NTSC Blog

Weekly News Roundup: September 9, 2019

Congressional Cybersecurity News Update

Here, we’ve provided a roundup of Congressional cybersecurity news stories from last week.

• Lawmakers offer bill to shore up federal cybersecurity: According to The Hill, “Reps. John Ratcliffe (R-Texas) and Ro Khanna (D-Calif.) [introduced a bill last week] intended to modernize a Department of Homeland Security (DHS) program that ensures the cybersecurity of federal agencies. The Advancing Cybersecurity Diagnostics and Mitigation Act would formally codify the department's Continuous Diagnostics and Mitigation (CDM) program, which provides tools and services to federal agencies to increase cybersecurity. The bill would also require DHS to develop a strategy to ensure that the CDM program is able to adjust to evolving cyber threats and would require the DHS secretary to make the CDM program available for state, local and tribal governments.”
• Rep. Katko Introduces Bill to Bolster SLG Cybersecurity: According to MeriTalk, “Rep. John Katko, R-N.Y., introduced the State and Local Government Cybersecurity Improvement Act on Aug. 30 to help state and local governments combat cyberattacks. The legislation comes in the wake of increasing ransomware attacks targeting state and local governments, including Katko’s own state. The bill would direct the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) to draft a resource guide to help state and local officials prepare for, mitigate, respond to, and recover from cyberattacks. The legislation would also form two new grant programs to aid state and local governments in bolstering their cybersecurity capabilities.”

Federal Cybersecurity News Roundup

In federal cybersecurity news last week…

• Top IT official names China as main cyber threat to US: According to The Hill, “A top IT government official [last] Wednesday said China poses the biggest cyber threat to the U.S. Speaking at a cybersecurity summit, Federal Chief Information Security Officer (CISO) Grant Schneider said China has the ‘capacity and the capability and the intent’ to work against the U.S. in cyberspace more so than other countries.”
• NSA Cyber Chief Wants to Share Digital Threats Early and Often: According to NextGov, “The chief of the National Security Agency’s cyber office wants to speed up the information sharing channels between her notoriously tight-lipped organization and its partners in the government and private sector. By pushing out intelligence earlier and faster, NSA could help its partners get ahead of digital threats instead of playing clean-up after they fall victim, said Anne Neuberger, who was recently tapped to lead the agency’s new Cybersecurity Directorate. The office is set to officially open its doors on Oct. 1.”
• DoD unveils new cybersecurity certification model for contractors: According to Federal News Network, “The Defense Department sees its new certification model, which it unveiled to the public [last] week, as a way to more quickly bring its entire industrial base up to date with best cybersecurity practices. But the Pentagon also sees this new model as a means to set the stage for a broader, more complex journey to better understand the defense supply chain. [Last] Wednesday, DoD released a new draft of the Cybersecurity Maturity Model Certification (CMMC), the Pentagon’s most recent attempt to create a simpler, more consistent framework for the cyber demands it imposes on its contractors and subcontractors.”
• NSTAC goes big-picture on telecom supply chain security: According to FCW, “After a year-long inquiry into how to secure information and communications technology (ICT), the National Security Telecommunications Advisory Committee submitted its formal report to the Department of Homeland Security on Sept. 3. NSTAC's Report to the President on Advancing Resiliency and Fostering Innovation in the ICT Ecosystem is a companion study to the committee's ‘Cybersecurity Moonshot’ effort to secure the nation's critical infrastructure and national security in the face of advancing cyber threats.”

Cybersecurity Reports and Surveys Roundup

We’ve rounded up a few of the best cybersecurity reports and surveys released last week:

• Cybersecurity Leaders Increasingly Face Alert Fatigue, Tune Out Apps: Reported in HealthITSecurity, “The majority of cybersecurity leaders are seeing 10 or more alerts on a daily basis, which is adding to an ever-increasing risk of alert fatigue, according to a recent CRITICALSTART report. The survey of 50 security operations center leaders, managed security services providers, and managed detection and response providers showed that 70 percent of respondents have seen an increase in alerts in the past year. In 2018, just 45 percent of SOC leaders reported investigating more than 10 alerts each day.”
• Nearly 2 in 5 Enterprises Have Lost Business Due to Cybersecurity Performance, New Independent Study Finds: According to a press release, “[Nearly] two in five (38 percent) of enterprises admit that they have lost business due to either a real or perceived lack of security performance within their organization.”
• Venafi Survey: 82% of IT Security Professionals Don’t Trust Elected Officials to Enact Effective Security Regulation: According to a press release, “80% of security professionals agree that more security and privacy legislation is needed, especially for social media organizations that store personal data. However, nearly the same number of respondents (82%) don’t believe their elected officials understand cyber risks well enough to develop and enact effective security regulation.”
• Cybersecurity a Board Room Imperative in Nearly 50 Percent of Global Enterprises: According to a press release, “[Almost] half (48 percent) of corporate boards and 63 percent of business leaders of surveyed enterprises are actively involved in cybersecurity strategy discussions.”

Palo Alto Networks Announces Intent to Acquire Zingbox

According to a press release, Palo Alto Networks announced [last Wednesday] that it has entered into a definitive agreement to acquire Zingbox, an IoT security company, for a total purchase price of $75 million, subject to adjustment, to be paid in cash. The proposed acquisition is expected to close during Palo Alto Networks fiscal first quarter of 2020, subject to the satisfaction of customary closing conditions. Zingbox’s cloud-based service and advanced AI and machine learning technology for device and threat identification capabilities will accelerate Palo Alto Networks delivery of IoT security through its Next-Generation Firewall and Cortex™ platforms. Zingbox’s products will continue to be available to customers after the transaction closes. The company’s co-founders, Xu Zou, May Wang, and Jianlin Zeng, will join Palo Alto Networks. Zingbox is an Internet of Things (IoT) lifecycle management solution provider that provides a cloud based service to discover, identify, secure and optimize devices, using advanced AI and machine learning technologies.