia Osterman, Lisa Shumaker and Robin Paxton)

U.S. planned major cyber attack on Iran if diplomacy failed, NYT reports

WASHINGTON (Reuters) – The United States had a plan for an extensive cyber attack on Iran in case diplomatic attempts to curtail its nuclear program failed, The New York Times reported on Tuesday, citing a forthcoming documentary and military and intelligence officials.

Code-named Nitro Zeus, the plan was aimed at crippling Iran’s air defenses, communications systems and key parts of its electrical power grid, but was put on hold after a nuclear deal was reached last year, the Times said.

The plan developed by the Pentagon was intended to assure President Barack Obama that he had alternatives to war if Iran moved against the United States or its regional allies, and at one point involved thousands of U.S. military and intelligence personnel, the report said. It also called for spending tens of millions of dollars and putting electronic devices in Iran’s computer networks, the Times said.

U.S. intelligence agencies at the same time developed a separate plan for a covert cyberattack to disable Iran’s Fordo nuclear enrichment site inside a mountain near the city of Qom, the report said.

The existence of Nitro Zeus was revealed during reporting on a documentary film called “Zero Days” to be shown on Wednesday at the Berlin Film Festival, the Times said. The film describes rising tensions between Iran and the West in the years before the nuclear agreement, the discovery of the Stuxnet cyberattack on the Natanz uranium enrichment plant, and debates in the Pentagon over the use of such tactics, the paper reported.

The Times said it conducted separate interviews to confirm the outlines of the program, but that the White House, the Department of Defense and the Office of the Director of National Intelligence all declined to comment, saying that they do not discuss planning for military contingencies.

There was no immediate response to a request by Reuters for comment from the Pentagon.

(Reporting by Eric Walsh; Editing by Chris Reese)

House backs tighter North Korea sanctions, sends bill to Obama

WASHINGTON (Reuters) – The U.S. House of Representatives overwhelmingly passed legislation on Friday broadening sanctions against North Korea, sending the measure to President Barack Obama to sign into law.

Lawmakers said they wanted to make Washington’s resolve clear to Pyongyang, but also to the United Nations and other governments – especially China, North Korea’s lone major ally and main business partner.

The sanctions would target not just North Korea but also those who do business with it.

The vote was 408-2, following a 96-0 vote in the Senate on Wednesday.

Impatient with what they see as Obama’s failure to respond to North Korean provocations, many of his fellow Democrats as well as the Republicans who control Congress have been clamoring for a clamp down since Pyongyang tested a nuclear device in January.

Pressure for congressional action further intensified after last weekend’s satellite launch by North Korea.

Obama is not expected to veto the bill, given its huge support in Congress. Ben Rhodes, his deputy national security adviser, said the White House would review the measure but does not oppose Congress’ efforts.

“I think this is an area where we and Congress are in the same space and agree on the need for increased sanctions,” Rhodes said at an event at the Center for American Progress on Thursday.

The legislation would sanction anyone who engages in, facilitates or contributes to North Korea’s proliferation of weapons of mass destruction, arms-related materials, luxury goods, human rights abuses, activities undermining cyber security and the provision of materials for such activities.

Penalties include the seizure of assets, visa bans and denial of government contracts.

Unusually, the measure makes most of the sanctions mandatory, rather than giving the president the option to impose them. He can temporarily waive them by making the case that doing so would threaten national security.

The House had backed the sanctions measure 418-2 in January, but the Senate included some new provisions, including cyber security measures, in its version, sending it back to the House.

(Reporting by Patricia Zengerle; Editing by Richard Cowan and Bill Trott)

Ukraine sees Russian hand in cyber attacks on power grid

KIEV (Reuters) – Hackers used a Russian-based internet provider and made phone calls from inside Russia as part of a coordinated cyber attack on Ukraine’s power grid in December, Ukraine’s energy ministry said on Friday.

The incident was widely seen as the first known power outage caused by a cyber attack, and has prompted fears both within Ukraine and outside that other critical infrastructure could be vulnerable.

The ministry, saying it had completed an investigation into the incident, did not accuse the Russian government directly of involvement in the attack, which knocked out electricity supplies to tens of thousands of customers in central and western Ukraine and prompted Kiev to review its cyber defenses.

But the findings chime with the testimony of the U.S. intelligence chief to Congress this week, which named cyber attacks, including those targeting Washington’s interests in Ukraine, as the biggest threat to U.S. national security.

Relations between Kiev and Moscow soured after Russia annexed the Crimean peninsula in March 2014 and pro-Russian separatist violence erupted in Ukraine.

Hackers targeted three power distribution companies in December’s attack, and then flooded those companies’ call centers with fake calls to prevent genuine customers reporting the outage.

“According to one of the power companies, the connection by the attackers to its IT network occurred from a subnetwork … belonging to an (internet service) provider in the Russian Federation,” the ministry said in a statement.

Deputy Energy Minister Oleksander Svetelyk told Reuters hackers had prepared the attacks at least six months in advance, adding that his ministry had ordered tighter security procedures.

“The attack on our systems took at least six months to prepare – we have found evidence that they started collecting information (about our systems) no less than 6 months before the attack,” Svetelyk said by phone.

Researchers at Trend Micro, one of the world’s biggest security software firms, said this week that the software used to infect the Ukrainian utilities has also been found in the networks of a large Ukrainian mining company and a rail company.

The researchers said one possible explanation was that it was an attempt to destabilize Ukraine as a whole. It was also possible these were test probes to determine vulnerabilities that could be exploited later, they said.

(Writing by Matthias Williams; additional reporting by Eric Auchard; Editing by Ruth Pitchford)

Concerned by cyber threat, Obama seeks big increase in funding

WASHINGTON (Reuters) – President Barack Obama on Tuesday sought a surge in funding to counter cyber security threats, as his top intelligence official warned Congress that computer attacks were among the most imminent security challenges facing the United States.

In his fiscal 2017 budget proposal, Obama asked for $19 billion for cyber security across the U.S. government, an increase of $5 billion over this year.

While the White House’s overall fiscal plan faces tough going in the Republican-controlled Congress, increased cyber security funding has won bipartisan support of lawmakers in the past.

The request comes as the Obama administration has struggled to address the growing risk posed by criminals and nation states in the digital world.

In Congress, Obama’s director of national intelligence, James Clapper, warned that cyber threats “could lead to widespread vulnerabilities in civilian infrastructures and U.S. government systems.”

The Obama initiative calls for a more than one-third increase from the $14 billion appropriated this year and would include $3.1 billion for technology modernization at various federal agencies.

Cyber threats are “among the most urgent dangers to America’s economic and national security,” Obama said in a Wall Street Journal op-ed published on Tuesday.

The request for a cash infusion is the latest signal that the White House intends to make cyber security a priority in the last year of Obama’s presidency.

It follows a series of high-profile hacks against the government and companies like Sony Pictures and Target that were largely met with legislative inaction and administrative uncertainty on how best to address evolving cyber threats.

Those difficulties played out publicly last year when the Office of Personnel Management announced it had fallen victim to a hack that lifted sensitive information on roughly 22 million individuals from its databases.

The White House issued an executive order setting up a presidential commission on cyber security, which would make recommendations for strengthening defenses over the next decade. A new position of federal chief information security officer also would be established.

A government watchdog report last month concluded the government’s cyber defense system, known as Einstein, is ineffective at combating hackers.

Obama also signed another executive order creating a permanent Federal Privacy Council, which aims to connect privacy officials across the government to develop comprehensive guidelines for how personal data is collected and stored.

The president’s budget proposal also called for $62 million to expand efforts to attract and retain qualified cyber professionals working for the government.

(Reporting by Dustin Volz; Editing by Richard Cowan, Andrew Hay, Chizu Nomiyama and Alistair Bell)