NTSC Technology Security Roundup

Weekly News Roundup: November 6, 2017

President Trump Signs “Strengthening State and Local Cyber Crime Fighting Act of 2017” Into Law

Last Thursday, President Trump signed the Strengthening State and Local Cyber Crime Fighting Act of 2017 into law. Introduced by Rep. John Ratcliffe (R-Texas), the law provides state and local law enforcement with tools and training to help combat cybercrime. According to a press release, “H.R. 1616 authorizes the National Computer Forensics Institute (NCFI) in Hoover, Ala., which is widely recognized as the premier cybercrime training center for law enforcement officials from across the country. The NCFI has trained close to 7,000 local officials from all 50 states and three U.S. territories.”

In other White House cybersecurity news, DefenseOne reported that President Trump plans to announce a new cybersecurity strategy with three components: “…improving the security of federal government computer networks; leveraging government resources to better secure critical infrastructure, such as hospitals, banks and financial firms; and establishing norms of good behavior in cyberspace and punishing bad behavior.”

ISAOs May Soon Be Held to a Higher Standard

According to FCW, the ISAO Standards Organization “will be releasing a draft plan later this month to establish a voluntary self-certification process and criteria for Information Sharing and Analysis Organizations.” The goal is to help elevate the standards of these groups and ensure that the information they share is high quality and useful. The article goes on to say that “the organization will be looking to get feedback from the public and stakeholder organizations” and “also floated the possibility of an additional baseline certification process conducted by an independent third party to confirm that an organization is sticking to its own stated guidelines.”

NIST 800-171 Deadline Looms for Higher Ed Institutions

On December 31, higher education institutions must start complying with the requirements of NIST 800-171 which mandates the “protection of Controlled Unclassified Information (CUI) while residing in nonfederal information systems and organizations.” According to Deloitte Insights, “Higher education institutions will face contractual requirements—most likely associated with federal grants, research contracts, and other transactions in which the institution receives data from the federal government—that will mandate compliance.”

PwC Releases Global State of Information Security® Survey 2018

PwC recently released its annual Global State of Information Security® Survey 2018 based on the responses of “9,500 executives in 122 countries and more than 75 industries.” Some key findings from the report include:

  • 67% of respondents “have an IoT security strategy in place or are currently implementing one.”
  • Respondents “recognize that a successful cyberattack on automated or robotic systems could have major consequences, including the disruption of operations [40%], the compromise of sensitive data [39%], and damage to product quality [32%].”
  • 29% of respondents reported “loss or damage of internal records as a result of a security incident.”
  • “Current employees remain the top source of security incidents [30%].”

Synopsys to Acquire Open Source Security Company Black Duck Software for $565 Million

On Thursday, Synopsys announced that they would acquire open source security company Black Duck Software for $565 million. According to a press release, “The addition of Black Duck's highly respected Software Composition Analysis solution will enhance Synopsys' efforts in the software security market by broadening its product offering and expanding its customer reach.” Black Duck's products automate the process of identifying and inventorying open source code, detecting known security vulnerabilities and license compliance issues. It also provides automated alerts for any newly discovered vulnerabilities affecting the open source code.