Sunday, September 30, 2018

LEO Mental Health and Wellness Act

H.R. 2228 the “Law Enforcement Mental Health and Wellness Act of 2017” was signed into law January 10, 2018.




Read more »
Posted by at No comments:
Labels: , ,

Facebook, Inc. (FB) 5 Year Stock Value

From Yahoo Finance:

Facebook, Inc. (FB) NasdaqGS 5 Year Stock Value - Sept 30, 2018
Source: finance.yahoo.com/quote/FB

Yahoo Finance, Technology Sector Heatmap - Sept 30, 2018
Source: finance.yahoo.com/screener/predefined/technology/heatmap

Plus "Tech Stocks This Week: Facebook's Security Breach and More."
Posted by at No comments:
Labels: , ,

Notable Federal Laws Passed in 2018

(Updated 12-14-2018)

Search for federal legislation and more at Congress.gov/search.


H.R.4254 - Women in Aerospace Education Act
12/11/2018 Became Public Law No: 115-303.

H.R.390 - Iraq and Syria Genocide Relief and Accountability Act of 2018
12/11/2018 Became Public Law No: 115-300.

S.2152 - Amy, Vicky, and Andy Child Pornography Victim Assistance Act of 2018
12/07/2018 Became Public Law No: 115-299.

S.140 - A bill to authorize appropriations for the Coast Guard, and for other purposes.
12/04/2018 Became Public Law No: 115-282.

H.R.3359 - Cybersecurity and Infrastructure Security Agency Act of 2018
11/16/2018 Became Public Law No: 115-278.

S.1595 - Hizballah International Financing Prevention Amendments Act of 2018
10/25/2018 Became Public Law No: 115-272.

H.R.4921 - STB Information Security Improvement Act
10/16/2018 Became Public Law No: 115-269.

S.2946 - Anti-Terrorism Clarification Act of 2018
10/03/2018 Became Public Law No: 115-253.

S.994 - Protecting Religiously Affiliated Institutions Act of 2018
09/28/2018 Became Public Law No: 115-249.

S.97 - Nuclear Energy Innovation Capabilities Act of 2017
09/28/2018 Became Public Law No: 115-248.

H.R.1109 - To amend section 203 of the Federal Power Act.
09/28/2018 Became Public Law No: 115-247.

H.R.589 - Department of Energy Research and Innovation Act
09/28/2018 Became Public Law No: 115-246.

H.R.2147 - Veterans Treatment Court Improvement Act of 2018
09/17/2018 Became Public Law No: 115-240.

S.717 - POWER Act
09/04/2018 Became Public Law No: 115-237.

S.770 - NIST Small Business Cybersecurity Act
08/14/2018 Became Public Law No: 115-236.
NIST Small Business Cybersecurity Act
(Sec. 2) This bill amends the National Institute of Standards and Technology Act to require the National Institute of Standards and Technology (NIST) to consider small businesses when it facilitates and supports the development of voluntary, consensus-based, industry-led guidelines and procedures to cost-effectively reduce cyber risks to critical infrastructure.
NIST must disseminate, and publish on its website, standard and method resources that small business may use voluntarily to help identify, assess, manage, and reduce their cybersecurity risks. The resources must be: (1) technology-neutral, (2) based on international standards to the extent possible, (3) able to vary with the nature and size of the implementing small business and the sensitivity of the data collected or stored on the information systems, and (4) consistent with the national cybersecurity awareness and education program under the Cybersecurity Enhancement Act of 2014. Additionally, the resources must include case studies of practical application.
Other federal agencies may also elect to publish the resources on their own websites. 

H.R.2345 - National Suicide Hotline Improvement Act of 2018
08/14/2018 Became Public Law No: 115-233.

H.R.5515 - John S. McCain National Defense Authorization Act for Fiscal Year 2019
08/13/2018 Became Public Law No: 115-232.


S.2245 - KIWI Act
08/01/2018 Became Public Law No: 115-226.

H.R.2353 - Strengthening Career and Technical Education for the 21st Century Act
07/31/2018 Became Public Law No: 115-224.

Read more »
Posted by at No comments:
Labels:

Saturday, September 29, 2018

Hearing on Intellectual Freedom in America

On September 27, 2018 the House Committee on the Judiciary held a hearing titled “The State of Intellectual Freedom in America.” At the hearing, witnesses shared "their stories about alleged political bias, including alleged bias by social media companies on the Internet and college administrators on college campuses targeting professors." There were two witness panels, with a total of nine witnesses. Here is the hearing press release. Here are brief excerpts from the witness written statements.

Dr. Mike Adams, Professor, University of North Carolina at Wilmington (Testimony)
The reason I am here with you is that I am a veteran of a seven and a half year First Amendment lawsuit in which I ultimately prevailed against my university. The story of how that litigation came about and how the university responded to it speaks volumes about what imperils intellectual freedom in higher education today.

Read more »
Posted by at No comments:
Labels: ,

China Media Bulletin - Issue 129

China Media Bulletin publishes insights and analysis on China's media freedom landscape. The following is an outline from Freedom House's China Media Bulletin - Issue 129:

China Media Bulletin - Issue 129 | Source: freedomhouse.org/china-media

Sarah Cook is Freedom House's East Asia Senior Research Analyst as well as the Director of China Media Bulletin. She recently testified before Congress for the hearing "Countering China: Ensuring America Remains the World Leader in Advanced Technologies and Innovation."


Posted by at No comments:
Labels: ,

DoD Cyber Excepted Service (CES) Personnel System

Essye Miller testified before Congress on September 26, 2018 with regards to the cyber operational readiness of the Department of Defense. Ms. Miller is the Department of Defense (DoD) Principal Deputy Chief Information Officer (PDCIO). Her written testimony provides an overview of the DoD Cyber Workforce as well as the Cyber Excepted Service (CES) Personnel System. According to her testimony "the Cyber Excepted Service is an enterprise-wide approach for managing civilian cyberprofessionals across the Department."

From the DoD Cyber Excepted Service FAQs document:
Q15. What are the advantages for employees converting to CES? 
A15. The CES provides many opportunities for current DoD employees which include:
o Qualification-Based (no time-in-grade) Requirements for Promotion
o Promotions and Quality Step Increase Awards Up to step 12 (with justification)
o Future Compensation Initiatives
o Future Career Management Program
o Future Rotational Assignments across the DoD Cyber Community

More about the DoD Cyber Workforce CES Personnel System can be found here and here.

Cyber One Stop - Cyber Excepted Service website
Source: https://www.cpms.osd.mil/Subpage/CyberOneStop/CyberHome

Posted by at No comments:

Interesting Congressional Hearings, September 2018


Links to selected Congressional Hearings for September 2018:


U.S. House Armed Services Committee

9-26-18: The Impact of National Defense on the Economy, Diplomacy, and International Order



U.S. House Committee on Energy and Commerce

9-27-18: State of the Media Marketplace

9-27-18: DOE Modernization: The Office of Cybersecurity, Energy Security, and Emergency Response

Related article:
MeriTalk: "House E&C Hails CESER for Energy Sector, Cyber Protection"


9-26-18: Solutions to Strengthen U.S. Public Safety Communications

.09-26-18: Built in America: Jobs and Growth in the Manufacturing Sector

9-5-18: Twitter: Transparency and Accountability



U.S. House Financial Services Committee

9-28-18: Examining Opportunities for Financial Markets in the Digital Era

9-26-18: Administration Goals for Major Sanctions Programs

Related article:
Financial Services Committee Press Release: "Ensuring the Effective and Successful Implementation of Economic Sanctions"

9-7-18: Survey of Terrorist Groups and Their Means of Financing


U.S. House Foreign Affairs Committee

.09-13-18: Oversight of U.S. Sanctions Policy


U.S. House Homeland Security Committee

9-27-18: Insider Threats to Aviation Security: Airline and Airport Perspectives

9-26-18: Hidden in Plain Sight: Understanding Federal Efforts to Stop Human Trafficking

9-6-18: Understanding Cybersecurity Threats to America's Aviation Sector

Related article:
The Hill: "Cyberattacks are a constant fear 17 years after 9/11"



U.S. House Judiciary Committee

9-27-18: The State of Intellectual Freedom in America




U.S. House Committee on Oversight and Government Reform

9-27-18: The Benefits of a Deregulatory Agenda: Examples from Pioneering Governments

9-26-18: Examining Misconduct and Retaliation at TSA

Related article:
Federal News Radio: "Report blasts TSA leadership for ‘toxic culture,’ blames it for high attrition, poor morale"

9-26-18: Countering China: Ensuring America Remains the World Leader in Advanced Technologies and Innovation

Related article:
The Epoch Times: "US Needs More Tools to Counter China on IP Transfers, Congress Told"



U.S. House Committee on Science, Space, and Technology

9-27-18: Advancing Nuclear Energy: Powering the Future

9-26-18: 60 Years of NASA Leadership in Human Space Exploration: Past, Present, and Future


U.S. House Committee Veterans’ Affairs

9-27-18: Veteran Suicide Prevention: Maximizing Effectiveness and Increasing Awareness | Documents

9-13-18: The Role of the Interagency Program Office in VA Electronic Health Record Modernization


U.S. Senate Committee on Appropriations

.09-06-18: Conduct Oversight of Bureau of Industry & Security, International Trade Administration, & US International Trade Commission


U.S. Senate Committee on Armed Services

9-26-18: Cyber Operational Readiness of the Department of Defense



U.S. Senate Committee on Banking, Housing, and Urban Affairs

9-18-18: Fintech: Examining Digitization, Data, and Technology



U.S. Senate Committee on Commerce, Science, and Transportation

9-26-18: Global Space Race: Ensuring the United States Remains the Leader in Space

9-26-18: Examining Safeguards for Consumer Data Privacy

Related article:
The Guardian: "Silicon Valley finally pushes for data privacy laws at Senate hearing"




9-13-18: Transportation of Tomorrow: Emerging Technologies That Will Move America

9-5-18: Keeping Our Skies Secure: Oversight of the Transportation Security Administration

Related article:
Boston Globe: "TSA official tells Congress that Quiet Skies surveillance has yet to foil any threats"



U.S. Senate Committee on Energy and Natural Resources

09-25-18: Full Committee Hearing to Examine DOE's Efforts in the Field of Quantum Information Science



U.S. Senate Committee on Foreign Relations

.09-18-18: Status of U.S. - Russia Arms Control Efforts

9-5-18: The China Challenge, Part 2: Security and Military Developments

9-5-18: Assessing the Value of the NATO Alliance



U.S. Senate Committee on Homeland Security & Governmental Affairs

9-27-18: Examination of the Effects of Regulatory Policy on the Economy and Business Growth

9-13-18: Evolving Threats to the Homeland


U.S. Senate Committee on Rules and Administration

.09-26-18: Register of Copyrights Selection and Accountability Act


U.S. Senate Committee on Intelligence

9-5-18: Foreign Influence Operations' Use of Social Media Platforms (Company witnesses)
Posted by at No comments:

Wednesday, September 26, 2018

HTTP Working Group

HTTP Working Group website | https://httpwg.org/

From HTTP/2 FAQ's:
Who made HTTP/2?

HTTP/2 was developed by the IETF’s HTTP Working Group, which maintains the HTTP protocol. It’s made up of a number of HTTP implementers, users, network operators and HTTP experts.

Note that while our mailing list is hosted on the W3C site, this is not a W3C effort. Tim Berners-Lee and the W3C TAG are kept up-to-date with the WG’s progress, however.

A large number of people have contributed to the effort, but the most active participants include engineers from “big” projects like Firefox, Chrome, Twitter, Microsoft’s HTTP stack, Curl and Akamai, as well as a number of HTTP implementers in languages like Python, Ruby and NodeJS.

To learn more about participating in the IETF, see the Tao of the IETF; you can also get a sense of who’s contributing to the specification on Github’s contributor graph, and who’s implementing on our implementation list.
Posted by at No comments:
Labels: ,

Tuesday, September 25, 2018

"Cryptography for Human Senses"

From the research paper "Cryptography for Human Senses" by Kimmo Halunen and Outi-Marja Latvala:
One argument that might go against the idea of cryptography for human senses is that one might envision a future of enhanced humans that have abilities to interact with cryptographic protocols in a native way. Such ideas are currently more mainstream in science fiction, but it might be that at some point this could be possible in reality. One example of such future is presented in Hannu Rajaniemi’s novel The Quantum Thief [58]. 
In the book, the Martian society has developed a very elaborate system called gevulot (Hebrew for ”limits”), which is essentially a PKI system that allows the people to achieve various levels of privacy and even choose what parts of conversations and interactions can be ”remembered” by the parties involved. The citizens of Mars have developed skills and an etiquette on how to use this system in their daily lives. Of course, the people living in the society have vastly transcended our current human capabilities. 
On the other hand, it might be possible to realise a system much like gevulot with current cryptographic methods such as attribute-based encryption, homomorphic encryption and other advanced cryptographic primitives. Thus, it would be great to have these systems work in a way that would be accessible to ordinary humans. This then would be an argument in favour of researching cryptography for human senses.


Posted by at No comments:
Labels: ,

Monday, September 24, 2018

Peekaboo

Taiwanese based-company NUUO who makes camera firmware has recently issued a patch for a zero-day vulnerability named Peekaboo (CVE-2018-1149, CVE-2018-1150) that exploits IoT video recorder software. The vulnerability was discovered by Jacob Baines, a senior research engineer at Tenable. From Tenable's blog on CVE-2018-1150 specifically:
If a file named /tmp/moses exists, the backdoor is enabled. It permits the listing of all user accounts on a system, and allows someone to change any account’s password. This would, for example, permit an attacker to view the camera feeds, view CCTV recordings, or remove a camera from the system entirely. This vulnerability has a CVSSv2 Base Score of 4.0 and a Temporal Score of 3.2, and is rated Medium severity. 
This is a very odd artifact. We weren’t able to determine if it’s leftover development code or if it was maliciously added. To be able to activate and utilize the backdoor, an attacker would need to be able to create the file “/tmp/moses,” so the attack would require some form of access or need to be combined with another exploit. Its existence and lack of obfuscation in the code is the real mystery.
Bleeping Computer article.

Posted by at No comments:
Labels: , ,

Saturday, September 22, 2018

House Small Business Hearing on ZTE

On June 27, 2018 the U.S. House Committee on Small Business convened for a hearing titled “ZTE: A Threat to America’s Small Businesses.” Witnesses for the hearing included a group of national security experts.
This hearing will examine the imminent threat posed to America’s small businesses by the Chinese telecommunications firm ZTE... The hearing will also investigate ongoing efforts being made by both the public and private sectors to reduce the challenges small businesses face in dealing with illicit Chinese backed enterprises.

Here are portions of the written statements provided by the witnesses:

Mr. Andy Keiser, Visiting Fellow, National Security Institute, Antonin Scalia Law School, George Mason University (Statement)
As someone who spent the first part of my career roaming these halls as a House staffer, it’s wonderful to be back home among friends – particularly before a Committee that is taking a sobering, bipartisan look at one of America’s greatest long-term national security threats: the threat posed by Zhongxing Telecommunications Equipment Corporation (ZTE) and Huawei to our telecommunications infrastructure. 
I will start with a story to which I imagine many of you will easily relate. My former boss, House Intelligence Committee Chairman Mike Rogers, first became interested in the activities of ZTE and Huawei not because he was a former U.S. Army officer or Federal Bureau of Investigation (FBI) special agent. Initially, his interest did not even stem from his position on the Intelligence Committee, but because a Michigan company approached him with a problem. 
As each of you would do, he listened to that small business owner carefully. As it turned out, Chinese telecommunications companies –ZTE and Huawei – were bidding to build cellular telephone towers in the most rural parts of Michigan, far from population centers like Detroit. This small business owner was happy to compete but said the Chinese telecoms were coming in not just under his price, but under what the materials would cost to build the towers. 
That got a former FBI agent thinking: why on earth would they be doing that? More on this later. 

Read more »
Posted by at No comments:
Labels: ,

Friday, September 21, 2018

AES and ROI Report

NIST released a report making a best effort to provide the economic return on investment for the development of its AES cryptographic algorithm standard.

The report covers the following topics: background, economic analysis framework, economic impact assessment approach, survey results and findings, economic impact of the AES program, 1996-2017, and overall impact assessment conclusions.

This table from the report details the AES Competition Candidate Algorithms:

https://doi.org/10.6028/NIST.GCR.18‐017
Read more »
Posted by at No comments:
Labels: , ,

Thursday, September 20, 2018

FCC Oversight Hearing, August 2018

On August 16, 2018 the Senate Committee of Commerce, Science, and Transportation held a hearing titled "Oversight of the Federal Communications Commission." It was attended by the FCC's Chairman Ajit Pai, as well as three FCC Commissioners. Chairman of the Committee John Thune gave the opening statement. Here is his statement and here are some the highlights:
Welcome to today’s hearing on oversight of the Federal Communications Commission (FCC). [...]
Signed into law in March as part of the spending bill, the RAY BAUM’s Act not only reauthorized the FCC, it also included important spectrum, infrastructure, and broadband deployment provisions, including the MOBILE NOW Act, that will help pave the way for American leadership in the race to 5G.
Under Chairman Pai’s leadership, the FCC has also taken action in a number of areas to help free up more spectrum for wireless use, streamline broadband deployment, and bridge the digital divide – particularly in rural states like my home state of South Dakota. [...] 
As this Committee heard just a few weeks ago, the United States is engaged in a high-stakes race with China, South Korea, and others for leadership in 5G. It’s critical that the United States win this race, and the jobs and investment that come with victory. [...] 
A number of states have adopted legislation to streamline the deployment of small wireless facilities, but the inherently borderless nature of broadband internet access warrants discussion of a national framework. [...]

In the end, American consumers will be the beneficiaries of these efforts. They are—and must remain—at the forefront of the FCC’s decision making across its many responsibilities. [...] 
The FCC must also continue its efforts to protect consumers from fraudulent and unwanted robocalls, which remain among the top consumer complaints. Now that the D.C. Circuit has found many Wheeler-era Telephone Consumer Protection Act rules unreasonably expansive, arbitrary, and capricious, the real work of protecting consumers and restoring reason to TCPA rules has begun. [...]

Finally, before I close, I want to acknowledge the unprecedented measures the Commission has taken under Chairman Pai’s leadership to improve the openness and transparency of Commission processes. 
Publicly releasing drafts of items the FCC plans to vote on weeks prior to doing so has made both the process and products at the FCC better and more available to the American people.
The same applies when the Commission makes mistakes. Along those lines, a recent FCC Inspector General Report about an alleged attack on the Commission’s comment filing system found that “the FCC, relying on [then-Chief Information Officer David] Bray’s explanation of the events, misrepresented facts and provided misleading responses to Congressional inquiries related to this incident.”
As you know, it is absolutely critical that the information provided to Congress and to the American people be correct. I look forward to hearing how the Commission will prevent this in the future. 
I thank the distinguished witnesses for being here today and for working with the Committee on many of these important issue. I look forward to a robust discussion. [...]

The four witnesses provide their opening statements until about minute 30 of the hearing, then the question portion with the senators opens. You can watch the hearing as well as search the transcripts for topics of interest here, as well, of course by searching the written witness testimonies.





Posted by at No comments:
Labels: ,

Wednesday, September 19, 2018

FinTech Hearing: Examining Digitization, Data, and Technology

Brian Knight of George Mason University testified before Congress yesterday September 18, 2018 at at hearing titled "Fintech: Examining Digitization, Data, and Technology." From the Chaiman's opening statement:
Today, I hope to hear from our witnesses about the ways in which fintech is changing the financial sector and the improvements that can be made to ensure the regulatory landscape welcomes that innovation; what kind of data is being collected and used, and how such data is secured and protected; and what are the opportunities and challenges going forward?

From Mr. Knight's statement, pertaining to data collection:
As the Treasury Report notes, the ability of financial service providers to collect and utilize a broader and more diverse selection of consumer data has the potential to improve the provision of financial services, especially to consumers who are poorly served by the status quo.3 Not only could cost-effective access to more data help established firms improve their offerings, it could also encourage competition and innovation from new entrants.  
While the ability to access and utilize more data has a significant upside, it also presents risks. For example, it is possible that the more granular a dataset a financial institution collects on a consumer, the more harm a security breach could cause. Data that might be relatively harmless at one level of detail could become highly sensitive at another. What could be labeled “professional or medical services” at one level of detail could be labeled “marriage counseling” at another. While obtaining more information could allow financial services providers to offer better products, we should also be alert to the risks that could develop.  
Additionally, as the Treasury Department notes, there are divergent regulations at the state level regarding data security and breach notification.4 These different requirements can increase compliance costs for firms and result in citizens being regulated by sets of rules put in place without consultation with them, the consumers.5 Given the predominantly interstate nature of cybersecurity, there is little question that Congress could constitutionally preempt state law to create consistent national standards, and given the costs of the status quo, it may want to consider doing so.

A FinTech hearing was also held earlier this year. Mr. Knight testified at that hearing as well.



Posted by at No comments:
Labels: ,

Tuesday, September 18, 2018

Improving Tech Expertise for Congress

Georgetown Law’s Institute for Technology Law & Policy held a workshop in June 2018 to discuss improving tech and science policy resource services for Congress. Here are some details from the report:
This report summarizes the presentations and reflections of a group convened by Georgetown Law’s Institute for Technology Law & Policy in June 2018 to discuss strategies for improving science and technology policy resources for Congress. The workshop considered recent proposals for reestablishing a technology assessment function in Congress, such as reviving the Office of Technology Assessment (OTA), or shifting tech assessment responsibilities to the Government Accountability Office (GAO) or Congressional Research Service (CRS). It also considered whether certain aspects of tech assessment can be met by outside groups such as the National Academies. The workshop brought together former OTA staff and leadership, current congressional staffers, academics and policy experts for a two-hour discussion.1

Posted by at No comments:
Labels:

Monday, September 17, 2018

Smarter IoT Privacy Protections for Kids (CA SB 327)

From a WaPo article:
A bill to set cybersecurity standards for Web-connected devices — from thermostats to webcams to cars — is awaiting Gov. Jerry Brown’s (D) signature after cruising through the state legislature late last month. If Brown signs it, California would become the first state to pass legislation to govern security of the Internet of Things...
The California bill, SB-327, seeks to address some of those flaws, setting baseline cybersecurity standards for IoT devices where none exist. 

A most recent bill analysis is posted at California's Legislation Information website. The analysis includes a summary of existing law, a summary of this bill, background, comments, fiscal effects, and those groups in support and those opposed with a brief summary of their arguments. Here are some comments from the 8/28/18 Senate Floor Analysis:
Consumer devices that connect to the internet have moved well beyond the traditional desktop PC to include a wide variety of consumer electronics, such as microwaves, refrigerators, and children’s toys. While such capabilities may increase product functionality, many consumers are uninformed about the consequences of owning connected devices. Consumers may buy a device without realizing how it makes use of the internet, what types of information it collects, and how that information is used, until well after they have begun using the device in their home. Some internet connected toys, for example, prompt children to provide personal data verbally - including their parents’ names, the name of their school, and where they live – and explicitly reserve the right to conduct direct marketing towards kids. An alarming number of these internet connected devices lack even the most basic security features, rendering them vulnerable to hacking and coordinated cyber attacks.
This bill creates a common sense security requirement for internet connected devices that can evolve as technology evolves. Mirroring a provision in California’s Data Breach Law, this bill requires manufacturers to equip their devices with reasonable security features appropriate to the nature of the device and the information it collects.

Posted by at No comments:
Labels: , ,

Sunday, September 16, 2018

The Battle on California's Privacy Law

California passed the California Consumer Privacy Act of 2018 (AB 375) in June 2018. Although it was a major victory for consumers and privacy advocates, some industry groups feared it would create hardships for their economic engine, introduce new liabilities, and fail to live up to its promises to protect consumers. Currently Google and Facebook control more than half of the worldwide market in online advertising, generating billions of dollars a year.

When the California consumer privacy initiatives were introduced, companies in opposition to the legislation -- such as Google, Facebook, Verizon, Comcast and AT&T -- were expected to spend at least $100 million to stop the new laws or reduce their impact. Several of these companies are collectively represented by industry trade groups such as the Internet Association as well as by the California Chamber of Commerce. As of last year, Alphabet, the parent company to Google, spent more on lobbyists than any other corporation in America.

Though the consumer privacy bill was unanimously signed into law -- largely due to a groundswell of popular support generated from recent data sharing disclosures such as Facebook's Cambridge Analytica -- additional legislation was expected to amend it. SB 1121 was introduced as clean up legislation to AB 375. Since its introduction, various groups have proposed changes to clarify or modify its language. Industry groups proposed changes in this letter. The California Chamber of Commerce has been vocal about opposing the financial liabilities and hardships that would affect California businesses, and until amendments were made on August 27, they had the bill posted on a list of job killing legislation. This video further explains their thoughts. Consumer privacy groups respond to the bill authors here. And here is a statement from the Committee To Protect California Jobs. California's Attorney General wrote a letter voicing his own concerns about the specific implementations of the law.

Additionally several industry groups are pressing for the creation of federal privacy legislation that would supersede current or future state legislation. And on a related note, Congress has held hearings about data breach notification regulations as recently as February and March of this year. As far as data breach laws, individual states currently manage their own regulations. Here is a very helpful infographic and report on state data breach laws. California has a list of data breaches as posted by their Attorney General.



Posted by at No comments:

California Consumer Privacy Act

In June 2018, California passed the "California Consumer Privacy Act of 2018" (or AB 375). The law is scheduled to go into effect January 1, 2020, however, it may be subject to legislative changes brought on by internet and tech companies. It will essentially give the residents of California 1) the right to know the data businesses are collecting on them 2) the right to modify or delete their data or opt-out of it being shared and 3) the right to action under a data breach. The privacy law is the first of its kind in the US. Here are a few more links on the matter:

California Consumer Privacy Act website

"California Consumer Privacy Act" website | Source: caprivacy.org

Read more »
Posted by at No comments:
Labels: ,

Friday, September 14, 2018

AMA's, Hearings, Tweets, and More on Quantum

Here are some available resources and happenings regarding the state of quantum computing. There's a lot there. (work in progress)

 U.S. Congressional Hearings

U.S. House Committee on Energy and Commerce: Disrupter Series: Quantum Computing, 5-18-2018

U.S. House Committee on Science, Space, and Technology: American Leadership in Quantum Technology, 10-24-2017

Panel 1:
Panel 2:

Bills
H.R.6227 - National Quantum Initiative Act

AMA’s
I'm Scott Aaronson, quantum computing/computational complexity researcher. AMA
IamA Quantum Computer Guy AMA!

Articles, Classes, Etc. 
ArsTechnica: Engineering tour de force births programmable optical quantum computer
The Economist: Quantum spring: The race is on to dominate quantum computing
edX: The Quantum Internet and Quantum Computers: How Will They Change the World?
edX: Quantum Cryptography
The Quantum Computing Report: News

Tweets





Posted by at No comments:
Labels:

Thursday, September 13, 2018

"The Billionaire Raj: A Journey Through India's New Gilded Age"

"The Billionaire Raj"
Source: Amazon.com

James Crabtree, the former Mumbai bureau chief for the Financial Times, wrote a book about India’s colorful economic and political scene.

With over 1 billion people, the country ranks as the sixth largest global economy based on nominal GDP. According to a New World Wealth report India is the home to over 330,000 high net-worth individuals, 20,000 plus multimillionaires, and over 100 billionaires. Still the country has incredible inequality; the country’s top 1 percent now own nearly 60 percent of its wealth.

The Gilded Age analogy paints the picture of the country's rapid economic growth and the increasing wealth of the few people who dominate India's industrial economy, equivalent to the Rockefeller’s of America’s late 19th and early 20th century. Mr Crabtree reveals an intimate story of some of the country's tycoons and political power brokers and believes the country will benefit from its own version of a progressive era. From a review in “The Economist”:
The analysis really sings when Mr Crabtree finds new ways to capture the collision of profits, politics and public opinion. His account of India’s cut-throat network-TV industry, through the eyes of a star presenter, is thrilling. And he explores the paradox of India’s “southern belt” of states, most notably Tamil Nadu, which have their share of charismatic politicians and graft, but are also relatively rich. They have developed an efficient kind of populism, he concludes, in contrast to the purely venal politics farther north.
The book’s main flaw is that it gives a narrow view of the business world. Like Russia and other parts of Asia, India has its politically connected moguls. But it also has what may be the world’s most vibrant tech scene after America and China, a large stock of investment by multinational companies and a cohort of professionally run firms that compete in global markets.
Amazon reviews.


Posted by at No comments:
Labels: , ,

Wednesday, September 12, 2018

IoT Security and the Looming Legal ‘Feeding Frenzy’

The lawyer who is representing the 220,000 plaintiffs in the 2015 Jeep hack class action lawsuit,  Ijay Palansky, presented at Black Hat USA 2018. He outlines the potential pathways of harm for the IoT including DDoS attacks, IoT ransomware, data breaches, privacy-related events, potential for cyber-physical, etc. He offers that there are currently few precedents or standards of care for how the law applies to tech and the complex IoT supply chain ecosystem. Here are his presentation slides and abstract:
Legal Liability for IOT Cybersecurity Vulnerabilities
There has been much discussion of "software liability," and whether new laws are needed to encourage or require safer software. My presentation will discuss how -- regardless of whether new laws are passed -- a tidal wave of litigation over defective IoT cybersecurity is just over the horizon.
The presentation will focus on a well-known example: Charlie Miller and Chris Valasek's 2015 Jeep hack. I'm lead counsel in the ongoing federal litigation over the cybersecurity defects Charlie and Chris exposed, and that are shared by 1.4 million Chrysler vehicles. As far as I know, our case is one of the first, and the biggest, that involves claims that consumers should be compensated for inadequate cybersecurity in IoT products.
This case is the tip of the iceberg. IOT products are ubiquitous, and in general their cybersecurity is feeble, at best. In the event of a cyberphysical IoT hack that causes injury, there are established legal doctrines that can be used to impose liability every company involved in the design, manufacturing, and distribution of an exploited IoT device or even its cyber-related components. Such liability could be crippling, if not fatal, for organizations that don't know how to properly handle and prepare for potential lawsuits.
Taking steps to minimize legal exposure before an accident happens or a lawsuit is filed—in the design, manufacture, product testing, and marketing phases of an IoT product—can be the difference between life and death for IoT companies. Knowing what steps to take and how to take them requires an understanding of the core legal principles that will be applied in determining whether a company is liable.
Article.
Posted by at No comments:
Labels: , ,

Tuesday, September 11, 2018

Cybersecurity and Infrastructure Security Agency Act

A bill (H.R. 3359) drafted to rename and reorganize DHS' NPPD (National Protection and Programs Directorate) as CISA (Cybersecurity and Infrastructure Security Agency) was introduced by Rep. Michael McCaul (R-TX) in July 2017. It passed in the House in December 2017, and is currently in the Senate with the Homeland Security Committee.

According to NPPD's Under Sec. Chris Krebs, "What we are trying to establish at the topline is… put a name on the door that tells stakeholders what we do,” said Krebs. “I need to be able to communicate, right out the gate. When I have that first meeting or have that phone call that says let’s work together, I’m not spending the first five minutes explaining what my name is." Here are a few more tweets and details about it.





Posted by at No comments:
Labels: ,

Monday, September 10, 2018

"Space Threat Assessment 2018" Report

The CSIS Aerospace Security Project published a report "Space Threat Assessment 2018".


CSIS Aerospace Security | Source: Space-Track.org
Posted by at No comments:
Labels: ,

Sunday, September 9, 2018

Jack Dorsey Testifies on Twitter's Response to Foreign Influence Operations

Twitter's Jack Dorsey testified at the September 5, 2018 hearing "Foreign Influence Operations’ Use of Social Media Platforms". Sheryl Sandberg of Facebook also testified. Google was invited but declined to attend. Here is a brief outline of Mr. Dorsey's opening statement:

 I. Opening
  • Twitter strives to be a global town square
  • Must be a trusted and healthy place
  • Abuse, malicious automation, and manipulation detract from it
  • Never more important than during elections
  • Share concern with committee about malicious foreign influence
  • Hold themselves publicly accountable for progress

 II. Russian influence in 2016 election, lessons learned

 A. Retrospective review
  • Twitter conducted a comprehensive review of 2016 election activity 
  • Identified 50,258 accounts that were automated, linked to Russia, and tweeting election-related content, representing 0.016% of total accounts
  • These accounts constituted 1.00% of election-related tweets; totaling 2.12 million tweets
  • Twitter barred paid ads from two of the most active accounts generating paid content; affiliated with Russia Today (“RT”)
  • Donating the $1.9 million that RT spent globally on advertising to academic research into election and civic engagement
Read more »
Posted by at No comments:
Labels: , ,

Saturday, September 8, 2018

Triton and Industrial Safety Systems

Cyber-physical systems connect the computing world and the real, physical world. Some examples include systems in aerospace, automotive, chemical processes, civil infrastructure, healthcare, manufacturing, etc. As we go forward what happens, good or bad, in the cyber world can potentially have lasting consequences for people and things.

Take for example industrial control systems that can be both responsive and susceptible to cyber activity. These systems remain vulnerable to both accidental and directed events. One of a handful of publicly known malware specimens designed to purposefully disrupt physical equipment was most recently reported in 2017. This ICS malware called Triton (also known as Trisis or HatMan) was discovered on equipment in the Middle East. Previous publicly known cyber-physical attacks include Stuxnet, appearing around 2010, which disrupted uranium enrichment centrifuges in Iran and Industroyer (also known as CrashOverride) which targeted Ukraine’s power systems in 2016.

FireEye first released reports on Triton in December 2017. ICS-CERT issued an alert in December 2017 as well as an updated malware analysis report in April 2018. Dragos and Midnight Blue also released analyses.

Triton is the first known malware designed to compromise industrial safety systems. It specifically targets Schneider Electric Triconex safety controllers which are often used in oil and gas facilities, sometimes in nuclear facilities or in manufacturing plants. If they fail, the system will be operating without a safety net.

The facility in the Middle East failed safely and plant operations halted without harm to people or property. Schneider Electric advised they would be working closely with their customer, independent cybersecurity organizations, and ICS-CERT to understand and mitigate this risk on their safety systems.
Posted by at No comments:
Labels: ,

Friday, September 7, 2018

GAO Highlights on Equifax Data Breach and Cybersecurity Challenges

Data Protection:
Actions Taken by Equifax and Federal Agencies in Response to the 2017 Breach
GAO-18-559: Published: Aug 30, 2018. Publicly Released: Sep 7, 2018

Fast Facts | Highlights | Full Report
Fast Facts
Hackers stole the personal data of nearly 150 million people from Equifax databases in 2017. 
How did Equifax, a consumer reporting agency, respond to that event? Equifax said that it investigated factors that led to the breach and tried to identify and notify people whose personal information was compromised. 
In addition, three federal agencies that use Equifax services made their own security assessments and modified contracts with Equifax. Moreover, other federal agencies that oversee consumer reporting agencies started investigating Equifax and gave further advice to consumers on how to protect themselves against security breaches.


What GAO Recommends 
GAO is not making recommendations in this report. GAO plans to issue separate reports on federal oversight of CRAs and consumer rights regarding the protection of personally identifiable information collected by such entities. A number of federal agencies and Equifax provided technical comments which we incorporated as appropriate.


High-Risk Series:
Urgent Actions Are Needed to Address Cybersecurity Challenges Facing the Nation
GAO-18-622: Published: Sep 6, 2018. Publicly Released: Sep 6, 2018.

Highlights | Full Report
What GAO Found 
GAO has identified four major cybersecurity challenges and 10 critical actions that the federal government and other entities need to take to address them. GAO continues to designate information security as a government-wide high-risk area due to increasing cyber-based threats and the persistent nature of security vulnerabilities. 
GAO has made over 3,000 recommendations to agencies aimed at addressing cybersecurity shortcomings in each of these action areas, including protecting cyber critical infrastructure, managing the cybersecurity workforce, and responding to cybersecurity incidents. Although many recommendations have been addressed, about 1,000 have not yet been implemented. Until these shortcomings are addressed, federal agencies' information and systems will be increasingly susceptible to the multitude of cyber-related threats that exist.


What GAO Recommends
GAO has made over 3,000 recommendations to agencies since 2010 aimed at addressing cybersecurity shortcomings. As of August 2018, about 1,000 still needed to be implemented.

Consumer Reports article. MarketWatch article and infographic. Bloomberg article.
Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)