Public Sector Cybersecurity Weekly Briefing 05-25-2018

South Carolina Enacts First Insurance Data Security Act
The South Carolina Act will require all insurers, agents and other licensed entities doing business in the state to establish a comprehensive, written information security program by July 1, 2019. The program must be “[c]ommensurate with the size and complexity of the licensee, the nature and scope of the licensee’s activities, including the use of third-party service providers, and the sensitivity of the nonpublic information” that the licensee uses, possesses, or controls.


Senators to DOJ: Reveal Your Secret Paragraph-long Explanation of Stingrays
“While we appreciate your response to our letter, a single paragraph of your response was marked ‘Law Enforcement Sensitive’ and NOFORN,” the trio wrote Thursday to Sessions, using the government moniker for “no foreigners.” […] “In this instance, the designations limit the public’s access to critical information about how innocent Americans may be adversely impacted by domestic surveillance practices,” the letter continued. “Americans have a right to understand how technology used by the government may disrupt the communications of innocent bystanders not subject to investigation.”


The Cybersecurity 202: We Surveyed 100 Security Experts. Almost All Said State Election Systems Were Vulnerable.
Each state is responsible for running its own elections, and many state officials view attempts by the federal government to intervene with skepticism — if not outright opposition. But some experts said the magnitude of the threats from state-sponsored adversaries is too great for states to deal with alone. “Given the gravity of the nation-state threats we face, much more needs to be done at every level — including a strong declarative policy that this activity is unacceptable and will trigger a strong response[.]”


Georgia is Voting on Insecure Machines in Today’s Primary. This Group is Suing
As the intelligence community warns against a repeat of the kind of digital interference we saw in the 2016 elections, a nonpartisan advocacy organization and a group of Georgia voters are asking a judge to compel the state to abandon its electronic voting machines in favor of paper ballots before the midterm elections. The electronic machines produce no paper vote record, making them virtually impossible to audit.


Stay up to date on the Public Sector Information Security news that you need to know by signing up for our Public Sector Briefing Here.


Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.