NTSC Technology Security Roundup

Weekly News Roundup: July 31, 2017

Bill Proposes Replacing NPPD with Cybersecurity and Infrastructure Security Agency

A House panel advanced a bill, introduced by Michael McCaul (R-Texas), that will replace the DHS’s National Protection and Programs Directorate (NPPD) with the Cybersecurity and Infrastructure Security Agency. According to The Hill, this new agency will allow the DHS to focus better on cybersecurity—especially related to critical infrastructure and emergency communications. Quoted in The Hill, McCaul said, “This realignment of NPPD’s structure will allow it to become more streamlined and effective in carrying out existing authorities while achieving the department’s goal of creating a stand-alone operational organization focusing on and elevating the vital cybersecurity and infrastructure security missions.”

Bill That Seeks More VEP Transparency Advances to the House

The Hill reported that a House panel sent a bill, with bipartisan support, to the House for a full vote that would make the Vulnerabilities Equities Process more transparent. According to The Hill, “The bill would require Homeland Security Secretary John Kelly to send a report to relevant congressional committees describing policies and procedures used by the DHS to coordinate the disclosure of […] ‘zero days.’” The private sector has been frustrated about the lack of transparency and lopsided information sharing between them and the DHS ever since the VEP was established in 2014.

Cisco Releases 2017 Midyear Cybersecurity Report That Predicts More “Destruction of Service” Attacks

Cisco recently released its 2017 Midyear Cybersecurity Report which forecasts potential “destruction of service” (DeOS) attacks. According to a press release, “These could eliminate organizations’ backups and safety nets, required to restore systems and data after an attack. Also, with the advent of the Internet of Things (IoT), key industries are bringing more operations online, increasing attack surfaces and the potential scale and impact of these threats.” The report provides data-driven industry insights and cybersecurity trends from the first half of the year along with actionable recommendations to improve security posture.

US and Japan Welcome Continued and Enhanced Cybersecurity Cooperation

The United States and Japan released a joint statement on Monday that announced continued and enhanced cybersecurity cooperation in several areas. According to a press release, those areas include:

  • Information Sharing: Both countries affirmed that they will further strengthen their cybersecurity information sharing to support prevention of and response to cyber incidents that may occur.
  • Enhancing national efforts: This area includes a focus on critical infrastructure, industrial control systems, and the classification of cyber incidents.
  • Maintaining and strengthening international stability in cyberspace: Japan and the United States recognize that building developing nations’ capacity not only contributes to their own security, but also reduces the overall risk in the international community.

An article from Bloomberg notes that “U.S. companies stand to benefit from continued U.S.-Japan cooperation. […] Given the sophistication of the Japanese technology and cybersecurity, U.S. companies will be alerted to cybersecurity indicators and classified techniques used by adversaries to react better in real time to developing threats…”

Kaspersky Lab Report Indicates Employees Hide Cyber Incidents in 40 Percent of Businesses

Kaspersky Lab and B2B International recently released a report entitled “Human Factor in IT Security: How Employees are Making Businesses Vulnerable from Within.” With employees hiding cyber incidents in 40 percent of businesses, the report goes on to state that “The ‘hide and seek’ problem seems to be most challenging for larger companies, with 45% of enterprises (over 1000 staff) experiencing employees hiding cybersecurity incidents, compared to only 29% for VSBs (with under 49 members of staff).” Businesses also reported that careless or uninformed employees are the top contributing factor to cyberattacks and “44% of companies say that employees do not follow IT security policies properly.”