Public Sector Cybersecurity Weekly Briefing 11-10-2017

Trump Signs Cyber Crime Fighting Act to Train Up Local and State Law Enforcement
Introduced by Rep. John Ratcliffe, R-Texas, the legislation authorizes the highly regarded National Computer Forensics Institute (NCFI) in Hoover, Ala., which has trained nearly 7,000 local officials from 50 states and three U.S. territories. Shortly after Ratcliffe introduced his bill in March, Sens. Dianne Feinstein, D-Calif., and Chuck Grassley, R-Iowa, introduced a similar bill in the Senate to expand the NCFI its charter to include training local law enforcement in cybersecurity practices.

 

Senator Wants Tech Giants to Help US Retaliate Against Russia
The fact that the tech giants sent their attorneys and not their CEOs to speak at the hearings didn’t sit well with Senate Majority Leader Mitch McConnell. Of course, he was egged on during an interview with Hugh Hewitt that aired Saturday on MSNBC. […] “They ought to be more interested in cooperating when you have a clear law enforcement issue, more interested in cooperating with law enforcement than they have been[.]” “What we ought to do with regard to the Russians is retaliate, seriously retaliate,” McConnell added. “These tech firms could be helpful in having us, giving us a way to do that.”

 

Beware: This Russian Cyber Warfare Threatens Every Democracy 
The ramifications of this debate are huge. The US and the UK, the two countries that laid the foundations of the post-1945 global liberal order, may have had their political integrity compromised by hostile foreign meddling in a way that helped produce Trump and Brexit. If that turns out to be true, then we are looking at an entirely new world – one whose complexities we may only be starting to fathom.

 

How Government Can Avoid Rushing into IoT
As for the problem of cybersecurity, Todd Davis, vice president of field marketing for CenturyLink, said there are some methods emerging to help prevent unwanted hijacking of IoT devices. “Infrastructure available today, connected to your network, connected to your cloud or private cloud infrastructure, can help avoid some of (those risks) by things like whitelisting.

 

New Wyoming CISO Sets to Work Amid Increased National Cybersecurity Concerns
Young also said that for the first time ever, there is a line item for cybersecurity funding in the budget being considered by the state Legislature. In past years, Young and Wyoming’s Department of Enterprise Technology Services have relied on existing funds or repurposing other moneys to fortify cyberdefenses. This year, however, they’re asking for $2 or $3 million specifically to fund tools and training for cybersecurity.

 

What Governments Can Learn from the Original Russian Cyber Attack
During a contentious debate about how to move an old Soviet-era statue, the government was dealing with riots and protests. In the early stages of the government’s response, officials realized they couldn’t upload press releases about the topic to the government’s website. Then news websites went down, followed shortly thereafter by banks and financial institutions.

 

Hacking the Vote: Threats Keep Changing, but Election IT Sadly Stays the Same
The National Institute of Standards and Technology (NIST) Election Cybersecurity Working Group is making an effort to improve standards for security in collaboration with the Election Assistance Commission. But Joshua Franklin, an IT security engineer at NIST who serves as co-chair of the working group, described the challenges in getting states and counties to adopt such voluntary guidance in full.

 

Feds Have Eye on Cybersecurity Issues as Voters go to Polls
Today, the US electoral system has become highly dependent on technology built on systems that few people put in charge understand. The fundamental weaknesses of decade-old Internet software and operating systems are part of the foundation of America’s electoral process, and they’re ripe for disruption or manipulation. It means an entirely different threat model has to emerge—”secure” may now mean something totally different from the traditional approach.

 

Poll: Americans More Worried About Cyber Crimes Than Other Crimes
The survey found 67 percent of adults worry at least occasionally about computer hackers stealing their personal or financial information and 66 percent are concerned about being a victim of identity theft. The gap between fear of cyber crimes and the next most pressing concern — having your car stolen or broken into — was 28 percentage points. The question about hackers stealing information, which took the top spot, was added this year.

 

Where Hackers Haven’t Directly Influenced Polls, They’ve Undermined our Faith in Democracy
The problem with digital systems is the overarching fear that everything could be blown up in one act of hacker spite. This is compounded by the fact that we don’t know what we don’t know. A further issue with the DREs in Virginia and elsewhere is that they produce no paper trail. They have no vote-auditing capability. We are assured that they have never been hacked but if they were, how would we tell? The real enemy in this is official complacency.

 

Amid Growing Threats, Iowa Lawmakers Push for Better State and Local Cybersecurity
The two legislators’ visit to Microsoft headquarters follows two recent serious breaches of cybersecurity in Iowa: The theft of hundreds of thousands of dollars from 103 retirees’ accounts with the Iowa Public Employees’ Retirement System and a cyberattack involving the Johnston school district that was identified after several parents received anonymous text messages that threatened violence to schools and students.

 

Stay up to date on the Public Sector Information Security news that you need to know by signing up for our Public Sector Briefing Here.

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.

//]]>