President Obama Previews State of the Union Address with Emphasis on Cybersecurity

By | January 18th, 2015|Uncategorized|

Cyber SecurityCybersecurity took center stage this week as President Obama previewed plans focused on increasing online security, electronic privacy and the prevention of identity theft for the American people.

Byron Tau and Elizabeth Dwoskin of the Wall Street Journal shared that on Monday, Obama visited the Federal Trade Commission to discuss new cyber security initiatives that will safeguard consumer and student data. The President stated, “If we’re going to be connected, then we need to be protected.” He also introduced proposals that outline corporate responsibilities in the event of a data breach, and a Consumer Privacy Bill of Rights, that would “give consumers more control over what personal data companies collect about them and force companies to be more transparent about what they do with it.” According to USA TODAY, another proposal, the Student Data Privacy Act, would “forbid companies from harvesting student data for commercial purposes.”

David Jackson of USA TODAY detailed that on Tuesday, the President met with members of Congress to propose measures to bolster cybersecurity. He also traveled to the National Cybersecurity and Communications Integration Center to discuss its work to protect Internet communications. Obama spoke on “efforts to increase voluntary cybersecurity information sharing between the sector and the government while protecting privacy and civil liberties.” According to a White House Press Release, this week’s announcements included legislative proposals on Enabling Cybersecurity Information Sharing, Modernizing Law Enforcement Authorities to Combat Cyber Crime and National Data Breach Reporting.

According to an article from CNBC, when asked why he decided to preview the plans this week, Obama said “I didn’t want to wait for the State of the Union to talk about all the things that make this country great and how we can make it better, so I thought I’d get started this week. I figured, why wait? It’s like opening your Christmas presents a little early.”

Do you think cybersecurity deserves to be an area of emphasis for this year’s State of the Union Address? Let us know what you think on Facebook, Twitter or LinkedIn and be sure to keep up with our Tumblr for up-to-date security news stories.

News Recap: House Intelligence Committee Cybersecurity Hearing Summary

By | November 21st, 2014|Uncategorized|

News RecapThis week, the House of Representatives Intelligence Committee held a hearing on “Cybersecurity Threats: The Way Forward” to share why and how the United States should move forward in dealing with cybersecurity threats.

According to Reuters’ Patricia Zengerle, Director of the U.S. National Security Agency Admiral Mike Rogers stated that “China and ‘probably one or two’ other countries have the ability to invade and possibly shut down computer systems of U.S. power utilities, aviation networks and financial companies.” Hong Lei, a spokesperson from the Chinese Foreign Ministry, was in attendance and told reporters that “the Chinese government ‘forbids’ cyber hacking and that it is often a victim of such attacks that originate from the United States,” Zengerle reported.

Reporter Mark Hanrahan with International Business Times shares that “Rogers’ testimony comes just days after the USA Freedom Act – a bill that would have limited the agency’s surveillance powers – was voted down in the U.S. Senate. While the bill would have limited the NSA’s surveillance abilities, it also included an extension of the controversial Patriot Act.” Rogers also stated that lawmakers have attributed many breaches against the U.S. government and private companies to China.

Kristen Eichensehr with Just Security points out, “the hearing hit hard on the need for a way forward – but revealed little about what that way might be.” She reports that Rogers suggested two things needed to address cyber threats. The first was cyber threat information sharing legislation. The second was international norms of behavior for cyberspace. Currently, how to achieve either one is not clear.

How can cybersecurity officials set and enforce international cybersecurity norms? Do you believe cyber threat information sharing would help or hurt cybersecurity? What privacy issues arise when cyber threat information sharing occurs? Let us know your thoughts on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

News Recap: The Latest on Cyber Security Legislation

By | July 3rd, 2014|Uncategorized|

Security Bill_070714Senate Intelligence Committee Chairwoman Dianne Feinstein and Senator Saxby Chambliss recently announced a draft of a cyber security bill they co-authored that would give companies the legal protection to share cyber security threat information with other companies.

The bill addresses privacy concerns some have about sharing such sensitive information. US News’ Tom Risen reports that the bill “directs companies to keep personally identifying information from being shared, and directs the attorney general to ensure the government’s use of cybersecurity information is limited to appropriate purposes.” Despite addressing privacy concerns, Risen notes that cybersecurity legislation did not pass the Senate in 2012, foreboding the “uphill battle” this bill faces to get passed.

Those who are critical of the bill, InfoWorld’s Serdar Yegulalp reports, have concerns about the wording of the bill. Some view the bill as a platform “for potentially allowing companies to share any personal information they please with the government under the guise of being a security issue,” Yegulalp states.

Additionally, some believe the wording of the bill could be a way for ISPs to weaken Net neutrality. Jason Koebler at Motherboard uses Netflix as an example of this loophole:

“The cybersecurity bill making its way through the Senate right now is so broad that it could allow the ISPs to classify Netflix as a ‘cyber threat,’ which would allow them to throttle the streaming service’s delivery to customers.”

Would an information exchange about cyber security information between companies be helpful or harmful? Let us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

Taking Measures Against Affordable Care Act Scams

By | October 2nd, 2013|Uncategorized|

This guest post comes from Michael Cahill, editor of the Vista Health Solutions Blog. He writes about the health care system, the health insurance industry and the Affordable Care Act.

For many American families, the Affordable Care Act (ACA) is going to make health insurance costs that much better. However, stories of scammers have made many people worried that they will be on the receiving end of a health care con. This does not have to be you. By putting the following information into action you can be sure that you won’t be a sitting duck for cyber criminals.

#1: Knowing Is The Best Defense

The ACA may seem like an intimidating piece of legislature, but the basics are not too hard to get a grasp of. Realize what your options are inside and outside of the marketplace, and understand how the ACA is affecting Medicaid, employers and individuals. The government has provided a lot of great resources for learning about the new law. The Department of Health & Human Services has a good primer here, and has a ton of information. For those feeling ambitious, you can read the bill itself at the first link.

#2: Stay Skeptical

One of the most common scams is people pretending to be government workers. In short, if they ask for information that they should know or that they don’t need, they are probably scammers. When it comes to sensitive personal information, government workers know what they need to know, and that certainly doesn’t include your bank account number. The navigators working for the government are there to help you understand the new system and choose the plan that is right for you, not to sell you a plan.

#3: Don’t Be An Easy Target

You might think that stealing your online identity requires someone to have a great deal of finesse and skill. In fact, it isn’t that complicated. A lot of sites use secret questions to make password recovery more secure. However, secret questions that ask for things like your father’s middle name or your mother’s maiden name can likely be answered after someone spends a few minutes on Google. For added security you can try a few things with your secret questions. For one, you can choose questions that don’t have easy to find answers such as your childhood best friend’s first name. Alternatively, you could make up an unrelated answer that functions as another password of sorts. It could even just be a string of random letters and numbers.

#4: Put Your Information To Use

The reality is that you have had a long time to get ready for the ACA’s changes to the healthcare system. If you haven’t sat down and worked out what you are going to do, you still have time. The marketplace will offer many options to choose from. Figure out how much coverage your family will need and how much you are willing to pay.

Before looking at the marketplace’s offerings, you might want to see if you qualify for options like Medicaid. Some states have chosen to accept the federal Medicaid package which will allow thousands more to be covered by the program.

By knowing what is available to you and having an idea of what you are going to choose, you can ignore all the noise from scammers trying to push a “discount health plan” as health insurance.

#5: Realize That The ACA Isn’t Set In Stone

The ACA, like most pieces of legislation, is a long document. The truth is that won’t know what those hundreds of pages really mean until we see the law in action. We can expect to see some modifications happen. When the marketplaces open on October 1st, take note of what is being talked about in the media. Whatever surfaces as a big talking point may just be where you can expect to see some change.

It is no fault of the ACA that scammers are trying to take advantage of it. It is only you who can protect yourself.

News Recap: Cybersecurity Hearing Highlights National Security Agency Testimony

By | June 14th, 2013|Uncategorized|

nsaThe Senate Appropriations Committee held a hearing about cybersecurity and workforce training this week during which Gen. Keith Alexander, chief of both the National Security Agency (NSA) and the U.S. Cyber Command, testified. Recent scrutiny on the NSA’s surveillance government programs – which has collected millions of telephone records and monitored Internet activity – were brought up during the hearing, slightly shifting the focus of the hearing from cybersecurity and workforce matters to privacy and surveillance concerns.

The Washington Post reported in their live updates Senate Appropriations Chair Barbara Mikulski’s original goals for the hearing, which were to examine how to “protect the American people from cyber threats by working across government” and to “examine how agencies will use cyber security funding in the budget.” Though Mikulski did not address the National Security Agency’s recently criticized surveillance efforts, or what the Washington Post called “the elephant in the room,” these quickly surfaced as the hearing progressed.

According to CNN, senators from both parties questioned Gen. Alexander whom “provided a spirited defense for the programs he described as critical to counter-terrorism efforts. ‘I think what we’re doing to protect American citizens here is the right thing,” he said. ‘Our agency takes great pride in protecting this nation and our civil liberties and privacy, and doing it in partnership with this committee, with this Congress, and with the courts.'”

The hearing ended today with Mikulski saying “The hearing hasn’t been quite originally the way we thought, but it has been a good hearing.” The Washington Post in their live updates reported that “the original purpose of it was to discuss cybersecurity, but it was quickly dominated by the recent revelations about the NSA’s phone and Internet surveillance efforts. In closing, Mikulski said the debate about the balance between privacy and security is one well worth having.”

What do you think of the NSA’s surveillance programs? How can privacy and surveillance co-exist in a government setting? How about at your office? Let us know what you think on Twitter and Facebook. Be sure to check out our Tumblr page for the latest industry news stories.

Industry News Recap: Combating IP Theft Through Computer Lockdowns

By | May 30th, 2013|Uncategorized|

laptop_lockThe US Commission on the Theft of American Intellectual Property released an 89-page report assessing how international intellectual property theft affects the United States. The report claims that there is more than $300 billion annually in intellectual property theft, and US Cyber Command commander General Keith Alexander calls this theft “the greatest transfer of wealth in history.”

The end of the report includes recommendations that involve combating cyber thieves. BGR states “[the Commission suggests that] copyright holders should be allowed to take more assertive action against intellectual property thieves, including developing software that will ‘allow only authorized users to open files containing valuable information’ and will potentially lock down any unauthorized computer that tries to access the file.” More specifically, the lock down will provide “instructions on how to contact law enforcement to get the password needed to unlock the account” (Network World).

Some were wary of these recommendations. Technology blog Boing Boing claims that locking down the computer is a “mechanism that crooks use when they deploy ransomware.” PC World called the lock down method “legalized ransomware” and highlighted another IP Commission recommendation: “Corporate vigilantes need not stop there, according to the commission. They could photograph hackers using the cameras built-in to the miscreant’s computer, infect the hacker with malware, or physically disable the suspected IP thief’s computer.”

Take a look at the report and the Washington Post op-ed piece the Commission co-chairs wrote to summarize the report, and let us know what you think: is combating intellectual property theft with computer lock downs and possibly infecting cyber thieves’ computers with malware extreme? Or are current cybersecurity laws too lax? Tell us your thoughts on Twitter and Facebook. Be sure to check out our Tumblr page for the latest industry news stories.

Industry News Recap: Cybersecurity bill CISPA passes House vote

By | April 19th, 2013|Uncategorized|

cispaThe highly debated Cyber Intelligence Sharing and Protection Act (CISPA) was passed by the House of Representatives on Thursday on a bipartisan vote of 287-127, with 18 representatives not voting. This bill is meant to help prevent cyber attacks by allowing companies and the government to share cybersecurity information with one another.

According to Alex Fitzpatrick, Mashable, “supporters of the bill, made up mostly of business interests, say such information sharing is necessary for businesses and the government to join forces to ward off hackers in real-time. However, privacy advocates have argued CISPA puts Americans’ privacy at risk by not requiring companies to strip customers’ personally identifiable information from data before sending it to government agencies.”

Before CISPA becomes a law, it must now be reviewed and passed by the Senate. “CISPA initially passed in the House last year, but it wasn’t taken up by the Senate. Now, it will once again be up to the Senate to craft and pass a companion bill,” wrote Adi Robertson, The Verge. “While the White House has said repeatedly that it will work with legislators, a statement released yesterday said the Obama Administration would veto CISPA if changes weren’t made. Now, it’s up to the Senate to determine what its version of the proposed law will look like — and whether it will actually make it through this time.”

What are your thoughts around CISPA? Should the government and companies be able to share data that may prevent cyber attacks? Or do you view CISPA as an infringement against citizens’ privacy rights? Let us know what you think on Twitter and Facebook, and be sure to check out our Tumblr page for the latest industry news stories.

Spill the Beans: The Significance of Breach Disclosure Laws Status

By | January 9th, 2013|Uncategorized|

If a company is breached, should the breach be reported to authorities? To customers? To the public? While breach disclosure laws have been debated on and off for the past few years, it looks like they are making it back into the spotlight.

Many companies would prefer to keep security breaches to themselves – to avoid the authorities, protect their brands and handle the issue privately. Governments, however, argue that such disclosure provides essential insight and is necessary to tackle cybercrime. 

In Europe, for instance, the Europol recently attributed the cause of some of the biggest card fraud cases to a lack of breach disclosure laws. The Europol says, “A major problem in the EU is the lack of proper regulations for reporting data breaches to police authorities. Law enforcement agencies, even if aware of a breach, have difficulties finding information on, and links to, the point of compromise, stolen data and illegal transactions.”

Meanwhile, in the U.S., President Obama just signed the National Defense Authorization Act. The Wall Street Journal reports that this act “gives the Department of Defense 90 days to establish procedures for defense contractors to disclose cyber breaches” – or in other words, companies will soon be required to tell the federal government when hacked. Previously, though breach disclosure was encouraged, it remained voluntary.

Beyond this federal push, many U.S. states have already enacted their own notification laws—all but four have some statewide disclosure requirements. See here for a state-by-state list.

What do you think about breach notification laws? Share your thoughts with us on Facebook and Twitter.


Security Insights: Cybersecurity Bill

By | June 14th, 2012|Uncategorized|

The Washington Post describers the cybersecurity bill as, “a bill that would encourage companies and the federal government to share information collected on the Internet to help prevent electronic attacks from cybercriminals, foreign governments and terrorists.”

What is the opposition?
“The White House, along with a coalition of liberal and conservative groups and some lawmakers, strongly opposed the bill, complaining that privacy could be violated. They argued that companies could share an employee’s personal information with the government, and the data could end up in the hands of officials from the National Security Agency or the Defense Department. They also challenged the bill’s liability waiver for private companies that disclose information, complaining that it was too broad.” – Donna Cassata, The Washington Post

How does this affect you negatively?
How does this affect you as an individual in society? Essentially all those privacy policies that we “agree” to on websites are going to change. Online companies are going to be encouraged to share your information with the government. So what, I don’t do anything on the Internet that is inappropriate. That’s fine, but does your spouse, your children, your family, or close friends do anything “inappropriate” on the Internet?

Even better yet, do you mind the government owning you and your family’s entire Internet use history, content of any and all of your personal e-mails, and all of your private and sensitive information? At this point the bill is so broad, that it would allow and encourage companies to share way too much private information, in my personal opinion.

How does this affect you positively?
There has to be some positive aspect of this bill, right? The bill is actually a means to protect you and everyone else from huge cyber attacks. According to, “The Cyber Intelligence Sharing and Protection Act, which has been revised several times over the past week, allows the government and private companies to share information with one another with the aim of warding off cyber threats.”

“The government’s top cybersecurity advisers widely agree that cyber criminals or terrorists have the capability to take down the country’s critical financial, energy or communications infrastructure.”

“A cyber attack would be less difficult to pull off than a 9/11-like attack, considering it could be launched from another country and the attacker could remain anonymous. Yet it could have the same devastating impact if attackers used cyberspace to take over our infrastructure, turn off our electricity, release toxins, or shut down our financial system.” – David Goldman,

The idea of the bill is to protect and stop this kind of malicious activity.

Do you have privacy concerns?
Mike Rogers, chairman of the House Intelligence Committee, was faced with widespread privacy concerns so he pulled together an amendment that limit’s the government’s use of threat information to five specific purposes: cybersecurity; investigation and prosecution of cybersecurity crimes; protection of individuals from death or serious bodily injury; protection of minors from child pornography and the protection of national security.  – Donna Cassata, The Washington Post

What the Obama Administration has to say:
The bill, it said in a statement, “fails to provide authorities to ensure that the Nation’s core critical infrastructure is protected while repealing important provisions” of privacy law.

Read the entire statement of the Obama Administration statement and why they recommend that he veto the bill.

Meet the EU’s New Privacy and Breach Regulations

By | May 31st, 2012|Uncategorized|

Starting May 26, the EU began enforcing its E-Privacy Directive that passed last year. This directive requires that websites notify all individuals in the EU about any tracking that takes place on the site and receive consent before carrying out the tracking (i.e. tags, cookies).

What does this new directive mean for businesses?

So many businesses are dependent on having access to consumer information – for marketing, analysis, proper website and application functionality, etc. – that they will need to adjust their current practices to accommodate the new regulations. Forbes contributor Lisa Arthur has put together a list of recommendations for marketers on how best to comply with the regulations. 

It seems the E-Privacy Directive is just the beginning. The European Commission (EC) is also drafting legislation that would “reform and harmonize data protection laws across the EU,” according to IT security reporter Thor Olavsrud in this CIO article. This legislation would install a number of regulations, including:

  • Requiring organizations to undergo regular data protection assessments;
  • Establishing fines for non-compliance; and
  • Mandating that all organizations report a data breach within 24 hours or provide reasons why they cannot do so.

These stricter regulations highlight the importance of having breach preparedness measures in place and ready to go. Our recap of the SXSW panel “Data Breaches: Taking the Bull by the Horns” provides some additional tips for proactively preparing for a data breach.

Whether or not the EC’s proposed legislation passes, these regulations will likely pave the way for similar privacy law developments around the world. Do you like the new regulations imposed by the EU’s new E-Privacy Directive. Would you like to see something similar in the U.S.? Let us know in the comments or join the conversation on Twitter or Facebook.   

Load More Posts