NTSC Technology Security Roundup

Weekly News Roundup for March 6, 2017

Concerns Heighten Over Lack of White House Cybersecurity Policy

Two draft executive orders. Ongoing programs carried over from the Obama administration. A new special assistant to the president for Technology, Telecom and Cybersecurity Policy (Grace Koh). Otherwise, a lot of uncertainty remains over the White House’s cybersecurity policy. The good news? Drafts of the executive orders have reassured cybersecurity experts and policymakers, and Congress is showing a lot of activity on the cybersecurity front. The bad news? A lack of coherent cybersecurity policy from the White House sends uncertainty ripples throughout the rest of government and the private sector.

NIST-Related Bill Strengthens Cybersecurity Metrics and Federal Agency Accountability

The House Committee on Science, Space, and Technology approved a bill that requires federal agencies to follow the NIST cybersecurity framework. In addition, NIST is required to develop metrics and apply measurable accountability to federal agencies. According to The Hill, NIST must “submit an initial assessment and regular audits to Congress on cybersecurity measures put in place by federal agencies. [The legislation] would also set up guidance for federal agencies to incorporate the NIST cyber framework and establish working groups in the federal and private sectors to help public and private entities use the framework.”

State Cyber Resiliency Act to Help State and Local Governments

While state and local governments increasingly get pummeled with cyberattacks, they often don’t have the resources to battle back. A bipartisan bill, The State Cyber Resiliency Act, will direct resources to state and local governments through grants (administered by FEMA) that help with “[developing and implementing] effective cyber resiliency plans” (according to a press release). The press release goes on to say, “This includes efforts to identify, detect, protect, respond, and recover from cyber threats. It also encourages states to invest in the cybersecurity workforce.”

LightCyber Acquired by Palo Alto Networks for $105 Million in Cash

Palo Alto Networks, a next-generation security company, recently acquired LightCyber for $105 million in cash. LightCyber is a private company that offers automated behavioral analytics technology that uses (according to a press release) “sophisticated machine learning to quickly, efficiently and accurately identify attacks based on identifying behavioral anomalies inside the network.” Benefiting from LightCyber’s capabilities, Palo Alto Networks said in the same press release that “the platform will enhance its automated threat prevention capabilities and the ability for customer organizations to prevent cyber breaches throughout the entire attack life cycle.”

Accenture to Acquire EDR Cybersecurity Software Company Endgame

Continuing its aggressive acquisition of cybersecurity companies, Accenture plans to acquire Endgame—an endpoint detection and response (EDR) cybersecurity software company. The company will become part of Accenture Federal Services and comes after Accenture Security and Endgame formed an alliance last year to offer a “hunt-as-a-service offering.” According to a press release, “The acquisition will provide Accenture Federal Services an additional team of highly skilled cybersecurity professionals who will help federal clients increase their cyber resiliency by better preparing for, identifying, intercepting, and removing advanced adversaries in real time.”