NTSC Technology Security Roundup

Weekly News Roundup: June 11, 2018

House Homeland Security Committee Advances Bill to Protect Critical Infrastructure

Last Wednesday, the House Homeland Security Committee advanced a bill that would enhance the protection of critical infrastructure. According to The Hill, the measure “would codify and expand the Department of Homeland Security’s current efforts to identify and mitigate cyber threats to industrial control systems — technology used in a wide swath of critical sectors, including power and water systems, manufacturing and transportation. […] The legislation would also authorize the department to provide cyber technical assistance to end users, manufacturers and other industry stakeholders to identify and mitigate vulnerabilities associated with these systems.”

Stronger Cyber Stance Encouraged by Latest National Defense Authorization Act

During the past few years, our military has found itself at a disadvantage in cyberspace as it operates from a “doctrine of restraint” while other nation states attack more aggressively. This US position has gradually shifted, and another step toward a stronger cyber stance is the latest National Defense Authorization Act submitted last Tuesday. According to CyberScoop, “To counter foreign state actors bent on stealing, striking, spying or disrupting in cyberspace, the bill suggests boosting resilience, increasing attribution capabilities, emphasizing defense and enhancing the country’s ability to respond to attacks. […] According to the proposed law, cyber incidents that inflict casualties, undermine democratic society, damage critical infrastructure or affect armed forces could trigger U.S. offensive cyber operations.”

Facebook–Cambridge Analytica Data Scandal Inspiring Privacy Legislation in Congress

After Facebook took a beating during Congressional testimony and now must follow up to questions submitted by lawmakers, Congress is leveraging the anger and awareness generated by the Facebook–Cambridge Analytica data scandal to push forward various data privacy laws. According to The Washington Post, “Lawmakers are pointing to two main vehicles emerging in Congress. One is the Consent Act, a bill sponsored by Sen. Ed Markey (D-Mass.) that would require Facebook and other tech companies such as Google to get explicit permission from users before doing anything with their personal information. […] The second bill, the Social Media Privacy and Consumer Rights Act, introduced by Sens. Amy Klobuchar (D-Minn.) and John Neely Kennedy (R-La.), proposes similar rules allowing users to opt out of data collection.”

Cybersecurity Reports and Surveys Roundup

We’ve rounded up a few of the best cybersecurity reports and surveys released last week:

  • $1.1 billion in cryptocurrency has been stolen this year, and it was apparently easy to do: According to CNBC, “The necessary malware, which [Carbon Black Security strategist Rick McElroy] said even occasionally comes with customer service, costs an average of $224 and can be priced as low as $1.04. That marketplace has emerged as a $6.7 million economy…”
  • Cryptomining Malware Digs into Nearly 40% of Organizations Globally: According to a press release, “Coinhive retained the top spot as the most prevalent malware with Cryptoloot – another crypto-mining malware – ranked second with a global reach of 11%.”
  • Cybersecurity is the number one reason to avoid unlicensed software, CIOs tell BSA: According to a press release, “Unlicensed software is still used around the globe at alarming rates, accounting for 37 percent of software installed on personal computers – only a 2 percent drop from 2016.”
  • One in 3 companies would rather pay hackers than invest in security, researchers find: Reported in Cyware, “According to NTT Security’s report, organizations are much more concerned about how a breach will affect their public image than how best to mitigate an incident and implement security measures to prevent future breaches.”
  • Cyberthreats Increasing But Shifting, With Ransomware Attacks Down 17 Percent: According to a press release, “Last year, 62 percent of respondents experienced a ransomware attack, compared to 45 percent this year—a 17-point drop. […] Eighty-two percent of respondents said that their enterprises now have ransomware strategies in place and 78 percent said they have a formal process—up 25-points from last year.”

Two Major Cybersecurity Acquisitions Last Week

Last Monday, Microsoft announced its intent to acquire GitHub. According to a blog post from Microsoft, “More than 28 million developers already collaborate on GitHub, and it is home to more than 85 million code repositories used by people in nearly every country. From the largest corporations to the smallest startups, GitHub is the destination for developers to learn, share and work together to create software. It’s a destination for Microsoft too. We are the most active organization on GitHub, with more than 2 million ‘commits,’ or updates, made to projects.”

In other acquisition news, Capgemini will acquire Leidos Cyber, the commercial cybersecurity division of Fortune 500 company Leidos. According to a press release, “This acquisition will reinforce the Group's capabilities in North America, helping to meet growing customer demand for its portfolio of cybersecurity services and solutions across the region. […] A commercial enterprise security leader with proven critical infrastructure capabilities, Leidos Cyber has established a successful track record of over 10 years in the commercial cybersecurity business. It comprises a team of almost 500 elite cybersecurity professionals located principally across North America.”