NTSC Technology Security Roundup

NTSC Weekly Roundup: December 26, 2016

President Obama Signs H.R.5877 Into Law, Strengthening U.S.-Israel Cybersecurity Collaboration

Passed by the House on November 29 and the Senate on December 10, H.R.5877 was signed into law by President Obama on December 16. Specifically, the bill “…amends the Homeland Security Act of 2002 and the United States-Israel Strategic Partnership Act of 2014 to allow the Department of Homeland Security (DHS), in coordination with the Department of State, to enter cooperative programs with Israel to enhance capabilities in cybersecurity…”

Congress Ties Encryption to National Interest

The 2015 San Bernardino attack galvanized a national debate about encryption. The key question: Should Apple give the FBI access to an encrypted phone? On December 20, a bipartisan encryption working group said that “Any measure that weakens encryption works against the national interest.” Instead of fighting with technology companies, the working group’s report suggested more cooperation between technology companies and law enforcement while not weakening encryption standards.

Huawei Negotiating to Acquire HexaTier

According to Reuters, Chinese smartphone manufacturer Huawai is looking to acquire Israeli database security company HexaTier. The article said, “Huawei will use HexaTier to set up a research and development center in Israel for databases in the cloud...” Computer Business Review adds that “Last October, Huawei unveiled plans to invest $1 billion to support information and communication technology (ICT) developers globally.”

NIST’s National Software Reference Library to Expand by 200,000 Apps

When conducting investigations, law enforcement or government officials often need to sift through many files on computers to identify the most important information. To help that process, NIST provides a National Software Reference Library that “collect[s] software from various sources and incorporate[s] file profiles computed from this software into a Reference Data Set (RDS) of information.” CSO reports that NIST will add 200,000 Android and iOS apps to the library. Despite these significant additions, it’s always a race for NIST to keep up with the millions of apps in existence.

Deputy Secretary of the Treasury Argues for CPA Cybersecurity Assessment Framework

Because existing laws (such as Sarbanes-Oxley) are vague on cybersecurity, Deputy Secretary of the Treasury Sarah Bloom Raskin argued recently for a more specific CPA cybersecurity framework to better equip auditors. According to CyberScoop, “The proposal is for a standardized protocol that CPAs could follow in order to produce a non-technical report on a company’s cybersecurity that would be comparable with other reports about other companies.”