Public Sector Cybersecurity Weekly Briefing 06-01-2018

Senate Defense Bill Aims to Scrub Cyber Adversaries from U.S. Military Tech
The Senate version of the 2019 National Defense Authorization Act explicitly bars the Chinese telecoms Huawei and ZTE from Defense Department networks while the House draft banned the companies from all federal networks. Intelligence officials and lawmakers have long fretted the companies were tied too closely to the Chinese government.

Senate Banking Committee: Want Fewer Cybersecurity Threats? Ramp Up Regulations
According to Forbes, Senate Banking Committee Chair Mike Crapo and his democratic counterpart Sherrod Brown both agree the financial sector needs better legislation when it comes to protecting consumers’ personal data. Brown describes a bill with provisions that hold companies accountable for data loss but doesn’t know exactly what form that would take — although he does say record bank profits could be used for more cybersecurity investment.

What Georgia’s Failed ‘Hack Back’ Bill Says About the Future of Cybersecurity Laws 
The original language of the proposed bill was considered too vague because it indicated any unauthorized access to a computer system would lead to crimes punishable by fines and a year in jail. This type of legislation could demotivate researchers from exercising “responsible disclosure,” said Alex Yampolskiy, CEO of SecurityScorecard, in an interview with CIO Dive. The bill would have effectively criminalized someone for performing ethical security research if a company chose to pursue legal action.

Realistic ‘Zero Trust’ for Your Cybersecurity Program
First, you can’t implement any single technology and “turn on” zero trust. Instead, since it’s a philosophy or mindset that defines your whole approach, implementation requires multiple technologies working together. This might include identity and access management (IAM) systems, network equipment and technologies, authentication technologies, operating system services, and numerous other technologies up and down the stack. On the plus side, adopting the zero trust mindset may not require that you buy anything new — only that you rethink how you use what you already might have.

Critical Infrastructure Attacks on the Rise
In last year’s Trends report we said that we expected infrastructure attacks to “continue to generate headlines and disrupt lives in 2017”. Sadly, we were right, and unfortunately, I have to say that the same trend is likely to continue in 2018 for reasons outlined in this update. It should be noted that critical infrastructure is more than just the power grid and includes the defense and healthcare sectors, critical manufacturing and food production, water, and transportation.

 

Stay up to date on the Public Sector Information Security news that you need to know by signing up for our Public Sector Briefing Here.

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.