Public Sector Cybersecurity Weekly Briefing 10-20-2017

How Smart Cities Can Protect Against IoT Security Threats
The security issues facing smart cities are unlike anything ever before seen, and solutions to these problems haven’t yet sprung up en masse, meaning many different interest groups have proposed their own respective plans. By combing through some of today’s proposed solutions, we can identify some of the leading trends that will come to dominate the future of smart city security.

 

DePasquale: Surveys Show Schools, Local Governments Fear Cyber-attacks
The anonymous statewide surveys were conducted over three weeks in August and September, collecting 954 responses, including 177 from school districts and 777 from municipalities. “Even more concerning from the survey is the near-unanimous conclusion from municipal and school officials that the risks of cyber-attacks will increase,” DePasquale said. “These surveys highlight cyber-security concerns, but we must take action before a municipality or school district data breach occurs.”

 

Local Government Agencies Remain Concerned About Lack of Cyber Awareness
In addition to the top concern around cybersecurity, the poll also found that the cybersecurity framework from the National Institute of Standards and Technology and  the security framework from the FBI’s Criminal Justice Information Services are the top guidelines for IT security in local government.

 

Pentagon Chief Asks Congress to Not Hinder Cyber Defense
Language in a draft of the NDAA says that when a cyber attack transits a third party country’s infrastructure or relies upon its networks the U.S. should encourage that nation to take action to eliminate the threat. However, the draft NDAA say the U.S. reserves the right to act unilaterally if needed.

 

Frustrated Senators Demand Cyber War Strategy from Trump
Frustrations over the lack of a comprehensive cyber policy boiled over during a Senate Armed Services Committee hearing on Thursday. The hearing ended with Chairman John McCain (R-Ariz.) issuing a veiled threat to subpoena the White House national security official responsible for coordinating cybersecurity policy across the federal government.

 

George W. Bush: US Must Confront ‘New Era of Cyber Threats’
“America must harden its own defenses. Our country must show resolve and resilience in the face of external attacks on our democracy and that begins with confronting a new era of cyber threats,” Bush said. “This effort is broad, systemic and stealthy. It’s conducted across a range of social media platforms,” Bush said of the threats. “Ultimately this assault won’t succeed, but foreign aggressions including cyberattacks, disinformation and financial influence should never be downplayed or tolerated.”

 

Russian Cyberspies Are Rushing to Exploit Recent Flash 0-Day Before It Goes Cold
It is clear that APT28 is trying to exploit the CVE-2017-11292 zero-day before the vast majority of users receive patches or update their systems. […] This is also not the first time the group races to exploit a zero-day before most of its targets patch their systems. The group did the same in May this year after Microsoft patched three zero-days — CVE-2017-0261 (Office EPS feature), CVE-2017-0262 (Microsoft Word), and CVE-2017-0263 (Windows).

 

U.S Lawmakers File Bill to Enable Businesses to Pursue Cyber-Criminals
If passed, the legislation would carve out exemptions in the Computer Fraud and Abuse Act (CFAA) of 1986 to allow companies to utilize computers and networks without authorization, but only if they are doing so to attribute or disrupt an attack, to retrieve or destroy stolen files, or to monitor attackers.

 

Local Government Agencies Remain Concerned About Lack of Cyber Awareness
In addition to the top concern around cybersecurity, the poll also found that the cybersecurity framework from the National Institute of Standards and Technology and  the security framework from the FBI’s Criminal Justice Information Services are the top guidelines for IT security in local government.

 

Stay up to date on the Public Sector Information Security news that you need to know by signing up for our Public Sector Briefing Here.

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.

//]]>