Governor Signs Delaware Bill Extending Cybersecurity Protections
On Thursday, Governor John Carney signed legislation that requires additional protections for Delawareans whose personal information may be compromised in a computer breach, including additional notifications and free credit monitoring services. According to a press release, “The new law requires businesses to safeguard information, and requires businesses to provide free credit monitoring services for customers whose sensitive personal information is compromised in a cybersecurity breach. With Governor Carney’s signature on Thursday, Delaware became just the second state to require businesses to provide those services, after Connecticut.”
NIST News Updates
Quite a few NIST-related news stories appeared last week. A few highlights include:
Uber Settles with FTC over Misleading Public Over May 2014 Data Breach
Uber recently settled FTC allegations that the company made deceptive privacy and data security claims in late 2014 many months after a data breach earlier that year. The FTC claimed that Uber failed to monitor access to and provide reasonable security for consumer data. According to a press release, Uber “agreed to implement a comprehensive privacy program and obtain regular, independent audits [for 20 years] to settle Federal Trade Commission charges that the ride-sharing company deceived consumers by failing to monitor employee access to consumer personal information and by failing to reasonably secure sensitive consumer data stored in the cloud.”
United States Cyber Command Elevated to Status of Unified Combatant Command
In a statement from the White House on Friday, President Trump ordered the elevation of the United States Cyber Command to the status of a Unified Combatant Command focused on cyberspace operations. According to the President’s statement, “United States Cyber Command’s elevation will […] help streamline command and control of time-sensitive cyberspace operations by consolidating them under a single commander with authorities commensurate with the importance of such operations. Elevation will also ensure that critical cyberspace operations are adequately funded.” The United States Cyber Command may also eventually separate itself from the National Security Agency.
US State Department Established Cyber and Technology Security (CTS) Directorate in May
Although the US State Department established the Cyber and Technology Security (CTS) Directorate in May, this fact was not known publicly until a few weeks ago. Federal News Radio broke the story on August 7, and a spokeswoman from the State Department said, “CTS facilitates the conduct of global diplomacy by protecting life, property, and information with advanced cybersecurity programs and risk-managed technology innovation. CTS provides advanced cyber threat analysis, incident detection and response, cyber investigative support and emerging technology solutions.” The Hill added “The new directorate does not appear to have a place on the department’s website and was not accompanied by an official press release at the time of its establishment.”