NTSC Technology Security Roundup

Weekly News Roundup: April 15, 2019

Privacy Bill of Rights Act Introduced

As states show more interest in passing privacy laws similar to the California Consumer Privacy Act (CCPA), a new comprehensive privacy bill has emerged in the Senate. Introduced by Senator Ed Markey (D-Mass.), the Privacy Bill of Rights Act establishes rules for both online and offline companies and bans the use of individuals’ personal information for harmful, discriminatory purposes, such as housing and employment advertisements targeted based on demographics like race and gender. It also includes cybersecurity standards and provides the Federal Trade Commission (FTC) with rulemaking authority. According to a press release, the law specifically would:

  • Prohibit companies from using individuals’ personal information in discriminatory ways.
  • Require companies to protect and secure the personal information that they hold.
  • Establish a centralized FTC website that tells consumers about their privacy rights and require companies to use easy to read short-form notices provided directly to consumers.
  • Ensure companies collect only the information they need from consumers in order to provide the requested services.
  • Enable State Attorneys General to protect the interest of their residents and bring action against companies that violate the privacy rights of individuals. Individuals will also have a private right of action empowering them to defend their own privacy rights.

Congressional Cybersecurity News Roundup

Other cybersecurity-related legislative news occurred in Congress last week:

  • State Cyber Resiliency Act Introduced in the Senate by Mark Warner (D-VA) and Cory Gardner (R-CO): According to a press release, “The State Cyber Resiliency Act, which was also introduced in the House by Reps. Derek Kilmer (D-WA) and Michael McCaul (R-TX), would create and authorize the Department of Homeland Security (DHS) to run a grant program for states seeking to develop, revise or implement cyber resiliency measures—including efforts to identify, detect, protect, respond, and recover from cyber threats.”
  • Deceptive Experiences To Online Users Reduction (DETOUR) Act Introduced in the Senate by Mark R. Warner (D-VA) and Deb Fischer (R-NE): According to a press release, “The Deceptive Experiences To Online Users Reduction (DETOUR) Act aims to curb manipulative dark pattern behavior by prohibiting the largest online platforms (those with over 100 million monthly active users) from relying on user interfaces that intentionally impair user autonomy, decision-making, or choice.”
  • Senate Hearing Focuses on Robocalls: According to The Hill, “Lawmakers [last] Thursday reviewed regulators' efforts to cut down on illegal robocalls during a hearing of the Senate Commerce subcommittee on communications. The hearing comes on the heels of the Federal Communications Commission's (FCC) first-ever report on robocalls and as lawmakers push bipartisan legislation to crack down on the problem. […] [Sen. John Thune (R-S.D.)] and Sen. Ed Markey (D-Mass.) reintroduced bipartisan legislation this year to crack down on robocalls through the Telephone Robocall Abuse Criminal Enforcement and Defense (TRACED) Act.”

Top Companies Team Up With Federal Agencies and Nonprofit to Launch First-of-its-Kind Cyber Talent Initiative to Protect Against Cyberattacks

According to a press release, Mastercard, in collaboration with Microsoft, Workday and the nonprofit, nonpartisan Partnership for Public Service today launched the Cybersecurity Talent Initiative – a first-of-its-kind public-private partnership to recruit the nation’s best minds to defend against global cyberattacks. The launch of this initiative serves as a call to action for leading companies, federal agencies, and higher education institutions to come together and help grow the talent pipeline of cybersecurity technologists to protect the nation and support our digital economy. Ron Green, chief security officer of Mastercard and NTSC Board Member, said, “Cybersecurity is a critical issue facing our world today. It will take a true collaboration between the public and private sectors to get the right resources in place to address the threat. We invite more corporations and government agencies to join us in this critical endeavor and give the best and brightest talent an opportunity to get a step up, enhance their skills and pave their own career paths.”

GAO to Create New Science, Technology Assessment, and Analytics Team That Helps Educate Lawmakers

Cybersecurity and technology evolve so fast that, unless one is in the industry, it’s difficult to stay up on current trends. Yet, lawmakers and their staff must make a lot of critical decisions when shaping laws that involve technological and cybersecurity complexity. To help educate lawmakers, the US Government Accountability Office (GAO) will create a new Science, Technology Assessment, and Analytics team. According to NextGov, “Officially created in January, the group brings the various tech and science teams previously scattered across GAO together under a single roof, serving as a one-stop shop for the technical expertise needed on Capitol Hill. The office will provide lawmakers with a wide array of resources, ranging from informal briefings ahead of committee hearings to major studies on the impact new technologies will have on society.”

Cybersecurity Reports and Surveys Roundup

We’ve rounded up a few of the best cybersecurity reports and surveys released last week:

  • Survey: Cybersecurity Crowdsourcing Achieves Acceptance: Reported in Security Boulevard, “[Almost] 90% of companies surveyed are already running, plan to run in the next 12 months, or are interested in running a crowdsourced security program at some point.”
  • Investors Are Betting Early On Cybersecurity Startups: Reported in Crunchbase, “More than $1 billion has been invested into cybersecurity companies located outside of China to date in 2019. […] However, late-stage startups didn’t score all of the funding. In fact, more than 70 percent of deals in 2019 so far have been directed toward seed and early-stage startups...”
  • Cyber-Security Incident Response Plans Lacking, IBM Reports: Reported in eWeek, “Seventy-seven percent of respondents admitted that their organization does not have a cyber-security incident response plan applied consistently across the enterprise. […] The report found that among organizations that have an incident response plan, 54 percent do not test their plans regularly (or at all) to ensure they hold up and that they are prepared for their worst day.”
  • Nine in ten security professionals rate cybersecurity as a larger threat than border security: According to a press release, “92 percent of [2019 RSA Conference] respondents feel that cybersecurity is a bigger threat to the U.S. as compared to border security.”