NTSC Technology Security Roundup

NTSC’s Technology Security News Roundup

December 12, 2016

Commission on Enhancing National Cybersecurity Report Released December 1

In February, President Obama tasked the non-partisan Commission on Enhancing National Cybersecurity to create “actionable recommendations for securing and growing the digital economy by strengthening cybersecurity in the public and private sectors.” On December 1, the Commission finally delivered its Report on Securing and Growing the Digital Economy. It covers the state of cybersecurity and provides a future vision, imperatives, recommendations, and action items. Appendixes 5 and 6 offer a great summary of current cybersecurity policies and legislation.

The Commission notes that current policies are not enforced—meaning there is no way to prioritize, measure progress, or hold people accountable. The report also notes how much the government relies on the private sector and how these recommendations need to filter down to business (even to SMBs). Wired noted that two action items in particular (2.1.3 concerning IoT devices and 3.1.1 concerning a proposed cybersecurity “nutritional label” for consumers) may influence law and policy in the near-term.

FCC to Regulate IoT Security? That’s on Hold

On October 21, a distributed denial of service attack that took down many major websites alarmed cybersecurity experts because its success relied so heavily on IoT devices. In reaction, the FCC seemed ready to start figuring out how to regulate IoT security—which greatly concerned the private sector. However, it appears that any regulation activities will be delayed because of the presidential transition. While delayed, it’s likely this issue will remain an FCC priority next year.

K.K.R. Acquires Optiv Security

K.K.R. announced this acquisition, a $2 billion deal, on Tuesday. According to an Optiv press release, “The company is being acquired from a group of private investors, including a private equity fund managed by Blackstone (NYSE: BX), which will maintain a minority interest in Optiv along with Optiv management.” Optiv offers end-to-end cyber security solutions and made almost $1 billion in revenue in 2015.

Accenture Completes Acquisition of Defense Point Security

According to a Defense Point Security (DPS) press release, the cybersecurity company “is now a wholly owned subsidiary of Accenture Federal Services (AFS).” Accenture acquired DPS to expand its federal government-related cybersecurity capabilities “by adding a suite of cutting-edge cybersecurity services to help federal agencies maximize their cyber defense strategies, including advanced Security Operations Center expertise, cyber operations, security engineering and cyber analytics.” Terms of the acquisition were not disclosed.

It’s Now Okay to Ethically Hack Medical Devices—For Three Years

The Christian Science Monitor reported that a new three-year exemption to the Digital Millennium Copyright Act (DMCA) now allows ethical hackers to hack medical devices. Previously, the law prevented these kinds of activities. Device manufacturers could sue ethical hackers if they tried to crack their proprietary software. The federal government could also fine these hackers. However, ethical hackers do what they do to help improve safety—and so this three-year exemption gives ethical hackers the opportunity to help device manufacturers improve their security. The article notes that this exemption also impacts the ethical hacking of IoT devices.

Chairman of the House Committee on Homeland Security Wants a New Agency to Consolidate Cybersecurity Efforts

While the United States has introduced and adopted many cybersecurity laws, policies, and recommendations since the dawn of the internet age, these efforts now appear fragmented and siloed. Representative Michael McCaul wants to change that situation. As Chairman of the House Committee on Homeland Security, McCaul recently proposed a new agency to centralize and tie together all cybersecurity efforts to better protect national security. This agency would operate within the Department of Homeland Security.