Weekly News Roundup: March 19, 2018
New ICANN Standards Increase Privacy but Raise US Law Enforcement Concerns
With GDPR on the way, ICANN has decided to lessen the amount of information a website domain holder needs to submit when registering a website. However, that lack of information concerns both US law enforcement and technology companies seeking to prosecute cybercriminals. According to The Hill, “The U.S. government and American technology companies say [the new] rules will make it harder for them to crack down on malicious actors on their platforms. Currently, names, addresses and contact information for those who register a website can be accessed publicly in many cases. Law enforcement often uses this information to track down suspected criminals. The change is being made to adhere to new European Union regulations, set to take effect on May 25.”
Energy Sector Cybersecurity Identified as High Priority by House Committee
FCW reported on a hearing of the House Energy and Commerce Committee last Wednesday about how the Department of Energy is handling cybersecurity with its new office. According to FCW, “[Department of Energy undersecretary Mark Menezes] provided [committee] members with some specifics about the future of the department's new cyber office, as well as the department's cybersecurity priorities, emphasizing the creation of the new office—and its absorption of other Energy programs—is ‘just an initial step.’ Menezes wants the office's priorities to be sharing vulnerability information with industry, engaging in training programs for the future cyber workforce and building towards countering cyber threats with artificial intelligence.”
US Cyber Warfare…With No Offensive Capability?
As cyber warfare becomes more common as a way for nations to strike each other offensively, the United States is in a unique position of not being able to independently mount offensive cyberattacks. Last Tuesday, representatives from the US Armed Forces talked about their concerns at a Senate Armed Services Subcommittee hearing on cybersecurity. According to CyberScoop, “Military organizations largely lack the authorities to act independently in cyberspace. Approval usually begins with an interagency review and ends with direct permission from the president. Historically, this arrangement has led to a long line of denials. One lawmaker, Sen. Ben Sasse, R-Neb., described the current approval process as being ‘slow as molasses.’”
Cybersecurity Reports and Surveys Roundup
We’ve rounded up a few of the best cybersecurity reports and surveys released last week:
- IBM Study: Responding to Cybersecurity Incidents Still a Major Challenge for Businesses: “77 percent of respondents admit they do not have a formal cyber security incident response plan (CSIRP) applied consistently across their organization. Nearly half of the 2800 respondents reported that their incident response plan is either informal/ad hoc or completely non-existent.”
- Microsoft Releases Annual Cybersecurity Report: Reported in ITProPortal, “Microsoft has just released its annual cybersecurity report and it says that phishing is still the most popular way for cyber-criminals to attack… […] More than half (53 percent) of all email threats are phishing ones. Three quarters (75 percent) contain a malicious URL.”
- New Survey Shows That More Than Half of European and Middle East Organizations Still Don’t Align on Cloud Adoption and Cybersecurity: “The majority (70 percent) of cybersecurity professionals working in large organizations across Europe and the Middle East say that a rush to the cloud is not taking full account of the security risks.”
White House Prevents Broadcom’s Takeover of Qualcomm for National Security Reasons
Last Monday, an executive order by President Trump prohibited the takeover of Qualcomm by Broadcom. The order states: “There is credible evidence that leads me to believe that Broadcom Limited […] through exercising control of Qualcomm Incorporated (Qualcomm), a Delaware corporation, might take action that threatens to impair the national security of the United States.” According to USA Today, “The takeover, which would have been the largest transaction the technology industry had ever seen, was tripped up by concerns that it posed a threat to American competitiveness in mobile technology by putting one of the largest mobile chip makers in the U.S. under the control of a company based in Asia.”