NTSC Technology Security Roundup

Weekly News Roundup: March 12, 2018

Draft of Data Acquisition and Technology Accountability and Security Act Highlights Rift Between Financial Services and Retail Industries

As Representatives Blaine Luetkemeyer (R-Missouri) and Carolyn Maloney (D-New York) circulate a draft of the Data Acquisition and Technology Accountability and Security Act, the retail and financial services industries are publicly sparring over its provisions. The National Retail Federation is arguing (through ads and a public campaign) that the bill exempts financial services companies from the proposed national data breach notification standard. Financial services groups such as the American Bankers Association counter that existing laws such as the Gramm-Leach-Bliley Act and FDIC guidelines already hold their industry to stringent standards. Quoted in Bloomberg Politics, Jess Sharp, senior vice president for the American Bankers Association, said “Banks are required to maintain highly secure systems, while other sectors have no federal standards.”

Sharing Federal Cyberthreat Information Remains at Forefront of Various Discussions

Two articles last week indicate how federal cyberthreat information sharing remains top of mind for legislators and agency heads. The Hill reported that Ted Lieu (D-Calif.) wants to build upon the Trump administration’s willingness to increase transparency about the Vulnerabilities Equities Process (VEP) by making accountability to Congress mandatory. Bloomberg Politics also reported on comments by William Evanina, director of the National Counterintelligence and Security Center, indicating that “the U.S. government has failed to share enough information about cyber threats, including risks to election systems, with federal agencies and states.”

Federal Cybersecurity News Roundup

Here is a roundup of some important federal cybersecurity news from last week:

  • CYBERCOM Chief Nominee Plans Recommendation on NSA Split Within Three Months: According to NextGov, “President Donald Trump’s pick to lead U.S. Cyber Command plans to deliver a recommendation about whether the command is ready to split from its dual hat relationship with the National Security Agency within 90 days of being confirmed, Lt. Gen. Paul Nakasone told lawmakers [last] Thursday.”
  • SEC looking for chief risk officer to help with cyber: According to Fedscoop, “In the wake of the 2016 hack of one of its key databases, the Securities and Exchange Commission is looking for a chief risk officer to oversee the data it collects and how it protects it.”
  • Audit Finds Department of Homeland Security's Security is Insecure: According to The Register, “In an agency-wide audit titled ‘Evaluation of DHS' Information Security Program for Fiscal Year 2017’ (PDF), the DHS's watchdog, the Office of Inspector General (OIG), concluded that DHS ‘could protect its information and systems more fully and effectively.’”
  • Air Force plans to convert IT staff into cyber force: According to FCW, “The Air Force is moving forward with its cyber squadron initiative to beef up cyber forces to protect weapons systems from intrusions, starting with converting IT workers at seven bases to cyber operators by the end of 2018.”
  • Retrained agency employees can be a key source of cybersecurity talent, NSC official says: According to Fedscoop, “Estimates put the national cybersecurity labor shortage at approximately 285,000 open positions, said Tyson Meadors, the National Security Council’s director of cybersecurity policy. To fill at least some of those gaps in the federal government, officials should start looking to retrain their current employees, he said.”
  • DHS is putting the finishing touches on a new personnel system for its cyber workforce: According to Federal News Radio, “The DHS secretary is finalizing regulations for the new personnel system, and the agency plans to unveil it ‘in the very near future,’ the agency’s chief human capital officer, Angela Bailey, told the House Homeland Security Committee [last Wednesday].”

Cybersecurity Reports and Surveys Roundup

We’ve rounded up a few of the best cybersecurity reports and surveys released last week:

McAfee Acquires VPN Company TunnelBear

Last Thursday, McAfee announced that they were closing their acquisition of VPN company TunnelBear. According to a press release, “The acquisition of TunnelBear gives McAfee a world-class technology and business that strategically aligns with its vision of protecting what matters most to its customers, including online behavior, personal data and sensitive information. Combining TunnelBear’s secure network with an intuitive interface will help keep customers’ data secure on public Wi-Fi and web browsing private from advertisers with the ability to block intrusive ads.”