Cyber Weekly Roundup – November 3, 2017

Weekly Roundup

Cyber Weekly Roundup – November 3, 2017

By Colby Proffitt and Mesay Degefu

1.) Lawmakers Increasingly Cautious About Internet of Things (October 23, 3017)

http://cdn.nextgov.com/b/nextgov/interstitial.html?v=2.1.1&rf=http%3A%2F%2Fwww.nextgov.com%2Femerging-tech%2F2017%2F10%2Flawmakers-increasingly-cautious-about-internet-things%2F142121%2F%3Foref%3Dnextgov_today_nl

Summary: It’s been about two years since lawmakers began formally investigating the digitally-enabled refrigerators, wirelessly controlled cars, and passive sensors that quietly amass large amounts of data making up the internet of things.

Why it matters: We previously highlighted the importance of Protecting Critical Infrastructure in the Age of IoT, and we explained how IoT runs the risk of Providing Convenience at the Expense of Security, arguing that the government needs to provide clear guidance for critical infrastructure and IoT and assign responsibility for data and security, and government and industry need to collaborate to improve security. So what’s changed?

The DIGIT Act passed the Senate in August, but still has to pass the House, and a number of Senators want to pass The IoT Cybersecurity Improvements Act, which would require government devices to meet certain security standards, but sadly, there hasn’t been much real legislative progress.

Until policy makers reach some level of agreement on the balance between innovation and cyber risk, the current trajectory likely won’t change much.

2.) Uncovering Password Habits: Are Users’ Password Security Habits Improving? (Infographic) (September 22, 2017)

https://digitalguardian.com/blog/uncovering-password-habits-are-users-password-security-habits-improving-infographic

Summary: This infographic offers findings and analysis based on a 1,000 person survey on password habits. 

Why it matters: This survey offers a number of interesting stats and metrics, and also points to a number of password challenges, one of the biggest being the sheer volume of user applications and interfaces that require passwords. The majority of users understand the risks of password re-use, but the high number of accounts requiring passwords pushes users to re-use, for convenience. This article offers some useful password tips and also highlights that there’s just no replacement for 2-factor and multi-factor authentication.

3.) Lawmakers push for chief data officers in every agency in new bill (Nov 2, 2017)

https://www.fedscoop.com/lawmakers-push-chief-data-officers-every-agency-new-bill/?utm_campaign=FedScoop%20DS&utm_source=hs_email&utm_medium=email&utm_content=58042083&_hsenc=p2ANqtz-_XS2IamHtKnoT5Ml6geNeem_y4enzHvLJNFe6vLQ-yivhXiMLaUxRby_-d0jqqTFdsVDWQDa_ywF-lPLkJicuMNCsEEpzwnjiWXqYcf0kkMNMtjis

Summary: New bills introduced in both houses of Congress on Wednesday would drive agencies to better use data to measure the effectiveness of their programs and would require a chief data officer at every federal agency.

Why it matters: This legislation could do more than just require a chief data officer at every federal agency – it would also promote maximum data availability, improve privacy standards, and establish a greater federal data catalogue. Why? Well, not only is it the right thing to do, but this new evidence-based policy act is aimed at  arming budget-cutters with a means of more accurately evaluating the effectiveness of government programs.

While more accountability and transparency are a plus, more data is going to present a number of challenges for each agency – storing it, paying for it, and most of all, protecting it. It will be interesting to see which path each agency takes to handle the requirements of the new bill if it becomes law.

4.) Cybersecurity: How Blockchain Is Helping E-Commerce Businesses Protect Their Data (October 31, 2017 )

https://www.forbes.com/sites/jiawertz/2017/10/31/cybersecurity-how-blockchain-is-helping-e-commerce-businesses-protect-their-data/#366271e8104d

Summary: In the wake of consumer information breaches, Datum, a data security company, is developing a high level of security for data with theoretically unbreakable encryption. The technology will store data in blocks that are linked and secured using cryptography. The technology is designed to function without a central authority during transaction.

Why it matters: The use of blockchain is a solid effort and a good start to improved data security, and it might put some users’ minds at ease for once, but time will tell whether it really is unbreakable. After all, anything that’s connected to the internet is at risk.

With so much money swapping hands online (nearly 40 billion online transactions in 2015), there’s a ton of personal data at risk and a ton for hackers and cyber criminals to gain. Government and retailers alike need to understand the criticality of ecommerce security and the implications of compromise.