Tag Archive for: regulations

DHS and 5G security. US State Department’s first cyber ambassador. China’s cybersecurity regulations.

/in


At a glance.

  • DHS and 5G security.
  • US State Department’s first cyber ambassador.
  • China’s cybersecurity regulations.

US Department of Homeland Security’s quest to secure 5G tech.

SIGNAL Magazine offers a look at the US Department of Homeland Security’s (DHS)’s progress in filling security gaps presented by 5G technology identified by the Cybersecurity and Infrastructure Security Agency (CISA). 5G has become increasingly critical to DHS’s goals, and its Science and Technology Directorate leads the Secure and Resilient Mobile Network Infrastructure program (SRMNI) and the sister program Emergency Communications Research and Development. Brent Talbot, a program manager within the Science and Technology Directorate’s Office of Mission Capability and Support, explains, “CISA is our customer, and they are looking to get some research and development performed to fill some cybersecurity gaps in the mobile 5G infrastructure. They’re looking to secure those venues for not only the general public but for the government, for the nation. We’re trying to push the boundaries of what is known, and we’re looking to protect those communications venues, especially for our frontline workers, the emergency responders.” SRMNI’s goal is to provide solutions and knowledge that will help officials to make risk- and cost-informed decisions regarding capability gaps, threat identification, architectural frameworks and potential mitigations. Already, 4K Solutions LLC has developed GovSecure, a protected domain name system available on Google Play store and the Apple App Store that allows secure, untraceable communications for sensitive but unclassified messages.

US State Department names its inaugural cyber ambassador. 

CyberScoop reports that the US State Department has selected Nathaniel Fick as its first Ambassador-at-Large for Cyberspace and Digital Policy, pending confirmation from the US Senate. Launched in April, the Bureau of Cyberspace and Digital Policy is focused on supporting the White House’s effort to provide digital aid to allies and US leaders as they set global cyber standards. Currently the general manager of information security for internet search company Elastic, Fick…

Source…

FCC Proposes Stricter Regulations for Data Breach Disclosure 

/in


The Federal Communications Commission (FCC) has proposed stricter requirements for companies to disclose data breaches.

According to the proposal, companies would be required to notify customers affected by inadvertent breaches, and the one-week waiting period before disclosure would be eliminated.

The updates would better align the FCCs rules with recent developments in federal and state data breach laws covering other sectors.    

Lisa Plaggemier, interim executive director of the National Cyber Security Alliance, explained the Biden administration—and government in general—have been making a lot of positive attempts to build more modern and effective cybersecurity protocols in the wake of last year’s news cycle dominated by several high-profile breaches.

“These new guidelines fall right in line with these overarching intentions, and similar measures will likely follow suit in the months and years to come,” she said. 

Unfortunately, last year’s hectic breach-centric news cycle laid bare just how fragmented the government’s oversight and reporting procedures are for the cybersecurity industry.

Moreover, Plaggemier said those constant reports highlighted how important it is for the public and private sector to rethink the way we collectively approach cybersecurity and report cybersecurity incidents.

FCC Addresses Breach Notification Requirements

The proposal outlines several updates to current FCC rules addressing telecommunications carriers’ breach notification requirements, including requiring carriers to notify the commission of all reportable breaches in addition to the FBI and U.S. Secret Service.

The FCC proposal also seeks comment on whether the commission should require customer breach notices to include specific categories of information to help ensure they contain actionable information useful to the consumer, and proposes to make consistent revisions to the commission’s telecommunications relay services (TRS) data breach reporting rule.  

“Current law already requires telecommunications carriers to protect the privacy and security of sensitive customer information,” FCC chairwoman Jessica Rosenworcel said in a statement. “But these rules need…

Source…

Healthcare Highlights: Cyber-Security, Licensing Board Issues, and Employer COVID-19 Regulations | Ward and Smith, P.A.

/in


Recently, several Ward and Smith attorneys held a Health Care Breakfast and Learn to provide insights on the healthcare industry relevant to their specific areas of expertise, from privacy and data security to professional licensing issues and, labor and employment.

Privacy and Data Security

Peter McClelland, a privacy, data security, and technology attorney who is also a Certified Information Privacy Professional, began the discussion with some trends and tips for healthcare providers to be aware of in regards to cybersecurity.

“Healthcare and financial services are always neck and neck each year for which industry in the United States gets targeted the most by malicious cyber actors,” said McClelland.

In the world of data security, there are three major trends that have been especially relevant to healthcare providers over the past few years:

  • Substantial increase in cyberattacks – malicious actors using trusted third parties or managed service providers to gain access to computer systems and personal information
  • Significant uptick in the sophistication of cyberattacks – phishing schemes, tiny changes in email addresses, and spoofed email accounts increasingly difficult to identify
  • Increased costs associated with successful attacks – average cost for a data breach in 2020 was around $4 million

Outside of the healthcare industry, an attack on a managed service provider, service partner, or supplier is typically referred to as a supply chain attack. These supply chain attacks are the ones that have made headlines in recent years, with companies such as Colonial Pipeline, Microsoft, and Cassia experiencing significant costs to their finances and brand reputation.

“When you read or hear about any of these things in the news, it can be easy to think that events are only tangentially relevant to you,” explains McClelland, “but the same techniques in all of those get repurposed against entities in the healthcare space every day, whether they make headlines or not.”

McClelland reported that phishing scams in prior years almost seemed to be deliberately obvious in terms of sophistication. Formerly, the most advanced phishing and ransomware technology was mostly just available to…

Source…

TSA working on additional pipeline security regulations following Colonial Pipeline hack

/in


The Transportation Security Administration (TSA) is working on an additional cybersecurity directive for pipeline companies in the wake of the ransomware attack on Colonial Pipeline.



a fenced in area: TSA working on additional pipeline security regulations following Colonial Pipeline hack

© Getty Images
TSA working on additional pipeline security regulations following Colonial Pipeline hack

“We are continuing to develop additional measures for pipeline companies, and we are developing now a second security directive which would have the force of a regulation,” Sonya Proctor, the assistant administrator for Surface Operations at TSA, testified during a hearing held by two House Homeland Security Committee subcommittees on Tuesday.

Loading...

Load Error

The new directive will be the second issued by TSA, with the agency rolling out a directive last month that required pipeline owners and operators to report cybersecurity incidents within 12 hours of discovery to the Cybersecurity and Infrastructure Security Agency (CISA). It also increased coordination between pipeline owners and both CISA and TSA.

Proctor said Tuesday that the upcoming second directive would be classified as more sensitive in nature than the first directive due to “the nature of the mitigating measures that are going to be required.”

She noted that the directive “will require more specific mitigation measures, and it will ultimately include more specific requirements with regard to assessments,” and that TSA inspectors trained in both pipeline operations and cybersecurity will be tasked with ensuring pipeline companies adhere to both directives.

“As recently evidenced, cyber intrusions into pipeline computer networks have the potential to negatively impact our national security, economy, commerce, and wellbeing,” Proctor said as part of her prepared statement for the hearing. “For these reasons, TSA remains committed to securing our Nation’s pipelines against evolving and emerging risks.”

Both directives are being put together by TSA in the wake of the ransomware attack on Colonial Pipeline last month. The company provides 45 percent of the East Coast’s fuel supply, and major gas shortages were seen in several states when Colonial was forced to shut down the entire pipeline for nearly a week to protect operational…

Source…