NTSC Technology Security Roundup

Weekly News Roundup: December 22, 2017

Note: We will take a holiday break and return with our next Weekly News Roundup on January 8, 2018.

DHS to More Proactively Work with Private Sector Critical Infrastructure Companies

A perception exists that the Department of Homeland Security (DHS) does not do enough to work with the private sector to protect it from significant cyberthreats. Because most critical infrastructure is privately owned, DHS plays a major role in helping these companies protect the United States from serious cyberattacks. A recent FCW article quoted Jeanette Manfra, assistant secretary for the office of cybersecurity and communications at DHS, as saying, “To ensure adequate security in the private sector, DHS plans to move beyond only offering voluntary assistance to more proactively becoming the world leader in cyber risk analysis and intervening directly with companies when necessary.” The article goes on to say, “Voluntary agreements would pre-clear the department to provide incident response services, monitor networks when threat indicators pop up, block malicious traffic and deploy resources to assist those entities in the event of a cyberattack.”

December National Security Strategy Report from the White House Prioritizes 5G Internet Capability

TechCrunch recently noted a line in the White House’s December National Security Strategy report that said, “We will improve America’s digital infrastructure by deploying a secure 5G Internet capability nationwide.” As TechCrunch says, “…in Washington D.C., these sorts of coordinated reports are designed to send a signal throughout the government on how a particular administration sees policy issues. As such, they are important for setting the guidelines for future actions of the federal government. By attaching wireless connectivity into national security, the Trump administration is putting its heaviest hand behind such a recommendation.” Currently, 5G specifications are being defined and companies are projected to heavily develop this technology throughout 2018 and 2019.

New DHS Advisory Board Will Address Encryption Tension Between Law Enforcement and Private Sector

As a long-standing cybersecurity issue, encryption often gets defended for privacy reasons or attacked for prohibiting law enforcement from accessing information to help solve crimes. To reconcile these opposing and valid viewpoints, House Homeland Security Chairman Michael McCaul (R-TX) urged the DHS to create “an advisory body of experts to help the Department—and the wider intelligence and law enforcement community—better understand and respond to the challenges posed by terrorist abuse of widely available encryption technologies.” McCaul wants “leaders in the private sector and across government and civil society to work together on this issue” and said “I am pleased the Department is taking action to bring together the key players to address this and related security issues so we can find ways to improve cooperation between law enforcement, national security communities, private industry and others.”

Two Studies Discuss Password Security Trends

Consumers indicate both a familiarity and desire to use biometrics instead of passwords according to a recent Visa study. As reported in IBM’s Security Intelligence publication, “…86 percent of consumers are interested in using biometrics to verify their identity or to make payments. More than 65 percent reported that they are already familiar with employing biometrics.” The Visa study also says “Interest in making payments is highest by far for fingerprint recognition, but almost four out of 10 (39%) are interested in eye scanning and facial recognition (36%) too.” That bodes well because traditional passwords are still a problem according to another study by SplashData. As reported in Motherboard, “SplashData estimates that nearly 10 percent of people have used at least one of the 25 worst passwords on this year’s list, and almost 3 percent used the worst password, ‘123456’. ‘Password’ was the second most popular password.”

Trustwave “Value of Data Report” Assesses Value of Confidential Information

Trustwave’s recent Value of Data Report surveyed 500 IT decision makers from around the world to examine attitudes toward the value of confidential data including personally identifiable information (PII), payment card data, intellectual property (IP) and email. Some key findings quoted in the press release include:

  • Different levels of importance are placed on different data types such as PII, IP, payment card data and email: PII (47.4%) is given a higher priority than IP (27.6%), followed by payment card data (18.4%) and with corporate email (6.6%) coming last.
  • Dramatic differences exist between values placed on PII data by attackers, security professionals, insurers and regulators: The mean per capita value (PCV) placed on a PII record by cybercriminals is $39 compared to $1,198 by IT professionals, $3,211 for insurers and $8,118 for regulators.
  • Industry sector influences the type of data that is given highest priority: Healthcare and hospitality sectors prioritize PII data with an average score of 3.5 and 3.4 out of 4, while industrial and IT/Communications companies rank IP as most important at 3.0 and 2.9 out of 4.