NTSC Technology Security Roundup

Weekly News Roundup: August 14, 2017

Federal Cybersecurity Leadership Updates

Quite a few federal cybersecurity leadership changes have recently taken place. A few highlights include:

  • Grant Schneider becoming Senior Director for Cybersecurity Policy at the National Security Council. According to Politico, Schneider “currently serves as the acting federal chief information security officer.”
  • Richard Staropoli, Chief Information Officer for the Department of Homeland Security, resigning after three months. According to The Hill, “Deputy chief information officer Stephen Rice will serve as acting CIO until President Trump appoints a new person to fill the role.”
  • Sean Kelley, Chief Information Security Officer for the Environmental Protection Agency, resigning.
  • Rob Foster, Chief Information Officer for the U.S. Navy, resigning.
  • Dave DeVries, Director of Information Security and Privacy for the Office of Personnel Management, resigning.

For an overall look at the Trump’s administration’s cybersecurity priorities, The Cipher Brief recently interviewed Rob Joyce (the White House’s Cybersecurity Coordinator).

SEC’s Office of Compliance Inspections and Examinations Identifies Cybersecurity Risks for Financial Advisory Firms

The SEC’s Office of Compliance Inspections and Examinations put out a Risk Alert on Monday that recommends ways that financial advisory firms need to shore up their cybersecurity weaknesses. Specifically, the Risk Alert recommends that firms need to improve cybersecurity policy, hygiene, and incident response. According to Investment News, “Federal regulators generally have been less prescriptive than some states when it comes to giving financial services firms detailed requirements for protecting their systems from attacks.”

NTT Security Report Indicates Manufacturing Industry Experiencing Rising Cyberattacks

In a recent report from NTT Security, the company says that cyberattacks on the manufacturing industry are continuing to rise—with email phishing ranking as a top cause of concern. NTT Security especially notes four findings:

  • Cyberattacks were up 24% globally during Q2 2017.
  • Manufacturers continue to be a key target for cybercriminals.
  • 67% of malware attacks were delivered by phishing emails.
  • The speed of attacks continues to increase exponentially once proof of concept code is released.

According to a press release, “34% of all documented attacks targeted manufacturers. Moreover, manufacturers appear in the top three targets in five of the six geographic regions globally.”

NIST Framework Aims for Common Vocabulary When Describing Information Security Roles

This month, NIST released its National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework that “serves as a fundamental reference resource for describing and sharing information about cybersecurity work and the knowledge, skills, and abilities (KSAs) needed to complete tasks that can strengthen the cybersecurity posture of an organization.” According to Dark Reading, “For cybersecurity professionals, the IT security vocabulary framework may aid in giving job seekers and employers a common language and understanding when various skills and abilities are listed in job openings.”

International Data Sanitization Consortium (IDSC) Created to Champion and Promote Data Sanitization Best Practices

On Tuesday, the International Data Sanitization Consortium (IDSC) formally announced its creation. Founded in July 2017, the organization’s mission is to eliminate ambiguity around data sanitization, including terminology, standards, and guidelines. According to a press release, “When asked to identify the correct definition of data sanitization, 64 percent failed to choose the correct answer. On top of this, media reports and data recovery studies have repeatedly proven just how easy, common and dangerous it is for data to be recovered – all because devices had not been sanitized before they were discarded, recycled, traded in, resold or reused.”