Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: Cybersecurity

Cybersecurity: Actions Needed to Strengthen U.S. Capabilities

Cybersecurity: Actions Needed to Strengthen U.S. Capabilities, GAO-17-440T: Published: Feb 14, 2017. Publicly Released: Feb 14, 2017. “GAO has consistently identified shortcomings in the federal government’s approach to ensuring the security of federal information systems and cyber critical infrastructure as well as its approach to protecting the privacy of personally identifiable information (PII). While previous administrations and agencies have acted to improve the protections over federal and critical infrastructure information and information systems, the federal government needs to take the following actions to strengthen U.S. cybersecurity:

  • Effectively implement risk-based entity-wide information security programs consistently over time. Among other things, agencies need to (1) implement sustainable processes for securely configuring operating systems, applications, workstations, servers, and network devices; (2) patch vulnerable systems and replace unsupported software; (3) develop comprehensive security test and evaluation procedures and conduct examinations on a regular and recurring basis; and (4) strengthen oversight of contractors providing IT services.
  • Improve its cyber incident detection, response, and mitigation capabilities. The Department of Homeland Security needs to expand the capabilities and support wider adoption of its government-wide intrusion detection and prevention system. In addition, the federal government needs to improve cyber incident response practices, update guidance on reporting data breaches, and develop consistent responses to breaches of PII.
  • Expand its cyber workforce planning and training efforts. The federal government needs to (1) enhance efforts for recruiting and retaining a qualified cybersecurity workforce and (2) improve cybersecurity workforce planning activities.
  • Expand efforts to strengthen cybersecurity of the nation’s critical infrastructures. The federal government needs to develop metrics to (1) assess the effectiveness of efforts promoting the National Institute of Standards and Technology’s (NIST) Framework for Improving Critical Infrastructure Cybersecurity and (2) measure and report on effectiveness of cyber risk mitigation activities and the cybersecurity posture of critical infrastructure sectors.
  • Better oversee protection of personally identifiable information. The federal government needs to (1) protect the security and privacy of electronic health information, (2) ensure privacy when face recognition systems are used, and (3) protect the privacy of users’ data on state-based health insurance marketplaces.”

NSA Contractor Facing Federal Indictment for Willful Retention of National Defense Information

Follow up to previous posting – Former NSA contractor removed 50 terabytes of classified data, via DOJ – “A federal grand jury returned an indictment today charging Harold Thomas Martin III, 52, of Glen Burnie, Maryland, with willful retention of national defense information. Martin Harold Indictment “As a private contractor who worked on classified programs… Continue Reading

Beyer, Johnson, Lipinski Ask for Hearing on Trump Administration Cybersecurity Vulnerabilities

“Democratic leaders on the House Committee on Science, Space, and Technology sent a letter [February 9, 2017] to their Republican counterparts on the Committee’s majority requesting a hearing on lapses in cybersecurity in the Trump White House.   “Just months ago the House Science Committee’s Republican Majority seemed to believe that cybersecurity for the President’s team… Continue Reading

Javelin 2017 Identity Fraud Study

“The 2017 Identity Fraud Study released today by Javelin Strategy & Research (@JavelinStrategy), revealed that the number of identity fraud victims increased by sixteen percent (rising to 15.4 million U.S. consumers) in the last year, a record high since Javelin Strategy & Research began tracking identity fraud in 2003. The study found that despite the… Continue Reading

New on LLRX – Cybersecurity For Lawyers: The Nitty Gritty

Via LLRX.com – Cybersecurity For Lawyers: The Nitty Gritty – Nicole Black reports that 26 states now require lawyers to stay abreast of changes in legal technology and advises colleagues on how to implement security procedures that will protect your law firm’s data and help to keep client data confidential and secure. Continue Reading

Pew – Americans and Cybersecurity

“Cyberattacks and data breaches are facts of life for government agencies, businesses and individuals alike in today’s digitized and networked world. Just a few of the most high-profile breaches in 2016 alone include the hacking and subsequent release of emails from members of the Democratic National Committee; the release of testing records of dozens of… Continue Reading

ProPublica – How to Protect Your Digital Privacy in the Era of Public Shaming

Americans face unprecedented threats to the digital safety of their personal information. “We offer nine tips to foil hackers, ransomware, online trackers, data brokers and other menaces,” by Julia Angwin, ProPublica, Jan. 26, 2017. “We are living in an era of widespread hacking and public shaming. Don’t like your political rivals? Beg Russia to hack… Continue Reading

Daily Open Source Infrastructure Report End Publication

“Effective January 18, 2017, the Office of Infrastructure Protection (IP) is discontinuing the DHS Daily Open Source Infrastructure Report. The discontinuation of this report is part of broader efforts to more efficiently focus resources towards the highest priority needs of the critical infrastructure security and resilience community. IP is committed to working closely with our… Continue Reading

FCC White Paper – Cybersecurity Risk Reduction

Cybersecurity Risk Reduction – Public Safety & Homeland Security Bureau – Federal Communications Commission – David Simpson, Rear Admiral (ret.) USN, Bureau Chief, January 18, 2017. “The White Paper describes the risk reduction portfolio of the current FCC and suggests actions to affirmatively reduce cyber risk in a manner that incents competition, protects consumers, and… Continue Reading

KPMG – The largest cyber fraud in UK Courts since 2008 – £113 million

Hitesh N Patel, UK Forensic Partner at KPMG – “The Fraud Barometer recorded a rise in cyber-enabled fraud, up 1266 percent on 2015 figures. The cases include a £113 million cyber fraud, the largest recorded in UK Courts since 2008, as professional criminals cold-called bank customers and stole their money to fund their luxury lifestyle. Sophisticated… Continue Reading

Summary Report on Audits of Security Controls for TSA Information Technology Systems at Airports

DHS OIG – Summary Report on Audits of Security Controls for TSA Information Technology Systems at Airports, December 30, 2016. OIG-17-14. “Our previous reports identified numerous deficiencies in security controls for TSA’s IT systems and equipment at airports. These deficiencies included inadequate physical security for TSA server rooms at airports, unpatched software, missing security documentation,… Continue Reading

Data Breaches Increase 40 Percent in 2016, Finds New Report from Identity Theft Resource Center and CyberScout

SCOTTSDALE, Ariz. and SAN DIEGO, Jan. 19, 2017 /PRNewswire/ — The number of U.S. data breaches tracked in 2016 hit an all-time record high of 1,093, according to a new report released today by the Identity Theft Resource Center (ITRC) and CyberScout (formerly IDT911). This represents a substantial hike of 40 percent over the near record high of… Continue Reading