By Colby Proffitt
1.) Will the greatest feat at the Pyeongchang Olympics be staving off cyberattacks? (February 8, 2018)
Summary: Even a centuries old tradition like the Olympics cannot stave off the effects of digital transformation.
Why it matters: This article highlights some of the benefits and advantages of using IoT as part of the games, but it also highlights the increased cyber risks. In the summer of 2017, we saw data take to the road as IoT provided real-time data during the Tour de France (see #9 in the July 28, 2017 Cyber Weekly Roundup), but the question remains whether such real-time data and convenience are worth the risk? Yes, there is a threat to Pyeongchang, but attacks are more likely on temporary and likely less secured low profile networks. Those at the games would be best served by avoiding public Wi-Fi and, as always, following best security practices.
2.) Army looks at redefining its classified networks (January 29, 2018)
Summary: The Army is looking at redefining its classified networks to better accommodate mobile devices on the battlefield, according to an Army deputy chief of staff.
Why it matters: Modernization efforts are underway at most federal agencies, but many are grappling with what exactly a modernized state really looks like. As we point out in 5 Things to Think about when Modernizing Agency IT, IoT and mobile devices present unique challenges, and agencies need to develop a long-term strategy to continually update their IT as part of an overall modernization strategy. Modernization isn’t a state – it’s a continual effort.
3.) Trump administration announces new cyber office at State (February 6, 2018)
Summary: The Trump administration announced a proposal to create a new State Department bureau to handle cyberspace and the digital economy.
Why it matters: As highlighted in the January 19, 2018 Cyber Weekly Roundup, there are a number of parties involved in ensuring that the US has an effective strategy and policies in place for cyber defense. What we can hope is that legislators and policy makers can keep up with the speed of cyber, and that we’ll see increased cooperation and collaboration between federal agencies, lawmakers, and industry.
4.) Third party cyber breach risk set to rise (February 7, 2018)
Summary: Third party cyber security risk should always have been a priority, but this has never been more important than it is now in light of new technology risks and data protection regulations.
Why it matters: With more and more agencies and federal organizations moving to the cloud and outsourcing to make up for a shortage of in-house skills, there’s growing concern about the increased risk from reliance on third party suppliers. The question when cloud first emerged was, “Is the cloud secure?” but more recently, the question has become, “Is your organization as secure as the cloud?” It’s important to remember that cloud providers keep user data secure for a living. They follow – and in many cases develop – current best practices. Major public cloud provider may have more tenured and technically trained cyber cloud experts, more monitoring and cyber defense tools and greater security guarantees, but they also are bigger targets than many smaller CSPs. However, as we point out in Who’s really responsible for cloud security? while it can be tempting for CIOs and CISOs to think that someone else is responsible for their organization’s data once it’s in the cloud, but the truth is that the CIO and CISO are responsible for holding the CSP accountable for protecting that data.
5.) DHS Manfra says Russians successfully penetrated some state election systems (February 7, 2018)
Summary: Russian hackers successfully penetrated voter registration rolls in a number of U.S. states, Department of Homeland Security (DHS) cybersecurity chief Jeanette Manfra said Wednesday.
Why it matters: It’s going to be interesting to see what happens at the next election, but more importantly what the government does between now and then to prevent a repeat of the 2016 meddling. As this article points out, cybersecurity comes at a cost, but most would agree, it’s worth the investment in the long-run. The bigger question becomes – who’s going to pay?