NTSC Technology Security Roundup

Weekly News Roundup: September 11, 2017

GridEx IV Exercise to Include Financial and Telecom Sectors as Part of Critical Infrastructure

An exercise, GridEx IV, that normally just includes simulated cyberattacks on the national power grid will expand in November to include elements of the financial and telecom sectors. According to the Washington Examiner, “It will be the first time since the exercise was ramped up in 2011 that the financial and telecom sectors will join in, confirmed Marty Coyne, spokesman for the North American Electric Reliability Corporation, or NERC, which is the lead group organizing the event.” This expansion is supported by both President Trump and White House cybersecurity coordinator Rob Joyce.

SEC Chairman Jay Clayton Highlights Importance of Cybercrime Vigilance

Many advances in cybercrime and cybersecurity technology are disrupting financial markets, and the SEC wants to remain on top of these issues to help protect smaller investors. Reuters recently reported that “regulators must do more to help mom-and-pop investors better understand the potential risks posed by cyber crime and new technologies used to commit fraud, U.S. Securities and Exchange Commission Chairman Jay Clayton said on Tuesday.” Issues such as stolen information used for market advantage, exposure of sensitive information, and processes around disclosure plague the industry while emerging areas such as ICOs (initial coin offerings) expose investors to new cybersecurity risks.

Roundup of 2017 Cybersecurity Priorities for Congress

In questioning Congress’s cybersecurity priorities in the wake of Hurricane Harvey, the Washington Examiner provided a summary this week of what Congress may accomplish for the remainder of 2017. According to the publication, “Action is still possible this year on a long list of cyber priorities including: Upgrading the Department of Homeland Security's cyber functions, reauthorizing DHS for the first time, the PATCH Act on creating a process for disclosing vulnerabilities in software, modernizing the government's information technology, and adopting a national cybersecurity doctrine based on deterrence. In addition, the Senate may consider a nominee to lead DHS if President Trump puts forward a candidate to succeed John Kelly, now White House chief of staff.”

House Homeland Security Committee Approves Bill to Protect Ports from Cybersecurity Attacks

A major cyberattack on US ports could cause extensive damage to the American economy—and that is what the House Homeland Security Committee wants to prevent with a new bill approved on Thursday. According to The Hill, the committee “easily advanced legislation on Thursday aimed at protecting ports in the United States from cyberattacks, in the wake of a massive malware outbreak that crippled some operations at the Port of Los Angeles.” The Petya attack in late June crippled organizations around the world—including the Port of Los Angeles. Chairman Michael McCaul “will visit the Port of Los Angeles later this year in order to review its cybersecurity operations.”

NIST Releases Draft of “Data Integrity: Recovering from Ransomware and Other Destructive Events”

With ransomware front and center as a cybersecurity issue this year, NIST recently released a draft of “Data Integrity: Recovering from Ransomware and Other Destructive Events” that’s open to comments until November 6, 2017. Informed by the business community, this guide aims to demonstrate “how organizations can develop and implement appropriate actions following a detected cybersecurity event.” The 456-page draft includes many product installation guides, and NIST says that “Business decision makers, including chief security and technology officers, will be interested in the Executive Summary (NIST SP 1800-11a), which describes the challenges enterprises face in protecting their data from loss or corruption…”