NTSC Technology Security Roundup

Weekly News Roundup: April 2, 2018

South Dakota Passes Data Breach Notification Law

South Dakota recently became the 49th state to pass its own data breach notification law, leaving Alabama as the final state without a law in place. According to The National Law Review, “South Dakota’s new law creates a breach notification requirement for any person or business conducting business in South Dakota that owns or retains computerized personal or protected information of South Dakota residents. On trend with recent amendments to other state data breach notification laws, the South Dakota law includes an expansive definition of personal information.” This new law comes at a time when national data breach notification legislation is being actively explored by Congress.

Rep. Michael McCaul Releases Statement About Importance of Passing the Cybersecurity and Infrastructure Security Agency Act of 2017

In a statement released last Wednesday, Rep. Michael McCaul (R-Texas) said, “To ensure the continued success and strength of DHS’ cyber mission, we must remain laser focused to more effectively streamline and enhance vital cybersecurity operations. H.R. 3359 [the Cybersecurity and Infrastructure Security Agency Act of 2017] will achieve DHS’s longstanding goal of creating a stand-alone operational organization, better focused on its vital missions to strengthen the security of federal networks and our nation’s critical infrastructure, including electoral, while bolstering our civilian cyber-defenses. I look forward to working with my colleagues in the Congress and the Administration to get this to the President’s desk as soon as we can.” According to The Hill, “McCaul has led a multiyear push to reorganize the office, currently called the National Protection and Programs Directorate (NPPD). His stand-alone bill to reorganize and rename NPPD the Cybersecurity and Infrastructure Security Agency passed the House in December.”

Implications of the CLOUD Act Comfort and Concern Different Groups

After the CLOUD Act was passed as part of the recent $1.3 trillion spending bill signed by President Trump, various groups have wrestled with its implications. According to CNET, the new law “updates the rules for criminal investigators who want to see emails, documents and other communications stored on the internet. Now law enforcement won't be blocked from accessing someone's Outlook account, for example, just because Microsoft happens to store the user's email on servers in Ireland.” Tech companies appear pleased although members of Congress are still divided about the privacy implications. The same article noted that “privacy advocates at groups like the ACLU and the Electronic Frontier Foundation criticized the change, saying it lets law enforcement bypass constitutional protections against unreasonable searches.”

Cybersecurity Reports and Surveys Roundup

We’ve rounded up a few of the best cybersecurity reports and surveys released last week:

Testplant Acquires NCC Group’s Web Performance Division and Rebrands Combined Company to Eggplant

Testplant (now Eggplant), a test automation provider and portfolio company of The Carlyle Group, recently announced the acquisition of NCC Group, described in a press release as “a global expert in cyber security and risk mitigation.” According to the same press release, “The product suite enhancements will allow Eggplant to offer integrated AI-driven continuous testing and monitoring against critical business objectives. […] Eggplant will be able to enhance DevOps pipelines to link business, development and operations groups, offering customers a faster product delivery, unique visibility and continuous product improvement, while ensuring a digital experience that delights consumers.”