NTSC Technology Security Roundup

Weekly News Roundup: July 17, 2017

House Appropriations Committee Seeks to Revise ECPA Concerning Email Warrants

The Hill reported that the House Appropriations Committee is seeking to revise the Electronic Communications and Privacy Act (ECPA) so that warrants are required for law enforcement’s access to emails. In the 1986 law, emails are legally available to law enforcement without a warrant after 180 days. That’s why, according to The Hill, “The House Appropriations Committee Thursday night unanimously approved a legislative block to a law that allows law enforcement to seize emails, photographs and other cloud-hosted documents without a warrant.” Supporters of the original law include “regulatory agencies that do not have the power to issue warrants [that] argue that maintaining the ECPA is the only way for them to conduct investigations.”

Cisco to Acquire Cloud Security Company Observable Networks

Cisco recently announced it plans to acquire cloud security company Observable Networks. According to a blog post, Cisco said, “Together, Cisco and Observable Networks will extend our Stealthwatch solution into the cloud with highly scalable behavior analytics and comprehensive visibility. […] The acquisition of Observable Networks supports Cisco’s strategic transition toward software-centric solutions.” Observable Networks describes itself as offering continuous device profiling and dynamic endpoint modeling to quickly identify potential threats. Cisco plans to complete the acquisition by Q1 of fiscal year 2018.

Symantec Plans to Acquire Enterprise Mobile Security Company Skycure

Symantec recently announced plans to acquire Israel-based Skycure, a company that focuses on enterprise mobile security. According to Symantec, “Skycure’s predictive threat detection techniques will enrich Symantec’s enterprise and consumer mobility offerings to help organizations more confidently address the needs of the increasingly mobile workforce, enabling them to ensure that devices are risk-free and secure while accessing corporate resources.” The transaction is expected to close in the second fiscal quarter of 2017.

Department of Homeland Security’s Science and Technology Directorate’s Cybersecurity Division Highly Active

Federal News Radio reports that the Department of Homeland Security’s Science and Technology Directorate’s Cybersecurity Division is highly active with many projects and initiatives. A few examples include:

  • The development of Cyber.gov, “a repository of next-generation tools and ideas for securing federal networks.”
  • “Looking at new technologies that can be brought in as part of the [Trump cybersecurity] executive order to improve the security of dot gov.”
  • The recent publication of a “broad agency announcement explaining [the division’s] plans for communicating with international partners.”
  • The Silicon Valley Innovation Program which “funds companies in four phases. Each phase is no more than six months, and companies receive a maximum of $200,000 for each phase.”

Despite this activity, the Trump administration has proposed budget cuts of $144 million to the Department of Homeland Security’s Science and Technology Directorate.

NTT Security Report Reveals United States as Country with Lowest Level of GDPR Awareness

When GDPR takes effect in May 2018, it will heavily impact American companies that do business in Europe. Yet, a recent NTT Security Report shows that “the lowest level of awareness was in the US, where just a quarter of respondents felt that it affected them.” That’s alarming because GDPR will affect areas such as data management, data storage, and data breach reporting. The NTT Security report goes on to say, “A common misconception of GDPR is that it only affects EU companies. This is inaccurate. It affects any company that processes data about EU citizens, and promises to have a profound effect on organizations across the globe.”