Weekly News Roundup: March 12, 2018
Draft of Data Acquisition and Technology Accountability and Security Act Highlights Rift Between Financial Services and Retail Industries
As Representatives Blaine Luetkemeyer (R-Missouri) and Carolyn Maloney (D-New York) circulate a draft of the Data Acquisition and Technology Accountability and Security Act, the retail and financial services industries are publicly sparring over its provisions. The National Retail Federation is arguing (through ads and a public campaign) that the bill exempts financial services companies from the proposed national data breach notification standard. Financial services groups such as the American Bankers Association counter that existing laws such as the Gramm-Leach-Bliley Act and FDIC guidelines already hold their industry to stringent standards. Quoted in Bloomberg Politics, Jess Sharp, senior vice president for the American Bankers Association, said “Banks are required to maintain highly secure systems, while other sectors have no federal standards.”
Sharing Federal Cyberthreat Information Remains at Forefront of Various Discussions
Two articles last week indicate how federal cyberthreat information sharing remains top of mind for legislators and agency heads. The Hill reported that Ted Lieu (D-Calif.) wants to build upon the Trump administration’s willingness to increase transparency about the Vulnerabilities Equities Process (VEP) by making accountability to Congress mandatory. Bloomberg Politics also reported on comments by William Evanina, director of the National Counterintelligence and Security Center, indicating that “the U.S. government has failed to share enough information about cyber threats, including risks to election systems, with federal agencies and states.”
Federal Cybersecurity News Roundup
Here is a roundup of some important federal cybersecurity news from last week:
- CYBERCOM Chief Nominee Plans Recommendation on NSA Split Within Three Months: According to NextGov, “President Donald Trump’s pick to lead U.S. Cyber Command plans to deliver a recommendation about whether the command is ready to split from its dual hat relationship with the National Security Agency within 90 days of being confirmed, Lt. Gen. Paul Nakasone told lawmakers [last] Thursday.”
- SEC looking for chief risk officer to help with cyber: According to Fedscoop, “In the wake of the 2016 hack of one of its key databases, the Securities and Exchange Commission is looking for a chief risk officer to oversee the data it collects and how it protects it.”
- Audit Finds Department of Homeland Security's Security is Insecure: According to The Register, “In an agency-wide audit titled ‘Evaluation of DHS' Information Security Program for Fiscal Year 2017’ (PDF), the DHS's watchdog, the Office of Inspector General (OIG), concluded that DHS ‘could protect its information and systems more fully and effectively.’”
- Air Force plans to convert IT staff into cyber force: According to FCW, “The Air Force is moving forward with its cyber squadron initiative to beef up cyber forces to protect weapons systems from intrusions, starting with converting IT workers at seven bases to cyber operators by the end of 2018.”
- Retrained agency employees can be a key source of cybersecurity talent, NSC official says: According to Fedscoop, “Estimates put the national cybersecurity labor shortage at approximately 285,000 open positions, said Tyson Meadors, the National Security Council’s director of cybersecurity policy. To fill at least some of those gaps in the federal government, officials should start looking to retrain their current employees, he said.”
- DHS is putting the finishing touches on a new personnel system for its cyber workforce: According to Federal News Radio, “The DHS secretary is finalizing regulations for the new personnel system, and the agency plans to unveil it ‘in the very near future,’ the agency’s chief human capital officer, Angela Bailey, told the House Homeland Security Committee [last Wednesday].”
Cybersecurity Reports and Surveys Roundup
We’ve rounded up a few of the best cybersecurity reports and surveys released last week:
- Could Energy Industry Dynamics Be Creating an Impending Cyber Storm?: “Despite more than half of energy executives naming cyber as a top-five risk, more than half (54%) of energy executives have not quantified or did not know what their worst possible loss exposures could be.”
- Blueliv Annual Cyberthreat Report: “Attacks are discriminating much less by sector than in previous years. Any company holding PII is a target.” Also, “AI-powered attacks are increasing in scope and complexity, reflecting advances in AI-powered cyberdefense.”
- CyberEdge Cyberthreat Defense Report: Reported in Computer Weekly, “Only half of ransomware victims who pay ransoms to cyber criminals recover their data […], pointing to a need for more effective strategies to deal with these attacks.”
- Feds move to secure mobile devices with machine learning, biometrics: According to a Fedscoop survey, “The U.S. government is outpacing the private sector in deploying the latest endpoint mobile security technology.”
- 2018 Thales Data Threat Report, Healthcare Edition: Reported in ITProPortal, “Less than a third of healthcare organizations, 30 percent, have never been victims of a cyberattack. Out of the other 70 percent, 39 percent have been breached in the last year alone.”
McAfee Acquires VPN Company TunnelBear
Last Thursday, McAfee announced that they were closing their acquisition of VPN company TunnelBear. According to a press release, “The acquisition of TunnelBear gives McAfee a world-class technology and business that strategically aligns with its vision of protecting what matters most to its customers, including online behavior, personal data and sensitive information. Combining TunnelBear’s secure network with an intuitive interface will help keep customers’ data secure on public Wi-Fi and web browsing private from advertisers with the ability to block intrusive ads.”