This post is part of a continuing DBR on Data series on Executive Order 13800 and updates on its implementation a year after passage.
The U.S. Department of Commerce and the Department of Homeland Security, through the National Telecommunications and Information Administration (NTIA), has released the final report on enhancing the resilience of the Internet and communications ecosystem against botnets and automated distributed threats.
Continue reading “Final Report on U.S. Government Policies and Public-Private Frameworks to Address Botnets, Security and Resiliency Challenges Released”
This is the first post in a DBR on Data series on Executive Order 13800 and updates on its implementation a year after passage.
The White House Office of Management and Budget (OMB) released in May 2018 its report to the president on federal cybersecurity risk determination. The report, which responds to the President’s May 2017 Executive Order 13800, entitled “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure,” comes as several key reports also required by Executive Order 13800 have been recently released in full or in summary form. The Federal Cybersecurity Risk Determination Report and Action Plan concludes that the recent government-wide cybersecurity risk assessment conducted by the OMB, in collaboration with the Department of Homeland Security (DHS), confirms the need for the U.S. government to take “bold approaches” to improve federal cybersecurity.
Continue reading “OMB Releases Report on Federal Cybersecurity Risk”
The Secretaries of the Department of Commerce and the Department of Homeland Security, through the National Telecommunications and Information Administration (NTIA), in early January 2018 issued a draft report to further public discussion about enhancing the resilience of the Internet and communications ecosystem against botnets and other automated distributed threats. This report continues work initiated under Presidential Executive Order 13800, “Strengthening the Cyber Security of Federal Networks and Critical Infrastructure.” The report seeks additional public comment on known and evolving risks within and to the ecosystem and aims to forge consensus on what approaches warrant consideration for the government either to adopt or to encourage. Commenters are asked to evaluate a range of proposed goals and actions to achieve a more resilient ecosystem as well as to address the roles various stakeholders play in achieving and maintaining resiliency of the ecosystem nationally and globally. Comments are due on the draft report by February 12, 2018 and the final report is due the president by May 11, 2018.
Six principal themes emerged from the government’s analysis of prior comments on identifying and mitigating botnet and other cyber threats, namely that:
- Automated distributed attacks are a global problem;
- While effective tools exist, they are not widely used
- Products should be secured during all stages of their life cycle.;
- Improved education and awareness are necessary;
- Current market incentives are misaligned; and
- Automated distributed attacks are an ecosystem-wide challenge.
Continue reading “Battling Botnets – Evolving U.S. Government Policies and Frameworks to Address Security and Resiliency Challenges”
The Georgetown Law Center for Privacy & Technology released a report that takes a harsh look at the Department of Homeland Security (DHS)’s “Biometric Exit” program. The “Not Ready for Takeoff: Face Scans at Airport Departure Gates” report highlights the myriad number of privacy and fairness issues associated with the use of biometric data for screening and other purposes. The Biometric Air Exit program uses biometric data to verify travelers’ identities as they leave the U.S. and has been deployed at Boston’s Logan International Airport and eight other airports. The program is operated by DHS and uses photographs of passengers taken at the gate while boarding to verify travelers’ identities as they leave the country. Prior to departure of an outbound international flight, DHS prepopulates the Traveler Verification Service (TVS) with biometric templates from the travelers expected on the flight. TVS either confirms the travelers face or rejects the face as a “non-match.” Non-matched travelers credentials will then be checked manually.
Continue reading “Georgetown Law Center Releases Report on Biometric Face Scans at Airport Departure Gates”
Formed by the Cybersecurity Act of 2015, a task force established to share cybersecurity information between federal government and private industry representatives has released its “Report on Improving Cybersecurity in the Health Care Industry.” They presented six major action items for Congress, the Department of Health and Human Services, other government agencies and private industry.
The Report organized its recommendations under six Imperatives:
- Define and streamline leadership, governance, and expectations for health care industry cybersecurity;
- Increase the security and resilience of medical devices and health IT;
- Develop the health care workforce capacity necessary to prioritize and ensure cybersecurity awareness and technical capabilities;
- Increase health care industry readiness through improved cybersecurity awareness and education;
- Identify mechanisms to protect research and development efforts and intellectual property from attacks or exposure; and
- Improve information sharing of industry threats, weaknesses, and mitigations.
In a recent alert, we evaluated the action items and draft recommendations prepared by the Task Force, = and discuss how the Trump administration will react to these new proposals.
Read our review of the Health Care Cybersecurity Task Force Report