Cyber Weekly Roundup – February 23, 2018

Weekly Roundup

Cyber Weekly Roundup – February 23, 2018

By Colby Proffitt

1.) SEC issues cybersecurity guidance disclosure (February 21, 2018)

https://www.scmagazine.com/sec-issues-cybersecurity-guidance-disclosure/article/745806/?utm_source=newsletter&utm_medium=email&utm_campaign=SCUS_Newswire_20180222&DCMP=EMC-SCUS_Newswire_20180222&email_hash=B725E9E13FB106AB714AEFA24DB553FB&spMailingID=19067266&spUserID=ODY1NDMwODE3NDES1&spJobID=1201464611&spReportId=MTIwMTQ2NDYxMQS2

Summary: “Principles-based” guidance issued by the Securities and Exchange Commission (SEC) Wednesday clarifies how the commission views the disclosure responsibility of public companies that have fallen victim to a cyberattack.

Why it matters: Disclosure of data breaches and other cyber incidents is challenging for a number of reasons. On the one hand, the end users and consumers of the product or services need to know about the incident so they can take steps to secure their own data and systems. On the other hand, alerting consumers also alerts other malicious actors who may view the incident as an opportunity for further attack. The main point of this new guidance from the SEC seems to be a warning to executives and other insiders that if their company does fall to an attack or breach, insiders can get in big trouble for using that information for their own financial gain (e.g., selling stock after a breach, before the information is public).

2.) Attorney General Sessions Announces New Cybersecurity Task Force (February 20, 2018)

https://www.justice.gov/opa/pr/attorney-general-sessions-announces-new-cybersecurity-task-force

Summary: Attorney General Jeff Sessions has ordered the creation of the Justice Department’s Cyber-Digital Task Force, which will canvass the many ways that the Department is combatting the global cyber threat, and will also identify how federal law enforcement can more effectively accomplish its mission in this vital and evolving area.

Why it matters: This is likely one of many soon-to-come Task Force operations that we’ll see pop up across various agencies in 2018 and beyond. Federal agencies are starting to dedicate a portion of their workforce – or a new workforce altogether – to cyber defense. Time will tell if the efforts and resources allocated are sufficient. One look at the scope, which covers everything from elections and critical infrastructure to terrorist recruitment and attacks on businesses, and one can quick quickly see the need for an increase in dedicated cyber personnel.

3.) Control AI now or brace for nightmare future, experts warn (February 21, 2018)

http://money.cnn.com/2018/02/21/technology/malicious-artificial-intelligence-use-warning-cambridge/index.html

Summary: More than two dozen experts from top universities and research organizations in the US and the UK wrote the alarming report about the malicious use of AI, which was published Wednesday by Cambridge University.

Why it matters: If you’ve become numb to the plethora of cyberattacks and data breaches in recent months, this story may rattle you back to reality. The race to be the first and greatest has existed for as long as we can remember – the first man on the moon, the first nuclear bomb, the list goes on. Now, the race is focused on AI – and many who have warned of the perils of unfettered AI have also prophesied that the country which takes the lead in AI will throttle the market. Elon Musk warns that AI will hit like a tidal wave and it’s critical that the government establish a FDA or FAA-like agency to regulate the production, distribution and sale, and use of AI. Many argue regulation stifles innovation, but in this case, regulation may in fact be stifling cyber attacks and AI misuse.

4.) U.S. DOE creates new cybersecurity office (February 16, 2018)

https://www.scmagazine.com/us-doe-creates-new-cybersecurity-office/article/745112/?utm_source=newsletter&utm_medium=email&utm_campaign=SCUS_Newswire_20180220&DCMP=EMC-SCUS_Newswire_20180220&email_hash=B725E9E13FB106AB714AEFA24DB553FB&spMailingID=19052807&spUserID=ODY1NDMwODE3NDES1&spJobID=1201338709&spReportId=MTIwMTMzODcwOQS2

Summary: The U.S. Department of Energy has established and funded the new Office of Cybersecurity, Energy Security, and Emergency Response (CESER).

Why it matters: As noted above, it’s likely that we’ll see an increase in cyber Task Force Operations and new federal cyber offices to combat cyber attacks. Since DOE is responsible for the power grid, it’s comforting to know that they are taking attacks on critical infrastructure seriously. It will be interesting to see what goals and objectives each federal organization establishes in the coming months. One thing is certain, the demand for cyber experts will only continue to grow.

5.) Enterprise needs right architecture to secure public cloud (February 21, 2018)

https://www.scmagazine.com/enterprise-needs-right-architecture-to-secure-public-cloud/article/742251/?utm_source=newsletter&utm_medium=email&utm_campaign=SCUS_Newswire_20180221&DCMP=EMC-SCUS_Newswire_20180221&email_hash=B725E9E13FB106AB714AEFA24DB553FB&spMailingID=19059926&spUserID=ODY1NDMwODE3NDES1&spJobID=1201399897&spReportId=MTIwMTM5OTg5NwS2

Summary: Over the last few years, enterprises have been experimenting with private, public and hybrid cloud models for their applications and data. Many organizations are now turning to the public cloud to meet their needs. The public cloud offers obvious advantages in terms of rapid scalability and cost effectiveness, but there are other reasons that it’s growing more popular.

Why it matters: This article offers some interesting perspective on the relationship between cloud adoption and the cyber workforce. In short, if you don’t have the cyber personnel you need internally, the cloud may be the solution your organization needs. Cloud Service Providers (CSPs) manage and store the data of millions of individual users, companies, and federal organizations – they’re good at what they do, and they can afford to hire the best talent to make sure all of that data remains as secure as possible. In short, they have more money to allocate to cybersecurity than most. As such, they’re more secure than the alternative private data centers. Read more about Hybrid Cloud and the Modern Data Center and find out Who’s Really Responsible for Cloud Security.