Active Cyber Defense Certainty Act Gains Momentum in Congress
Despite some heated opposition from the security community, the Active Cyber Defense Certainty Act—introduced earlier this year by Rep. Tom Graves (R-Ga.)—is gaining momentum in Congress with more supporters. According to Cyberscoop, “In addition to the original co-authors Reps. Tom Graves, R-Ga., and Kyrsten Sinema, D-Ariz., now Reps. Buddy Carter, R-Ga. Henry Cuellar, D-Texas, Trey Gowdy, R-S.C., Walter Jones, R-N.C., Barry Loudermilk, R-Ga, Stephanie Murphy, D-Fla., and Austin Scott, R-Ga., all now co-sponsor the bill.” Opponents to the bill include many security and legal experts, the U.S. Chamber of Commerce, and former NSA Director Keith Alexander.
Rep. Blaine Luetkemeyer Working with Financial Services and Retail Industries to Create National Data Breach Notification Law
According to The Washington Examiner, “Rep. Blaine Luetkemeyer, R-Mo., chairman of the House Financial Services institutions and consumer credit subcommittee, revealed last week that he is drafting a data security and breach notification bill.” The details of the bill have not been shared publicly, but The Washington Examiner notes that Luetkemeyer has been working on the bill with the financial services and retail industries. The article goes on to summarize Luetkemeyer’s rationale that “the Equifax breach pointed up the need for timely notice when consumers' information is hacked, and he criticized the patchwork of 48 different state notification requirements that companies must navigate.”
Committee on Homeland Security Fusion Center Report Highlights Cyberthreat and Intelligence Sharing Issues
Problems with information sharing between the DHS and the private sector have been ongoing, and some of the root causes were highlighted in a recent Committee on Homeland Security report titled “Advancing the Homeland Security Information Sharing Environment: A Review of the National Network of Fusion Centers.” Fusion centers help disseminate information to the private sector in addition to federal, state, local, tribal, and territorial partners. Yet, issues with too much information labeled classified, the inability of fusion centers to handle classified information, and backlogs of security clearance requests hamper intelligence from getting to these partners. According to Cyberscoop in a summary of the report, “Fewer than one-in-four Homeland Security fusion centers across the country receive cyberthreat reporting or other intelligence products from DHS’ National Protection and Programs Directorate, hampering their nascent efforts to help defend the country against online attacks…”
Four Recent Research Reports Highlight Data Breaches, IoT, GDPR, and Digital Transformation
Cybersecurity surveys and reports abound this month, and we’ve summarized four of them below:
Symantec and Proofpoint Acquisitions
Two major acquisitions by Symantec and Proofpoint occurred last week. Symantec acquired SurfEasy, a Virtual Private Network (VPN) provider that delivers easy-to-use solutions for online privacy and security on smartphones, tablets, and computers. SurfEasy will become part of Symantec’s Consumer Business Unit, which includes the Norton and LifeLock brands, bringing VPN to the portfolio of Consumer Digital Safety solutions, which help consumers to protect their information, privacy and identities. Proofpoint entered into a definitive agreement to acquire Cloudmark, a leader in messaging security and threat intelligence for Internet Service Providers (ISPs) and mobile carriers worldwide. With visibility spanning ISPs and mobile carriers, Cloudmark correlates email threat telemetry data into its Global Threat Network, including intelligence derived from malware campaigns and targeted attacks like spear phishing and business email compromise (BEC).