NTSC Technology Security Roundup

Weekly News Roundup: January 22, 2018

Vulnerabilities Equities Process (VEP) Transparency Bill Passes House and Goes to Senate

A bill that requires more transparency about the Vulnerabilities Equities Process (VEP) recently passed the House and moved to the Senate. According to GovTech, “The bill, introduced by Democratic Rep. Sheila Jackson Lee of Texas, would require DHS to submit an annual report to Congress describing the process the federal government uses to disclose cybersecurity flaws it discovers to the private sector and other affected organizations. The bill would include information about how DHS is working with other federal agencies and managers of private cyberinfrastructure to mitigate susceptibility to cyberattacks.”

DHS Secretary Kirstjen Nielsen Supports Active Defense for Private Companies

Despite controversy and legal ambiguity, Department of Homeland Security (DHS) Secretary Kirstjen Nielsen spoke last Tuesday about the DHS helping private companies with active defense. According to The Hill, Nielsen said, “we want to provide the tools and resources to the private sector to protect their systems. So, if we can anticipate or we are aware of a given threat — and as you know, we’ve gone to great lengths this year to work with the [intelligence] community to also include otherwise classified information with respect to malware, botnets, other types of infections — we want to give that to the private sector so that they can proactively defend themselves before they are in fact attacked.”

Bipartisan Cyber Diplomacy Act of 2017 Passes House and Moves to Senate

Sponsored by Rep. Ed Royce (R-Calif.), the bipartisan Cyber Diplomacy Act of 2017 seeks to establish an Office of Cyber Issues within the State Department. The head of the office will “serve as the principal cyber-policy official within the senior management of the Department of State and advisor to the Secretary of State for cyber issues; [and] lead the Department of State’s diplomatic cyberspace efforts generally, including relating to international cybersecurity, internet access, internet freedom, digital economy, cybercrime, deterrence and international responses to cyber threats.” According to FCW, “The Trump administration’s decision to shutter the Office of Cyber Coordinator received bipartisan criticism from members of Congress, some of whom were already concerned about White House’s inability to publicly articulate strategies to protect critical infrastructure, election systems and other sectors from cyber attacks.”

Summary of Cybersecurity Research Reports and Surveys

Many cybersecurity research reports and surveys were released last week. We’ve collected a few of the most interesting here.

Quest-Owned One Identity Acquires PAM and Log Management Company Balabit

Last Wednesday, Quest-owned identity and access management (IAM) company One Identity announced it acquired privileged access management (PAM) and log management company Balabit. According to a press release, “Balabit’s PAM solution provides protection from threats posed by high-risk, privileged accounts, while its privileged account analytics solution provides an additional layer of protection by collecting and analyzing data from privileged sessions to help identify anomalous activity.” This is One Identity’s first acquisition as an independent company.