Cyber Weekly Roundup – December 15, 2017 - NetCentrics

Weekly Roundup

Cyber Weekly Roundup – December 15, 2017

By Colby Proffitt

1.) Why the MGT Act won’t mean instant change in federal IT (December 14, 2017)

https://www.fedscoop.com/mgt-act-now-law-tech-will-agencies-pursue-2018/

Summary: With the Modernizing Government Technology Act now law, federal agencies will be looking for new technologies to ramp up their mission efficiency. But it’s already apparent to many IT leaders that the government must lay more groundwork to incorporate the new tools.

Why it matters: It’s been a long journey for the MGT Act, but it was finally signed into law on December 12. At its core the law creates working capital funds for federal modernization efforts, but there’s concern as to whether those funds will actually be appropriated, and even if they are, many federal agencies will need to determine the best path forward to a modernized state. For many, that will mean reevaluating agency infrastructure before reaping the benefits of new technologies such as blockchain, AI, and automation. The MGT Act is a good thing – modern tools and systems result in a stronger cyber stance – but the act is only one piece of the modernization puzzle.

2.) DoD looks to security beyond the perimeter (November 28, 2017)

https://govcloudinsider.com/articles/2017/11/21/cloud-dod-disa.aspx?mkt_tok=eyJpIjoiTWpnNU5URTNORFJrTnpFeiIsInQiOiJiOWZlZ25JYWRnb05DVzhsSGZZM0ZTZGY1MStVYkEzK1Z5akFPbm1QVURHUUJ5dldpallQbDdwa3NYXC80Q0VzV2lcL01SWEM2XC9Xc3hpS0hvclRVRDY4QWk1YXMrMURIcklLODRzaENQdUR5Q3JPWlZWZ0hpMTAyZ3dqZzh5RDAxeiJ9

Summary: “Cloud it or kill it” is how Scott Air Force Base thinks about its applications, according to John Hale, chief of the Cloud Portfolio Office at the Defense Information Systems Agency.

Why it matters: Moving to the cloud is no longer a matter of if, but when. What this article points out is that, even though the cloud isn’t really new anymore, federal agencies are still wrestling with how to make sure government data is secure once it’s in the cloud. One of the leading suggestions points to security at the data level, but cloud security solutions, processes, and agreements will vary by agency. Here’s a deeper look at the question of cloud security responsibility and key considerations for federal CIOs and CISOs: Who’s really responsible for cloud security?

3.) Personal Cybersecurity Assessment (December 14, 2017)

http://www.routefifty.com/assessment/route-fifty-personal-cybersecurity-assessment/

Summary: This isn’t a typical news article, but it is a very interesting survey. If you have 7-10 minutes, it’s a good reminder for good cyber practices.

Why it matters: If you don’t mind providing your contact information (oh the cyber irony), this is a good way to gauge your cyber prowess. This survey points out the wealth of personal information on social accounts, highlights the importance of two-factor authentication, and offers several scenario-based questions to test your cyber acumen. ‘Certified Cybersecure’ is the result you want to see.

4.) This New Phishing Scheme Could Fool You With a False Sense of Security (December 11, 2017)

http://www.routefifty.com/tech-data/2017/12/new-phishing-scheme-could-fool-you-false-sense-security/144442/

Summary: When you’re browsing the Internet these days, you may realize the majority of sites you visit have a green padlock in the left part of the address bar, meant to indicate its HTTPS status.

Why it matters: Most cyber-conscious users look for HTTPS before they enter any personal information or credit card numbers online, but that indicator may no longer be a true symbol of security. When it comes to phishing and security best practices, don’t forget common sense, and don’t rely on the presence of one little letter in a URL for peace of mind.

5.) Did local governments buy data-snooping drones? (December 1, 2017)

https://govcyberinsider.com/articles/2017/12/04/dji-drone-snoops.aspx?mkt_tok=eyJpIjoiTkRreFpXTXlNV1UyWVRKaiIsInQiOiJlQTRtNlM3S1RHSnc5eFwvRVdKTVpBWlJhS3hJRU9VUXFsYmc3WFdESURRK0R5aG5ka0wzUEc2RzN5R2owVjRQQ1h5bEkrQWVQTVVrZDlERzlVbDdYbjF3d0dhOEtackR6MmFpK2kwOGtoM0VTNmFyaTV2cUF0OUJrUk94Q2ZtQmwifQ%3D%3D

Summary: Unmanned aerial systems built by the Chinese and sold in the U.S. to governments, police and critical infrastructure providers are probably sending the data they collect to the Chinese government, according to an agent in the Immigrations and Customs Enforcement’s investigative arm.

Why it matters: With many companies in the railroad, utility, media, farming, education and law enforcement sectors using DJI’s drones to collect mapping data, inspect infrastructure, conduct surveillance and monitor hazardous materials, it’s possible that the accusations against DJI are true and the Chinese government now possesses additional information about US critical infrastructure. The accusations and the questionable proof highlight the heightened sensitivities in the US with respect to a potential foreign attack on critical infrastructure. At a more granular level, this article is a reminder to enterprise and individual IT users and buyers that the use of any technology is potentially risky. With new apps and technologies popping up almost incessantly, it’s critical that users evaluate before installing. It’s also a reminder that usability and accessibility are of primary importance to end users; and security is often an afterthought.