Shaun Waterman – Page 15 – WindowsTechs.com

Critics slam cyber hygiene bill as redundant, confusing

Posted on July 1, 2017 by Shaun Waterman

A new bill that would direct federal scientists to come up with a short list of cybersecurity best practices for consumers, businesses and federal agencies is sparking concern from some observers, who fret it will reinvent the wheel, create confusion, and fail to be effective because best practices are widely ignored. The bill, which has bicameral and bipartisan support, would mandate scientists at the National Institute for Standards and Technology to partner with the Department of Homeland Security and the Federal Trade Commission in order to create concise, voluntary guidelines for basic online security measures, dubbed “cyber-hygiene.” Critics say they are already several existing lists of best practices, including the Top 20 and Top 5 Security Controls list maintained by the non-profit Center for Internet Security. “I am all for improving hygiene, but this bill will have no positive impact and because it will create another set of ‘best practices’ [and] it […]

The post Critics slam cyber hygiene bill as redundant, confusing appeared first on Cyberscoop.

Continue reading Critics slam cyber hygiene bill as redundant, confusing→

Bipartisan bill tells NIST to develop ‘cyber-hygiene’ guide for public, businesses

Posted on June 30, 2017 by Shaun Waterman

Federal scientists at the National Institute for Standards and Technology would be tasked — in consultation with the Department of Homeland Security and the Federal Trade Commission — to develop concise voluntary guidelines for basic online security measures, called cyber-hygiene, under a new bipartisan bill introduced in both chambers of Congress. The bill would also mandate DHS to investigate the cybersecurity risks posed by the burgeoning number of small, cheap devices connected to the web as part of the mushrooming internet of things or IoT. In the Senate, S.1475 — “A bill to provide for the identification and documentation of best practices for cyber hygiene by the National Institute of Standards and Technology, and for other purposes” — was introduced Thursday by Republican Orin Hatch of Utah, chairman of the powerful Finance Committee, and Democrat Ed Markey of Massachusetts, a veteran of tech-policy debates. The House version, HR.3010, the Promoting Good Cyber Hygiene Act […]

The post Bipartisan bill tells NIST to develop ‘cyber-hygiene’ guide for public, businesses appeared first on Cyberscoop.

Continue reading Bipartisan bill tells NIST to develop ‘cyber-hygiene’ guide for public, businesses→

U.S. Copyright Office seeks changes to anti-piracy law derided by white-hat hackers

Posted on June 27, 2017 by Shaun Waterman

The U.S. Copyright Office is calling for wide-ranging reforms of an anti-piracy law that critics say restricts the “right to tinker” and puts white-hat cybersecurity researchers in legal jeopardy. In a little-noticed report published last week, the office questions the “overall operation and effectiveness” of Section 1201 of the Digital Millennium Copyright Act, or DMCA. The section makes it a federal crime to to circumvent or get around special “technological protection measures,” designed to prevent piracy of digital products. The law was designed to protect movies, recorded music or books from endless duplication and distribution online. Critics of the section say that — because so many things now include software, and most has some form of anti-piracy protection — it’s effectively illegal to repair, tinker with or even look for security flaws in almost any kind of “smart” or connected product, despite an exemption under the la for security testing. “The current exemption includes a requirement that security researchers obtain prior permission” for any […]

The post U.S. Copyright Office seeks changes to anti-piracy law derided by white-hat hackers appeared first on Cyberscoop.

Continue reading U.S. Copyright Office seeks changes to anti-piracy law derided by white-hat hackers→

Pro-ISIS script kiddies hit Ohio state websites

Posted on June 26, 2017 by Shaun Waterman

Several state government websites in Ohio, including those of former Gov. John Kasich and his wife, Ohio First Lady Karen Kasich, were defaced over the weekend in a rash of hacking activity aimed at state and local governments claimed by Algeria-based pro-ISIS hacktivists. The defaced websites played the Islamic call to prayer and threatened President Donald Trump, noting that he would be held accountable for “every drop of blood flowing in Muslim countries” and ended “I Love Islamic state [sic].” An Ohio official told the AP that the hacks happened about 11am on Sunday, and the sites were all restored by Monday morning, as were most of the others struck. According to Zone-H, an Estonia-based site that has tracked website defacements like these for 15 years, the targets included government websites of Howard County, Maryland and other towns and counties in New York, Idaho and California. Zone-H preserved a mirror of the defaced Ohio governor’s site […]

The post Pro-ISIS script kiddies hit Ohio state websites appeared first on Cyberscoop.

Continue reading Pro-ISIS script kiddies hit Ohio state websites→

Pro-ISIS script kiddies hit Ohio state websites

Posted on June 26, 2017 by Shaun Waterman

The post Pro-ISIS script kiddies hit Ohio state websites appeared first on Cyberscoop.

Continue reading Pro-ISIS script kiddies hit Ohio state websites→

Fitch: Cybersecurity insurance market crossed billion-dollar earnings mark in 2016

Posted on June 23, 2017 by Shaun Waterman

Insurers earned $1.35 billion from cyber insurance premiums last year, a 35 percent increase over the year before, according to new figures from the ratings agency Fitch. More than two-thirds of that total, about $921 million, was stand-alone cyber insurance; with $429 million being the estimated total premium value of package components or multi-risk insurance policies, which cover a variety of hazards. The total figure for last year “likely underestimates the industry’s cyber premium exposure due to the challenges inherent in breaking out cyber-related premium from other coverages in multi-line products,” states the Fitch report. The breakdown between stand-alone and packaged policies is very different than 2015, when the $998 million total coverage figure was almost equally divided between stand-alone and package premiums. The difference is accounted for by one insurer, AIG, changing the way it reports its business. In 2016, the company began classifying all of its cyber premiums as stand-alone business, as opposed to 2015, when it […]

The post Fitch: Cybersecurity insurance market crossed billion-dollar earnings mark in 2016 appeared first on Cyberscoop.

Continue reading Fitch: Cybersecurity insurance market crossed billion-dollar earnings mark in 2016→

HHS faces flak over new cyber center

Posted on June 23, 2017 by Shaun Waterman

The Department of Health and Human Services’ new national cybersecurity intelligence-sharing clearinghouse appears to duplicate the role of similar entities in the federal government and in the private sector, say key lawmakers and some leaders in the health care industry. Critics say the creation of the Healthcare Cybersecurity and Communications Integration Center, or HCCIC, is moving the goalposts for the industry, which was answering the U.S. government’s call to create a private-sector cyberthreat-sharing ecosystem. HCCIC is being modeled after the Department of Homeland Security’s 24-hour watch center, the National Cybersecurity and Communications Integration Center, or NCCIC — and some fret it may duplicate its functions. Defenders of the new clearinghouse are playing down the idea that HCCIC might be redundant. They argue it can provide a depth of specialist knowledge about the health care sector DHS lacks, and that the industry’s own membership-based information sharing organizations cannot match the universal service HCCIC will provide. The health care industry “feels […]

The post HHS faces flak over new cyber center appeared first on Cyberscoop.

Continue reading HHS faces flak over new cyber center→

NIST finalizes radical update of digital ID guidelines

Posted on June 22, 2017 by Shaun Waterman

Federal scientists at the National Institute of Standards and Technology have finalized a major update to their guidelines on digital identity authentication, getting rid of outdated requirements like the regular changing of passwords and introducing standards for the use of biometrics and keysticks or other authenticating two-factor tokens. The final document, dubbed NIST Special Publication 800-63, is the third revision of the guidelines and the end product of a year-plus long process of public consultation, NIST Senior Standards and Technology Advisor Paul Grassi said in a blog post. More than 74,000 unique visitors looked at the drafts of the revised document on the agency’s website over the past year, he said, and there were more than 14000 comments submitted. “There is no way a document this comprehensive could have evolved without the direct input of stakeholders, who contributed consistently throughout the drafting process,” wrote Grassi, adding that this was the agency’s first […]

The post NIST finalizes radical update of digital ID guidelines appeared first on Cyberscoop.

Continue reading NIST finalizes radical update of digital ID guidelines→

Israeli startup Cybereason gets $100M series D funding

Posted on June 22, 2017 by Shaun Waterman

Cybereason, the next-generation cybersecurity firm founded by veterans of the Israeli Defense Forces cyberwar force Unit 8200, has raised $100 million series D money from its partner, customer and existing funder, the Japanese tech-finance giant SoftBank Corp. The new round more than doubles the amount the the company raised in its series A, B and C rounds, which brought in a combined total just under $90 million from funders Lockheed Martin, SoftBank Corp., and venture capital outfits CRV and Spark Capital. Last year it moved its global headquarters to Boston from Tel Aviv, though it still has a base in the Israeli city. It also has a presence in London and a joint venture with SoftBank in Tokyo. “This new funding allows us to increase our growth through new distribution channels and to develop new technologies,” said Lior Div, Cybereason co-founder and CEO in a statement. A company executive enlarged on that, […]

The post Israeli startup Cybereason gets $100M series D funding appeared first on Cyberscoop.

Continue reading Israeli startup Cybereason gets $100M series D funding→

Question for states: Why isn’t more DHS grant money funneled to cybersecurity?

Posted on June 19, 2017 by Shaun Waterman

A House bill to reauthorize the Department of Homeland Security includes a requirement to study why state and local governments have not been using homeland security grant programs to fill the large gaps in their cybersecurity defenses. The requirement was added by voice vote during a markup of the bill by the House Homeland Security Committee as an amendment proposed by Rhode Island Democrat James Langevin. It requires figures on the amount of DHS grant money spent by state and local governments on cybersecurity over the past decade; and a report on “obstacles and challenges related to using grant funds to improve cybersecurity.” “In the [security, threat and risk] self-assessments they do, states consistently identify cyberattacks as one of their top-tier man-made threats, if not one of their top-tier risks overall. And they put cybersecurity at the top of the list of capability gaps they have,” explained a House aide familiar with […]

The post Question for states: Why isn’t more DHS grant money funneled to cybersecurity? appeared first on Cyberscoop.

Continue reading Question for states: Why isn’t more DHS grant money funneled to cybersecurity?→