NTSC Technology Security Roundup

Weekly News Roundup: April 29, 2019

White House Technology, Telecommunications, and Cybersecurity Adviser to Leave

Abigail Slater, the Special Assistant to the President for Tech, Telecom, and Cyber Policy at the White House National Economic Council, will leave her position to join Fox Corp. According to The Hill, “Slater joined the White House in February 2018 as special assistant to the president for technology, telecommunications and cybersecurity. She previously served as general counsel for the Internet Association, a trade group representing companies like Amazon, Facebook and Google. […] The Trump administration has credited Slater with helping to craft and execute its strategy for promoting the rollout of next-generation wireless networks known as 5G.” It’s unclear if she will be replaced. In an op-ed last year, the NTSC noted the importance of staffing the White House with senior cybersecurity advisors after the departure of Tom Bossert and Rob Joyce’s return to the NSA.

Senate Committee Hearing Will Discuss IoT Cybersecurity

According to the US Senate Committee on Commerce, Science, and Transportation, “U.S. Sen. Dan Sullivan, R-Alaska, chairman of the Subcommittee on Security, will convene a hearing titled, ‘Strengthening the Cybersecurity of the Internet of Things,’ at 2:30 p.m. on Tuesday, April 30, 2019. The hearing will examine the security threats and challenges posed by the Internet of Things (IoT), and ways to incentivize building more cybersecurity by design into connected devices and the networks that support them. The hearing will also examine the importance of 5G network security to connected devices and the manner in which the federal government, business community, and consumers can promote and support increased IoT cybersecurity.”

Federal Cybersecurity News Roundup

In federal cybersecurity news last week…

  • Naming and shaming nations that launch cyberattacks does work, say intel chiefs: According to ZDNet, “Western countries are increasingly calling out malicious cyber activity by other nation states, and this naming and shaming can deter attacks and spur potential victims into improving their security planning, according to intelligence chiefs. […] [Rob Joyce, senior cybersecurity advisor for the USA's National Security Agency] argued how Five Eyes members have ‘got to get comfortable as nations going out and saying these countries are behaving in a way that's unacceptable and turning up that pressure,’ adding, ‘we won't get international norms without being able to speak that truth.’”
  • National Security Council cyber chief: Criminals are closing the gap with nation-state hackers: According to CyberScoop, “Cybercriminals are catching up to nation-states’ hacking capabilities, and it’s making attribution more difficult, the National Security Council’s senior director for cybersecurity policy said [last] Thursday. ‘They’re not five years behind nation-states anymore, because the tools have become more ubiquitous,’ said Grant Schneider, who also holds the title of federal CISO…”
  • Federal CISO Wants To Move Beyond ‘Whack-a-Mole’ Supply Chain Security: According to NextGov, “Agencies need to trust the tech they buy from private industry is free of bugs and malware, but today’s approach to securing the federal IT supply chain is too narrow for any such guarantees, according to the country’s top cybersecurity official. […] [While] individual bans certainly made the federal supply chain safer, the government needs a much more scalable approach to stay ahead of the latest threats, said federal Chief Information Security Officer Grant Schneider.”
  • DOD's AI hub looks to push out new solutions: According to FCW, “The Defense Department's Joint Artificial Intelligence Center is hoping to deliver on its first cyber capability in fiscal 2020. The new DOD center plans to launch its cyber sensing national mission initiative and other projects in 2020, DOD CIO Dana Deasy said during his keynote for the General Dynamics IT Emerge 2019 event April 23.”

Cybersecurity Reports and Surveys Roundup

We’ve rounded up a few of the best cybersecurity reports and surveys released last week:

  • Cyber crime cost organizations $2.7 billion in 2018: Reported in FCW, “Cyber crime cost businesses a collective $2.7 billion in 2018, according to the FBI's latest annual Internet Crime Report. […] While more sophisticated tools and attack vectors tend to garner sexier headlines, the report made clear that many hackers are still able to make a good living, exploiting common social engineering methods like BEC to the tune of $1.2 billion in lost or stolen profits.”
  • Indeed.com: Slight Dip in Clicks on US Cybersecurity Job Listings: Reported in Dark Reading, “While the number of US cybersecurity job postings on Indeed.com increased by 7% between 2017 and 2018, clicks on those listings dropped by 1.3%. Meantime, the employment website's first-ever analysis of trends in cybersecurity listings worldwide shows that most of the top 10 highest-paying job titles in the US come with salaries of more than $100,000.”
  • US Healthcare Cybersecurity Market to Reach $8.70 Billion by 2023 as Companies Adopt IoT and Cloud Strategies: According to a press release, “Future healthcare IT spending is expected to increase across network perimeter protection, endpoint protection, access management, public-facing properties, detecting and mitigating exploits, and managed services, driving this market toward $8.70 billion by 2023.”
  • Cybersecurity Is Improving, Though Risk Continues to Grow: Reported in eWeek, “Unauthorized cryptocurrency mining, commonly referred to as cryptojacking, grew exponentially in 2018,” “100% of web applications tested by Trustwave had at least one vulnerability,” and “the top method by which attackers got into various organizations in 2018 was by way of tricking users in some way in an attack commonly referred to as social engineering.”
  • Enterprise Trojan Detections Spike 200% in Q1 2019: Reported in Dark Reading, “Trojan detections on business endpoints in the first quarter of 2019 increased more than 200% from the fourth quarter of 2018, and almost 650% from the first quarter of 2018, researchers found in the Malwarebytes Q1 Cybercrime Tactics and Techniques report.”
  • Employers should develop cybersecurity protocols and invest more in employee training programs: Reported in Help Net Security, “46 percent of respondents agree that their organization doesn’t have confidence in its workforce when it comes to keeping valuable data and assets safe. This lack of trust is even higher in the public sector (53 percent), IT and technology services (52 percent) and manufacturing (51 percent).”

SolarWinds Acquires MSP Password Security Company Passportal

According to a press release, SolarWinds “launched SolarWinds® Passportal suite—a unified set of password management and privileged client knowledge management tools, adding to its IT security product portfolio. […] The new suite joins the family through the acquisition of Passportal, a company that delivers MSP-focused password management and privileged client knowledge management tools that integrate easily with a wide range of IT software products.” ChannelE2E notes this acquisition is “the latest in a growing list of SolarWinds acquisitions that specifically address cybersecurity, IT management and automation opportunities for MSPs. The move also intensifies competition between SolarWinds MSP and Kaseya — which owns the IT Glue documentation and password management platform.”