NTSC Technology Security Roundup

Weekly News Roundup: January 14, 2019

Senate Bill Proposes New White House Office of Critical Technologies and Security

Senators Marco Rubio (R-Florida) and Mark Warner (D-Virginia) have proposed a bill that would create a new White House Office of Critical Technologies and Security. According to the bill, the White House currently lacks “an office in the Executive Office of the President that can coordinate security policy relating to critical emerging, foundational, and dual-use technologies between the National Security Council and the National Economic Council and interface with international, Federal, State, and local entities on that policy.” The new office would “coordinate a whole-of-government response to protect critical emerging, foundational, and dual-use technologies and to effectively enlist the support of regulators, the private sector, and other scientific and technical hubs, including academia, to support and assist with such response.”

CyberScoop reports that “The senators want the office to develop a strategy that cuts off the transfer of critical technologies to countries that the U.S. says pose a national security risk, and keeps a tight supply chain for those technologies so they don’t pose a domestic risk. The office would coordinate with agencies focused on national security, trade, science and technology, as well as regulators of the technology and communication industry.”

Federal Cybersecurity Efforts Affected by Government Shutdown

Despite critical cybersecurity employees still on the job, many cybersecurity employees have been furloughed as a result of the government shutdown. According to the MIT Technology Review, “Nearly 45% of employees at the newly established Cybersecurity and Infrastructure Security Agency within the Department of Homeland Security, as well as 85% of staff at the National Institute of Standards and Technology (NIST), have been furloughed in the government shutdown, according to a report from Duo Security.” Roll Call also notes, “Cybersecurity at these agencies and departments could be degraded because lower-level government employees who bear the brunt of the shutdown often are on the front lines of basic computer security monitoring work, [Tom Gann, chief of public policy at security research firm McAfee] said. A significant part of cybersecurity work at agencies is performed by contractor employees who are also off because they are not getting paid while the government is shut down, Gann said.”

National Counterintelligence and Security Center Launches Campaign to Help Private Industry Guard Against Threats from Nation State Actors

According to a press release last Monday, the National Counterintelligence and Security Center (NCSC) is disseminating videos, brochures, and other informative materials to help the private sector guard against growing threats from foreign intelligence entities and other adversaries. The NCSC notes that corporate supply chains are growing targets of foreign intelligence entities. Adversaries are bypassing hardened corporate defenses by using less-secure suppliers and vendors as surreptitious entry points to surveil, sabotage, and steal information from companies’ networks. In a recent whitepaper, the NTSC noted the asymmetrical disadvantage between nation states and private companies when we said, “Because of traditionally clear legal boundaries between how the military and law enforcement can respond to an attack versus how the private sector can respond, CISOs have struggled more recently to fend off such cyberattacks. While they can strengthen cybersecurity and make incremental improvements, a private company can’t retaliate against a nation state or take down a sophisticated group of organized cybercriminals operating in different countries.”

Senator Ron Wyden Continues Pushing Consumer Data Protection Act in Response to Data Privacy Concerns

Senator Ron Wyden (D-Oregon) is continuing to push his Consumer Data Protection Act in response to privacy concerns related to the data that corporations share, sell and use—heightened by a recent Motherboard article that said “T-Mobile, Sprint, and AT&T are selling access to their customers’ location data, and that data is ending up in the hands of bounty hunters and others not authorized to possess it, letting them track most phones in the country.” ZDNet also noted, “The finding flies in the face of a promise all four major carriers made to Wyden last June that they would stop selling user location data to data aggregators. He's proposing to give the Federal Trade Commission tough new powers to enforce consumer data protection.”

Radware to Acquire ShieldSquare for Expansion of Its Cloud Security Portfolio

According to a press release, Radware, a provider of cybersecurity and application delivery solutions, announced last Monday that it had entered into a definitive agreement to acquire ShieldSquare, a bot management solutions provider. The transaction is expected to close during the first quarter of 2019, subject to customary closing and regulatory conditions. ShieldSquare, founded in 2014, is one of the pioneers in the bot mitigation industry. It is one of three recognized solution leaders by Forrester with strong differentiation on the Attack Detection, Threat Research, Reporting, and Analysis categories.