Category Archives: government

Unsurprisingly, only 14% of companies are compliant with CCPA

With less than 10 months before the California Consumer Privacy Act (CCPA) goes into effect, only 14% of companies are compliant with CCPA and 44% have not yet started the implementation process. Of companies that have worked on GDPR compliance, 21% are compliant with CCPA, compared to only 6% for companies that did not work on GDPR, according to the TrustArc survey conducted by Dimensional Research. “At TrustArc, we’ve seen a significant increase in the … More

The post Unsurprisingly, only 14% of companies are compliant with CCPA appeared first on Help Net Security.

Fewer than 28% of gov.uk using DMARC effectively in line with guidelines

Only 28% of gov.uk domains have been proactive in setting up DMARC appropriately, in line with UK Government Digital Service (GDS) advice in preparation for the retirement of the Government Secure Intranet (GSI) platform in March 2019. Since 1996, the GSI framework has enabled connected organizations to communicate electronically and securely at low protective marking levels, according to Egress. The findings reveal a lack of preparation from several government email administrators in readying themselves for … More

The post Fewer than 28% of gov.uk using DMARC effectively in line with guidelines appeared first on Help Net Security.

California Reintroduces ‘Right To Repair’ Bill After Previous Effort Failed

An anonymous reader quotes a report from Apple Insider: California State Assembly member Susan Talamantes Eggman on Monday announced the introduction of Assembly Bill 1163, which will require manufacturers like Apple to "make service literature and equipment or parts available to product owners and to regulated, independent repair shops." "For nearly 30 years California has required that manufacturers provide access to replacement parts and service materials for electronics and appliances to authorized repairers in the state. In that time, manufacturers have captured the market, controlling where and when we repair our property, and inflating the electronic waste stream," Eggman said. "The Right to Repair will provide consumers with the freedom to have their electronic products and appliances fixed by a repair shop or service provider of their choice, creating a competitive market that will be cheaper for consumers and reduce the number of devices thrown in the trash." The bill, officially filed as legislation relating to electronic waste, is Eggman's second try at right to repair legislation. Her first attempt, 2018's Bill 2110, was introduced last March and subsequently died in assembly that November. Like the pending Bill 1163, last year's tendered legislation was crafted as a play to reduce e-waste. Eggman's announcement includes a word-for-word reproduction of an explainer included in 2018's press release for the now-dead Bill 2110. In it the lawmaker argues that customers who are unable to pay for manufacturer repairs are forced to replace broken equipment like smartphones, TVs and home appliances. Beyond financial benefits, Eggman also says that the repair and reuse of electronics is more efficient than purchasing a new device, noting that such measures can "stimulate local economies instead of unsustainable overseas factories."

Read more of this story at Slashdot.

Cyber preparedness essential to protect EU from large scale cyber attacks

The possibility of a large-scale cyber-attack having serious repercussions in the physical world and crippling an entire sector or society, is no longer unthinkable. Preparing for major cross-border cyber-attacks To prepare for major cross-border cyber-attacks, an EU Law Enforcement Emergency Response Protocol has been adopted by the Council of the European Union. The Protocol gives a central role to Europol’s European Cybercrime Centre (EC3) and is part of the EU Blueprint for Coordinated Response to … More

The post Cyber preparedness essential to protect EU from large scale cyber attacks appeared first on Help Net Security.

Texas Lawmakers Want To Stop Tesla From Fixing Its Own Cars

In Texas the local car dealer lobby has blocked Tesla from selling its cars directly to customers. They're using old laws meant to prevent car manufacturers from competing with their own local dealers -- but Tesla never had any local dealers! And according to Electrek, it gets worse... Despite this issue, Texans have bought thousands of Tesla vehicles, which the automaker delivers from other states to comply with the law. Tesla has been able to service those vehicles through its own service centers, which are not subject to those same direct-sale rules, but now dealers are even going after Tesla's right to service its cars. Quartz offers some additional coverage: At issue is a battle over money. Car dealers derive much of their revenue from selling and (especially) servicing vehicles. Tesla's direct-to-customer sales and service stations are a threat to that business model since they cut dealers out of the transaction.

Read more of this story at Slashdot.

Chicago To Shutdown Composting Business Because Regulations Don’t Cover Worms

schwit1 shared an article from Reason's "Volokh Conspiracy" blog: Nature's Little Recyclers is a father-son business that does composting on empty residential lots, transforming organic waste into nutrient-rich soil. Last year, the business's worms processed 10 tons of banana peels and cups from the Chicago Marathon that would otherwise have gone to a landfill. But Chicago officials are going to shut the business down -- and not because the city doesn't think composting is a good thing (the city's sustainability website directs people to Nature's Little Recyclers). Rather, the city's business and zoning regulations weren't designed to accommodate small and innovative operations like Nature's Little Recyclers. "None of these operations met the criteria for garden composting or an on-site organic waste composting operation," said Anel Ruiz, spokesperson for the Department of Public Health, in a statement to Block Club Chicago, adding "Further, these sites are not properly zoned for commercial composting." But another perspective was shared by lawyer Amy Hermalik, associate director of the Institute for Justice Clinic on Entrepreneurship at the University of Chicago. "The city will unofficially imply there's wiggle room, saying it only enforces certain ordinances against 'bad operators,' but that leaves businesses subject to shifting political winds or personal whims, Hermalik said. 'They [the city] have an incredible amount of power to do as they please.'"

Read more of this story at Slashdot.

Kamala Harris Introduces Bill To Send Millions To Local Governments For Tech Support

Senator and Democratic presidential candidate Kamala Harris has introduced legislation that would allocate millions of dollars for local government to create dedicated teams that could "update and rebuild" government systems. The Verge reports: The United States Digital Service, an office established in 2014 after the widespread failures of Healthcare.gov, provides IT support for the federal government, bringing technologists into the government to work on tools like federal websites. It's continued to operate under the Trump administration, and some states, Harris' office notes, have experimented with similar teams. Harris' bill, the Digital Service Act, would provide an annual $50 million to the federal service, but it also goes further, allocating $15 million per year to state and local governments to create similar teams. Harris' bill, the Digital Service Act, would provide an annual $50 million to the federal service, but it also goes further, allocating $15 million per year to state and local governments to create similar teams. Under the plan, the national Digital Service would offer two-year grants, giving state and local governments between $200,000 and $2.5 million per year. Those governments would be required to take on 20 percent of costs and to spend at least half of the money on talent, rather than tech. The national Digital Service, under the proposal, would report bi-annually to Congress on the progress of the grantees. The bill would provide funding through 2027.

Read more of this story at Slashdot.

Pakistani Govt’s passport application tracking site hacked with Scanbox framework

By Waqas

Hackers are after anyone seeking Pakistani passport while there is no response from the website’s administrator. Researchers at information security firm Trustwave have made a startling new discovery about data breach on a Pakistani government website involving the Scanbox Framework. It is worth noting that the Scanbox is a dangerous payload and this is the […]

This is a post from HackRead.com Read the original post: Pakistani Govt’s passport application tracking site hacked with Scanbox framework

New Microsoft 365 and business applications technologies enable government to modernize for the mission

Our government agencies have a unique opportunity to deliver massive impact on the lives of U.S. citizens – an impact that can be accelerated and emboldened by technology innovation. However, these same agencies are challenged to modernize and keep pace with the changing technology landscape, while simultaneously reducing costs, protecting data and meeting stringent compliance regulations. To ensure the government can achieve its critical, mission-driven work, and improve citizen services, hundreds of CIOs and top decision-makers from federal, state and local government agencies are turning to secure cloud infrastructure, which can seamlessly enable operations efficiencies, and provide services that are faster, more reliable and more secure.

Government is taking a Cloud Smart approach

Right now, we’re seeing the evolution across U.S. government from a Cloud First approach – with an emphasis on just getting everything in the cloud – to a Cloud Smart approach – with a focus on embracing modern capabilities and equipping agencies with the technology tools needed in accordance with their mission needs. The recently revised Federal Cloud Computing Strategy is the first cloud policy update in seven years. We believe it constitutes more than labelling and is the right way forward to make the most of the incredible possibilities of cloud in advancing agencies’ missions. In recent years, commercial technology has increasingly found a foothold in the government market and Cloud Smart embraces best practices from both the federal government and the private sector. Cloud Smart is about equipping agencies with the tools, knowledge and flexibilities they need to not only move to cloud, but to fully embrace the potential of its many value-added capabilities such as Platform-as-a Service (PaaS) and Artificial Intelligence.

Securely enabling the mission end to end

All government cloud offerings are not the same, and Microsoft is committed to supporting the needs of government across all branches and levels enabling them with capabilities that support the advancement of their mission from end to end. We’ve built the most trusted, comprehensive cloud for government which includes Azure Government, Microsoft 365 Government, and Dynamics 365 Government.

Government organizations across the United States increasingly are turning to our powerful cloud offerings to modernize – becoming more productive, collaborative and efficient all while protecting sensitive data and privacy. Microsoft is delivering them the right capabilities where they are needed, when they are needed as the sole provider with offerings that span infrastructure, platform and software capabilities and services (IaaS, PaaS and SaaS) designed to meet government’s unique compliance needs.

To make it easier for agencies to efficiently modernize quickly and accelerate the speed in which they achieve a return on their cloud investments, Microsoft has worked with our government customers to achieve the most certifications of any cloud provider with more than 91 compliance certifications supported at every level of government to help them achieve their necessary requirements. We also invest $1 billion dollars per year on security and much of that goes to ensuring we deliver our customers the most trusted cloud platform.

Today, we’re announcing several advances across our landscape of comprehensive government cloud solutions, demonstrating our commitment to the unique needs of our customers and further differentiating our offerings:

Microsoft Teams is now available across all government cloud environments

Since launching Microsoft 365 Government last year, we’ve continually made investments to empower government with the newest tools for mobile productivity and secure collaboration, bringing together the best of Office 365, Enterprise Mobility + Security (EMS), and Windows 10 to meet agencies’ complex compliance and security requirements.

Today, we’re announcing Microsoft Teams, a product core to our vision for delivering intelligent and modern collaboration and communications, is now available in our Government Community Cloud (GCC) High and Department of Defense (DoD) environments exclusively for the U.S. government and its partners. This means Teams is now available across all our government cloud environments including GCC.

Microsoft Teams’ chat-based workspace enables teams of government professionals to be more productive by giving them a single and secure location that brings together everything they need including chats, meetings, calls, files, and tools. Integrated access through this hub for teamwork across multiple Office 365 services enables agencies to leverage their current investments and improves collaboration by providing central file sharing, co-authoring and many more functions making it possible for government customers to better deliver against their mission.

Introducing Microsoft Power Platform and Dynamics 365 Customer Engagement for Government

Today we’re also announcing the availability of both Microsoft Power Platform (March 2019) and Dynamics 365 Customer Engagement (April 2019) for government professionals. These two new products will enable government to unlock new capabilities and features in three core areas: new business applications; new intelligent capabilities infused throughout; and transformational new application platform capabilities.

Once agencies have the infrastructure for harnessing data, they also need a layer atop that data that enables them to get insights easily. Microsoft Power Platform for Government is a system that will allow them to take three key actions on data: analyze, act, and automate. The system uses Power BI, PowerApps, and Flow working together to help anyone, regardless of technical ability, to make data-driven decisions. Joining Power BI, PowerApps and Flow standalone apps are now generally available for government agencies and their partners in GCC. PowerApps and Flow general availability will also land in Dynamics 365, Microsoft 365 and Office 365 in spring 2019.

We are also offering Dynamics 365 Government Customer Engagement for GCC High. This means agencies can now access customer service, contact centers, correspondence management, grants management, task management, mission planning and even more purpose-built cloud applications than they were able to previously.

New Microsoft 365 Government security and mobile enhancements

Recently we introduced Outlook Mobile for our GCC High and DoD customers. This update means the architecture of Outlook mobile now meets the security and compliance needs of Office 365 U.S. GCC High and DoD customers. Now government employees have advanced capabilities across email, search, and calendar from their mobile devices, so they can focus on what’s important and get more done for their citizens.

Coming soon, government agencies using Office 365 Threat Intelligence in GCC will gain new capabilities that automate investigation and remediation of cyber threats  to help them reduce the burden on their IT security teams and decrease response times. This is the latest addition to comprehensive set of Microsoft 365 Government tools designed to help government protect, detect and respond to cyberattacks.

Continuing our investments in government innovation, security and compliance

Microsoft is helping customers across the full spectrum of government, from the state and local level, to every military branch and all federal cabinet departments. We currently serve nearly 10 million U.S. government cloud professionals across more than 7,000 government entities diligently meeting their unique needs by deliver the highest levels of security and compliance.

Microsoft enables the digital transformation of government by offering effective, modern, enterprise-class cloud capabilities. Our government customers are driven by critical missions, and we are committed to helping them evolve their IT modernization efforts with innovative and trusted cloud, productivity and mobility solutions. As government agencies face a range of new challenges in meeting their missions, we are committed to enabling them to work smarter, with agility and confidence – using technology that can unlock the opportunities ahead. Learn more about how government agencies are using Microsoft cloud technology here.

 

The post New Microsoft 365 and business applications technologies enable government to modernize for the mission appeared first on The Official Microsoft Blog.

How to Pick the Right Solution for FISMA SI-7 Compliance

It can be hard to know how to best allocate your federal agency’s resources and talent to meet FISMA compliance, and a big part of that challenge is feeling confident that you’re choosing the right cybersecurity and compliance reporting solution. A Few FISMA SI-7 Basics So what sorts of specifications do you need to look […]… Read More

The post How to Pick the Right Solution for FISMA SI-7 Compliance appeared first on The State of Security.

At RSAC 2019, It’s Clear the World Needs More Public Interest Technologists

Cybersecurity experts are no longer the only ones involved in the dialogue around data privacy. At RSA Conference 2019, it’s clear how far security and privacy have evolved since RSAC was founded in 1991. The 28th annual RSAC has a theme of “better,” a concept that speaks to the influence of technology on culture and people.

“Today, technology makes de facto policy that’s far more influential than any law,” said Bruce Schneier, fellow and lecturer at the Harvard Kennedy School, in his RSAC 2019 session titled “How Public Interest Technologists are Changing the World.”

“Law is forever trying to catch up with technology. And it’s no longer sustainable for technology and policy to be in different worlds,” Schneier said. “Policymakers and civil society need the expertise of technologists badly, especially cybersecurity experts.”

Public policy and personal privacy don’t always coexist peacefully. This tension is clear among experts from cryptography, government and private industry backgrounds at RSAC 2019. In the past year, consumer awareness and privacy regulations, such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), has created an intensely public dialogue about data security for perhaps the first time in history.

The Cryptographer’s Panel, which opened the conference on Tuesday, delved into issues of policy, spurred in part by the fact that Adi Shamir — the “S” in RSA — was denied a visa to attend the conference. Bailey Whitfield Diffie, who founded public-key cryptography, directly addressed the tension between the legislature, personal privacy and autonomy. Other keynote speakers called for collaboration.

“We are not seeking to destroy encryption, but we are duty-bound to protect the people,” stated FBI Director Christopher Wray. “We need to come together to figure out a way to do this.”

Moving forward to create effective policy will require technical expertise and the advent of a new type of cybersecurity expert: the public interest technologist.

Why Policymakers Need Public Interest Technologists

“The problem is that almost no policymakers are discussing [policy] from a technologically informed perspective, and very few technologists truly understand the policy contours of the debate,” wrote Schneier in a blog post this week. “The result is … policy proposals — ­that occasionally become law­ — that are technological disasters.”

“We also need cybersecurity technologists who understand­ — and are involved in — ­policy. We need public-interest technologists,” Schneier wrote. This profession can be defined as a skilled individual who collaborates on tech policy or projects with a public benefit, or who works in a traditional technology career at an organization with a public focus.

The idea of the public interest technologist isn’t new. It has been formally defined by the Ford Foundation, and it’s the focus of a class taught by Schneier at the Harvard Kennedy School. However, it’s clear from the discussions at RSAC and the tension that exists between privacy, policy and technology in cybersecurity dialogue that public interest technologists are more critically needed than ever before.

Today, Schneier said, “approximately zero percent” of computer science graduates directly enter the field of public interest work. What can cybersecurity leaders and educators do to increase this number and the impact of their talent on the public interest?

Technology and Policy Have to Work Together

Schneier wants public interest technology to become a viable career path for computer science students and individuals currently working in the field of cybersecurity. To that end, he worked with the Ford Foundation and RSAC 2019 to set up an all-day mini-track at the conference on Thursday. Throughout the event, there was a focus on dedicated individuals who are already working to change the world.

Schneier isn’t the only expert pushing for more collaboration and public interest work. A Tuesday panel discussion focused on how female leaders in government are breaking down barriers, creating groundbreaking policy and helping the next generation of talent flourish. Public interest track speaker and former data journalist Matt Mitchell was inspired by the 2013 George Zimmerman trial to create the nonprofit organization CryptoHarlem and start a new career as a public interest cybersecurity expert, according to Dark Reading.

On Thursday, IBM Security General Manager Mary O’Brien issued a clear call for organizations to change their approach to cybersecurity, including focusing on diversity of thought in her keynote speech. “Cross-disciplinary teams provide the ideas and insights that help us get better,” O’Brien said. “We face complex challenges and diverse attackers. Security simply will not be better or best if we rely on technologists alone.”

It’s Time for Organizations to Take Action

When it comes to creating an incentive for talented individuals to enter public interest work, a significant piece of responsibility falls on private industry. Schneier challenged organizations to work to establish public interest technology as a viable career path and become more involved in creating informed policy. He pointed to the legal sector’s offering of pro bono work as a possible financial model for organizations in private industry.

“In a major law firm, you are expected to do some percentage of pro bono work,” said Schneier. “I’d love to have the same thing happen in technology. We are really trying to jump start this movement … [however, many] security vendors have not taken this seriously yet.”

There are already some examples of private organizations that are creating new models of collaboration to create public change, including the Columbia-IBM Center for Blockchain and Data Transparency, a recent initiative to create teams of academics, scientists, business leaders and government officials to work through issues of “policy, trust, sharing and consumption” by using blockchain technology.

It’s possible to achieve the idea of “better” for everyone when organizations become actively involved in public interest work. There is an opportunity to become a better company, strengthen public policy and attract more diverse talent at the same time.

“We need a cultural change,” said Schneier.

In a world where technology and culture are one and the same, public interest technologists are critical to a better future.

The post At RSAC 2019, It’s Clear the World Needs More Public Interest Technologists appeared first on Security Intelligence.

Report: China, Like Russia, Uses Social Media to Sway U.S. Public Opinion

Russia isn’t the only nation using social media sites like Facebook, Twitter and Instagram to spread its political message across in the United States; China also is using social media–albeit in different ways–to sway public opinion and make the Communist country look favorable to the American public, research has found....

Read the whole entry... »

Related Stories

The Election Fix: Upgrading Georgia’s Electronic Voting Machines

Electronic voting systems are touted as a modern solution for fast and accurate vote tallies, but without appropriate safeguards, these systems run the very serious risk of eroding public confidence in election results. In Georgia, we’ve been using the iconic AccuVote TSX machines from Diebold for as long as I’ve lived here. The way it […]… Read More

The post The Election Fix: Upgrading Georgia’s Electronic Voting Machines appeared first on The State of Security.

Privacy and Security by Design: Thoughts for Data Privacy Day

Data Privacy Day has particular relevance this year, as 2018 brought privacy into focus in ways other years have not. Ironically, in the same year that the European Union’s (EU) General Data Protection Regulation (GDPR) came into effect, the public also learned of glaring misuses of personal information and a continued stream of personal data breaches. Policymakers in the United States know they cannot ignore data privacy, and multiple efforts are underway: bills were introduced in Congress, draft legislation was floated, privacy principles were announced, and a National Institute of Standards and Technology (NIST) Privacy Framework and a National Telecommunications and Information Administration (NTIA) effort to develop the administration’s approach to consumer privacy are in process.

These are all positive steps forward, as revelations about widespread misuse of personal data are causing people to mistrust technology—a situation that must be remedied.

Effective consumer privacy policies and regulations are critical to the continued growth of the U.S. economy, the internet, and the many innovative technologies that rely on consumers’ personal data. Companies need clear privacy and security expectations to not only comply with the diversity of existing laws, but also to grow businesses, improve efficiencies, remain competitive, and most importantly, to encourage consumers to trust organizations and their technology.

If an organization puts the customer at the core of everything it does, as we do at McAfee, then protecting customers’ data is an essential component of doing business. Robust privacy and security solutions are fundamental to McAfee’s strategic vision, products, services, and technology solutions. Likewise, our data protection and security solutions enable our enterprise and government customers to more efficiently and effectively comply with regulatory requirements.

Our approach derives from seeing privacy and security as two sides of the same coin. You can’t have privacy without security. While you can have security without privacy, we strongly believe the two should go hand in hand.

In comments we submitted to NIST on “Developing a Privacy Framework,” we made the case for Privacy and Security by Design. This approach requires companies to consider privacy and security on the drawing board and throughout the development process for products and services going to market. It also means protecting data through a technology design that considers privacy engineering principles. This proactive approach is the most effective way to enable data protection because the data protection strategies are integrated into the technology as the product or service is created. Privacy and Security by Design encourages accountability in the development of technologies, making certain that privacy and security are foundational components of the product and service development processes.

The concept of Privacy and Security by Design is aspirational but is absolutely the best way to achieve privacy and security without end users having to think much about them. We have some recommendations for organizations to consider in designing and enforcing privacy practices.

There are several layers that should be included in the creation of privacy and data security programs:

  • Internal policies should clearly articulate what is permissible and impermissible.
  • Specific departments should specify further granularity regarding policy requirements and best practices (e.g., HR, IT, legal, and marketing will have different requirements and restrictions for the collection, use, and protection of personal data).
  • Privacy (legal and non-legal) and security professionals in the organization must have detailed documentation and process tools that streamline the implementation of the risk-based framework.
  • Ongoing organizational training regarding the importance of protecting personal data and best practices is essential to the continued success of these programs.
  • The policy requirements should be tied to the organization’s code of conduct and enforced as required when polices are violated.

Finally, an organization must have easy-to-understand external privacy and data security policies to educate the user/consumer and to drive toward informed consent to collect and share data wherever possible. The aim must be to make security and privacy ubiquitous, simple, and understood by all.

As we acknowledge Data Privacy Day this year, we hope that privacy will not only be a talking point for policymakers but that it will also result in action. Constructing and agreeing upon U.S. privacy principles through legislation or a framework will be a complicated process. We better start now because we’re already behind many other countries around the globe.

The post Privacy and Security by Design: Thoughts for Data Privacy Day appeared first on McAfee Blogs.

Step Up on Emerging Technology, or Risk Falling Behind

Earlier last year, the U.S. Commerce Department’s Bureau of Industry and Security (BIS) put out a call for public comment on criteria for identifying emerging technologies that could potentially be subject to future export control regulations. The tech industry responded in full force, providing recommendations for how the federal government can ensure U.S. competitiveness in the global market while supporting the development of emerging technology (read comments submitted by McAfee here).

Emerging technology poses an interesting challenge for tech companies and federal regulators alike. In many cases, technologies that BIS designates as “emerging,” such as AI and machine learning, are already in widespread use around the world. Other technologies like quantum computing are very much in the research and development phase but have the potential to alter the course of national security for decades to come. Many of these technologies are difficult to define and control, and many are software-based, which greatly complicates the development of regulation. Software technologies, by their very nature, are fundamentally different from physical items and physical process technologies. Their intangible, readily-reproducible character makes software-based technologies inherently difficult to define and control.

This task is enormous and must be handled cautiously, as history has provided countless examples of how overregulation has the capability to hamper development. A poignant example of overregulation at the cost of progress is the automobile industry. According to Deloitte, although tough restrictions on automobiles were nothing but well-intentioned in the late 1800’s, regulation greatly hampered research and advancement. The early days of the automobile industry should serve as a cautionary tale when it comes to regulating new and innovative technology.

The U.S. is in a unique position to act to protect our technological interest and secure the nation’s position as a global leader. The U.S. secured a pivotal tech leadership role, having spearheaded the development of the internet in the early 1990’s. The nation has immense power and potential to take the mantle on emerging technology, and the stakes are high. Some of the country’s greatest accomplishments have stemmed from empowering the private sector and encouraging innovation. For example, tremendous strides in private sector space exploration have been made possible due to the support and administration of empowering legislation. Companies like SpaceX and Boeing are creating next generation space technology, working each day to ensure that the U.S. maintains competitiveness.

Cybersecurity is another area that requires particular attention. Given the global availability of cybersecurity tools, many of which make use of the emerging technologies under review, McAfee understands that great care needs to be taken by our government before imposing additional export controls on American cyber companies. These rules can have the unintended and harmful consequence of stunting the growth and technical capabilities of the very companies that currently protect vital U.S. critical infrastructure, including federal and state government infrastructure, from cyber-attacks. As a leading nation, it is critical to stay ahead of threats by criminal actors. This is only possible if cyber companies have the ability to access global markets to fund the research and development needed to keep pace with rapid innovation. Controls should be implemented with a great understanding of the need to stay competitive in global innovation, particularly when it comes to cybersecurity.

Overregulation could cause great harm, and the U.S. government must tread carefully in administering a carefully-crafted, targeted approach. Rather than burdening U.S. software companies with new and substantial export control compliance costs, the U.S. should seek to empower these companies. Any controls deemed essential by the government should be as narrowly tailored as possible, especially given the broad range of current and future companies and technologies. A multilateral approach to export controls on emerging technologies is vital for U.S. companies to remain innovative and competitive in the global marketplace. This cautious approach would ensure alignment between the private and public sectors, ultimately allowing for emerging technology to be front and center. Providing an ecosystem in which the technology of tomorrow can flourish is essential to the U.S. continuing to blaze the trail on emerging technologies.

The post Step Up on Emerging Technology, or Risk Falling Behind appeared first on McAfee Blogs.

New DHS Agency Will Provide Needed Emphasis on Cybersecurity

Cybersecurity is playing an increasingly greater role in our government and economy. As our world becomes more interconnected, the cyberthreat landscape is growing and rapidly evolving. To address both physical threats and cyberthreats, the leading federal agency must have the flexibility and resources to quickly mitigate any potential interruptions or harm.

Last week, a critical step was taken in how the Department of Homeland Security (DHS) manages cybersecurity. The long-awaited Cybersecurity and Infrastructure Security Agency (CISA) Act was signed into law by the president, reorganizing the former National Protection and Programs Directorate (NPPD) into CISA. The permanent establishment of a stand-alone federal agency equipped to deal with cyberthreats is long overdue and welcome among the cybersecurity community.

CISA will be its own department within DHS, similar to the Transportation Security Administration (TSA), and will be led by cybersecurity expert, NPPD Under Secretary Christopher C. Krebs, who has had a distinguished career in both the public and private sectors. Establishing CISA as a stand-alone agency within DHS elevates both the mission of cybersecurity in the federal government and cybersecurity’s importance and solidifies the position of cybersecurity in our economy.

This is a smart decision on the part of Congress and the White House. It will help the newly created agency outline its priorities, advocate for a separate budget, and further develop recruitment efforts. CISA’s leaders will have the ability to continue to drive a culture of cybersecurity within our federal agencies and workforce while enhancing their capabilities to partner with the private sector to address our nation’s most critical cybersecurity threats.

McAfee looks forward to continuing to work with Christopher C. Krebs and his able team, led by CISA Assistant Director for Cybersecurity Jeanette Manfra.

 

The post New DHS Agency Will Provide Needed Emphasis on Cybersecurity appeared first on McAfee Blogs.

QOTD – SEC Chair Clayton on Need for Cooperation

Cybersecurity must be more than a firm-by-firm or agency-by-agency effort. Active and open communication between and among regulators and the private sector also is critical to ensuring the nation’s financial system is robust and effectively protected. Information sharing and coordination are essential for regulators to anticipate potential cyber threats and respond to a major cyberattack, should one arise.
-- Jay Clayton, SEC Chair 

Src: Written Remarks before the Committee on Banking, Housing and Urban Development United States Senate, September 26, 2017

QOTD – SEC Chair Clayton on Cyber Risk Disclosures

[W]e are continuing to examine whether public companies are taking appropriate action to inform investors, including after a breach has occurred, and we will investigate issuers that mislead investors about material cybersecurity risks or data breaches.
-- Jay Clayton, SEC Chair 

Src: Written Remarks before the Committee on Banking, Housing and Urban Development United States Senate, September 26, 2017

QOTD – Raskin on Cybersecurity as Shared Responsibility

Understanding and dealing with the cyber threat has, due to your efforts, seeped from the IT shop and into the CEO shop.  Responsibility is now shared. In fact, this new shared responsibility, among IT experts, the CEO, and the board of directors, has been the most noticeable trend in governance from my time in the industry, in state government, and in the federal government.  Bankers rarely used to talk to me much about cybersecurity.  Now, this is one topic that comes up every day.
-- Treasury Deputy Secretary Sarah Bloom Raskin

Src: Remarks of Deputy Secretary Raskin at The Texas Bankers’ Association Executive Leadership Cybersecurity Conference

QOTD – Admiral Rogers on Cyber War

Cyber war is not some future concept or cinematic spectacle, it is real and here to stay.
[...]
Conflict in the cyber domain is not simply a continuation of kinetic operations by digital means, nor is it some Science Fiction clash of robot armies.

-- Admiral Michael Rogers, Commander of US Cyber Command,
Testimony before US House Committee on Armed Service (May 2017)

Src: Docs.House.Gov