NTSC Technology Security Roundup

Weekly News Roundup February 20, 2017

New York State Introduces First of Its Kind Financial Services Cybersecurity Regulations in the United States

On March 1, 2017, regulations will take effect in New York State that aim to protect financial services data from cyberattacks. Governor Andrew Cuomo announced that the goal of the regulations is to take more robust measures that protect consumer privacy and New York’s critical financial institutions. By regulating governance, minimum standards, and accountability, New York wants to encourage stronger cybersecurity through a better compliance culture. In a press release, Governor Cuomo said, “New York is the financial capital of the world, and it is critical that we do everything in our power to protect consumers and our financial system from the ever increasing threat of cyber-attacks.”

Read the full text of the regulation.

U.S. Representative Michael McCaul Mentions Five Impediments to National Cybersecurity at RSA Conference

Government Technology provided an excellent recap of U.S. Representative Michael McCaul’s comments at the recent RSA Conference in San Francisco. McCaul said we’re losing the national cybersecurity battle because of five impediments:

1.The sheer number of threats and attacks.

2.The rapid pace of technology.

3.Poor data sharing between the public and private sector.

4.Legal confusion about active defense.

5.Unresolved questions about balancing data privacy with national security.

To solve these problems, McCaul wants to see more participation from the private sector along with a “stronger cybersecurity agency within the Department of Homeland Security to assist in this effort.”

Accenture to Acquire VeriSign-Owned iDefense Security Intelligence Services

Accenture recently announced they will acquire iDefense Security Intelligence Services—a cyberthreat intelligence company—from VeriSign for an undisclosed sum. In a press release, Accenture said, “Complementing recent security investments, the acquisition of iDefense augments Accenture Security’s existing Cyber Defense Services with targeted threat intelligence that Accenture will embed into services it manages for clients’ security operations.”

New Mexico Aims to Become 48th State With a Data Breach Notification Law

Every state except for Alabama, New Mexico, and South Dakota has data notification laws. That may change as New Mexico recently passed House Bill 15. According to the Grant County Beat, “House Bill 15 would require service providers to implement reasonable procedures to protect the personal identifying information (PII) of consumers within their custody. It would also require providers to notify consumers whose PII may have been compromised by a security breach.” Next, the bill goes to the New Mexico state Senate.

F-Secure Acquires Hardware Security Company Inverse Path

F-Secure, a public company headquartered in Helsinki, Finland, recently acquired hardware security company Inverse Path. Serving mid-market and Fortune 500 companies, Inverse Path specializes in the avionics, automotive, and industrial control sectors. According to an F-Secure press release, “Inverse Path's expertise in hardware security and the safety of critical embedded systems strengthens F-Secure's position as a service provider for businesses in critical sectors with challenging IT infrastructure.”