NTSC Blog

Weekly News Roundup: December 23, 2019

Congressional Cybersecurity News Update

Here, we’ve provided a roundup of Congressional cybersecurity news stories from last week.

• Key House committee offers online privacy bill draft: According to The Hill, “A key House committee [last] Wednesday unveiled a first draft of a bipartisan federal privacy bill, bringing Congress one step closer to passing a law to rein in the tech industry's unregulated collection of personal information on its millions of U.S. users. The draft from Republican and Democratic staffers on the House Energy and Commerce Committee comes as the Senate continues to wrestle with its own privacy negotiations, which recently broke down as top senators offered separate party-line bills.”
• McMorris Rodgers’ cyberthreat-fighting bill advances to Senate: According to The Ripon Advance, “The U.S. House of Representatives [last] Monday approved a bipartisan cyberthreat-fighting bill offered by U.S. Rep. Cathy McMorris Rodgers (R-WA) and [last] Tuesday sent the bill to the U.S. Senate for action. […] The House passed the U.S. SAFE WEB Extension Act, H.R. 4779, which Rep. McMorris Rodgers sponsored in October with cosponsors U.S. Reps. Larry Bucshon (R-IN) and Robin Kelly (D-IL) to extend the Undertaking Spam, Spyware, And Fraud Enforcement With Enforcers beyond Borders (U.S. SAFE WEB) Act of 2006 an additional seven years through 2027.”
• House passes legislation banning government from buying Huawei equipment: According to The Hill, “The House [last] Monday passed legislation that would bar the government from buying telecommunications equipment from companies deemed to be national security threats, such as Chinese telecom giant Huawei. The bipartisan Secure and Trusted Communications Networks Act, which passed the House unanimously, could get a vote in the Senate as soon as this week.”
• The DHS cyber agency gets massive funding boost: According to Fifth Domain, “A new spending bill allotted the Department of Homeland Security’s cybersecurity agency more than $2 billion for fiscal 2020, a $334 million increase over last year for the year-old agency tasked with protecting federal networks and critical infrastructure from cyberattacks. The funding for the Cybersecurity and Infrastructure Security Agency includes substantial boosts in funding for several federal and election cybersecurity programs.”
• Senate committee approves legislation to sanction Russia: According to The Hill, “The Senate Foreign Relations Committee on Wednesday voted to approve and send to the full Senate a bill that would impose sanctions on Russia for interference efforts in democratic institutions and push forward international cybersecurity efforts. […] [It establishes] an Office of Cyberspace and Digital Economy at the State Department that would be charged with leading diplomatic efforts on international cybersecurity, cyber crime, internet access and other matters. The inclusion of the provision to create the new cyber office of the State Department comes two years after the agency decided to shut down its Office of the Coordinator for Cyber Issues, a move that drew criticism from cyber experts.”
• NIST to Receive $1 Billion in 2020: According to Politico, “NIST would get $1 billion, a $48.5 million increase, with lawmakers citing improving U.S. cybersecurity as one of the reasons for the boost. The FBI, U.S. attorneys and DEA also would get boosts, with cybercrime among the list of priorities for each agency.”
• Senators introduce legislation to protect schools against cyberattacks: According to The Hill, “Sens. Gary Peters (D-Mich.) and Rick Scott (R-Fla.) [last] Monday introduced legislation intended to protect K-12 schools from cyberattacks, after a year in which schools have been increasingly targeted in cyberspace. The K-12 Cybersecurity Act would require the Department of Homeland Security (DHS) to create a list of cybersecurity recommendations and resources for schools to use when increasing their cyber protections and would require DHS to examine the overall cyber risks schools face.”

Federal Cybersecurity News Roundup

In federal cybersecurity news last week…

• Trump nominates DHS senior cyber director: According to The Hill, “President Trump [last] Wednesday formally submitted the nomination for a new assistant director of cybersecurity at the Department of Homeland Security (DHS), one of the top-ranking cyber officials at the agency. Trump nominated Bryan Ware to take over the position from Jeanette Manfra, who last month announced she would step down at the end of the year. Ware will be in charge of leading DHS efforts, as part of its Cybersecurity and Infrastructure Security Agency (CISA), to defend and strengthen critical infrastructure against cyberattacks.”
• CISA Unveils New ICT Supply Chain Working Group: According to MeriTalk, “The Cybersecurity and Infrastructure Security Agency’s (CISA) Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force approved a new working group to develop SCRM frameworks and best practices. […] The working group will develop SCRM guidance around supplier risk, lifecycle management, cybersecurity, and more to help organizations address supply chain challenges. The new group will be a part of the larger SCRM Task Force addressing ICT supply chain concerns.”

National Cyber Security News Update

Here, we’ve provided a roundup of cybersecurity news stories related to national security from last week.

• New Orleans mayor declares state of emergency after cyberattack: According to The Hill, “New Orleans Mayor LaToya Cantrell (D) declared a state of emergency in the city on [December 13] following a cyberattack. The emergency declaration said that the ‘cybersecurity incident’ occurred on [the morning of December 13] and that there is ‘significant risk that the emergency is ongoing.’ It added that there is also a risk of ‘the endangerment of property of the people of’ New Orleans.”
• Over 267 million Facebook users reportedly had data exposed online: According to Engadget, “More than 267 million Facebook users allegedly had their user IDs, phone numbers and names exposed online, according to a report from Comparitech and security researcher Bob Diachenko. That info was found in a database that could be accessed without a password or any other authentication, and the researchers believe it was gathered as part of an illegal scraping operation or Facebook API abuse.”
• Oil and gas industry risks escalate, cybersecurity should be prioritized: According to Help Net Security, “The oil and gas industry and its supply chain faced increased cybersecurity risks from advanced threat groups and others as they continue to build out digitally connected infrastructure, Trend Micro reveals.”

Cybersecurity Reports and Surveys Roundup

We’ve rounded up a few of the best cybersecurity reports and surveys released last week:

• New study finds surge in robocalls as Congress weighs legislation: Reported in The Hill, “Americans received more than twice as many robocalls this year as they did in 2018, according to a new study released this week. Hiya, a company that develops tools to detect caller identity and protect consumers from scams, estimates in its new report that 54.6 billion robocalls were placed from January to November 2019, up 108 percent from the previous year.”
• Cybersecurity a Growing Concern for America's Corporate Lawyers: Reported in Infosecurity Magazine, “New research into litigation trends has identified cybersecurity as a major new source of legal disputes in the United States. The 2019 Litigation Trends Annual Survey conducted by global law firm Norton Rose Fulbright questioned corporate counsel about dispute-related issues and concerns. Of the 287 lawyers polled, 44 percent said that they foresee cybersecurity and data protection as a new source of disputes during the next few years.”
• Report: Financial firms still losing customer data to malware and hackers: Reported in TechRepublic, “Financial services companies don't often lose control of their data, but when it happens the hit is significant. Business and healthcare firms are much more likely to have a breach with 42% and 36% of all breaches occurring in those sectors. Financial companies were responsible for only 7% of breaches in 2019 but 62% of lost records, due to the Capital One mega breach, which exposed more than 1 million records.”
• Survey: Customers want integration and strategic support from security vendors: Reported in TechRepublic, “IT managers want to trade point solutions for a comprehensive cybersecurity strategy, and they expect vendors to help, according to a new report from Valimail. This survey of almost 300 IT and security professionals found that customers hope for security products to do more than just defend against business email compromise and phishing attacks. Customers also require security software to support compliance efforts; 45% said this was very important. In addition, customers need data from threat monitoring software available to other applications, with 46% rating this capability as very important.”
• The hacker behind your company’s data breach may be sitting right in the next cubicle: Reported in CNBC, “Companies that have been hacked in the last 18 months say half these incidents were an inside job, according to the 2019 Global Data Exposure Report, a survey by data protection firm Code42 of 1,600 information security leaders and business decision makers.”

Cybersecurity Acquisitions

News about five major cybersecurity company acquisitions was reported last week:

• F5 to Acquire Shape Security for $1 Billion in Cash: Reported in Security Week, “F5 Networks announced [last] Thursday that it has agreed to acquire privately held Shape Security for approximately $1 billion in cash. […] According to F5, Shape’s anti-fraud technology will help F5 provide customers with protection from automated attacks, botnets and targeted fraud.”
• Tech Data Signs Definitive Agreement to Acquire the Business of Inflow Technologies: According to a press release, “Tech Data (Nasdaq: TECD) [last Monday] announced it has entered into an agreement to acquire the business of Inflow Technologies, a leading value-added distributer with expertise in areas like cybersecurity and networking. The acquisition is subject to customary regulatory approvals and is expected to close during Tech Data’s first quarter of fiscal year 2021.”
• NTT DATA Services to Acquire NETE: According to a press release, NTT DATA Services [last Wednesday] announced it has entered into a definitive agreement to acquire NETE, a provider of digital design and transformation services for U.S. Department of Health and Human Services (HHS) agencies. NETE drives global advancements in health and biomedical research through digital services, agile application development, clinical/bioinformatics, advanced data analytics, cloud, and cybersecurity.
• Fortinet Expands SOAR Capabilities with CyberSponse Buyout: According to a press release, “Fortinet recently announced the acquisition of Security Orchestration, Automation and Response (SOAR) provider CyberSponse for an undisclosed amount. CyberSponse has served as a Fortinet Security Fabric partner and its buyout will help the company simplify its security operations. The deal is expected to further extend the automation and incident response capabilities of Fortinet’s offerings including FortiAnalyzer, FortiSIEM and FortiGate.”
• Apax Funds to Acquire Coalfire: Reported in Infosecurity Magazine, “Funds advised by global private equity advisors Apax Partners are to acquire cybersecurity assessment and consulting services provider Coalfire. The long-established cybersecurity firm, which has 730 employees operating from 11 locations in the United States and the United Kingdom, is being purchased from The Carlyle Group and The Chertoff Group for an undisclosed sum. According to a statement released on [December 13], the deal is expected to close in early 2020, subject to regulatory approval.”