NTSC Technology Security Roundup

Weekly News Roundup: April 17, 2017

Accenture Survey Shows Significant Concerns from Citizens About Government Protecting Their Data Privacy

A recent survey by Accenture of 3,500 U.S. citizens showed they have deep concerns about how the government handles the security of their data. Some highlights of the survey include:

  • “74 percent of citizens lack confidence in government’s ability to keep their data private and secure.”
  • “63 percent say they would feel more confident if the government agencies and service providers with which they interact had stronger data-privacy and security policies.”
  • “65 percent lack confidence in the ability of law-enforcement agencies to investigate and prosecute cybercrimes.”
  • “66 percent said they would be willing to sacrifice convenience for increased data security.”

These results show that the U.S. government needs to continually improve its cybersecurity to alleviate privacy concerns while also acknowledging public perception as it creates cybersecurity policy.

Giuliani-Led Cybersecurity Task Force Plans to Meet with White House Soon

According to NextGov, a government cybersecurity task force comprised of cybersecurity executives and led by Rudy Giuliani will soon meet with the White House. This task force will discuss issues including public-private information sharing and the cybersecurity of critical infrastructure. As groups like these seek to influence White House policy, the NextGov article also notes that “many details of Trump’s cyber policies remain opaque […] and several key administration posts, such as the federal chief information officer and chief information security officer, have not been filled. A draft cybersecurity executive order the Trump team floated in February and invited industry to review in March has still not been introduced.”

Leading Cybersecurity Companies and Organizations Provide Feedback to NIST About Vulnerability Disclosure

Released on Monday, joint comments by leading cybersecurity companies and organizations about NIST’s “Framework for Improving Critical Infrastructure Cybersecurity” address the ongoing issue of vulnerability disclosure. According to NextGov, the organizations recommended that NIST “should add a section to its cybersecurity framework promoting best practices for organizations to receive digital vulnerability reports from security researchers.” In the report, the organizations noted that “vulnerability disclosure and handling processes can also help protect researchers or accidental discoverers acting in good faith by providing them with a clear channel to communicate vulnerabilities to technology providers and operators, reducing the risk of conflict or misunderstanding.”

HP Enterprise Contributes to NIST Format-Preserving Encryption Standard

HP Enterprise recently announced that they “contributed technology and core specifications for the new National Institute of Standards and Technology’s (NIST) AES FFX Format-Preserving Encryption (FPE) mode standard.” This kind of encryption protects data at rest, in motion, and in use while also preserving data formats. According to a press release, “This new mode enables organizations to encrypt sensitive personal data without completely revamping existing IT infrastructure, increasing security and lowering the cost of strong data protection.”

As FirstNet Begins Building Nationwide Wireless Broadband Network for First Responders, Some States Opt Out

While FirstNet recently announced that AT&T would help build the first dedicated nationwide wireless broadband network for first responders, ITBusinessEdge reported that a few states are starting to opt out. According to ITBusinessEdge, “Michigan is the fourth state to issue its own RFP, after New Hampshire, Alabama and Arizona. Colorado is set to do so as well.” Chartered in 2012, FirstNet is an independent authority within the U.S. Department of Commerce. Its mission is to “ensure the building, deployment, and operation of the nationwide, broadband network that equips first responders to save lives and protect U.S. communities.”

The NICE K-12 Cybersecurity Education Conference Announces Call for Speakers

The National Initiative for Cybersecurity Education (NICE) is accepting proposals for its K-12 Cybersecurity Education Conference, which is being hosted December 4-5, 2017 in Nashville, Tennessee. The annual conference is co-hosted by the Internet Keep Safe Coalition (iKeepSafe). The NICE K-12 Cybersecurity Education Conference will expand a national effort to address the challenges and opportunities of cybersecurity education, training, and workforce needs of the nation. For more information on how to submit a proposal or to register as an attendee or exhibitor, visit the NICE K12 Cybersecurity Education Conference website.