NTSC Technology Security Roundup

NTSC Weekly News Roundup: January 23, 2017

U.S. Senate Armed Services Committee Forms Cybersecurity Subcommittee

With Senator Mike Rounds (R-S.D.) as chairman, the new Senate Armed Services cybersecurity subcommittee was formed on January 18 primarily in response to concerns about Russian hacking. However, it will also encompass broader concerns and issues. In a press release, Rounds said the committee “will be tasked with oversight and legislation for policies and programs relating to the Defense Department’s cyber forces and capabilities.” Bill Nelson (D-Fla.) will serve as the top Democrat on the subcommittee.

National Cyber Incident Response Plan (NCIRP) Updated After Private Sector Feedback

The Department of Homeland Security revised its National Cyber Incident Response Plan (NCIRP) after the private sector provided feedback. Released on January 18, the revised NCIRP better outlines “the roles and responsibilities, capabilities, and coordinating structures that support how the Nation responds to and recovers from significant cyber incidents posing risks to critical infrastructure.” Developed in response to Presidential Policy Directive 41, NCIRP helps clarifies how federal, state, local, and private sector organizations respond to an incident.

Accenture Expands French and European Cybersecurity Footprint by Acquiring Arismore

Accenture recently acquired Arismore, a French company that offers security services such as identity and access management (IAM). According to Accenture, “The acquisition would bring to Accenture complementary security solutions and services, a strong client base and a talented team of 270 highly skilled security and enterprise architecture professionals.” The acquisition continues to build upon previous cybersecurity acquisitions by Accenture in recent years.

HP Enterprise Releases State of Security Operations Report 2017

In its fourth annual State of Security Operations Report, HP Enterprise looks at the maturity of 140 security operations centers (SOCs) to assess overall SOC vulnerability to attacks. After this analysis, the report goes on to make recommendations that cover risk mitigation, automation, and ongoing assessment. According to HP Enterprise, “A SOC that is well-defined, subjectively evaluated and flexible is recommended for the modern enterprise to effectively monitor existing and emerging threats; however, 82 percent of SOCs are failing to meet this criteria and falling below the optimal maturity level.”

President Obama Widens Availability and Dissemination of Raw Signals Intelligence Sharing

Relying on the legality of Executive Order 12333 (signed by President Ronald Reagan in 1981), President Obama recently approved new rules that loosen the restrictions around information sharing between intelligence agencies. At a high level, the new rules allow intelligence agencies to share more raw signals intelligence with each other that involves less information filtering. Discussion about these new rules include concerns about privacy and surveillance overreach.

Healthcare Services Company Auxilio Acquires Cybersecurity Consulting Firm CynergisTek

Auxilio, a document workflow solutions and IT security services company that serves the healthcare industry, acquired cybersecurity consulting firm CynergisTek for approximately $34 million. According to Auxilio, “The acquisition will enable the company to meet growing demand from healthcare customers for comprehensive IT security solutions that reduce risk and deliver long-term value.” As part of the deal, CynergisTek will remain independent in its operations as a wholly-owned subsidiary.