NTSC Technology Security Roundup

Weekly News Roundup: January 30, 2017

IAPP Releases 10-Part Series About GDPR’s Operational Impacts

In December 2016, the European Parliament and Council finally approved the General Data Protection Regulation (GDPR) after its proposal in 2012. The GDPR aims to better protect European citizen data privacy while also simplifying regulations in a more business-friendly way. Affecting anyone doing business in Europe, the GDPR will have operational impacts that the International Association of Privacy Professionals details in a 10-part series. Part 1 of the series tackles cybersecurity and data breach notification obligations.

After Four Months, Gregory Touhill No Longer Federal CISO

Created in 2016, the position of federal CISO is now vacant after only a four-month tenure by Retired Brigadier General Gregory Touhill. In a blog post, Touhill emphasized that he hopes the vision he set while in the role holds throughout President Trump’s administration. Touhill said he offered to stay but it’s likely the new administration wanted to either consider a different person or leave the role vacant for now. In parting, Touhill said, “I've left in place a solid flight plan and a great team of innovative professionals in the CISO Council and OMB who will follow through and execute what it takes to better manage our cyber risk.”

IBM Security to Acquire Data Risk Management Software Company Agile 3 Solutions

On January 23, IBM Security announced that they intended to acquire Agile 3 Solutions. The to-be-acquired company creates software that helps C-level executives with risk management around data. Adding to IBM Security’s portfolio of tools, Agile 3 Solutions will also integrate into IBM Guardium (a data protection software). According to a press release, “Agile 3 Solutions marks the 20th security-related company IBM has acquired as part of a series of investments to deepen its expertise as the world's largest enterprise security company.”

Senators Introduce Resolution to Establish Select Committee on Cybersecurity

On Wednesday, Senators Cory Gardner (R-Colo.) and Chris Coons (D-Del.) introduced a resolution to form a Select Committee on Cybersecurity composed of people who chair many other Senate committees. According to FedScoop, “The committee would be empowered to write legislation, act as a powerful oversight group, organize investigations, coordinate with the intelligence community and make recommendations to the executive branch.”

Federal Appeals Court Upholds July Decision That Servers Not Located in the United States Are Not Subject to Warrants

In a classic case of privacy rights versus national security, a federal appeals court upheld on Tuesday that Microsoft does not have to respond to a U.S. warrant requesting information from a server located in Ireland. Ars Technica notes, “The 4-4 vote by the 2nd U.S. Circuit Court of Appeals sets the stage for a potential Supreme Court showdown over the U.S. government's demands that it be able to reach into the world's servers with the assistance of the tech sector.” These legal arguments are a result of ambiguity in the 1986 Stored Communications Act.