The FCC Communications Security, Reliability and Interoperability Council scheduled its first meeting under the new administration March 10, starting at 1 p.m. EST, says Tuesday's Federal Register. The meeting will be virtual.

Amid “all aspects of modern life” converting to the use of "digital channels" during the COVID-19 pandemic, “the need to establish trust in the digital identities of customers, citizens, partners and employees is rising rapidly,” said Mitek Systems CEO Max Carnecchia on a fiscal Q1 call Thursday. Digital identity verification, Mitek’s core business, “has never been more relevant,” he said. “Rapid advances in artificial intelligence are enabling novel forms of fraud," said Carnecchia. "Increased scale and frequency of data breaches are all adding heightened pressure on organizations to protect their customers’ data and access.” Cyber thieves and “their methods of crime continued to evolve” in 2020, “so even the best anti-fraud programs need to be continually assessed and refined,” he said. “Organizations no longer have the luxury to simply verify access at the point of onboarding. Instead, they need to continuously authenticate and know exactly who their customers are across all channels and throughout the customer lifecycle.”

Explain why it didn't previously act to protect government from supply chain hacks like Juniper and SolarWinds, Sen. Ron Wyden, D-Ore., Sen. Cory Booker, D-N.J., and eight House Democrats wrote the NSA Friday. They criticized the agency for not acting in the 2015 Juniper Networks attack (see 2006100023), which they said is similar to the recent SolarWinds hack (see 2101260066). “Despite promising a full investigation after it announced the breach, Juniper has never publicly accounted for the incident,” the group said. Congress must determine the root cause of the Juniper attack and NSA’s role in the design and promotion of the “flawed encryption algorithm” that played a “central role,” the lawmakers wrote. NSA declined to comment.

Forty percent of corporate boards will install a dedicated cybersecurity committee by 2025, up from less than 10% now, Gartner reported Thursday. Gartner canvassed 265 board members globally May through June, finding cybersecurity threats were second to regulatory compliance lapses among the highest risks, it said: “Relatively few directors feel confident that their company is properly secured against a cyberattack.” Though Gartner research before COVID-19 found 61% of organizations were struggling to hire security professionals, the shift to remote work helped alleviate the talent search, it said. “It proved that some, if not all, security capabilities could be delivered remotely.”

The Russian government-sponsored hack of SolarWinds Orion software used for network management systems (see 2012170050) “highlights the necessity for companies to be vigilant in terms of how they think about security,” CrowdStrike Chief Financial Officer Burt Podbere told a Needham investor conference virtually Thursday. The breach puts corporate chief information security officers on the hot seat with their boards, he said: “They’d better have good answers, and they’d better have tested the solutions out there.” SolarWinds again puts security “front and center,” and highlights “the sophistication of the bad actors,” he said. Security awareness “shot through the roof” due to the hack, but “it's really too early to tell the impact on that in terms of customer spend” on new or improved cybersecurity solutions, he said.

The National Institute of Standards and Technology extended to March 1 its comment period for identifying and estimating cybersecurity threats for enterprise risk management, the agency said Thursday. The original deadline was Feb. 1.

Ring began rolling out an end-to-end encryption feature for camera videos Wednesday to eligible devices. The feature is launching as a “technical preview,” with customers encouraged to share feedback in the Ring app, blogged the company. By default, Ring already encrypts videos when they're uploaded to the cloud and stored on Ring’s servers, said the Amazon company. End-to-end encryption adds another lock to customer videos, which can be unlocked only by a key stored on the customer’s enrolled mobile device, it said. On timing of the feature, a Ring spokesperson emailed that the company is “always innovating and developing new Ring security devices and services, and we bring our products and features to market when we are confident they will best serve our customers.”

Including GPS disruptions among cyberthreats in the National Maritime Cybersecurity Plan is sensible due to how they interfere with technology systems' ability to communicate and with end-use devices, the Resilient Navigation and Timing Foundation blogged Monday. The report recommends standards across the 20 federal government organizations with a role in maritime security.

Secretary of State Mike Pompeo OK'd the Cyberspace Security and Emerging Technologies Bureau, to “reorganize” U.S. cyberspace and emerging technology security policy, the State Department said. CSET will address national security challenges from China, Russia, Iran, North Korea and “other cyber and emerging technology competitors,” leading U.S. efforts “on a wide range of international cyberspace security and emerging technology policy issues,” the department said Thursday.

"If someone tries to sell you services or an upgrade" via prepaid gift card, it should raise "a big red flag," blogged AT&T Friday. AT&T and DirecTV won’t ask for that form of payment, it said. Scammers are “tricky” and may call consumers with the fake message they were approved for a discount or upgrade if they pay in advance on a gift card, said AT&T. A scammer can get enough information from a customer to access an account, then make visible real-time changes such as adding an upgrade, it said.