Sens. Ed Markey, D-Mass., and Rep. Ted Lieu, D-Calif., reintroduced legislation Tuesday for “a voluntary cybersecurity certification program” for IoT devices (see 1802150034). Their Cyber Shield Act (see 1710270043) “will give consumers a seal of approval for more secure products, as well as encourage manufacturers to adopt the best cybersecurity practices so they can compete in the marketplace for safety,” Markey said.

Windows 7 is becoming an increasingly “riskier” operating system, with “infections” up 71 percent between January and June compared with July through December 2018, reported Webroot Tuesday. Of all infected PCs, 64 percent were home computers, “likely because home users aren't protected by corporate firewalls and security policies and may not be updated as regularly,” said the cybersecurity company. It found phishing lures are becoming “increasingly personalized” as more personal information is collected from data breaches. Hackers “take advantage of familiarity and context, and result in unwarranted trust,” said Webroot. “Businesses and consumers need to be aware of and continually educate themselves about these evolving methods and risks to protect their data and devices.” Microsoft didn’t comment.

Devote more attention to standardizing decision-making practices for cybersecurity policy, FCC Commissioner Jessica Rosenworcel said Friday, at the National Institute of Standards and Technology in Gaithersburg, Maryland. Rosenworcel urged the FCC to complete a rulemaking to ensure USF support for broadband deployment in rural areas isn't used to buy insecure network equipment, as she said the day before (see 1909260032). It would be a mistake to focus all cybersecurity concerns on Huawei 5G technology, she said: "The situation with this company is just a symptom of a larger problem -- and all of our activity so far is about treating the symptom, not the disease." The FCC should create policies to stimulate a broader market for 5G technology, she said, so "no one company can undermine our national security." If the FCC devotes more mid-band spectrum to 5G, she said, vendors would follow to expand the market for secure equipment. Rosenworcel warned secure U.S. networks could still connect to insecure networks abroad: "The FCC should start a proceeding to investigate the best practices carriers can employ to mitigate that risk. We need to research how we build secure networks that can withstand connection to equipment vulnerabilities around the world." She said her agency should "explore dedicated network segmentation, cross-layer security standards, the role of encryption, and routing validation." She said the FCC might ask licensees to use the NIST cybersecurity framework. Rosenworcel said cyber vulnerabilities multiply as the industry transitions to the IoT. The commissioner wants the FCC to use recent NIST draft security recommendations for IoT devices for use in updating FCC equipment authorization standards. "We should transform the Internet of Things into the Internet of Secure Things," she said.

BlackBerry’s recent announcement of an intelligent-vehicles partnership with Jaguar Land Rover (JLR) “demonstrates our thought leadership in the automotive software market,” said BlackBerry CEO John Chen on a fiscal Q2 call Tuesday. BlackBerry agreed to supply the automaker with “cybersecurity consulting” services through the artificial intelligence-based security capability it acquired when it bought Cylance for $1.4 billion (see 1811160024). The JLR partnership gives BlackBerry “the opportunity to provide the first cybersecurity platform for the auto market,” said Chen. “JLR is the first to collaborate with us.” BlackBerry is working with others in the automotive industry, and the potential for additional collaborations “looks promising,” he said. The company plans to demonstrate the “combined” BlackBerry/Cylance cybersecurity solution at CES, he said. “We have a great opportunity to gain share in this $11-billion-plus end-point security market currently led by legacy antivirus vendors. The collective market share for all the next-generation end-point security players, which includes Cylance, is currently less than 10 percent, so there’s lots of room to grow there."

FCC Commissioner Geoffrey Starks told the Competitive Carriers Association in Providence, Rhode Island, he met with CCA members before a keynote Tuesday to discuss security of network equipment from Huawei and other Chinese equipment makers (see 1909180031). “The two things that I heard most distinctly were the need for certainty and the need for us in the federal government to drive the solution,” Starks said of the meeting with CCA executives. “Folks are not entitled to a certain outcome, but clearly it is imperative that we have your input.” Security is a “national problem,” he said. “It requires a national solution.” The U.S. might be able to address security by quarantining some equipment in parts of the network, Starks said. It's more likely all equipment from “suspect manufacturers” will have to be removed, he said. "Nokia and Ericsson have said that they are willing to create products and financing options geared toward smaller carriers that need to replace Chinese equipment,” he said: “They also claim that they have handled similar replacement efforts with minimal customer disruption.” Starks said Congress should fund removal. Starks told us he sees “bipartisan consensus” on security issues, citing commissioners' 5-0 vote in May to revoke the license of Chinese government-owned provider China Mobile. “All of us are thinking hard about these national security issues,” he said. “I’m kind of leading the way a little bit. … It’s something I’m going to keep talking about.” Starks said he has been discussing the issues with staff for Chairman Ajit Pai.

Growing ubiquity of Android TV as a set-top box operating system of choice is opening the door to the potential threat of malicious apps coming from the app store or side-loaded via USB and attacking the set-top, blogged Irdeto Friday. Malware disguised as legitimate apps, plus Kodi-style apps misused for piracy, need to be controlled on operators' set-tops beyond what Google does with the app store, it said. Blanket denial of Kodi apps or add-ons will send consumers to another service provider, and blocking such malware and piracy apps needs to be balanced with the open-source nature of Android TV, Irdeto said.

House Commerce Committee leaders and staff are working on legislation to help secure telecom networks using "suspect communications components,” as expected (see 1907220053), a committee spokesperson said. House Commerce Chairman Frank Pallone, D-N.J., has been pursuing draft legislation to encourage rural carriers to remove equipment from Chinese equipment makers Huawei and ZTE. The bill would “fund the replacement of suspect equipment and further prohibit the use of federal funds to purchase suspect network equipment going forward,” the committee spokesperson emailed Wednesday. The proposal could be used to codify the FCC's proposal to bar use of USF money to purchase from companies posing “a national security threat” (see 1812210032).

The Chinese government “firmly” opposes the U.S. using “its national power to oppress” Chinese telecom equipment manufacturer Huawei “based on no evidence at all,” Foreign Ministry spokesperson Geng Shuang said during a Wednesday news conference. Huawei has been countering arguments it poses a threat to the security of the U.S.'s telecom infrastructure, in recent days claiming U.S. officials attempted to recruit its employees to provide internal information about the company. U.S. lawmakers are also eyeing legislation to prevent President Donald Trump's administration from lifting Commerce Department Bureau of Industry and Security restrictions on Huawei (see 1907220053). “Such an act is disgraceful and immoral, and it runs counter to the principle of market economy, for which the [U.S.] has been a self-claimed champion,” Geng said, according to a transcript from China's U.S. embassy. “We urge the [U.S.] to stop abusing the concept of national security, to cease its smear campaign against China and oppression against Chinese companies, and to provide a level playing field and a non-discriminatory environment for Chinese companies to operate normally” in the U.S.

It’s a “significant problem” that consumers lack the ability to opt out of doing business with credit reporting agencies like Equifax, which collect data indirectly, Information Technology and Innovation Foundation Vice President Daniel Castro said during an interview on C-SPAN's The Communicators to be televised Saturday and posted here Friday. There are legitimate questions about government oversight for credit entities, he said. Castro believes policymakers should consider ways to make certain types of consumer data less valuable. Social Security numbers, one of the most valuable pieces of information, shouldn’t be the sole input for verifying identity, he said. Castro was asked about ITIF’s study on the cost of the U.S. adopting a federal privacy law mirroring laws in the EU or California (see 1908050058). The key is to create a privacy law at reasonable cost, he said: Consumers should have enhanced privacy, but they should retain access to innovative products and services. On data breaches, such as those that Capital One, Equifax and Target have suffered, the analyst said that companies could offer customers a "menu of options" such as password-storage or other services rather than frequent credit monitoring at no cost. He noted that such monitoring is often provided for free, anyway. Equifax didn't comment right away Thursday.

Three-fourths of U.S. broadband households intend to acquire a security or privacy service in the next 12 months, blogged Parks Associates Tuesday. Thirty-eight percent ranked receiving such services with their broadband service at no additional charge as most desirable; 62 percent would pay an additional fee for the services via subscription, warranty or one-time fee. Consumers showed interest in security and privacy services including parental controls, malware detection and network activity monitoring, but they “still show a reluctance toward recurring fees”; just 27 percent would opt for a subscription model, said analyst Lindsay Gafford. Challenges to securing the smart home will intensify as consumers acquire more devices, creating business opportunities throughout the value chain for security solution providers, said Gafford. Parks found a “significant deficit between interest and adoption” with 63 percent of U.S. broadband households interested in an identity theft prevention service but only 19 percent using one: “The service potential is immense, and broadband service providers are entering this space by partnering with data security solution providers to provide value-added services for consumers,” said Gafford.