NTSC Technology Security Roundup

Weekly News Roundup: March 13, 2017

ACDC Act Proposes to Loosen Rules of the CFAA to Strengthen Legality of Active Defense

Active defense is a tricky area of cybersecurity. Currently, the Computer Fraud and Abuse Act (CFAA) prohibits organizations from “hacking back”—even if a criminal is clearly at fault. Representative Tom Graves (R-GA) introduced a discussion draft of a bill on March 3 entitled the Active Cyber Defense Certainty Act (or ACDC Act) that seeks to loosen CFAA rules to strengthen the legality of active defense. Cybersecurity experts—including the NTSC—are currently sifting through the discussion draft and discussing the challenges of defining the legality of active defense in such a bill.

FCC Delays Broadband Privacy Rules from Taking Effect

The FCC (led by Chairman Ajit Pai) voted to delay the implementation of broadband customer privacy rules approved in October 2016. The rules would have placed restrictions on customer data sent to advertisers, required more robust information security measures to prevent data breaches, and made sure that customers had to opt in and consent if they wanted any of their information shared. Broadband providers, telecommunications companies, and advertising trade groups felt the rules were too strict and unfair when not applied to non-broadband competitors such as Google.

Cybersecurity Industry Experts Reviewing Trump’s Executive Order

After a leaked draft and revision appeared in February, President Trump’s executive order on cybersecurity appears to be nearing prime time. Industry experts are currently reviewing the order that’s expected to hold federal agencies more accountable for adhering to the NIST Cybersecurity Framework. According to NextGov, “Other portions of the [executive order] focused on ensuring cyber protections for critical infrastructure.”

CA Technologies to Acquire Application Security Company Veracode for $614 Million

Expected to close in Q1 of fiscal year 2018, CA Technologies’s acquisition of Veracode was announced on Monday. CA Technologies will pay $614 million in cash for the application security company. According to a press release, “With Veracode, CA Technologies bridges its Security business with its broad DevOps portfolio and adds to its growing SaaS business.” Veracode was previously “named a leader in the Gartner Magic Quadrant for Application Security Testing.”

Okta to Acquire Identity Management Company Stormpath

Okta, an enterprise identity management company, will acquire Stormpath—a company that focuses on identity management for applications and APIs. Stormpath will be absorbed into Okta and shut down as an independent service. According to Network World, “While Okta is probably best known for its identity and access management products aimed at businesses’ internal use, the company also operates a developer platform aimed at helping app developers handle user identity. […] [The] developer capabilities are a fast-growing part of Okta’s business, but that […] functionality could use some help. That’s where this acquisition comes in.”