NTSC Technology Security Roundup

Weekly News Roundup: May 22, 2017

Politico Includes the NTSC in Its Daily Cybersecurity Briefing

Politico included a short piece about the NTSC’s recent DC Fly-In as a part of the publication’s daily cybersecurity briefing. According to Politico, “The three-day event has seen chief information security officers from around the country visit with lawmakers and government officials to discuss the group’s cybersecurity priorities. ‘Our 2017 legislative agenda includes many important issues such as national data breach notification legislation, the way we share threat intelligence information through private/public sector exchanges, and strong, protected encryption,’ NTSC President Larry Williams said in a statement. Patrick Gaul, the group’s executive director, added that the CISOs’ ‘presence on the Hill not only helps us deliver our policy messages but also reinforces NTSC as the primary resource for federal policymakers on technology security issues important to businesses.’”

Strengthening State and Local Cyber Crime Fighting Act of 2017 Passes House

A bill we’ve been tracking since its introduction in the House in March, the “Strengthening State and Local Cyber Crime Fighting Act of 2017,” passed the House by a vote of 408-3. The bill outlines how the National Computer Forensics Institute in Hoover, Alabama will share homeland security information with state, local, tribal, and territorial governments to help them battle cybercrime. Representative John Ratcliffe (R-Texas), Chairman of the Cybersecurity and Infrastructure Protection Subcommittee and a member of the House Homeland Security Committee, introduced the bill. Its timeliness was noted by The Hill: “Other lawmakers signaled support for the bill on Tuesday, citing the global ‘Wanna Cry’ ransomware attack that has spread to 150 countries since Friday.”

“Modernizing Government Technology Act” Passes House and Now Goes to Senate

Following President Trump’s executive order that had removed a section from an earlier draft about modernizing federal agency IT systems, the recently passed Modernizing Government Technology (MGT) Act now complements Trump’s executive order by providing $500 million in IT modernization funding to federal agencies. According to the Federal Times, “The MGT Act is seen as a critical piece of both Congress’ and the White House’s strategy on IT modernization and cybersecurity. Trump administration officials have cited the bill, alongside recent executive orders, in the White House’s move to strengthen the federal government’s cyber posture.”

“Protecting Our Ability to Counter Hacking (PATCH) Act of 2017” Introduced by US Senate

A common private sector complaint is the lack of transparency and information sharing from the Vulnerabilities Equities Process (VEP)—and that lack of transparency is seen as partly to blame for the WannaCry ransomware attack. To create better transparency and information sharing between the VEP and the private sector, the US Senate has proposed the Protecting Our Ability to Counter Hacking (PATCH) Act of 2017. According to FCW, “The bill establishes the Vulnerability Equities Review Board to set policy on the disclosure of vulnerabilities known to the U.S. government. Members will include the heads of the Department of Homeland Security, FBI, CIA, NSA and the Department of Commerce, to be joined by a set of ad hoc members from other departments.”

NIST Plans to Update Its Cybersecurity Framework

NIST plans to make the first update to its Cybersecurity Framework since its introduction in 2014. This framework impacts organizations from federal agencies mandated to follow its guidelines to businesses that voluntarily benchmark against these best practices. According to The Hill, “The workshop debated ways to update the guide for advice on modern security standards like multifactor identification, supply chain management or easing the way for third-party researchers to report security flaws. Also on the table were topics such as internet of things and security metrics.”

F-Secure Acquires Security Consultancy Firm Digital Assurance

Helsinki, Finland-based cybersecurity company F-Secure recently acquired Digital Assurance, a UK based security consultancy firm offering information security assessment services to governments and companies in the financial, petrochemical, retail, communication, and defense industries. F-Secure is using this acquisition to expand its footprint in the UK. According to a press release, “Digital Assurance's established team of cyber security specialists will help F-Secure bring its advanced technology and security expertise to a greater number of organizations in the UK.”

NTSC Board Chair Tim Callahan Featured in TechTarget Interview

NTSC Board Chair Tim Callahan was recently featured in a TechTarget interview that covered the NTSC, how the role of the CISO has evolved, and thoughts about working with company boards. Here is an excerpt from the interview:

What has led to your involvement in the National Technology Security Coalition, and what are your priorities as chairman of the board?

Tim Callahan: I think the major role of National Technology Security Coalition is to be seen as an honest broker and partner in helping to educate legislatures and policymaking arms of the government. To gain [that] level of trust and respect, NTSC must remain nonpartisan. As we build the coalition, I hope to ensure that all board members and sponsors stay aligned to the overriding goal. I think we can hold events that promote these goals and that also help educate CISOs on how they can be more impactful in public policy decisions that are good for America and good for our business climate. We must always seek to serve the larger good and protect the consumer.