NTSC’s Technology Security News Roundup 01/09/17)
Congressional Encryption Working Group Releases Year-End Report
After Apple refused to provide the FBI with a backdoor to a terrorist suspect’s iPhone, an encryption debate ensued about security versus privacy. A Congressional working group analyzed this issue during 2016 and made four observations in its report released on December 20.
- Any measure that weakens encryption works against the national interest.
- Encryption technology is a global technology that is widely and increasingly available around the world.
- The variety of stakeholders, technologies, and other factors create different and divergent challenges with respect to encryption and the “going dark” phenomenon, and therefore there is no one-size-fits-all solution to the encryption challenge.
- Congress should foster cooperation between the law enforcement community and technology companies.
FDA Releases “Postmarket Management of Cybersecurity in Medical Devices” Report
Because of increasing cybersecurity risks related to medical devices, the FDA addressed these concerns in a report that details current problems, identifies major risks, and offers recommendations. The report includes information about handling “postmarket” issues so that medical device cybersecurity doesn’t end after the product is sold. Several publications pointed out that the FDA only released nonbinding recommendations instead of official and enforceable guidelines.
Clearlake Capital Will Acquire LANDESK for Approximately $1.1 Billion
According to The Wall Street Journal, private investment firm Clearlake Capital will acquire IT management systems and solutions company LANDESK for over $1.1 billion. Clearlake will combine LANDESK with another of its portfolio companies, HEAT Software, which is an IT service and endpoint security management company. The press release states that “the combination will provide additional geographic reach and vertical depth, and will enable the company to better serve IT organizations with solutions to manage and secure end user environments.” Private equity firm Thoma Bravo currently owns LANDESK.
Former NSA Director Will Lead Best Practices Automation Group at the Center for Internet Security
Curt Dukes, the former Director of Information Assurance at the National Security Agency (NSA), will head up the Best Practices Automation Group at the Center for Internet Security. The Center for Internet Security is a not-for-profit organization “dedicated to enhancing the cybersecurity readiness and response among public and private sector entities.” Duke will direct much of his efforts toward expanding and increasing the adoption of CIS standards by the public and private sector.
CSIS Releases “From Awareness to Action - A Cybersecurity Agenda for the 45th President”
In 2014, long before anyone knew the results of our presidential election, the Center for Strategic and International Studies (CSIS) already began work on a cybersecurity agenda for the next president. Reinforcing that the seriousness of cybersecurity transcends individual presidents and partisan politics, the report includes both policy recommendations and problems to avoid. CSIS task force co-chairs overseeing this report included Sen. Sheldon Whitehouse, Rep. Michael T. McCaul, Karen Evans, and Sameer Bhalotra.