Representative Tom Graves (R-GA) Releases Second Draft of Active Cyber Defense Certainty Act
After collecting feedback from cybersecurity experts since the release of the first draft in March, Representative Tom Graves (R-GA) released a second version of the Active Cyber Defense Certainty Act. According to Tom Graves’s office, the revisions include:
Revisions to this draft were partially influenced by the NTSC’s input at a May 1 meeting at Georgia Tech that included NTSC Policy Council member Peter Swire.
States Proposing Additional Cybersecurity Laws in Wake of WannaCry Attacks
Reacting to the WannaCry ransomware attacks and an overall increasing number of cyberattacks, more states are passing cybersecurity laws with the intent of protecting citizens. Texas House Bills 8 and 9 are circulating through the state’s House and Senate and show strong signs of passing. According to the Star-Telegram, the bills “update state law to account for the use of malware and upgrade public-sector cyber capabilities.” In Delaware, House Bill 180 amends current state law by tightening rules around businesses protecting personal information, updating the definition of a data breach, and adding definitions for encryption. Such laws are indicators that states will continue to pass new cybersecurity regulations in the absence of a national, comprehensive federal law.
Reports Indicate Microsoft Will Acquire Israeli-Based Hexadite for $100 Million
While not formally announced by either company, many recent news reports indicated that Microsoft will acquire Israeli-based Hexadite for $100 million. According to the Hexadite website, “Hexadite AIRS connects to existing security detection systems to investigate every threat, leveraging artificial intelligence to apply targeted mitigation to stop security breaches in their tracks.” Providing some context around this acquisition, CNBC reported that “Microsoft had announced earlier this year that it would continue spending $1 billion in 2017 on cybersecurity research and development, excluding acquisitions it might make in the field. The company also maintains three R&D centers in Israel.”
Ponemon Institute and Synopsys Release Medical Device Cybersecurity Study
A recent study released by the Ponemon Institute and Synopsys entitled “Medical Device Security: An Industry Under Attack and Unprepared to Defend” revealed that cyberattacks on medical devices may be more immanent than we think. The study’s results included:
Focused on the North America market, the study surveyed approximately 550 individuals from manufacturers and HDOs, whose roles involve the security of medical devices, including implantable devices, radiation equipment, diagnostic and monitoring equipment, robots, as well as networking equipment designed specifically for medical devices and mobile medical apps.
US Government Explores Ways to Serve Warrants on Information Stored in the Cloud Across the World
The Hill reported that the Department of Justice is exploring ways to serve warrants on information stored in the cloud across the world to alleviate problems with national jurisdictions. For example, mixed messages have been sent by US courts pertaining to warrants involving information stored outside the United States on Microsoft and Google servers, leading to confusion about how law enforcement may legally access this information. The Department of Justice wants to consider bilateral agreements with other countries, which led to the UK’s Deputy National Security Advisor Paddy McGuiness becoming “the first sitting UK official to appear in a hearing before Congress, something he said was a sign of how seriously the country takes the issue.”