NTSC Technology Security Roundup

Weekly News Roundup: February 27, 2017

Data Breach Costs Yahoo $350 Million

Verizon reduced the price of its acquisition of Yahoo by $350 million as a result of two 2014 Yahoo data breaches brought to light in late 2016. One data breach affected 500 million accounts and the other affected one billion accounts. In addition to lowering the acquisition price to $4.48 billion, Verizon will also split the costs 50/50 with Yahoo for any legal and regulatory liabilities. According to CIO, “The companies expect the deal to close in the second quarter.”

Department of Homeland Security Assisting with GPS Equipment Testing for Critical Infrastructure

Much critical infrastructure depends a great deal on GPS, and the Department of Homeland Security (according to an RFI) wants to help “manufacturers of commercial GPS receivers or equipment used in critical infrastructure” test their equipment. Manufacturers can apply until March 3, 2017 and testing will take place April 17-21, 2017. According to The Hill, “Though GPS is best known to consumers for accurately determining locations, many of its most critical uses are from accurately determining time.”

White House Sticking with Vulnerabilities Equities Process (VEP) Status Quo

At the most recent RSA Conference, U.S. officials said nothing will change with the Vulnerabilities Equities Process in the near future. According to Cyberscoop, “…some feared that a new White House would reverse course and offer intelligence and law enforcement agencies greater leeway to keep vulnerabilities secret.” While not a perfect process and cause for many industry complaints, the VEP is here to stay for the time being as the current administration follows tradition.

NIST Seeking Help on Protecting Power Grid From Hackers

NIST recently released a special publication for public review entitled Situational Awareness for Electric Utilities. According to NIST, the publication will help energy companies “more readily detect and remediate anomalous conditions, investigate the chain of events that led to the anomalies, and share findings with other energy companies.” Because threats to power grids could result in devastating consequences, NIST is taking a proactive, preventative approach as cyberattacks increase. NIST will take public comments until April 17, 2017.

Department of Homeland Security Investing in Research to Prevent Distributed Denial of Service (DDoS) Attacks

The Department of Homeland Security will fund research projects to combat DDoS attacks through its Science and Technology Homeland Security Advanced Research Projects Agency’s Cyber Security Division (CSD). Because of the increasing frequency and sophistication of such attacks, the Department of Homeland Security wants to strengthen the nation’s defenses. According to the Department of Homeland Security, “The project’s two primary focuses are on increasing deployment of best practices to slow attack scale growth and defending networks against a one Tbps attack through development of collaboration tools that can be used by medium-size organizations.” The project will also address “attacks against 911 and Next Generation 911 emergency management systems.”