Protecting against data loss (57 percent), threats to privacy (49 percent) and breaches of confidentiality (47 percent) were the top three cloud computing security concerns based on an online survey released Wednesday by Crowd Research Partners. The survey of more than 1,900 cybersecurity executives, managers and IT practitioners in January and February said unauthorized access was the biggest threat to security (61 percent), followed by hijacking accounts (52 percent). The researcher said 53 percent of respondents want to train and certify their current IT staff to address new security challenges, while 30 percent want to partner with a service provider, 27 percent want to use software to address the problem, and 26 percent want to hire dedicated staff. Seventy-five percent said traditional security tools don't work or have limited functionality in the cloud, and 33 percent of organizations expect security budgets to increase over the next 12 months.

Senate Commerce Committee Chairman John Thune, R-S.D., and Senate Cybersecurity Caucus co-Chairman Cory Gardner, R-Colo., sent letters Thursday to Secretary of Transportation Elaine Chao (here) and Secretary of Commerce Wilbur Ross (here) urging them to “commit to making the cybersecurity of the Department’s systems a top priority and that you keep the Committee informed as you plan to implement this effort.” Thune vowed during a Wednesday Senate Commerce hearing on emerging technologies' cybersecurity issues to seek cyber commitments from Chao and Ross (see 1703220072). “Recent Office of Inspector General reports have found [Transportation's] cybersecurity program remains ineffective and many of its information security controls are deficient,” Gardner and Thune said in their letter to Chao: GAO "has made approximately 2,500 recommendations to improve information security programs across the federal government over the past several years. Departments and agencies have yet to implement many of these recommendations.”

Protecting consumers against fraud involves market forces, private rights and law enforcement, said acting FTC Chairman Maureen Ohlhausen in testimony prepared for a Senate Consumer Protection Subcommittee hearing Tuesday. Consumers, she said, want sufficient corporate information to make a variety of choices, and companies will want to keep their promises to protect their reputation. Consumers also will want to be able to bring legal action if there's a contract breach and the FTC and state attorneys general are there to protect them against fraud. Small businesses are susceptible to phishing and marketing scams and report thousands of frauds to the Better Business Bureau annually, she said. Commissioner Terrell McSweeny testified that the FTC received more than 3 million consumer complaints last year, with debt collection, imposter frauds and ID theft the top three areas (see 1703030021), and the commission's latest survey found nearly 26 million people had been victims of fraud in 2011. McSweeny said she's especially concerned that ransomware attacks will become more common. "In the not-too-distant future a consumer might turn on her smart TV only to see a message that asks for $50 in Bitcoin if she wants to watch television again," she said. Noted malware guru Simon Edwards sees smart TV owners as the next easy targets for ransomware attackers, he told a London briefing last month (see 1702090026).

Nearly 1,300 data breaches exposing personal data for about 1.6 million New Yorkers were reported last year, said state Attorney General Eric Schneiderman in a Tuesday news release. The record number of reported breaches increased by 60 percent from 2015, and the exposure of records tripled, his office said. Hacking, the leading cause in previous reports, accounted for more than 40 percent of the data breaches, the office said. Last year, employee negligence, insider wrongdoing and loss of a device or media combined were about 37 percent of the breaches, Schneiderman's office added. Social Security numbers and financial records were the most acquired data -- about 81 percent of breaches -- followed by driver's license numbers, date of birth and password or account information, the release said. The office provided recommendations to help organizations better secure data or provide a better response in case of breach.

The Senate Commerce and House Homeland Security committees both scheduled cybersecurity hearings for 10 a.m. Wednesday. The Senate Commerce hearing will address cybersecurity issues for IoT, blockchain, artificial intelligence, quantum computing and other “emerging technologies,” and how those technologies present “innovative opportunities to combat cyber threats more effectively,” the committee said Friday. Intel Chief Technology Officer Steve Grobman, IBM Security Vice President-Threat Intelligence Caleb Barlow, National Venture Capital Association Chairman Venky Ganesan and Cylance Chief Security and Trust Officer Malcolm Harkins are set to testify, Senate Commerce said. The hearing will be in Dirksen 106. House Homeland Security said its hearing will focus on the Department of Homeland Security’s civilian cyber defense mission and the cyberthreat landscape. The hearing appears to be partially focused on committee Chairman Michael McCaul’s, R-Texas, planned reintroduction of his Department of Homeland Security Reform and Improvement Act, which would reorganize the department’s National Protection and Programs Directorate as the Cybersecurity and Infrastructure Protection Agency (see 1701050073). Former NSA Director Keith Alexander, now IronNet Cybersecurity CEO, and former White House Cybersecurity Coordinator Michael Daniel, Cyber Threat Alliance president, are among those to testify. George Washington University Center for Cyber and Homeland Security Director Frank Cilluffo and EastWest Institute Global Vice President Bruce McConnell will also testify, House Homeland Security said. The hearing will be in House Capitol Visitor Center Room 210.

Many new members joined a DOD-created cybersecurity trade association, the Consortium for Command, Control, Communications and Computer Technologies, said a Thursday notice in the Federal Register. New members included companies, universities and consultants, among them AT&T, Brocade, Booz Allen Hamilton, Cornell University, George Mason University and Tuscaloosa.

Cybersecurity emerged as a topic during Tuesday’s infrastructure hearing by the Senate Energy and Natural Resources Committee. Ranking member Maria Cantwell, D-Wash., said the issue keeps her up at night and cited widespread hacking concerns. “I am calling on the Trump administration to protect the public from growing cyberthreats that Russia and other foreign actors pose against our energy assets,” she said in her opening statement. “I am sending a letter to the president to make sure that we clarify the Department of Energy’s role as a lead agency in our nation’s cybersecurity matters, both on the defense side and on the response side to respond to potential hacking of our critical energy infrastructure. That is very important because we’ve heard rumors of an executive order further designating the Department of Homeland Security as the lead on this matter. I equate this to seeking medical attention and seeing a doctor, but in reality you need a dentist, because what you have is an oral problem.” Cantwell, who also is on the Commerce Committee, noted that during questioning of witnesses and backed “a more aggressive role” for the DOE on cybersecurity. The “right experts” are needed, she said, arguing the digitization of the grid makes the U.S. more vulnerable to attacks. Chairman Lisa Murkowski, R-Alaska, is eyeing the permitting process at the federal, state and local levels. “I certainly hope that package” put forth by the Trump administration on infrastructure “will include provisions that streamline the permitting process for all energy infrastructure projects,” said Murkowski in her opening statement. That administration infrastructure package may include broadband funding. Several committees have begun hearings with an eye toward this pending proposal.

President Donald Trump should order the CIA and other U.S. intelligence agencies to “responsibly disclose” any cyber vulnerabilities they've identified in U.S. devices and software, said Information Technology and Innovation Foundation Vice President Daniel Castro in a Monday blog post. It responded to WikiLeaks’ posting last week of more than 8,700 documents purporting to originate from the CIA’s Center for Cyber Intelligence, including some unverified files about how the agency could use smart TVs and other devices as surveillance tools (see 1703070047). The documents “validate concerns that U.S. spy agencies are stockpiling cybersecurity vulnerabilities,” Castro said. “The intelligence community uses undisclosed vulnerabilities to develop tools that can penetrate the computer systems and networks of its foreign targets. Unfortunately, since everyone uses the same technology in today’s global economy, each of these vulnerabilities also represents a threat to American businesses and individuals.” Full disclosure of stockpiled vulnerabilities will help the private sector patch “security holes,” Castro said.

Chairman Ajit Pai’s recent moves to shift the FCC away from a role in cybersecurity policy are a “dangerous departure” from President Donald Trump’s “aggressive cybersecurity policy” stance, said former Public Safety Bureau Chief David Simpson in Morning Consult. Pai reversed a Simpson-authored white paper on communications sector cybersecurity regulation and a notice of inquiry on cybersecurity for 5G devices (see 1702060062 and 1702060059), among other moves (see 1702030070). Pai halted cybersecurity provisions in ISP privacy rules, Simpson wrote. The “greatest concern” will be the FCC’s future “benign neglect” of cybersecurity, he said. Simpson noted Commissioner Mike O’Rielly’s testimony last week before the Senate Commerce Committee that the commission has “extremely limited” statutory authority over cybersecurity absent a clear directive (see 1703080070). “Addressing cybersecurity early is smart policy,” Simpson said. “It leads to more robust, resilient and cost-efficient services. ... This is a national security and emergency preparedness requirement.” He criticized the communications sector’s “self-serving theory” that the Department of Homeland Security should take over oversight of the sector’s cybersecurity. Expanding DHS’ oversight “with no regulatory authority over the commercial communications sector, will be expensive, doomed to failure or both,” Simpson said. Trump can reverse FCC “cyber indifference” by in part making cybersecurity a “whole of government” priority that includes the FCC and FTC in the National Security Council’s assessment of cyber risk, Simpson said. He encouraged stakeholders to “demand a more effective dialog between congressional committees with cybersecurity risk responsibilities." The FCC didn’t comment.

“Protecting consumers’ privacy and the security of our devices is a top priority at Samsung,” the company emailed us Wednesday on WikiLeaks’ Tuesday disclosure that the CIA worked secretly with U.K. authorities in 2014 to hack Samsung smart TVs and turn them into covert microphones (see 1703070047). “We are aware of the report in question and are urgently looking into the matter,” Samsung said. Documents that WikiLeaks released, the authenticity of which couldn’t be confirmed, described “Weeping Angel” malware that the CIA planted on Samsung TVs from afar to “suppress” the TV’s LED backlight and “improve the look” of a so-called “Fake-Off mode” that gives the owner the false impression the set is turned off when in fact it's listening in on private conversations.