NTSC Technology Security Roundup

Weekly News Roundup: April 3, 2017

Proposed Senate Bill to Bring Vulnerabilities Equities Process into the Light

Senators Brian Schatz (D-Hawaii) and Ron Johnson (R-Wisconsin) are drafting a Senate bill proposing that the Vulnerabilities Equities Process (VEP) becomes law and more transparent about its operations. Today, the VEP is not transparent—and it’s not clear how decisions are made or who makes them. According to Cyberscoop, the bill would clearly identify who sits on the VEP board, designate a central office or authority to communicate about vulnerabilities with the private sector, and require input from the now nearly defunct Privacy and Civil Liberties Oversight Board.

Mastercard to Acquire Biometrics and Behavioral Analytics Company NuData Security

By acquiring NuData Security, a passive biometrics and behavioral analytics company, Mastercard plans to strengthen its IoT security. According to a Mastercard press release, the company says the acquisition will “strengthen its efforts around device-level security and authentication, enabling near real-time collaboration between issuers, merchants and processors.” The same press release describes NuData Security as “a global technology company that helps businesses prevent online and mobile fraud using session and biometric indicators.”

Christopher Krebs to Serve as Senior Cyber-Policy Counselor at Department of Homeland Security

As former Director of Cybersecurity Policy for Microsoft and a cyber-policy advisor to the George W. Bush administration, Christopher Krebs will serve as senior cyber-policy counselor at the Department of Homeland Security. According to Cyberscoop, Krebs “started work this week as a senior counselor to Homeland Security Secretary John Kelly, the first major cyber-policy appointment at the department.” Krebs’s appointment adds an important position to the Department of Homeland Security that focuses specifically on policy.

Trump Extends Obama Executive Order That Helps U.S. Retaliate Against Major Cyberattacks

President Obama’s April 2015 Executive Order, “Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities,” was extended by President Trump to April 1, 2018. According to Network World, “The executive order gave the U.S. new powers to retaliate for hacking of critical infrastructure, major denial of service attacks or large scale economic hacking.” President Trump said (in a letter) that he extended the executive order because “significant malicious cyber-enabled activities originating from, or directed by persons located, in whole or in substantial part, outside the United States, continue to pose an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States.”

House Members Want FCC to Better Protect Telecommunications Cybersecurity

House representatives Ted Lieu (D-California) and Ron Wyden (D-Oregon) want the FCC to address what they see as major cybersecurity flaws in U.S. telecommunications. Arguing that self-regulation hasn’t worked, the representatives said in a letter that “critical flaws in our communications infrastructure, including those in Signaling System 7 (SS7)” haven’t been properly addressed. The representatives want the FCC to follow the recommendations of the FCC’s Communications Security, Reliability and Interoperability Council (CSRIC), create another CSRIC working group to address additional issues, and communicate more effectively to the public about major cybersecurity vulnerabilities.