NTSC Technology Security Roundup

Weekly News Roundup: July 8, 2019

National Cyber Security News Update

Here, we’ve provided a roundup of cybersecurity news stories related to national security from last week.

  • Suspected Iranian Cyber Attacks Show No Sign of Slowing: According to Defense One, “[Last Wednesday], U.S. Cyber Command tweeted that they discovered ‘active malicious use’ of a known bug in Microsoft Outlook, ‘CVE-2017-11774.’ In their tweet, Cyber Command doesn’t say who is using the bug to launch attacks. But cybersecurity company FireEye has reported that a variety of Iranian hackers have been busy using that very vulnerability.”
  • DOE teams with industry on pipeline cybersecurity: According to FedScoop, “The Department of Energy is working with industry to craft recommendations in the next several months for increasing cybersecurity around pipeline critical infrastructure. Private entities and key agencies formed a consortium over concerns industrial control systems (ICS) are increasingly being targeted by nation-states, hacktivists and advanced persistent threats, but such incidents aren’t being discussed.”
  • Trump reversal on Huawei gets bipartisan pushback: According to The Hill, “President Trump’s decision to lift the ban on U.S. companies selling products to Chinese telecommunications company Huawei is sparking pushback from lawmakers worried about the potential national security implications. […] Security issues posed by Huawei, which is considered by many to be under some degree of control by the Chinese government, were summed up by a report put out by the North Atlantic Treaty Organization’s (NATO) Cooperative Cyber Defense Center of Excellence (CCDCOE) earlier this year, which touched on the risks from Huawei to the development of fifth generation (5G) networks.”

Congressional Cybersecurity News Update

Here, we’ve provided a roundup of Congressional cybersecurity news stories from last week.

  • Defense Bill Grab Bag: According to Politico, “The Senate’s fiscal 2020 defense policy bill, S. 1790, is something of a hodgepodge of previously introduced cybersecurity measures. In addition to a three-year intelligence authorization bill, S.1589, there’s H.R. 680 / S. 174, which would create an Energy Department pilot program to isolate some critical electricity grid systems to protect them from digital attacks. There’s also legislation, S.1798, that would tackle the Pentagon’s cyber governance structures. Another bill, S.846 / H.R. 2739, would require transit operators to establish and execute a plan to identify and mitigate cybersecurity risks, and would forbid transit agencies from using federal funds to purchase rail cars or buses from Chinese-owned companies.”
  • Senators unveil bipartisan bill to target 'deepfake' video threat: According to The Hill, “A bipartisan group of senators introduced legislation Friday to assess and cut down on the threat posed by ‘deepfake’ videos, which are created through the use of artificial intelligence (AI) technologies to manipulate original videos. […] This legislation would require the Department of Homeland Security to conduct an annual study of deepfakes and related content. It would also require the department to assess the AI technologies used to create deepfakes and propose changes, additions to, or new regulations around these technologies.”
  • New law brings big change to IRS in IT, cyber: According to FCW, “The Taxpayer First Act, signed into law by President Donald Trump July 1, restores the agency's streamlined critical pay hiring authorities through 2025. The program allows IRS to sidestep normal federal hiring protocols to quickly make new hires and offer substantially higher pay -- as much as $240,000, according to the Treasury Department's inspector general – to candidates with cybersecurity and tech backgrounds.”
  • Warren, Jayapal question FCC over industry's influence: According to The Hill, “Sen. Elizabeth Warren (D-Mass.) and Rep. Pramila Jayapal (D-Wash.) are questioning the private sector’s influence over the Federal Communications Commission’s (FCC) decision-making when it comes to network security. Warren and Jayapal asked FCC Chairman Ajit Pai, a Republican, about an advisory committee that is dominated by members affiliated with industry groups or companies in a letter released Monday.”

Cybersecurity Reports and Surveys Roundup

We’ve rounded up a few of the best cybersecurity reports and surveys released last week:

  • Most CISOs Believe Companies Stake Their Reputations on Cybersecurity Budgets, Survey Shows: Reported in Security Boulevard, “Nine in 10 IT security professionals say their companies can improve their reputations by better protecting data, according to a Bitdefender survey. CISOs and their teams also admit a weak posture could have the opposite effect, as seen in countless headlines in recent years that have sullied corporate images following security breaches. Some 45% of CISOs place reputational cost as the second-biggest risk of remaining unaware of an ongoing breach, right after business interruption (55%).”
  • Small Business Supply Chain Partners Aren’t Always to Blame for Cyberscurity Breaches: Reported in Small Business Trends, “A new study from (ISC)² reveals large partners are actually to blame more than their smaller counterparts. According to the report, 54% of enterprises said the third-party breach was caused by large partners. This is compared to 46% of small partners or businesses. Additionally, 14% say they experience a breach as a result of a small business partner. However, it goes up to 17% with large partners.”
  • Cybersecurity Threats Are Top RIA Concern In 2019, IAA Survey Says: Reported in Financial Advisor, “For the sixth year in a row, cybersecurity remains the biggest compliance concern at registered investment adviser firms, with 83 percent calling it the ‘hottest’ compliance topic and more than 70 percent indicating that they increased compliance testing in this area over the past year, a new survey says.”

Sources Say Broadcom to Acquire Symantec

Multiple articles last week reported that Broadcom is likely to acquire Symantec, according to several sources who did not publicly identify themselves. According to Bloomberg, “Broadcom Inc. has secured financing and identified cost savings for the acquisition of Symantec Corp. in an all-cash deal that could value the cybersecurity firm at more than $22 billion including debt, according to people familiar with the matter. The chipmaker received lending commitments from several banks and sees annual synergy potential of about $1.5 billion, said the people, who asked not to be identified because negotiations are private. An agreement could be reached around mid-July, though the talks could also still drag on or fall apart, the people said.”