NTSC Technology Security Roundup

Weekly News Roundup: June 26, 2017

White House Cyber Coordinator Rob Joyce Notes Disconnect Between Agency Executives and CIOs/CISOs

A recent NextGov article reported on comments made by White House Cyber Coordinator Rob Joyce on Wednesday about a disconnect between agency executives and both CIOs and CISOs. In the private sector, CIOs and CISOs generally report to executive leadership. That’s less common at agencies, which means that executive leaders tend to be less aware of cybersecurity issues. Quoted in NextGov, Joyce said “Tech stuff is too often the job of the CIO or CISO, but it really is a leadership decision. […] Does leadership know they’ve accepted that risk? The buck stops with them. Department and agency heads have to be accountable in this space.” President Trump’s May executive order on cybersecurity is helping to encourage this kind of direct reporting.

Bipartisan Principles for Self-Driving Vehicles Legislation May Not Appropriately Account for Cybersecurity

On Wednesday, US Senators John Thune (R-S.D.), Gary Peters (D-Mich.), and Bill Nelson (D-Fla.) released principles for bipartisan legislation on self-driving vehicles in advance of a Senate Commerce, Science, and Transportation Committee hearing held on Thursday entitled “Paving the Way for Self-Driving Vehicles.” While the bipartisan principles acknowledge cybersecurity, Security Week argues that the language doesn’t go far enough. In addition, the Thursday hearing only minimally focused on security, three of the four published statements from organizations that spoke at the hearing did not mention security, and that it appears that the principles lean toward cybersecurity self-regulation.

Deloitte Releases “Cyber Risk in Consumer Business” Study

In a study released Wednesday entitled “Cyber Risk in Consumer Business,” Deloitte reports that C-level technology executives feel confident about responding to a cyberattack but face issues preventing a strong response—revealing a disconnect between C-level confidence and an actual ability to respond. Some of Deloitte’s findings include the following:

  • The majority of executives surveyed (82 percent) indicate their organization has not documented and tested cyber response plans involving business stakeholders within the past year.
  • Less than half (46 percent) say their organization performs war games and threat simulations on a quarterly or semiannual basis.
  • One quarter (25 percent) report lack of cyber funding.
  • Roughly 1 in 5 (21 percent) lack clarity on cyber mandates, roles and responsibilities.

According to a press release, Deloitte surveyed “more than 400 chief information officers, chief information security officers, chief technology officers and other senior executives.”

Small Business Development Center (SBDC) Cyber Training Act Introduced in the House

A bipartisan group of representatives introduced the Small Business Development Center (SBDC) Cyber Training Act on Thursday. Its purpose is to “amend the Small Business Act to require cyber certification for small business development center counselors, and for other purposes.” According to a press release, “The SBDC Cyber Training Act would require a percentage of SBDC employees to become certified in cyber strategy counseling, a method proven effective for export trade counseling. Without costing taxpayers more money, the Act would utilize already existing Small Business Administration (SBA) conferences to provide cyber strategy training to at least 20 percent of SBDC employees.”

Accenture and Microsoft Create Blockchain Solution to Support ID2020

According to ID2020, “One-sixth of the world's population lives without an officially recognized identity.” The organization sees a digital identity as a basic human right to which everyone should have access. To help that process along, Accenture and Microsoft have teamed up to create a prototype that is “designed to empower individuals with direct consent over who has access to their personal information, and when to release and share data. It is a sophisticated decentralized, or “distributed,” database architecture, maintained by multiple, trusted parties on the blockchain, eliminating the need for a central authority.” This prototype was announced at the UN headquarters during the ID2020 Summit held on Monday.